Re: GTT Regulatory Recovery Surcharge
I think it's because they need to...not for any legal reason, but to increase cash flow by every penny possible. As they just spend 2.3 billion dollars on an acquisition. Every penny they can add to a bill is an attempt to slow the bleeding that resulting from over borrowing. 3600 employees, huge major acquisitions half a billion here - 2 billion there, where is this money coming from? Buying sales organizations with no network? One has to ask is this a secretly government funded/owned business? If so, which government? Ours? Bob Evans CTO/Founder > On Dec 2, 2018, at 6:04 PM, Clayton Zekelman wrote: >> >> I can't imagine how the corporate sociopaths could justify charging an >> American recovery fee on a service delivered in Canada. > > I would speculate that the reason is ever popular âbecause they canâ. > > James R. Cutler > james.cut...@consultant.com > PGP keys at http://pgp.mit.edu
Reach for a Verizon "Mobility" Network Contact
Please contact me offline at b...@fiberinternetcenter.com NOT looking for verizon a cell phone dealer - NOT looking for a verizon business multi-phone plan sales person. Looking for the verizon mobility department , someone that can generate a contract for this specific service and has contacts within that part of the organization and knows the individuals by name. Thank You Bob Evans CTO
Re: Rising sea levels are going to mess with the internet
How much ocean water displacement is taking place in Hawaii as a result of eruptions? How about volcanoes we don't know about deep in the ocean? In the last 5 years, California governments have played a negative roll in the burning of well over a million acres. These carbon emissions are rarely calculated and considered as a cause of global warming. How many California miles driven in cars = one 250,000 acre fire? I don't know. Did you know there are adults in California that don't think burning trees emit carbon emissions that count unless it happens in a man made fireplace ? Yes, most of those people went to high school in California. But anyways - can we please drop the non-internet related discussions from filling my nanog filtered technical email folders? Lots of smart people to have discussions with in nanog...maybe we create a list called nanog-other-st...@nanog.org Thank You Bob Evans CTO > On 23/07/2018 20:03, Owen DeLong wrote: >> It shows China, the most heavy handed of the three economies in the >> graphic as having an accelerating growth in carbon emissions. It does >> show that the EU started a downward trend earlier than the US, but that >> the downward trend in the EU appears to be leveling off and the US >> downward trend looks to be steeper now and accelerating. >> >> In addition, if you drill down to the individual EU countries, several >> of them are, in fact, headed up while the more market-based members of >> the EU seem to be headed down or having leveled off after a sharp >> decline earlier. > > The data is flawed. The carbon emissions per country don't include > import, so you can just import the most carbon-heavy product from China > and you will see your country emissions falling and China's growing. > > And the carbon emission of USA doesn't include Pentagon, while any other > army is included in it's country numbers. > > So we can' really compare such flawed data - these are just numbers for > politicians but they have nothing in common with reality. > > Regarding rising sea levels - I wonder why nobody mentioned submarine > fiber landing stations. If something will be affected, it will be them. > > -- > Grzegorz Janoszka >
Amazon AWS Europe issues
Anyone here form Amazon that can contact me offline about issues our customers are having regarding AWS problems connecting from our California network to Europe. One specific is ext-eu-km-80-global-market-live-2004446585.eu-west-1.elb.amazonaws.com (52.17.152.249) Thank You Bob Evans CTO
Re: IPv4 smaller than /24 leasing?
Marketplaces - supply and demand and costs to operate as Bill noted (never thought of that) will settle out the need. Thank You Bob Evans CTO > I am looking at it from an ARIN justification point. If you are a small > operator and need a /24 you have justification if you give customerâs > publics, but is it a great line if you are only giving out publics for > people who need cameras or need to connect in from the outside world. If I > need a /24 and I donât really use it all am I being shady? It becomes a > âhow much of a grey area is thereâ kind of thing. > > > Justin Wilson > j...@mtin.net > > www.mtin.net > www.midwest-ix.com > >> On Mar 13, 2018, at 1:37 PM, William Herrin <b...@herrin.us> wrote: >> >> On Tue, Mar 13, 2018 at 1:19 PM, Justin Wilson <li...@mtin.net> wrote: >>> I agree that the global routing table is pretty bloated as is. But >>> what kind of a solution for providers who need to participate in BGP >>> but only need a /25? >> >> Hi Justin, >> >> If you need a /25 and BGP for multihoming or anycasting, get a /24. >> The cost you impose on the system by using BGP *at all* is much higher >> than the cost you impose on the system by consuming less than 250 >> "unneeded" Ip addresses. >> >> I did a cost analysis on a BGP announcement a decade or so ago. The >> exact numbers have changed but the bottom line hasn't: it's >> ridiculously consumptive. >> >> Regards, >> Bill Herrin >> >> >> >> -- >> William Herrin her...@dirtside.com b...@herrin.us >> Dirtside Systems . Web: <http://www.dirtside.com/> >> > >
RE: IPv4 smaller than /24 leasing?
Agreed, Reputation is everything. It is why we only work with well known Legacy IPv4 space at this time (hence, use anywhere statement). Our space rents for about 4x other space found on other sites. We don't do the volume business of our competitors. Those businesses with questionable address space will always be around as there are always customers for fast, cheap, without the good reputation. Most customers for that fast cheap space have no clue how to verify space until a problem arises. After the fact, they usually end up in trouble, spending much more money to not only educate themselves but also on the labor involved in re-numbering. About your second point - "would rather have a block assigned by a reputable upstream provider" - I agree, if it was for say a real estate office access, one could simply ask everyone to wait it out or send everyone home and ask them to use their DSL or cable operator when it's broke. We rent out /24s (and up) because some upstreams won't provide a full /24 and some of those networks send those customers to us. Do to the limited IPv4 availability, many no longer entertain portability for their assigned space. Multi-homing become issues of labor and they don't want to deal with it with their assigned space. With one ASN announcing your space, it means your down when they have maintenance or limited reach when they have other routing issues. Today, it makes sense to go with quality wholesale IPv4 space from a 3rd party. You can look at the IPs as an R.O.I opportunity as customers understand supply-demand and will pay 10x for space they need. It more than pays for itself in network reliability and labor saved. For those that don't need multi-home today, it's wise to consider expansion down the road and have already planned tomorrow's improved network ability to multi-home. As the cost later to re-number to multi-home. Or worse, discover you need to re-number because that network that provided you the space called it back to give to a bigger customer or won't let you announce it on other networks they specify where your cost for bandwidth would be lower. So, there are many reasons to obtain clean independent space - but most are related to future expansion abilities and future flexibility. "There is a market somewhere for just about anything." Hope this info helps, Thank You Bob Evans CTO > > Yes, exactly right. You would probably have to tunnel the /27 back to > where the >/24 lives. That's the only way I can see of it working > "anywhere". That's a technically valid solution but maybe not so hot if > you are looking for high redundancy/availability since you are dependent > on the tunnel being up and working. > > As always the reputation of the aggregate is going to be critical as to > how well this works for you. It seems to me that increasingly these > "portable" blocks have murky histories as spam and malware sources. I > would rather have a block assigned by a reputable upstream provider than > to do this. > > Steven Naslund > Chicago IL > >> Le 2018-01-04 20:16, Job Snijders a écrit : >>> On Thu, 4 Jan 2018 at 20:13, Filip Hruska <f...@fhrnet.eu> wrote: >>> >>>> I have stumbled upon this site [1] which seems to offer /27 IPv4 >>>> leasing. >>>> They also claim "All of our IPv4 address space can be used on any >>>> network in any location." >>>> >>>> I thought that the smallest prefix size one could get routed >>>> globally is /24? >>> >>> >>> Yes >>> >>> So how does this work? >>>> >>> Probably with GRE, IPIP or OpenVPN tunnels. >>> >>> Kind regards, >>> >>> Job >> >> IPv4 /24 is commonly the minimal chunk advertised to (and accepted by) >> neighbors. If I run a global (or regional) network, I may advertise this >> /24 -- or rather an aggregate covering it -- over my diverse >> interconnection with neighbors, your /27 being part of the chunk and >> routed to you internally (if you're va customer)-- no need for >> encapsulation efforts. Similar scenario may be multi-upstream, subject >> to acceptance of "punching holes in aggregates"... Am I missing >> something? What's the trigger for doing tunneling here? >> >> Happy New Year '18, by the way ! >> >> mh >> > > >
Re: IPv4 smaller than /24 leasing?
That site you quoted looks like text that I created. For CloudIPv4.com (part of RentIPv4.com). To peer most networks require assigned IPv4 space. Most networks do not want to burn a /24 to peer. The local peering routers will propagate a /25... /30.. etc. from the peering platform to the rest of the their own network's routers but usually never beyond - keeps it internal within the network's own BGP sessions. However, you can not expect the /25.. /30 to be propagated beyond the network you have a BGP session with - I.E. transits will filter the subnets /25.../30. I have seen an exception locally or regionally it was agreed too propagate outside the network. Thank You Bob Evans CTO > Le 2018-01-04 20:16, Job Snijders a écrit : >> On Thu, 4 Jan 2018 at 20:13, Filip Hruska <f...@fhrnet.eu> wrote: >> >>> I have stumbled upon this site [1] which seems to offer /27 IPv4 >>> leasing. >>> They also claim "All of our IPv4 address space can be used on any >>> network >>> in any location." >>> >>> I thought that the smallest prefix size one could get routed globally >>> is >>> /24? >> >> >> Yes >> >> So how does this work? >>> >> Probably with GRE, IPIP or OpenVPN tunnels. >> >> Kind regards, >> >> Job > > IPv4 /24 is commonly the minimal chunk advertised to (and accepted by) > neighbors. If I run a global (or regional) network, I may advertise this > /24 -- or rather an aggregate covering it -- over my diverse > interconnection with neighbors, your /27 being part of the chunk and > routed to you internally (if you're va customer)-- no need for > encapsulation efforts. Similar scenario may be multi-upstream, subject > to acceptance of "punching holes in aggregates"... Am I missing > something? What's the trigger for doing tunneling here? > > Happy New Year '18, by the way ! > > mh >
Any one from Akamai here ? Got a problem.
We do not know why we are being blockedat www.costco.com Name: e6025.a.akamaiedge.net Address: 104.96.118.20 Appears only via Los Angeles. Other paths , via San Jose , Palo Alto - via other transits all work fineto this IP address. Here is the error reported to several sites all on Akamai. Access Denied You don't have permission to access "http://www.costco.com/; on this server. Reference #18.c60ad717.1511897450.524468b7 Access Denied You don't have permission to access "http://www.costco.com/services.html; on this server. Reference #18.c60ad717.1511898193.52508dce Access Denied You don't have permission to access "http://www.loopnet.com/index.html; on this server. Reference #18.940ad717.1511898022.2f14cff8 Thank You Bob Evans CTO
Re: Peering at public exchange authentication
Almost all good and popular peering points utilize MAC locks on ports for all peers. (With few exceptions. ) To hijack a bgp session one would need not only a port on the peering network but a MAC address registered with the peering network - or their packets won't transverse the port through the switches to your port. So the extra CPU load of MD5, in my opinon, is a waste on an peering edge router with many peers. With lots of peers on a router - all the timing and table building after a needed maintenance reboot could lead to table building slowness and establishment timing sluggishness issues (depending on the router of course). If a peering network doesn't lock most all participants (and any router servers they have) by the MAC of the peering device I won't be a participant. All that said - I know of a way a customer of a network can create havoc by using a device/router that allows the MAC to be modified like a variable. However, for the most part that havoc would be limited to that network that hacking customer is located on. This would also be a truly rare event as there needs to be something the network also allowed for the customer to get routable layer 2 access to the peering port. Bob Evans CTO > MD5 on BGP Considered Harmful > > -- > TTFN, > patrick > > Composed on a virtual keyboard, please forgive typos. > > >> On Sep 29, 2017, at 13:41, craig washington >> <craigwashingto...@hotmail.com> wrote: >> >> Hello all, >> >> >> Wondering your views or common practices for using authentication via >> BGP at public exchange locations. >> >> Just for example, lets say you peer with 5 people in the TELX in >> Atlanta, do you require them to all use authentication for the BGP >> session? >> >> Ive seem some use it and some not use it, is it just a preference? >
Re: Best way to San Jose Fairmont from SFO?
Depending on commute times with traffic - you will most likely travel 101 south. Uber works well from SFO. You catch an Uber ride on the arrival level. Rental carGoogle Maps knows several pathways. But it will most likely take you via 101. This hotel is popular in downtown San Jose - not hard to find. Train and Bus travel is not worth considering. However, there are airport shuttle van services like supershuttle 4-5 passengers being dropped off on your way south. Thank You Bob Evans CTO > Hi all, > > I'm flying in for the conference, landing in San Francisco. What's the > best way to get from SFO to the conference hotel? > > Thanks, > > -- Stephen >
Re: BGP peering question
There is one more thing to consider based on your app or content latency criteria needs. Do you provide a service that performs better with low latency - such as live desktop, live video/voice. You may wish to peer to have more control and more direct path to your customer base. If you identify your customer base in a specific region - then explore the best peering exchange points to utilize in that region. This can help you reduce your packet hop count/ deliver time, etc. etc.. Thank You Bob Evans CTO > On Mon, Jul 10, 2017 at 4:12 PM, craig washington < > craigwashingto...@hotmail.com> wrote: > >> Newbie question, what criteria do you look for when you decide that you >> want to peer with someone or if you will accept peering with someone >> from >> an ISP point of view. > > > I assume you mean "reciprocal peering" in the sense of shortcut from your > customers to their customers rather than the more generic sense that any > BGP neighbor is a "peer". > > 1. What does it cost? If you and they are already on an IX peering switch > or you're both at a relaxed location where running another cable carries > no > monthly fee, there's not much down side. > > 2. Is the improvement to your service worth the cost? It's not worth > buying > a data circuit or cross-connect to support a 100kbps trickle. > > 3. Do you have the technical acumen to stay on top of it? Some kinds of > breakage in the peering link could jam traffic between your customers and > theirs. If you're not able to notice and respond, you'd be better off > sending the traffic up to your ISPs and letting them worry about it. > > If the three of those add up to "yes" instead of "no" then peering may be > smart. > > Regards, > Bill Herrin > > > -- > William Herrin her...@dirtside.com b...@herrin.us > Dirtside Systems . Web: <http://www.dirtside.com/> >
Re: Long AS Path
My cut off is 6 ASNs - more than 6 and it never makes it to the FIB. However, for this to be viable with plenty of unique prefixes to maintain a large table, we have lots and lots of direct big and small peers and much more than the usual amount of transit neighbors in our network. Silicon Valley companies are very demanding for the fasted path with the lowest number of router hops. ASN hops almost always lead to more router hops in the trace. We have customers that call us if everything is fine and they want to shave off milliseconds to favorite destinations. Picky, picky, picky. I am wondering how may other networks get requests (more like demands) from customers wanting you to speed packets up to and from a specific office in India or China. Customers knowing nothing about their office ISP overseas. BTW, it's almost always they have the cheapest congested shared office connection in the building overseas (especially in India). So they can't do anything there except "pretend" about the bandwidth available. About all they know is the IP address of the VPN and they were told they have a full gig connection. Sure they have a gig port, but it's on a switch together with 10 building neighbors that all also have a gig port on a circuit to the building that no one can maintain a gig for more than 3 ms. Go ahead try and fix that latency packet dropping issue with a firewall on both ends with SPI turned on in both directions. It's your fault if you cant make it better. After all their VPN from London to Bangalore works fine. And the ones in China all work fine to and from Australia. Anyways, I always wondered is it just me or do others get these kind of requests? Thank You Bob Evans CTO > Steinar, > > What reason is there to filter them? They are not a significant fraction > of BGP paths. They cause no harm. It's just your sense of tidiness. > > You might consider contacting one of the operators to see if they do have > a good reason you haven't considered. But absent a good reason *to* filter > them, I would let BGP mechanics work as intended. > > -mel beckman > > On Jun 21, 2017, at 12:57 AM, "sth...@nethelp.no" <sth...@nethelp.no> > wrote: > >>> Just wondering if anyone else saw this yesterday afternoon ? >>> >>> Jun 20 16:57:29:E:BGP: From Peer 38.X.X.X received Long AS_PATH=3D >>> AS_SEQ(2= >>> ) 174 12956 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456 >>> 234= >>> 56 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456 23456 >>> 23456 = >>> 23456 23456 23456 23456 23456 ... attribute length (567) More than >>> configur= >>> ed MAXAS-LIMIT >> >> There are quite a few examples of people using stupidly long AS paths. >> For instance >> >> 177.23.232.0/24*[BGP/170] 00:52:40, MED 0, localpref 105 >> AS path: 6939 16735 28163 28163 28163 28163 28163 >> 28163 28163 28163 28163 28163 28163 28163 28163 >> 28163 28163 28163 262401 262401 262401 262401 >> 262401 262401 262401 262401 262401 262401 262401 >> 262401 262401 262401 262401 262401 262949 52938 >> 52938 52938 52938 52938 52938 52938 52938 52938 >> 52938 52938 I >> >> I currently have 27 prefixes in my Internet routing table with 40 or >> more ASes in the AS path (show route aspath-regex ".{40,}"). >> >> I see no valid reason for such long AS paths. Time to update filters >> here. I'm tempted to set the cutoff at 30 - can anybody see a good >> reason to permit longer AS paths? >> >> Steinar Haug, Nethelp consulting, sth...@nethelp.no >
Re: Leasing /22 blocks
You must look deeply into the company you lease IPs too. Have a contract - there is one on RentIPv4.com you can download, copy and modify. (I created it, I say you can do that if you need one.) But the contract is a small partBecause companies come and go. You must be able to verify many things about the company - how long in business - explore previous IPs they utilized... what they plan to do with them, will thier customers spam with them, etc. If not you run a greater risk of getting back IPs that are on international black lists. Many of those will require you to pay a ransom fees to be removed blocks. Thank You Bob Evans CTO > On Fri, May 26, 2017 at 04:44:52PM +, Security Admin (NetSec) wrote: >> Recently had someone offer to lease some IPv4 address space from me. >> Have never done that before. >> >> I thought I would ask the group what a reasonable monthly rate for a >> /22 in the United States might be. > > Let me just set up my crystal ball. Perhaps I can divine the future of > your address space. Hmmm. It's a little cloudy. A lot of retransmits. > What if I adjust this here -- nope, that's upping the packet loss. > Maybe ...? Ahh, yes. It's starting to take shape. I see ... > > I see your IP space being used for abuse. It's appearing on every > blacklist imaginable. Whole segments of the Network null route it. > Hmmm. It's being returned to you by the spamm--clients. About a week > later. You're sitting there with a couple hundred dollars. And a > letter from ARIN. You look .. sad. Yes, definitely sad. > > I'd recommend not doing that. > > -- > . ___ ___ . . ___ > . \/ |\ |\ \ > . _\_ /__ |-\ |-\ \__ >
Any one here from CyrusOne ?
Hi, Looking for off-line CyrusOne NOC assistance to help our mutual customers reach each others servers. I do not think the issue is CyrusOne's , but it is most likely a CyrusOne customer's that has no network people that comprehend routing issues. 2 days now , I need a little insight. My work around is via a transit provider that does not go through a Cyrusone hop. Whenever Cyrusone and gramtel.net hop appears customer packets drop at gramtel.net hop. On GTT from Amsterdam to ihotelier.com IPv4 traceroute to 199.167.220.52 HOST: cr2-ams1-re1Loss% Snt Last Avg Best Wrst StDev 1. lag-12.ear3.Amsterdam1.Level 0.0% 5 601.2 121.0 0.8 601.2 268.4 2. ??? 100.0 50.0 0.0 0.0 0.0 0.0 3. CYRUSONE-LL.ear2.Chicago2.Le 0.0% 5 94.3 94.4 94.2 94.7 0.2 4. 169.64.242.209.gt001.gramtel 0.0% 5 95.6 94.8 94.4 95.6 0.5 5. ??? 100.0 50.0 0.0 0.0 0.0 0.0 >From Chicago ... IPv4 traceroute to 199.167.220.52 HOST: cr1-chi1-re1Loss% Snt Last Avg Best Wrst StDev 1. as3356.chi11.ip4.gtt.net 20.0% 58.4 3.0 1.0 8.4 3.6 2. ??? 100.0 50.0 0.0 0.0 0.0 0.0 3. CYRUSONE-LL.ear2.Chicago2.Le 0.0% 51.9 1.9 1.9 2.0 0.0 4. 169.64.242.209.gt001.gramtel 0.0% 52.1 2.4 2.1 3.1 0.5 5. ??? 100.0 50.0 0.0 0.0 0.0 0.0 On Hurricain Electric from Fremont to ihotelier.com hits and stops at gramtel.com core1.fmt1.he.net> traceroute 199.167.220.57 source-ip 216.218.252.161 numeric Target199.167.220.57 11 ms<1 ms<1 ms10ge7-3.core1.sjc2.he.net (72.52.92.110) 2<1 ms<1 ms14 ms asn-qwest-us-as209.10gigabitethernet10-10.core1.sjc2.he.net (216.218.230.250) 351 ms89 ms61 mscer-edge-19.inet.qwest.net (67.14.122.141) 4132 ms48 ms59 ms65.123.102.162 563 ms48 ms52 ms209.242.80.97 648 ms49 ms50 ms 169.64.242.209.gt001.gramtel.net (209.242.64.169) 7***? 8* * Thank You Bob Evans CTO
Anyone here from ihotelier.com or travelclcik.com or gramtel.net
Hello, I have 3 customers experiencing routing issues all day to admin.ihotelier.com When the problem occurs the trace stops and drops at a gramtel.net router or server. That traces through GTT then Zayo and halts at gramtel.net. When I put in a temp static around it via another transit it hops through PNAP.net and works fine. I would like to get rid of my temp route for the admin.ihotelier.com /24 range. Thanks Bob Evans CTO
Re: AWS us-west-2 routed through Europe from NY?
Is this still happening? Thank You Bob Evans CTO > Phil, > > The traceroute was done by a coworker in Quebec on April 26, from one of > our corporate offices. His IP address was probably 104.163.180.188 at > the time. He was tracing one of our endpoints in AWS us-west-2; I do not > know which IPs our endpoint had at the time, but one of its current IPs > is 52.89.73.31 > > This is the trace as he described it: > > Route > - #1: 2.7 ms >IP Address: 192.168.1.1 >Hostname: local >TTL: 64 > - #2: 34.8 ms >IP Address: 10.170.162.238 >TTL: 50 > - #3: 17.3 ms >IP Address: 10.170.192.53 >TTL: 250 > - #4: 16.7 ms >IP Address: 74.116.184.145 >Hostname: 0.xe-11-1-0.er1.mtl7.ebox.ca >TTL: 249 >AS Number: AS1403 >AS Name: EBOX >Country Name: Canada >Country Code: CA >Time Zone: America/Toronto >Region: Quebec >City: Vieux-Saint-Laurent >Latitude: 45.475 >Longitude: -73.696 > - #5: 15.6 ms >IP Address: 213.248.76.201 >Hostname: motl-b1-link.telia.net >TTL: 248 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #6: 31.8 ms >IP Address: 62.115.134.52 >Hostname: nyk-bb4-link.telia.net >TTL: 247 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #7: 47.7 ms >IP Address: 213.155.136.19 >Hostname: chi-b21-link.telia.net >TTL: 246 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #8: 89.7 ms >IP Address: 62.115.117.48 >Hostname: sea-b1-link.telia.net >TTL: 245 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #9: 90.7 ms >IP Address: 62.115.34.102 >Hostname: amazon-ic-302508-sea-b1.c.telia.net >TTL: 244 >AS Number: AS1299 >AS Name: Telia Company AB >Country Name: Europe >Country Code: EU >Time Zone: Europe/Vaduz > - #10: 86.3 ms >IP Address: 52.95.52.80 >TTL: 239 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Washington >City: Seattle >Latitude: 47.634 >Longitude: -122.342 > - #11: 80.8 ms >IP Address: 52.95.52.97 >TTL: 241 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Washington >City: Seattle >Latitude: 47.634 >Longitude: -122.342 > - #12: 86.1 ms >IP Address: 54.239.43.124 >TTL: 240 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Washington >City: Seattle >Latitude: 47.610 >Longitude: -122.334 > - #13: 94.3 ms >IP Address: 52.93.13.12 >TTL: 235 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #14: 86.5 ms >IP Address: 52.93.12.249 >TTL: 238 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #15: 111.7 ms >IP Address: 52.93.12.140 >TTL: 234 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #16: 92.6 ms >IP Address: 52.93.12.173 >TTL: 234 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #17: 88.3 ms >IP Address: 52.93.15.217 >TTL: 236 >Country Name: United States >Country Code: US >Time Zone: America/Los_Angeles >Region: Oregon >City: Boardman >Latitude: 45.870 >Longitude: -119.688 > - #18: N/A >TTL: 0 > > > We expected that trace to go straight East Coast / West Coast, but > instead it went through Europe. > > For comparison, this is a trace also by same coworker to > api.postmates.com, which was correctly routed on the shortest > geographical path (more or less): > > Route > - #1: 3.0 ms >IP Address: 192.168.1.1 >Hostname: local >TTL: 64 > - #2: 29.0 ms >IP Address: 10.170.162.
Re: Purchased IPv4 Woes
I am for naming the companies that extort for via RBLs. Spamming is so wide spread even the domain name company Godaddy leveraged it as a profit center. Godaddy, in it's early beginnings. Years ago. I know from experience that this happensGodaddy demanded money from me for spamming. I had to pay $150 or $250 ? I had several domains with them that were not even being used, beyond a webpage placeholder and I ran my own DNS server for my domains. After paying, they released my domain to function again. They claimed and promised they would provide the proof "after I paid"... employees and all kinds of lines about why they could not show you until after you paid. I paid and Godaddy suddenly lost the proof. I am sure it was part of a profit center as I know others that had this happen with Godaddy. Think about it Godaddy didnt even provide me a service using an IP address of theirs. It was the domain they held hostage with their DNS server. There should be a class action against them - just to expose it - (people never get the real money the lawyers do in a class action). Now that they are public some lawyer should look into the records and find all the extortion money gathered years ago. Contact those domain owners at the time. Would surprise me if the RBL owners were ex Godaddy employees that saw this leverage opportunity. Thank You Bob Evans CTO > Would you mind naming the company so that they can be publicly shamed? > That > is nothing sort of extortion. > > On Mar 19, 2017 10:36 PM, "Justin Wilson" <li...@mtin.net> wrote: > >> >> Then you have the lists which want money to be removed. I have an IP >> that >> was blacklisted by hotmail. Just a single IP. I have gone through the >> procedures that are referenced in the return e-mails. No response. My >> next step says something about a $2500 fee to have it investigated. I >> know >> several blacklists which are this way. Luckily, many admins do not use >> such lists. >> >> >> Justin Wilson >> j...@mtin.net >> >> --- >> http://www.mtin.net Owner/CEO >> xISP Solutions- Consulting â Data Centers - Bandwidth >> >> http://www.midwest-ix.com COO/Chairman >> Internet Exchange - Peering - Distributed Fabric >> >> > On Mar 12, 2017, at 9:10 PM, Bob Evans <b...@fiberinternetcenter.com> >> wrote: >> > >> > Pete's right about how IPs get put on the lists. In fact, let us not >> > forget that these lists were mostly created with volunteers - some >> still >> > today. Many are very old lists. Enterprise networks select lists by >> some >> > sort of popularity / fame - etc.. Like how they decide to install >> 8.8.8.8 >> > as first - its easy and they think its better than their local ISP >> they >> > pay yet they always call the ISP about slowness when 8.8.8.8 is >> for >> > consumers and doesn't always resolve quickly. It's a tough sale. >> > >> > Once had a customer's employee abuse their mail server - it made some >> > lists. Customer complained our network is hosting spammers and >> sticking >> > them in the middle of a problem that is our networks. Hard win. Took >> us >> > months to get that IP off lists. That was one single IP. We did not >> allow >> > them to renew their contract once the term was over. Now, they suffer >> with >> > comcast for business. ;-) >> > >> > Thank You >> > Bob Evans >> > CTO >> > >> > >> > >> > >> >> On Sun, 12 Mar 2017, Pete Baldwin wrote: >> >> >> >>> So this is is really the question I had, and this is why I was >> >>> wanting to >> >>> start a dialog here, hoping that it wasn't out of line for the list. >> I >> >>> don't >> >>> know of a way to let a bunch of operators know that they should >> remove >> >>> something without using something like this mailing list. >> Blacklists >> >>> are >> >>> supposed to fill this role so that one operator doesn't have to try >> and >> >>> contact thousands of other operators individually, he/she just has >> to >> >>> appeal >> >>> to the blacklist and once delisted all should be well in short >> order. >> >>> >> >>> In cases where companies have their own internal lists, or only >> >>> update >> >>> them a couple of times a year from the major lists, I don't know of >> >>> another >> >>> way to notify ev
Re: Government agency renting or selling IP space
Simple to check. Most likely legacy space if early 90s. Enter them in the ARIN search box and learn more. And note if the agency is paying arin annually? Possible? Thank You Bob Evans CTO > I have a government agency client with a number of /24s that they acquired > back in the 1990s when they operated as an ISP for other agencies. They > are interested in renting or selling these addresses. Are there any > existing ARIN or other legal restrictions against government organizations > doing this? > > -mel beckman
Re: Conference Videos
I have referred to online sessions from the past several times. NANOG is great at preserving information, compared to other conferences. In addition, if you attend a conference, say you have to missed a session due to business distractions, you can usually watch it that evening in your room. If you stayed out too late and you'd rather have a late breakfast and order room service, you can watch/attend sessions virtually from your room. Thank You Bob Evans CTO > >> On Mar 13, 2017, at 2:52 PM, Mike Hammett <na...@ics-il.net> wrote: >> >> Another organization I'm in has a hard policy of no recordings of any >> sessions at their conferences. They think that recordings of content >> (even vendor-sponsored, vendor-specific sessions with vendor consent) >> would have a catastrophic effect on conference attendance. >> >> NANOG doesn't seem to have that issue. Any background on the process to >> get there? Any regrets? >> > > Many attendees also find value in the parts of the conference that aren't > recorded, like hallway conversations, informal meetings, and even social > events. > > Keeping and maintaining the archive of slides and video recordings is an > essential part of NANOG's educational mission, which was key to obtaining > and maintaining the IRS 401(c)(3) nonprofit status. > > So at least for the time I was on the Board, not only were there no > regrets, but we worked hard to maintain and enhance the video experience. > Steve > > >
Re: Purchased IPv4 Woes
Pete's right about how IPs get put on the lists. In fact, let us not forget that these lists were mostly created with volunteers - some still today. Many are very old lists. Enterprise networks select lists by some sort of popularity / fame - etc.. Like how they decide to install 8.8.8.8 as first - its easy and they think its better than their local ISP they pay yet they always call the ISP about slowness when 8.8.8.8 is for consumers and doesn't always resolve quickly. It's a tough sale. Once had a customer's employee abuse their mail server - it made some lists. Customer complained our network is hosting spammers and sticking them in the middle of a problem that is our networks. Hard win. Took us months to get that IP off lists. That was one single IP. We did not allow them to renew their contract once the term was over. Now, they suffer with comcast for business. ;-) Thank You Bob Evans CTO > On Sun, 12 Mar 2017, Pete Baldwin wrote: > >>So this is is really the question I had, and this is why I was >> wanting to >> start a dialog here, hoping that it wasn't out of line for the list. I >> don't >> know of a way to let a bunch of operators know that they should remove >> something without using something like this mailing list. Blacklists >> are >> supposed to fill this role so that one operator doesn't have to try and >> contact thousands of other operators individually, he/she just has to >> appeal >> to the blacklist and once delisted all should be well in short order. >> >>In cases where companies have their own internal lists, or only >> update >> them a couple of times a year from the major lists, I don't know of >> another >> way to notify everyone. > > I suspect you'll find many of the private "blacklistings" are hand > maintained (added to as needed, never removed from unless requested) and > you'll need to play whack-a-mole, reaching out to each network as you find > they have the space blocked on their mail servers or null routed on their > networks. I doubt your message here will be seen by many of the "right > people." How many company mail server admins read NANOG? How many > companies even do email in-house and have mail server admins anymore? :) > > Back when my [at that time] employer was issued some of 69/8, I found it > useful to setup a host with IPs in 69/8 and in one of our older IP blocks, > and then do both automated reachability testing and allow anyone to do a > traceroute from both source IPs simultaneously, keeping the results in a > DB. If you find there are many networks actually null routing your > purchased space, you might setup something similar. > > -- > Jon Lewis, MCP :) | I route > | therefore you are > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ >
Re: Purchased IPv4 Woes
Validating is a lot of work, but you have to do it. I know there are lots of blocks with RBL problems. Some spammers make so much money, they easily afford to buy small blocks , abuse them to make money, buy more blocks and put the olds up for sale. Careful price is rarely a tell about a bad block. Only the cost of their first block is their initial sunk cost, as they cycle through blocks. Thank You Bob Evans CTO > Indeed. > > Let this be a lesson: when purchasing blocks, one MUST do their due > diligence. Check the RBLs, senderbase, previous owner reputation, etc. > before buying. > > Caveat emptor. > > > On 3/11/17 3:13 PM, Martin Hannigan wrote: >> Which broker did you use fot the transaction? >> >> Did you get a discount for knowingly accepting a dirty block or is this >> a >> surprise? >> >> Are folks asking for warranties on acquired addresses these days? >> >> Cheers, >> >> -M< >> >> >> >> >> >> >> Best, >> >> -M< >> >> >> >> >> On Fri, Mar 10, 2017 at 12:11 Pete Baldwin <p...@tccmail.ca> wrote: >> >>> Hi All, >>> >>> Hopefully this is not taken in bad taste. Our organization >>> purchased some IP space last year (163.182.192.0/18 to be specific), >>> and >>> it appears that this block must have been used for less-than-admirable >>> purposes in the past. >>> >>> We have been trying to clean up the reputation where possible, and we >>> do >>> not appear to be on any blacklists, but we do appear to be blocked from >>> a lot of networks across the US/Canada.I am noticing a lot of name >>> servers blocking our requests, many web servers, gaming servers, mail >>> etc. >>> >>> This is a transition block for us to move towards v6 everywhere, but we >>> have many systems that will need to rely on this block of space for >>> some >>> time to come. >>> >>> We are a small rural co-op ISP in Ontario, and I am just writing this >>> email as an extra plea so that if you happen to run a network that has >>> this entire range on your naughty list, we would appreciate you giving >>> it another chance. I can be contacted on or off list, thanks. >>> >>> >>> -- >>> >>> >>> - >>> >>> Pete Baldwin >>> Tuckersmith Communications >>> (P) 519-565-2400 >>> (C) 519-441-7383 >>> >>> >
Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?
I have had ipv4 transit with ATT for years (one provider of many)and the order originally placed was for both ipv4 and 6yep still waiting. Thank You Bob Evans CTO > On 3/6/17 14:04, Dennis Burgess wrote: >> Well try to get ATT to announce IPv6 though our AS! Lol Been on the >> phone with the for over a month. Still no ETA :( > > > Requests driven from the sales side should have the best results. > > Before Charter's sales turned into a hole of poor service, I had a > account manager that actually cared about the whole picture. I told him > the reason nobody before him was able to sell to us is because we have > requirements that need to be deliverable (no native IPv6 no sale), can't > deal in promises. Of course he's no longer there and I'm back to idiots > that just want to see how high of a price they can get you to sign for, > especially if you're already a customer there's no need to pretend to > care further. > > ~Seth >
Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?
I think only 22% of networks with an AS announce IPv6 space. Is that correct ? Thank You Bob Evans CTO > On Mon, Mar 6, 2017 at 4:00 PM, Baldur Norddahl > <baldur.nordd...@gmail.com> wrote: >> Major ISPs have IPv6 support now. It is >> the sites (=servers) that are lacking. > > Hi Baldur, > > Not exactly. My Verizon FiOS does not support IPv6. Neither does my > Cox Cable Internet. My Verizon Wireless service supports IPv6 but my > AT Wireless service does not. > > All four of these entities have IPv6 somewhere in their networks but > that's not at all the same thing as saying they "have IPv6 support." > > IPv6 deployment has gathered some momentum, enough that it's unlikely > to sputter out, but it's still laughably weak. > > Regards, > Bill Herrin > > > > -- > William Herrin her...@dirtside.com b...@herrin.us > Dirtside Systems . Web: <http://www.dirtside.com/> >
Any Github Experts online ?
Hello NANOGers, I have one customer that claims that 2 out of 17 downloads using the git command on github's service are slow and poor on our network when compared to others. However, when not using the git command , but using a simple web page link to a large zipped file from github, its always nice and fast. Using the git command 8% of the time being slow is unacceptable. Github just doesnt responds lethargically at best. BTW, have you seen how many hex digits a github ticket number is ? Of course Github says try a different ISP...Customer tries to tell me comcast is better ! What ! I dont believe it. No help from Github NOC - we have asked and asked... And we peer with Github and for some reason they do not transmit the Prefixes of the IP range that the customer uses for the git command. github.com resolve IPv4 is not in the prefix list. So the exit is transits. I need more clues. Is it the resources the git command uses when checking files for dates etc ? Thank You Bob Evans CTO
Re: Peering BOF/Peering social @NANOG69?
I suggest in the future NOT to get rid of something because a new method is attempted. I.E nanog had a nice method of identifying potential and existing peers with a simple green dot at registration to indicate an individual was involved with BGP in their company. That went away and today there is nothing. Cost of implementation was less than 5 dollars at any office supply retailer. Just a thought. Thank You Bob Evans CTO > The Peering Personals has been shelved while we try to figure out a better > option. > > There was no peering content submitted to the Program Committee that > justified a separate track, and so they chose to include the content in > the general session throughout the program. > > Regards, > > -Dave > > On Feb 6, 2017, 8:12 AM -0500, Matthew Petach <mpet...@netflight.com>, > wrote: >> I'm squinting at the Guidebook for NANOG69, >> and I don't seem to see any peering BOF or >> peering social this time around. Am I being >> blind again, and it's on the agenda somewhere >> but I'm just overlooking it? >> Pointers in the right direction would be appreciated. >> >> Thanks! :) >> >> Matt >
Re: Peering BOF/Peering social @NANOG69?
On that same topic, Peering, I would like to see the green peering dot for name badges. Kind of "one" of the fundamental things that NANOG came into existing over. Thank You Bob Evans CTO > I'm squinting at the Guidebook for NANOG69, > and I don't seem to see any peering BOF or > peering social this time around. Am I being > blind again, and it's on the agenda somewhere > but I'm just overlooking it? > Pointers in the right direction would be appreciated. > > Thanks! :) > > Matt >
Re: DWDM Optics cheaper than CWDM Optics?
I have been under the impression for years now that the age of the fiber may play a roll in which you prefer due to channel spacing needed to cram in more frequencies. Never really came across a real world situation where one didn't work as well as the other. There is probably more things to consider than the fiber's age. Thank You Bob Evans CTO > Hello, > > fs.com offers DWDM optics that are cheaper than CWDM optics: > CWDM 80km 10G for 600$ > http://www.fs.com/c/cisco-cwdm-sfp-plus-2425?70-80km > DWDM 80km 10G for 420$ > http://www.fs.com/c/cisco-dwdm-sfp-plus-2485?70-80km > > This is significant. > Is this for real? Has anybody bought their DWDM optics? > > Going with DWDM and passive Mux/Demux seems to be cheaper nowadays than > going with CWDM. > > Regards > Karl >
Re: BGP IP prefix hijacking
OOPs the Spam thing is just our firewall indicator to possibility - meet a threshold level - i forgot to remove it when replying. Didnt mean to call your email spam. Thank You Bob Evans CTO > The more tools the better the net can become. > I find that BGPmon.net is pretty good. I have not yet found anything else > as good. > > You put in your prefixes and they email notify you of bgp changes they see > with the AS hop string announcing. Helpful not just for hijacks - but to > know that peers of peers are receiving your prefixes with your ASN. > > Thank You > Bob Evans > CTO > > > > >> Hi All, >> >> I am planning to write a tool to detect real time BGP IP prefix >> hijacking. >> I am glad to know some of the open problems faced by >> providers/companies/community. >> I would like to know how the community is currently dealing and >> mitigating >> with such problems. >> It will be very helpful to know some of the adopted strategies by the >> community to detect bgp IP prefix hijacking and problems that are yet to >> be >> solved. >> Also I would like to know some of the very well industry standard open >> source tools used in the area of BGP which makes life easier. >> >> Regards, >> Nagarjun >> > > >
Re: -Spam- BGP IP prefix hijacking
The more tools the better the net can become. I find that BGPmon.net is pretty good. I have not yet found anything else as good. You put in your prefixes and they email notify you of bgp changes they see with the AS hop string announcing. Helpful not just for hijacks - but to know that peers of peers are receiving your prefixes with your ASN. Thank You Bob Evans CTO > Hi All, > > I am planning to write a tool to detect real time BGP IP prefix hijacking. > I am glad to know some of the open problems faced by > providers/companies/community. > I would like to know how the community is currently dealing and mitigating > with such problems. > It will be very helpful to know some of the adopted strategies by the > community to detect bgp IP prefix hijacking and problems that are yet to > be > solved. > Also I would like to know some of the very well industry standard open > source tools used in the area of BGP which makes life easier. > > Regards, > Nagarjun >
Re: Safe IPv4 Was: Re: premiumcolo.net IP address rental
Well, since someone is listing wholesalers of IPV4 space. I never grabbed any list to spam rental space offers that we have availablebut since all the large competitors are mentioned in your thread here. There is a lot of information on a site I maintain, http://RentIPv4.com It has some good tech information, for those unfamiliar with routing blocks where they can learn more about the IP shortage logistics and how router table limits are effected. Thank You Bob Evans CTO > The emails I've seen are looking to rent FROM us, not TO us. I've > received an email to every one of our ARIN POCs so I assumed they were > scraping whois data and marked it all as spam. > > Aaron > > > On 1/9/2017 12:40 PM, Martin Hannigan wrote: >> On Mon, Jan 9, 2017 at 11:20 AM, Matt Freitag <mlfre...@mtu.edu> wrote: >> >>> Joel, >>> >>> I can't speak to "premiumcolo.net" >>> >> Neither can I, but that may not mean much. Perhaps someone else can >> validate that they're reputable and can execute a transaction end to >> end? >> >> If you need IPv4 addresses for your network: >> >> 1. Make sure you have an IPV6 allocation from your favorite RIR and are >> using it >> 2. Apply for and receive a last /22 from RIPE. EVERYONE can do this. >> 3. Contact a reputable broker. >> >> The ones I have experience with (Alphabetical): >> >> A. Peter Thimmesch at Addrex http://www.addrex.net >> B. Amy Cooper at Hilco Streambank http://www.ipv4auctions.com/ >> C. Mike Burns at http://www.IPTrading.com >> >> ARIN also publishes a list (which is not a requirement to be able to >> transact or support transfers): >> >> >> https://www.arin.net/resources/transfer_listing/facilitator_list.html >> >> Network operators have many choices for answering their IP numbering >> needs >> these days. Including IPv6. >> >> Sorry to be a broken record on this topic, but it seems to come up a >> lot. >> And if you search the archives I'll suspect you'll find something >> similar >> to this a few time now. >> >> An educated network operator is the best kind. That's why we are here. >> >> YMMV and Best, >> >> -M< >> > > -- > > Aaron Wendel > Chief Technical Officer > Wholesale Internet, Inc. (AS 32097) > (816)550-9030 > http://www.wholesaleinternet.com > > >
Amazon BGP engineer for AWS router help.
I have a customer working for an Amazon department/division. Amazon gave this department an AWS connection where we have an AWS cross connect and direct fiber path established. I have the path as well as the customer side BGP router configured and can ping the AWS router. The Amazon department with console access has setup issues and can not bring up BGP. I do not see a single message sent from their AWS virtual BGP router. They won't give me the access to the console to help fix things. They opened a ticket last Saturday and still waiting for AWS staff help. I want to help everyone be successful maybe they will give an Amazon router engineer access to the console. Please contact me via email offline. Thank You Bob Evans CTO
Re: Advertising rented IPv4 prefix from a different ASN.
It's possible that it is a university that has legacy IPs. You have to check. Thank You Bob Evans CTO > Andrew wrote on 8/4/2016 2:39 PM: >> This space is rented long term but they are not interested in >> reassigning the space to us. > > Isn't this a violation of their agreement with ARIN > (https://www.arin.net/resources/request/reassignments.html)? > > > > >
Re: Advertising rented IPv4 prefix from a different ASN.
Hi Andrew, It is possible, but I would do itHere is how and why. If they announce the larger CDIR you will need to keep them as one of you ISP's or you risk losing traffic due to other's inbound policy filtering. However, if they provide you a simple Letter of Authorization to announce the smaller rented CDIR you can use this letter to show other networks that you have the right to announce it and they can email/call to confirm. By announcing the smaller CDIR to others you should see the bulk of the traffic come in via the other backbones. You can "not reliably" multi-home the IPs without keeping the institution as one of your backbone providers (reason I wouldn't do it). You will always need a peering session with them where you announce to them your CDIR or they static route that traffic to you. Thank You Bob Evans CTO > Hello List, > > I work for a medium sized ISP. We are entering an agreement to rent > some IPv4 space from a local higher education institution. Being a > multi-homed ISP we would like to advertise the rented prefix from our > ASN. The prefix that will be advertised is a smaller subnet from the > higher educations block; they will continue to advertise the larger > prefix. > > What is the best way to accomplish this? Is there any way of doing this > without having to tunnel the traffic through the origin ASN? > > I feel if we just adverse the prefix it get put on a bogon list for > prefix hijacking. This space is rented long term but they are not > interested in reassigning the space to us. They also want to keep > advertising their prefix as one contiguous block. > > I appreciate any insight and information. > Thank you for your time, > Andrew. >
Quick question regarding: Problematic IPv6 Multicast traffic within an IX.
Is it true that managed Layer2 switches used by IX's can not block IPv6 multicast ingress port traffic from broadcasting to all ports ? ___Yes , seen many IXs with IPv6 multicast continuing yet IPv4 multicast is blocked. ___No , All should be able to bock IPv6 multicast. ___Only a few specific managed switch manufacturers have this issue with IPv6 multicast broadcasting. You're knowledge on this problem would be helpful. Thank You in advance. Bob Evans CTO
Re: Need BGP route check
Hello, here ya go. Routes: Destination PeerNext-HopLPref Weight MED AS-Path i 129.77.0.0/16 64.118.161.864.118.161.8722 2 0 6939 46887 14607 14607 *>i 129.77.0.0/16 64.118.161.13 64.118.161.13 725 2 0 6939 46887 14607 14607 i 129.77.0.0/16 69.22.143.161 69.22.143.161 355 2 10 4436 46887 14607 14607 i 129.77.0.0/16 216.129.125.5 216.129.125.5 355 2 301 8121 6939 46887 14607 14607 Routes: Destination LPref Weight MED Peer Next-Hop AS-Path - i 2620:0:2810::/48100 1 73060 2001:550:2:58::d:1 2001:550:2:58::d:1 174 46887 14607 14607 *>i 2620:0:2810::/48100 1 10 2001:590::4516:8fa1 2001:590::4516:8fa1 4436 46887 14607 14607 Thank You Bob Evans CTO > One of our upstreams is apparently having problems, although they don't > appear to know about it. I've seen an alert at BGPmon.net about our > prefixes being withdrawn, and I can't locate our prefixes through that > provider on any routeviews. Can someone check to see what ASPATHS you are > seeing for our prefixes? > > 129.77.0.0/16 > 2620:0:2810::/48 > > We should be advertised via AS6128 and AS46887 > > > Matthew Huff | 1 Manhattanville Rd > Director of Operations | Purchase, NY 10577 > OTA Management LLC | Phone: 914-460-4039 > aim: matthewbhuff | Fax: 914-694-5669 > > >
Re: BGP peering strategies for smaller routers
Rib or Fib for the million - thats the question - but in any event the following will most likely work for you. BTW, full table is now over 600K in size. 1) Choose one Transit and take their full table. (pick whatever reasons cost savings, bigger pipe, coin flip, etc.) 2) With the second transit use a filter to drop all everything /22 or smaller. Now check your tables , see if you have enough room. 3) Next add your peers - no filtering and lpref those routes about the transits. 4) Ask both transits to send you a default route. If this doesn't fit, use some more policy filtering and while this is up and running begin the search for a router with larger tables to replace it...as the tables will soon grow larger. Thank You Bob Evans CTO > > > On 2/May/16 21:07, Mike wrote: > >> Hello, >> >> I have an ASR1000 router with 4gb of ram. The specs say I can get >> '1 million routes' on it, but as far as I have been advised, a full >> table of internet routes numbers more than 530k by itself, so taking 2 >> full tables seems to be out of the question (?). > > Sounds like you have enough router resources to do your peering and take > 2 full feeds. > > Mark. >
LighTower - Major issue - Anyone from LIGHTOWER please contact me off list.
Anyone out here from LIGHTOWER please contact me off list. Thank You Bob Evans CTO
Re: About inetnum "ownership"
As far as I know there is no requirement to announce your assigned or legacy owned prefixes to the world. You have the right to announce them. I don't think you can legally stop others from announcing your path to them. Once you publicly announce something, it's out there. Oh well, maybe I didn't get the original question. I thought the discussion was about a network's right to prevent others in the world from announcing/propagating a route to that network's prefixes. Seemed to be a legal question and the field analogy someone put forth seemed to apply well. I can't take credit for that as I simply tuned it and showed how it fit in a historical way. I think a lawyer would probably make this analogy in a court. Thank You Bob Evans CTO > > Interesting demonstration of why retreat to analogies does not help in a > discussion. > > A question: If you stop announcing your routes, where will the world > get them from? > > -- > sed quis custodiet ipsos custodes? (Juvenal) > >
Re: About inetnum "ownership"
The numbers (IP addresses) are not the field. The servers are the field. The numbers are the street addresses of the server. Domain names would be a nick name for the numbers, like PaddingHouse.com is at 55.51.52.1. The BGP table is a road map. That's why it was once called the Super Information Highway, remember? You can sell street/road maps to the stars, and the stars don't have to let you in. Thank You Bob Evans CTO > On Wed, 2016-03-02 at 00:44 -0500, William Herrin wrote: >> Do I have the legal right to exclude others from announcing my block >> of IP addresses to the public Internet routing tables? It's not well >> tested in court but the odds are exceptionally strong that I do. > > If I own some property - say a field - the location of that field is > with certain rare exceptions public information. I as the owner cannot > enforce a requirement on you to NOT tell people where my field is. I > can't demand that you NOT build roads past it, or that you NOT put up > signs saying how to get to my field, or even that you NOT tell people > who owns the field. I have the right to exclusive use of the property, > but I have no rights to information about the property, nor any > property rights outside the boundary of the property. > > Testing in court the idea that you may not advertise my routes would be > a fascinating exercise. If you falsely advertised them it would be a > different matter. > > Has this sort of thing been tested in the courts at all? In any > jurisdiction? > >> Indeed, the whole point of registration is to facilitate >> determination >> of -who- has the exclusive right over -which- blocks of addresses. > > The problem is what rights we are talking about. I would say that > practically speaking the only real right here is the right to configure > an address on an interface. But anyone else can send packets to an > address, or advertise to others the direction of travel towards that > network. Malicious activity excluded of course - DoS attacks and so on, > but I think the issues there are different. Also, contractually > regulated relationships are different - if I connect something up to > ISPX and have a contract with ISPX to NOT advertise the route to me, > then ISPX is constrained. > > Regards, K. > > -- > ~~~ > Karl Auer (ka...@biplane.com.au) > http://www.biplane.com.au/kauer > http://twitter.com/kauer389 > > GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B > Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 > > > >
Re: -48DC electrical supply
I use auto parts stores, if the current isn't much. Your typical thick gauge battery cable can carry quite a bit and auto part stores are everywhere. Thank You Bob Evans CTO > Where do you guys get your supplies (wire, connectors, tools) for -48VDC > stuff? > >
Re: Is it normal for your provider to withhold BGP peering info until the night of the cut?
I agree with Sean. Poor planning always leads to poor service. It sure makes for a fast clumsy cut over. But, you now know that you the customer are not a priority or better planning steps would have been taken for your consideration in advance. Thank You Bob Evans CTO > On Thu, 21 Jan 2016, c b wrote: >> Is this a common SOP nowadays? Anyone care to explain why they wouldn't >> just provide it ahead of time? > > Carrier saves costs by not having a clue, and has no idea which router > will have an open port until they try to plug you in. > > Hope its not a long contract, because customer service never gets better > ... only worse. > > >
Re: IPv4 subnets for lease?
I see it different than Lee ... because, there are no new ipv4 addresses they are all used. I have seen the same spam issue with IP space that is sold. So be careful. I have been involved in both leasing and purchasing IPv4 space. Like everything else you want to check the mileage/usage and look for dents before leasing or buying. No matter which method - verify you are getting clean addresses before spending a dime. Purchasing can be a large upfront investment - leasing is a good option for many. We all know someday the space won't be needed. It's just a matter of when. My advise if you have cash and time buy IPv4 space. If not lease and focus on spending the cash on newer gear that can handle all the /24s and IPv6 prefixes. If leasing, make sure you are dealing with a source that watches carefully and can provide you multi-year contract optioned spaceso you can toss them away when IPv6 is it. Thank You Bob Evans CTO > Leasing is ill-advised; the addresses will be unsellable once the spammers > are through with them. > Really, there¹s no other reason to lease. > > If you want to buy or sell addresses in the ARIN region, some of the > facilitators at > https://www.arin.net/resources/transfer_listing/facilitator_list.html are > pretty good (ask me; I¹ll let you know my opinions privately). > > The only ones I know who will deal in blocks as small as /24 are > http://www.ipv4auctions.com/ > There may be others I don¹t know about. > > Of course you have to ask whether IPv6 is a possible alternative, and you > shouldn¹t go to all the troule and expense of buying addresses without > turning up dual-stack. That would be like spending $20 for a tissue when > you need a $10 cold medicine; it helps, but not for long. > > Lee > > > On 12/17/15, 9:31 PM, "NANOG on behalf of Nick Ellermann" > <nanog-boun...@nanog.org on behalf of nellerm...@broadaspect.com> wrote: > >>We have customers asking to lease IP space for BGP transit with us and >>other peers. But they are struggling to get at a minimum even a Class C, >>even though they have their own ASN. We don't have large amounts of free >>IPv4 space to lease out to a single customer in most cases anymore. Hope >>to at least introduce these customers to some contacts that may be able >>to help. >>Do we know of any reputable sources that are leasing or selling IPv4 >>subnets as small as a /24 to satisfy their diversity needs? Thanks! >> >>Sincerely, >>Nick Ellermann - CTO & VP Cloud Services >>BroadAspect >> >>E: nellerm...@broadaspect.com<mailto:nellerm...@broadaspect.com> >>P: 703-297-4639 >>F: 703-996-4443 >> >>THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >>MATERIAL and is thus for use only by the intended recipient. If you >>received this in error, please contact the sender and delete the e-mail >>and its attachments from all computers. >> >> > > >
Re: Bluehost.com
I think he means to say the rich get richer on the other side of the investment by playing the shorting and the buying of stock in the gambling marketplace. As the stock itself can create a new currency so they make more money playing with that than the actually investment. They are on the inside hence the saying the rich get richer. Thank You Bob Evans CTO > On Wed, Nov 25, 2015 at 5:54 PM, Kiriki Delany <kir...@streamguys.com> > wrote: >> [...] >> >> Bottom line, is the industry needs to be increasing value, because the >> flip >> side working for no profit, surviving off investment only... there's >> no >> end-game. You see this cycle time and time again as market share is >> grabbed, >> then underperforming companies are rolled up. In this process value is >> destroyed. >> >> Ultimately this is also why it's extremely damaging for investors to >> constantly invest in companies that don't make a profit, and don't >> provide a >> successful economical model for the services/products provided. These >> companies largely live on investor money, lose money, and in their wake >> destroy value for the entire industry. Of course the end-game for the >> investors is to make money... I'm always surprised how strong >> investment/gambles are for non-profitable companies. I guess there is no >> end >> to those with too much money that have to place that money somewhere. As >> the >> rich get richer, there will only be more dumb money cheapening the value >> proposition. After all, who needs value when you have willing investors. > > > I'm confused. If these companies largely live on investor money, > lose money, and destroy value...how is it that a scant two sentences > later, the rich are getting richer, and there is _more_ dumb money? > > I would posit the rich get richer because they *do* > see value in the investments they make. That is, > value is being created in these deals...just not for > everyone. > > Matt >
Re: Bluehost.com
Yes, I agree with you Joe - a hasty generalization, as "you get what you pay for" doesn't really apply to as many goods in the same way it does to almost all services. However, a $3.49 web site service should have be a good first clue. Thank You Bob Evans CTO > Walmart has cheap prices so "you get what you pay for."?? > Hasty generalization but I can't disagree 100% with your opinion on this > one. > I am learning about the non-profit world of IT and the challenges are all > around me. :) > > -- > Later, Joe > > On Wed, Nov 25, 2015 at 12:27 PM, Bob Evans <b...@fiberinternetcenter.com> > wrote: > >> >> Gee, for $3.49 for a website hosting per month , it's a real bargain. >> While the network person inside me says, Wow that's a long outage. The >> other part of me is really wondering what one thinks they can really >> expect from a company that hosts a website for just $3.49 ? Such a >> bargain at less than 1/2 the price of a single hot dog at a baseball >> stadium per month. That price point alone tells you about the setup and >> what you are agreeing too and who it's built for. Goes along with the >> ol' >> saying, "you get what you pay for." >> >> If they are down for 10 hours a month out of the average 720 hours in a >> month - thats a tiny percentage 1-2 of the time it's unavailable - in >> service terms of dollars it's roughly a nickel they credit each >> customer. >> Do I need more coffee or is my math wrong about a nickel for 10 hours of >> website hosing ? >> >> However, maybe that is all many companies /sites really need. In which >> case, it should be easy enough to build in backup yourself using two >> cheap >> hosing providers and flip between them when the need arises. Or pick a >> provider that manages their routing well and works with you quickly, >> but, >> you'll have to pay more for that. >> >> Yep, the math spells it out - "you get what you pay for." >> >> Thank You >> Bob Evans >> CTO >> >> >> >> >> > remember folks, redundancy is the savior of all f***ups. >> > >> > :) >> > >> > On Wed, Nov 25, 2015 at 2:21 PM, JoeSox <joe...@gmail.com> wrote: >> > >> >> I just waited 160 minutes for a tech call and the Bluehost tech told >> me >> >> he >> >> was able to confirm that it wasn't malicious activity that took down >> the >> >> datacenter but rather it was caused by a "datacenter issue". >> >> So my first thought is someone didn't design the topology correctly >> or >> >> something. >> >> Some of our emails are coming thru but Google DNS still lost all of >> our >> >> DNS >> >> zones which are hosted by Bluehost. >> >> At least the #bluehostdown is fun to read :/ >> >> -- >> >> Later, Joe >> >> >> >> On Wed, Nov 25, 2015 at 10:04 AM, Stephane Bortzmeyer >> >> <bortzme...@nic.fr> >> >> wrote: >> >> >> >> > On Wed, Nov 25, 2015 at 08:41:55AM -0800, >> >> > JoeSox <joe...@gmail.com> wrote >> >> > a message of 9 lines which said: >> >> > >> >> > > Anyone have the scope on the outage for Bluehost? >> >> > > https://twitter.com/search?q=%23bluehostdown=tyah >> >> > >> >> > The two name servers ns1.bluehost.com and ns2.bluehost.com are >> awfully >> >> > slow to respond: >> >> > >> >> > % check-soa -i picturemotion.com >> >> > ns1.bluehost.com. >> >> > 74.220.195.31: OK: 2012092007 (1382 ms) >> >> > ns2.bluehost.com. >> >> > 69.89.16.4: OK: 2012092007 (1388 ms) >> >> > >> >> > As a result, most clients timeout. >> >> > >> >> > May be a DoS against the name servers? >> >> > >> >> > bluehost.com itself is DNS-hosted on a completely different >> >> > architecture. So it works fine. But the nginx Web site replies 502 >> >> > Gateway timeout, probably overloaded by all the clients trying to >> get >> >> > informed. >> >> > >> >> > The Twitter accounts of Bluehost do not distribute any useful >> >> > information. >> >> > >> >> >> > >> >> >> >
Re: Bluehost.com
For an ISP type service - it's almost impossible the make it up in volume - all you need is one phone call to cost you $10 in support on a $3.50 service. With that many customers you can imagine how many call to just ask what happened or vent after the event is over. I founded a cable modem business prior to docsis standard. Call center with 150 people in it. People would call for help with their printer just because we answered the phone. So support for a $3.49 web service must make compromises somewhere in an attempt to reach profitability. I know of 3 very big ISPs - all barely making money for years. Providing crummy service , priced cheaply and expecting to make it up in volume. Their solution was to merge and lose money together. Still providing a lowball price for service , they then took the profitable parts of the business and sold those to others so they can re-org and improve cash momentarily. The re-org produced the same low prices and crummy service. So it's a cycle some people play just to win money from hedge funds, investors and finally the public. What do they call it when one keeps doing the same thing over and over again expecting a different result ? Low priced services are difficult to make profitable - if you drove your car the way most low priced business services operate you would have a car that top speeds at the minimal freeway speed, wouldnt carry a a spare tire, drive around until the empty light turns on and carry as little insurance as possible. - Gee, come to think of it, I've been in an airport shuttle van like that in new york. Thank You Bob Evans CTO > However, with thousands more users at that price point, you would think > the > income would be plenty for better services. > > Who makes more, the store with smaller quantities at higher prices or the > store that sells more bulk at lower prices? Perception of value, I > believe, > wins. > > Robert > > On Wed, 25 Nov 2015 16:00:37 -0800 > "Bob Evans" <b...@fiberinternetcenter.com> wrote: >> Yes, I agree with you Joe - a hasty generalization, as "you get >>what you >> pay for" doesn't really apply to as many goods in the same way it >>does to >> almost all services. However, a $3.49 web site service should have >>be a >> good first clue. >> >> Thank You >> Bob Evans >> CTO >> >> >>> Walmart has cheap prices so "you get what you pay for."?? >>> Hasty generalization but I can't disagree 100% with your opinion on >>>this >>> one. >>> I am learning about the non-profit world of IT and the challenges >>>are all >>> around me. :) >>> >>> -- >>> Later, Joe >>> >>> On Wed, Nov 25, 2015 at 12:27 PM, Bob Evans >>><b...@fiberinternetcenter.com> >>> wrote: >>> >>>> >>>> Gee, for $3.49 for a website hosting per month , it's a real >>>>bargain. >>>> While the network person inside me says, Wow that's a long outage. >>>>The >>>> other part of me is really wondering what one thinks they can really >>>> expect from a company that hosts a website for just $3.49 ? Such a >>>> bargain at less than 1/2 the price of a single hot dog at a baseball >>>> stadium per month. That price point alone tells you about the setup >>>>and >>>> what you are agreeing too and who it's built for. Goes along with >>>>the >>>> ol' >>>> saying, "you get what you pay for." >>>> >>>> If they are down for 10 hours a month out of the average 720 hours >>>>in a >>>> month - thats a tiny percentage 1-2 of the time it's unavailable - >>>>in >>>> service terms of dollars it's roughly a nickel they credit each >>>> customer. >>>> Do I need more coffee or is my math wrong about a nickel for 10 >>>>hours of >>>> website hosing ? >>>> >>>> However, maybe that is all many companies /sites really need. In >>>>which >>>> case, it should be easy enough to build in backup yourself using two >>>> cheap >>>> hosing providers and flip between them when the need arises. Or pick >>>>a >>>> provider that manages their routing well and works with you quickly, >>>> but, >>>> you'll have to pay more for that. >>>> >>>> Yep, the math spells it out - "you get what you pay for." >>>> >>>> Thank You >>>> Bob Evans >>>> CTO >>>> >>>> >>>> > remember folks, re
RE: Bluehost.com
Kiriki, you nailed it. Explained this perfectly. Thank You Bob Evans CTO > The bottom line is the value/price ratio. We should all be working to add > value. By any means necessary. > > The pitfall of low priced "services", is that it's hard to balance the > support level and lower price for services. > > If Bluehost and lower end web hosters can completely do away with the > support aspect, certainly SAAS can scale. But if a significant part of > your > value proposition is support, it's real hard to get down this low if any > human is ever involved, and if you pay a living wage to your workers. I > really expect at the ultra low end you have to be willing to do away with > live support, and just provide a product that workswith no support. > > Would people want to buy a web host for $3.95 but if they engage support > pay > $15/hour for it? Perhaps that would work... but I think the value > proposition gets skewed in this sense. Those customers paying this little > likely needs support in a variety of ways. The challenge is to do it all > right, so they don't... > > I agree with Bob, more likely they are subsidizing costs with investment > and > hoping to provide a profitable model in the future with enough market > share. > > Bottom line, is the industry needs to be increasing value, because the > flip > side working for no profit, surviving off investment only... there's > no > end-game. You see this cycle time and time again as market share is > grabbed, > then underperforming companies are rolled up. In this process value is > destroyed. > > Ultimately this is also why it's extremely damaging for investors to > constantly invest in companies that don't make a profit, and don't provide > a > successful economical model for the services/products provided. These > companies largely live on investor money, lose money, and in their wake > destroy value for the entire industry. Of course the end-game for the > investors is to make money... I'm always surprised how strong > investment/gambles are for non-profitable companies. I guess there is no > end > to those with too much money that have to place that money somewhere. As > the > rich get richer, there will only be more dumb money cheapening the value > proposition. After all, who needs value when you have willing investors. > > Bottom line is that if it's not worth doing... then maybe it should not be > done. Maybe the race to the bottom is not worth it. Maybe investments that > lose value for an industry should be limited. > > The giant pool of money is now weaponized. > > -Kiriki > > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Bob Evans > Sent: Wednesday, November 25, 2015 5:20 PM > To: Robert Webb > Cc: NANOG > Subject: Re: Bluehost.com > > For an ISP type service - it's almost impossible the make it up in volume > - all you need is one phone call to cost you $10 in support on a $3.50 > service. With that many customers you can imagine how many call to just > ask > what happened or vent after the event is over. > > I founded a cable modem business prior to docsis standard. Call center > with > 150 people in it. People would call for help with their printer just > because > we answered the phone. So support for a $3.49 web service must make > compromises somewhere in an attempt to reach profitability. > > I know of 3 very big ISPs - all barely making money for years. Providing > crummy service , priced cheaply and expecting to make it up in volume. > Their solution was to merge and lose money together. Still providing a > lowball price for service , they then took the profitable parts of the > business and sold those to others so they can re-org and improve cash > momentarily. The re-org produced the same low prices and crummy service. > So it's a cycle some people play just to win money from hedge funds, > investors and finally the public. What do they call it when one keeps > doing > the same thing over and over again expecting a different result ? > > Low priced services are difficult to make profitable - if you drove your > car > the way most low priced business services operate you would have a car > that > top speeds at the minimal freeway speed, wouldnt carry a a spare tire, > drive > around until the empty light turns on and carry as little insurance as > possible. - Gee, come to think of it, I've been in an airport shuttle van > like that in new york. > > Thank You > Bob Evans > CTO > > > > >> However, with thousands more users at that price point, you would >> think the income would be plenty for better services. >> >> Who makes more
Re: Bluehost.com
Gee, for $3.49 for a website hosting per month , it's a real bargain. While the network person inside me says, Wow that's a long outage. The other part of me is really wondering what one thinks they can really expect from a company that hosts a website for just $3.49 ? Such a bargain at less than 1/2 the price of a single hot dog at a baseball stadium per month. That price point alone tells you about the setup and what you are agreeing too and who it's built for. Goes along with the ol' saying, "you get what you pay for." If they are down for 10 hours a month out of the average 720 hours in a month - thats a tiny percentage 1-2 of the time it's unavailable - in service terms of dollars it's roughly a nickel they credit each customer. Do I need more coffee or is my math wrong about a nickel for 10 hours of website hosing ? However, maybe that is all many companies /sites really need. In which case, it should be easy enough to build in backup yourself using two cheap hosing providers and flip between them when the need arises. Or pick a provider that manages their routing well and works with you quickly, but, you'll have to pay more for that. Yep, the math spells it out - "you get what you pay for." Thank You Bob Evans CTO > remember folks, redundancy is the savior of all f***ups. > > :) > > On Wed, Nov 25, 2015 at 2:21 PM, JoeSox <joe...@gmail.com> wrote: > >> I just waited 160 minutes for a tech call and the Bluehost tech told me >> he >> was able to confirm that it wasn't malicious activity that took down the >> datacenter but rather it was caused by a "datacenter issue". >> So my first thought is someone didn't design the topology correctly or >> something. >> Some of our emails are coming thru but Google DNS still lost all of our >> DNS >> zones which are hosted by Bluehost. >> At least the #bluehostdown is fun to read :/ >> -- >> Later, Joe >> >> On Wed, Nov 25, 2015 at 10:04 AM, Stephane Bortzmeyer >> <bortzme...@nic.fr> >> wrote: >> >> > On Wed, Nov 25, 2015 at 08:41:55AM -0800, >> > JoeSox <joe...@gmail.com> wrote >> > a message of 9 lines which said: >> > >> > > Anyone have the scope on the outage for Bluehost? >> > > https://twitter.com/search?q=%23bluehostdown=tyah >> > >> > The two name servers ns1.bluehost.com and ns2.bluehost.com are awfully >> > slow to respond: >> > >> > % check-soa -i picturemotion.com >> > ns1.bluehost.com. >> > 74.220.195.31: OK: 2012092007 (1382 ms) >> > ns2.bluehost.com. >> > 69.89.16.4: OK: 2012092007 (1388 ms) >> > >> > As a result, most clients timeout. >> > >> > May be a DoS against the name servers? >> > >> > bluehost.com itself is DNS-hosted on a completely different >> > architecture. So it works fine. But the nginx Web site replies 502 >> > Gateway timeout, probably overloaded by all the clients trying to get >> > informed. >> > >> > The Twitter accounts of Bluehost do not distribute any useful >> > information. >> > >> >
Re: DNSSEC and ISPs faking DNS responses
This will only create an new private (non-public) DNS service in China or Romania for Canadians to use. Imagine that someone in China starts a business to help people get around censorship in countries other than China. You nailed it - "clueless politicians". Bob Evans CTO > > The Québec government is wanting to pass a law that will force ISPs to > block and/or redirect certain sites it doesn't like. (namely sites that > offer on-line gambling that compete against its own Loto Québec). > > In order to make a good submission to government, once has to boil it > donw to simple enough arguments that clueless politicians can > understand. And for me to do that, I want to make sure I understand this > correctly. > > > I have tried to research DNSSEC and while I understand how a proper DNS > server can validate the chain from the > - root server > - TLD server > - authoritative DNS server for that domain > > I remain in dark with regartds to clients, namely clients who cannot > trust the DNS server supplied as part of DHCP/IPCP/PPPoE responses. > > > Say a consumer wants to connect to lottery.com, which, from the world > outside the ISP, would result in a signed, verifiable response. > > Can't the ISP's DNS server just pretend it is authoritative for > lottery.com and return to client a non-DNSSEC response that points to a > fake IP address ? > > If the client gets an unsigned response for lottery.com from its ISP's > DNS server, how can it know it is a fake response, how can it know that > lottery.com should have generated a signed DNSSEC response ? > > > It seems to me that unless each client goes to the tld servers (they > already have root signatures), get signature of the tld server and > signed response of where "lotery.com" can be found, they have no way to > know whether lottery.com should be signed or not, and whether the answer > they got from their ISP is good or not. > > Is that a proper understanding ? > > > > So far, I have seen good explanations of what happens between DNS > servers and the servers that are authoritative for domain, TLD and root. > But I have seen nothing about clients who only have a resolver that > talks to a DNS server. > > > And while I am at it: when a client gets a legit response from ISP's DNS > server with RRSIG records, how does the client obtain the public key > against which to run the record to ensure its calculated signature > matches that provided in RRSIG ? > > or do DNS servers return the full chain of records so that a request for > lottery.com returns not only record for lottery.com but also .com,s > reply on where lottery.com is and root's reply of where .com is ? > > > Hopefully, I am only missing a small bit that would explain everything > that happens at the client side. But as long as I am told that the > client only talks to the ISP's DNS server, I am at a loss. > > Any help appreciated. (I just watched an hour long youtube on subject > which didn't deal with client much). >
Re: Long-haul 100Mbps EPL circuit throughput issue
Eric, I have seen that happen. 1st double check that the gear is truly full duplexseems like it may claim it is and you just discovered it is not. That's always been an issue with manufactures claiming they are full duplex and on short distances it's not so noticeable. Try to perf in both directions at the same time and it become obvious. Thank You Bob Evans CTO > Hello NANOG, > > We've been dealing with an interesting throughput issue with one of our > carrier. Specs and topology: > > 100Mbps EPL, fiber from a national carrier. We do MPLS to the CPE > providing > a VRF circuit to our customer back to our data center through our MPLS > network. Circuit has 75 ms of latency since it's around 5000km. > > Linux test machine in customer's VRF <-> SRX100 <-> Carrier CPE (Cisco > 2960G) <-> Carrier's MPLS network <-> NNI - MX80 <-> Our MPLS network <-> > Terminating edge - MX80 <-> Distribution switch - EX3300 <-> Linux test > machine in customer's VRF > > We can full the link in UDP traffic with iperf but with TCP, we can reach > 80-90% and then the traffic drops to 50% and slowly increase up to 90%. > > Any one have dealt with this kind of problem in the past? We've tested by > forcing ports to 100-FD at both ends, policing the circuit on our side, > called the carrier and escalated to L2/L3 support. They tried to also > police the circuit but as far as I know, they didn't modify anything else. > I've told our support to make them look for underrun errors on their Cisco > switch and they can see some. They're pretty much in the same boat as us > and they're not sure where to look at. > > Thanks > Eric >
Re: *tap tap* is this thing on?
My spam filtering must be working correctly. Because, I have only seen 1 or 2...this may be the case for those with the privs. Thank You Bob Evans CTO > This spam flood is kinda hilarious in a way. Any idea why no one with > mod or admin privs for the mailing list has bothered to step in and deal > with this? > > > -- > Brielle Bruns > The Summit Open Source Development Group > http://www.sosdg.org/ http://www.ahbl.org >
Re: Static IPs
Hey, Hey Hey, Let's not propagate this more. NANOG is the wrong place for this - it's not technical or problem solving in nature nor is it community based concerns about industry resources and legislation. It's sale-ish. Thank You Bob Evans CTO > A helpful hint from a local broadband provider (I'm trying to wade through > broadband options at home): > > "If your business is online, then you should have an IP address." > > I do find that helps. > > (in fairness, they are talking about static IPs, but it kind of fits with > the rest of their marketing which says their highest speed plans include > the advantage of "most reliable Wifi" when compared to their lower speed > plans) >
Re: Static IPs
Bill, It's my list too. 1) You are wrong for telling me what to do ? 2) Are we suppose to check with you to see how far the list can degrade ? You want to tell me to chill - do it offline like a reasonable participant. You should apologize. Thank You Bob Evans CTO > On Mon, Oct 19, 2015 at 1:19 PM, Bob Evans <b...@fiberinternetcenter.com> > wrote: >> Here's your answerIt's in the charter - join a sales forum >> someplacehere networking means technical network issuesnot >> marketing networking that you find in so many places on the net.. >> >> NANOG serves as a bridge between the technical staff of leading >> Internet >> providers close to network operations, technical communities such as >> standards bodies, and the academic community. NANOG has consistently >> worked to maintain a high level of technical content in meetings and all >> related activities. In striving to achieve these goals, all tutorials >> and >> presentations, including BOF presentations, are reviewed in advance and >> are limited to those entirely of a general technical nature, explicitly >> prohibiting material that relates to any specific product or service >> offerings. For similar reasons, equipment exhibits are limited to >> specified special events at each meeting. - See more at: >> http://nanog.org/history/charter#sthash.HggO2RL6.dpuf > > Chill out Bob. The charter contains many guidelines, few rules. > "Minimize snark" is not one of the list rules. Or even one of the > guidelines. > > -Bill > > > > -- > William Herrin her...@dirtside.com b...@herrin.us > Owner, Dirtside Systems . Web: <http://www.dirtside.com/> >
RE: Static IPs
Here's your answerIt's in the charter - join a sales forum someplacehere networking means technical network issuesnot marketing networking that you find in so many places on the net.. NANOG serves as a bridge between the technical staff of leading Internet providers close to network operations, technical communities such as standards bodies, and the academic community. NANOG has consistently worked to maintain a high level of technical content in meetings and all related activities. In striving to achieve these goals, all tutorials and presentations, including BOF presentations, are reviewed in advance and are limited to those entirely of a general technical nature, explicitly prohibiting material that relates to any specific product or service offerings. For similar reasons, equipment exhibits are limited to specified special events at each meeting. - See more at: http://nanog.org/history/charter#sthash.HggO2RL6.dpuf Thank You Bob Evans CTO > If not to solve problems or as a technical resource, what is the NANOG > for? > > Thank you, > - Nich > >> Hey, Hey Hey, Let's not propagate this more. >> NANOG is the wrong place for this - it's not technical or problem >> solving >> in nature nor is it community based concerns about industry resources >> and >> legislation. It's sale-ish. >> Thank You >> Bob Evans >> CTO > >
Re: IP-Echelon Compliance
WAIT WAIT - I know the solution to all of this. Let's pass a law that requires everyone to fill out a form to buy a device with a MAC address. Make them wait 10 days to verify the buyer has never committed a digital crime. While law enforcement puts it in a pile forms and pretends they can verify through the process of piling and ignoring it. 10 days later, If law enforcement doesn't call - the store can then call the buyer and tell them they can pick up their new potential crime committing internet device. Oh Gee, I see here that I have been living in California too long. Bob Evans CTO BTW, from this thread, I just learned that responding the way the spam email states doesn't make it possible communicate with company personnel - you must first fill out an application and register to communicate ? A kind or opt-in-proof. We get these emails 99% of the time its the same IP address subnets of wi-fi in hotels or schools. They are always 12 hours late and often older - days late - hotel guests customers have checked out or closed their hacked laptop after their lunch meeting. What's a busy hotel staff suppose to do track down a guest MAC addresses - hire better firewall companies to block specific port traffic because of its potential use? Thought that ol' bit-torrent stuff flips ports whenever it needs too ? > Hi Fred, > > I canât find your name, email address or the domain-name from your email > in our mailboxes. > > If you send the request via this webform or via email to the address > specified in the notice, weâll absolutely jump on it and respond ASAP. > > I canât monitor this thread further but please reach out via the > channels described so we can help. > > Cheers, > Seth > >> On Oct 13, 2015, at 2:10 AM, Fred Hollis <f...@web2objects.com> wrote: >> >> At least, we tried contacting you many times, but you ignored all our >> requests. >> >> Still receiving thousands of e-mails not related to our IPs on daily >> basis. >> >>> On 13.10.2015 at 00:04 Seth Arnold wrote: >>> Hi All, >>> >>> Please feel free to get in touch with us to request changes. >>> >>> Expedited processing of your requests is offered through the Notice >>> Recipient Management for ISPs section of our website located here: >>> http://www.ip-echelon.com/isp-notice-management/ >>> <http://www.ip-echelon.com/isp-notice-management/> >>> >>> If you are in the U.S., please also ensure that your change is >>> reflected in the records of the US Copyright Office: >>> http://copyright.gov/onlinesp/list/a_agents.html >>> <http://copyright.gov/onlinesp/list/a_agents.html> >>> >>> >>> Cheers, >>> Seth >>> >
Re: NR Software\Xeex Communications
Equinix is truly one of the worst and over priced in Silicon Valley California. It's why Coresite does so well here. Coresite has less than 48 hour cross connect completion and remote hands the same day for non-emergencies. For rare emergencies you can rush remote hands and Coresite staff gets in your rack right away. We have been treated badly at PAIX PALO ALTO. In their paix palo alto facility they had a bathroom pipe break -we took photos- it rained "literally poured" on our rack. I had to tell the paix staff to run next door at Walgreens and buy all the paper towels they could until someone finds towels. Inches of water on the floor. Zero help or responsibility- giant waste of time. They are still in denial mode. Yet they paid the plumbers to repair the bathroom pipes that broke and had about 5 techs pushing inches of water around. We had to put in new gear and they never paid a dime - I think Equinix doesn't have insurance and doesn't care about your protection even if their facility fails. To our legal letter, their response was that our own insurance should pay. Our insurance didn't want to hear about it, because they cover customers and we had no customers gear involved. Thank You Bob Evans CTO > I know I'm going to be blowing the door wide open on this request, but I'd > be interested in hearing from anyone else that was one of Equinix's first > few customers. The deal I was getting on some services has been unrivaled, > but the support I've received has been unrivaled in the not so pleasant > way. It's time I just moved on. I need a vendor that responds at least > within two weeks or 20 messages, whichever is more. (Twenty sounds like a > lot, but when spread out over two weeks following other weeks of > non-response, I don't think it's out of line.) > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > - Original Message - > > From: "Mike Hammett" <na...@ics-il.net> > To: "nanog group" <nanog@nanog.org> > Sent: Thursday, October 8, 2015 1:38:43 PM > Subject: NR Software\Xeex Communications > > > Does anyone know what's going on over there? Any not-front door phone > numbers, e-mail addresses, etc.? I haven't been getting responses from > them for a while. > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > > >
Re: Prefix hijacking by AS20115
> On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans <b...@fiberinternetcenter.com> > wrote: >> That's something I would do. Announce announce and keep adding ports >> until >> I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in >> a >> blackhole route for the prefixes. Try to pick blocks that are as >> geographically located to your peering routers as possible ...IE in Reno >> pick the blocks that seem to be near by - like Reno, Tahoe, Sacramento >> . when that batch of customers makes their phones ring all night >> someone will listen. >> > > that seems like a pretty poor strategy... guaranteed to get you into > some hot water, I suspect. Keep in mind that the 'noc' at 20115 isn't > the same thing as the customer-service-center. There's likely little > to link the 2 things together there :( You are right - probably creates more problems than good. > >> Would be nice if our membership organization ARIN ( that we all pay to >> keep us somewhat organized) had an ability to do something for you I >> never looked into it...i don't knowmaybe it does ? > > arin does not guarantee 'routability' of netblocks assigned to your org. Yep, I was pretty sure of that - but wouldn't it be nice if arin could have some communication line or at least try. Yes, never any guarantees really. bob > >> But, in the mean time I am pretty sure you can document this well and >> prove your announcements of theirs was due to the fact you couldn't get >> proper technical attention and needed to desperately before your >> customers >> cancel after 8 hours of this. Tomorrow call your lawyers and begin to >> sue >> that cable company (did I recognize that ASN as cable TV ? ) for damages >> this must be causing you in ill-will amongst your customer base. >> >> I wonder just how you prove the damage...some equation based on customer >> calls and complaints together with how many years you have been in >> business as well as the number of contracts that are coming up for >> renewal. etc etc. Now that would be interesting to see a formula for >> that >> if anyone has been through it. >> > > you COULD find a charter person on-list...there are nine names on the > attendees list for the upcoming meeting... I imagine peeringdb likely > has folk listed... gosh it sure does: > > <https://www.peeringdb.com/private/participant_view.php?id=2144> > > what with their emails and everything. > >> Thank You >> Bob Evans >> CTO >> >> >> >> >>> Start announcing their prefixes? >>> >>> Josh Luthman >>> Office: 937-552-2340 >>> Direct: 937-552-2343 >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> On Sep 28, 2015 11:09 PM, "Seth Mattinen" <se...@rollernet.us> wrote: >>> >>>> On 9/28/15 18:30, William Herrin wrote: >>>> >>>>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <se...@rollernet.us> >>>>> wrote: >>>>> >>>>>> I've got a problem where AS20115 continues to announce prefixes >>>>>> after >>>>>> BGP >>>>>> neighbors were shutdown. They claim it's a wedged BGP process but >>>>>> aren't >>>>>> in >>>>>> any hurry to fix it outside of a maintenance window. >>>>>> >>>>> >>>>> If they weren't lying to you, they'd fix it now. That's not the kind >>>>> of problem that waits. >>>>> >>>>> Thing is: they lied to you. Long ago they "helpfully" programmed >>>>> their >>>>> router to announce your route regardless of whether you sent a route >>>>> to them. They want to wait for a maintenance window to remove that >>>>> configuration. >>>>> >>>>> >>>>> I'm at a loss of what else I can do. They admit the problem but won't >>>>> take >>>>>> action saying it needs to wait for a maintenance window. Am I out of >>>>>> line >>>>>> insisting that's an unacceptable response to a problem that results >>>>>> in >>>>>> prefix/traffic hijacking? >>>>>> >>>>> >>>>> Try dropping the link entirely. If they still announce your >>>>> addresses, >>>>> bring it back up but report it as emergency down, escalate, and call >>>>> back every 10 minutes until the junior tech understands that it's >>>>> time >>>>> to call and wake up the guy who makes the decision to fix it now. >>>>> >>>>> >>>> >>>> I'm at the tail end here almost 8 hours later since the hijacking >>>> started. >>>> Their NOC is just blowing me off now and they're happy to continue the >>>> hijacking until it's convenient for them to have a maintenance window. >>>> And >>>> that's apparently the final decision. >>>> >>>> ~Seth >>>> >>> >> >> >
PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
Nice of you to check Jim. This brings up the old idea - A long time ago I had an INOC phone by PCH.NET - It never rang, as we filter our outbound with detail everywhere we announce. ISPs need to provide us their address list. And the few times I needed to use it , no one ever answered. ( It was a decade ago before NANOG membership.) So after a while I too ignored it. Maybe this was an idea ahead of it's time ? From this painful mishap, it could have been a great solution for NOC Engineers to help each. I find peeringdb often outdated as companies change around and sluggish return call if at all. Most are like a sales line number post. I see now a long list of registered networks in the PCH directory. Are networks actually paying attention and using it. Is it time to take another look ? At midnight in your organization could you get a NOC person with " proper BGP skills and access " to answer and care about a bad announcement ? https://inoc-dba-web.pch.net/inoc-dba/console.cgi?op=show_pubdir=org Link above shows lots more networks listed on the INOC-DBA Public Directory: Organizations But have you used it? Did it work for you when you needed it ? Any further comments are appreciated. This seems like a very good proper civil approach - maybe this or something like it ARIN might help promote and endorse as a benefit to the community ? Be nice if with the cash they did something simple like this and got all of us to use it? Special line forwarding ? A Emergency Only NOC App for our phones for just this kind of situation - one that registers a specific ASN and pin code we set on the registration page ? Thank You Bob Evans CTO > > > On 9/28/15, 10:24 PM, "NANOG on behalf of Seth Mattinen" > <nanog-boun...@nanog.org on behalf of se...@rollernet.us> wrote: > >>On 9/28/15 20:19, Martin Hannigan wrote: >>> >>>Is this related to 104.73.161.0/24? That's ours. :-) >>> >>>We'll take a look and get back to you. Thanks for caring! >>> >> >> >>Yep, that's one of the affected prefixes. >> >>~Seth > Hi Seth, which market was this occurring? Was this already removed? I'm > not seeing it this morning. I would like to figure out what went wrong > here. We shouldn't be nailing up any static configuration to have caused > a situation like this. > >
Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
A friend is not someone that allows their company to hijack your prefixes. A friend is one that can get it to stop. Dude - wake up and drink some coffee. Thank You Bob Evans CTO > Hi Bob, > > On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: >> This seems like a very good proper civil approach - maybe this or >> something like it ARIN might help promote and endorse as a benefit to >> the community ? Be nice if with the cash they did something simple >> like this and got all of us to use it? Special line forwarding ? A >> Emergency Only NOC App for our phones for just this kind of situation >> - one that registers a specific ASN and pin code we set on the >> registration page ? > > In this day and age people use IRC or Facebook to quickly get to a > friend of a friend of a friend to get to a good contact. Get on with the > times :-) > > Kind regards, > > Job >
Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115
I have actually found this NANOG email to be more effective than a chat or mombook public service. We need something more private like that. Thank You Bob Evans CTO > A friend is not someone that allows their company to hijack your prefixes. > A friend is one that can get it to stop. Dude - wake up and drink some > coffee. > > Thank You > Bob Evans > CTO > > > > >> Hi Bob, >> >> On Tue, Sep 29, 2015 at 08:05:45AM -0700, Bob Evans wrote: >>> This seems like a very good proper civil approach - maybe this or >>> something like it ARIN might help promote and endorse as a benefit to >>> the community ? Be nice if with the cash they did something simple >>> like this and got all of us to use it? Special line forwarding ? A >>> Emergency Only NOC App for our phones for just this kind of situation >>> - one that registers a specific ASN and pin code we set on the >>> registration page ? >> >> In this day and age people use IRC or Facebook to quickly get to a >> friend of a friend of a friend to get to a good contact. Get on with the >> times :-) >> >> Kind regards, >> >> Job >> > > >
Re: Do you have INOC-DBA set up? (was: Re: PCH.net questions and thoughts - Re: Prefix hijacking by AS20115)
Neils, do you actually work at in a NOC operation with BGP operations and policies you can change - a backbone with customers? If not - I would understand why email is fast enough for you. Maybe SIP iNOC phone isn't the right answer - but it seems to work fine everywhere I go. There just has to be a better way of communicating other than posting an email to a board - which isn't focused on a live network emergency. Something that's self filtered by all of us for a specific use. SayAn email/ text might work well or even better than SIP - if we had an APP that noticed a specific key or coded line plus your ASN to then ring my phone with an urgent ring tone.hence, the idea of an NOC APP for that. Something other than "No I won't do anything different" - an idea or concept something you would embrace for such a moment. The iNOC phone wasn't embraced. Maybe a APP is a better idea than a phone. Thank You Bob Evans CTO > * j...@baylink.com (Jay Ashworth) [Tue 29 Sep 2015, 17:31 CEST]: >>The idea of a private tieline network that is connected, by SIP, to a >> line >>appearance in the NOC of each AS, and no one else is on it, seems like a >>fine idea to me. > > Until you take into account that SIP doesn't work through many > firewalls, that people generally don't give a second thought to > timezones, that network engineers generally dislike having to mess > with voice systems, etc. etc. > > 2 out of 3 INOC-DBA calls I ever received were silent on their end > (presumably) due to firewalls; the third call was a test. > > >>And that was INOC-DBA's original goal, as I understand it: >> >>You're having a problem? It's coming from some specific AS? >> >>Pick up the phone, mash the red INOC line button, dial the AS >>number, and you're talking to their NOC. >> >>And that's *authenticated*: since it's low enough churn to set up >>by hand, it's authenticated by humans. > > In other words, it wasn't secure, it wouldn't scale and churn killed it. > > >>Show of hands: who has it set up, correctly, right now? > > No. There is nothing I'd do after receiving a phone call that I > wouldn't do via email anyway. > > > -- Niels. >
Re: Prefix hijacking by AS20115
That's something I would do. Announce announce and keep adding ports until I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a blackhole route for the prefixes. Try to pick blocks that are as geographically located to your peering routers as possible ...IE in Reno pick the blocks that seem to be near by - like Reno, Tahoe, Sacramento . when that batch of customers makes their phones ring all night someone will listen. Would be nice if our membership organization ARIN ( that we all pay to keep us somewhat organized) had an ability to do something for you I never looked into it...i don't knowmaybe it does ? But, in the mean time I am pretty sure you can document this well and prove your announcements of theirs was due to the fact you couldn't get proper technical attention and needed to desperately before your customers cancel after 8 hours of this. Tomorrow call your lawyers and begin to sue that cable company (did I recognize that ASN as cable TV ? ) for damages this must be causing you in ill-will amongst your customer base. I wonder just how you prove the damage...some equation based on customer calls and complaints together with how many years you have been in business as well as the number of contracts that are coming up for renewal. etc etc. Now that would be interesting to see a formula for that if anyone has been through it. Thank You Bob Evans CTO > Start announcing their prefixes? > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > On Sep 28, 2015 11:09 PM, "Seth Mattinen" <se...@rollernet.us> wrote: > >> On 9/28/15 18:30, William Herrin wrote: >> >>> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <se...@rollernet.us> >>> wrote: >>> >>>> I've got a problem where AS20115 continues to announce prefixes after >>>> BGP >>>> neighbors were shutdown. They claim it's a wedged BGP process but >>>> aren't >>>> in >>>> any hurry to fix it outside of a maintenance window. >>>> >>> >>> If they weren't lying to you, they'd fix it now. That's not the kind >>> of problem that waits. >>> >>> Thing is: they lied to you. Long ago they "helpfully" programmed their >>> router to announce your route regardless of whether you sent a route >>> to them. They want to wait for a maintenance window to remove that >>> configuration. >>> >>> >>> I'm at a loss of what else I can do. They admit the problem but won't >>> take >>>> action saying it needs to wait for a maintenance window. Am I out of >>>> line >>>> insisting that's an unacceptable response to a problem that results in >>>> prefix/traffic hijacking? >>>> >>> >>> Try dropping the link entirely. If they still announce your addresses, >>> bring it back up but report it as emergency down, escalate, and call >>> back every 10 minutes until the junior tech understands that it's time >>> to call and wake up the guy who makes the decision to fix it now. >>> >>> >> >> I'm at the tail end here almost 8 hours later since the hijacking >> started. >> Their NOC is just blowing me off now and they're happy to continue the >> hijacking until it's convenient for them to have a maintenance window. >> And >> that's apparently the final decision. >> >> ~Seth >> >
Re: Service Providers behaviour for dual homed enterprises
What Blake just said below works best - I do this MED together with small-ers all the way to india for video conferencing customers sitting in silicon valley. Thank You Bob Evans CTO > > > Stephen Satchell wrote on 9/24/2015 8:39 AM: >> On 09/23/2015 02:38 PM, Jason Bullen wrote: >>> I've always worked in enterprise only so I thought you guys might be >>> able >>> to help me with this one. >>> We are dual homed to Verizon and AT We prepend all our prefixes out >>> AT to make them least preferred. During a recent issue we found some >>> users were coming in via AT Using various looking glasses it >>> looks like >>> if I use an AT server(route-server.ip.att.net) the best path is the >>> prepended route through AT in fact,I don't even see the VZB >>> route. If I >>> use a 3rd party looking glass(router-server.he.net) I see what I >>> anticipated, which is the shorter AS-Path through VZB. >>> >>> So if my research is correct, the internet prefers Verizon UNLESS >>> they are >>> a direct AT customer then they would use the AT circuit. >>> Is this a standard practice that I should assume to encounter? >>> >>> Thanks in advance >>> >> >> That's been my experience, and with other sets of providers, too. >> >> My current company is dual-homed with AT and Charter Fiber. Those >> customers on UVerse come in the AT link no matter what we do with >> BGP to convince the cloud to let packets come in the fatter pipe. > > Jason, while others have offered acknowledgement of the behavior you are > seeing as well as solutions, I think it might be relevant to point out > that this is simply a matter of BGP best path selection. BGP does not > use AS path length (hops) as its primary path selector. Search for "bgp > best path selection" to find out more about how BGP selects the best > path. As others have noted, local pref is often utilized to control > routing and should be your preferred way to control path selection in > addition to AS path length. However, the ultimate way to control routing > would be to advertise more specific prefixes via the path that you want > traffic to flow. > > --Blake >
Re: ARIN Region IPv4 Free Pool Reaches Zero
IPv4's works better today than ever before. IP space in North America has now officially turned into a revenue source for networks. Most private enterprise customers understand costs and profits. Business does not understand free stuff in a free market. Hence, IPv4 is no longer free in a block range perspective. To any business with rising employee medical insurance, electricity and office rent rates, an IP address cost is just not on the radar. Just not a large enough cost to make IPv6 look financially attractive. Only when IPv4 address costs begin to exceed that of the hardware and labor conversion costs, will IPv6 gain traction in North America. So for the most part your teenage kids will grow up in an IPv4 world until they are probably 30,something. But, your grand kids will see IPv4 as s old. That's all contingent upon all the networks we work on start charging $10 or more per IP address per month. Thank You Bob Evans CTO > Remember, the Internet being fully migrated to IPv6 is just 5 yrs away > just > like fusion power plants is 20 yrs away (although I think now they are > saying 50 yrs away which would make IPv6 12.5 yrs away). (= > > --- > -ITG (ITechGeek) > i...@itechgeek.com > https://itg.nu/ > GPG Keys: https://itg.nu/contact/gpg-key > Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A > Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook: > http://fb.me/Jbwa.Net > > On Thu, Sep 24, 2015 at 4:06 PM, Mike Hammett <na...@ics-il.net> wrote: > >> = >> The whole reason for the inertia >> against going to IPv6 is "it ain't broke, so I not gonna 'fix' it." >> >> Now it's broke. >> = >> >> ^^^This ^^^ >> >> >> >> >> - >> Mike Hammett >> Intelligent Computing Solutions >> http://www.ics-il.com >> >> - Original Message - >> >> From: "Stephen Satchell" <l...@satchell.net> >> To: nanog@nanog.org >> Sent: Thursday, September 24, 2015 2:38:26 PM >> Subject: Re: ARIN Region IPv4 Free Pool Reaches Zero >> >> On 09/24/2015 09:49 AM, Dovid Bender wrote: >> > The issue now is convincing clients that they need it. The other >> > issue is many software vendors still don't support it. >> >> And this may trigger a refresh on routers, as people old or refurbed >> equipment find they need to change. The whole reason for the inertia >> against going to IPv6 is "it ain't broke, so I not gonna 'fix' it." >> >> Now it's broke. >> >> >
Re: Peering + Transit Circuits
Thank You Bob Evans CTO Thank you for the explanation.. However wouldn't a few other other attributes of the traffic show up . e.g. you would have asymmetric traffic.. going out via us, but coming back via a totally another path ? Patrick is correct in the approach you should take. If you don't have much traffic to being with - yes, you are correct that you'll notice a bounce. However, you should build a network so that your average traffic level can grow without having to check things manually. The more you automate the more you and your network are worth. This way you can simply upgrade ports at IX locations in a second without worrying about traffic levels and having to establish new or change existing policies. Thank You Bob Evans CTO BTW, my comment We will trust everything coming in was in ref. to QOS tags. However, if you have a router at the IX which has _only_ peer routes and your routes, that solves the problem. If I send you a packet for Comcast, your peering router will drop it and send an ICMP Network Unreachable. In this scenario, the peering router is feeding routes to a Route Reflector ? and not taking in full routes from the route reflector ? But standard network hygiene will stop those. If there are any resources you could point to for these, I would be much obliged.. Thanks Faisal Imtiaz Snappy Internet Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net - Original Message - From: Patrick W. Gilmore patr...@ianai.net To: nanog list nanog@nanog.org Sent: Tuesday, August 18, 2015 7:12:23 PM Subject: Re: Peering + Transit Circuits Assume you and I are at an IX and peer. Suppose I send you traffic for Comcast. I can do this, even if you do not send me prefixes for Comcast. It requires me to manually configure things, but I can do it. Put another way, you said We will trust everything coming inâ. I am saying that perhaps you should not. As Comcast is not one of your customers, you will have to send the packets out your transit provider. You do not get paid when I give you the packets, and you probably pay your transit provider to get to Comcast. So I have gotten something for free, and you are paying for it - i.e. stealing. Normally a router gets a packet and sends it on its way without looking at the source. However, if you have a router at the IX which has _only_ peer routes and your routes, that solves the problem. If I send you a packet for Comcast, your peering router will drop it and send an ICMP Network Unreachable. No filters to manage, no RIRs to sync, nothing to code, etc. There are evil ways around this if you do not configure your router properly (e.g. send you a prefix for Comcast with next-hop set to inside your network). But standard network hygiene will stop those. And as has been stated, this doesnât have anything to do with URPF either. (Not sure why Nick brought that up, heâs smart enough to know what URPF is and runs an exchange himself, so I think he just brain-farted. Happens to us all.) Hope that made it more clear. -- TTFN, patrick On Aug 18, 2015, at 6:35 PM, Faisal Imtiaz fai...@snappytelecom.net wrote: Let me start backwards... To me 'peering' is sharing internal routes and downstream customer routes,and not external ones. IP transit is all of the external routes including internal routes downstream customer routes Having said that. if one is control of what IP Prefixes get advertised to whom... how exactly someone (peers) 'steal' transit ? (If one is not managing the filters well then yes it is possible, but that would be a configuration error ?) Maybe I am naive, to my Peering routes (relationships) are a subset of IP Transit Routes (relationships) Based on above belief... Then Item # 3, becomes the choice of the OP where one can make one of two starting assumptions... We will trust everything coming in and change what we don't like... or We will not trust anything coming in, and change (accept) what we like. Items # 1 2, would be a function of network design, technical requirements (maintenance window) etc etc.. easier to deal with a distributed edge vs all in one when one has to bring anything down for any reason.. I am open to learning and being corrected if any of the above is wrong ! Faisal Imtiaz Snappy Internet Telecom - Original Message - From: Tim Durack tdur...@gmail.com To: cisco-...@puck.nether.net, nanog list nanog@nanog.org Sent: Tuesday, August 18, 2015 8:29:31 AM Subject: Peering + Transit Circuits Question: What is the preferred practice for separating peering and transit circuits? 1. Terminate peering and transit on separate routers. 2. Terminate peering and transit circuits in separate VRFs. 3. QoS/QPPB ( https://www.nanog.org/meetings/nanog42/presentations/DavidSmith
Re: Super Core Hardware suggestions
Alcatel lucent 7750 Thank You Bob Evans CTO Hey All We are looking for suggestions for a device to act as a super Core Device / MPLS P router only. There seems to be plenty of Chassis based solutions out there that also cater for a lot more. We ideally would like a 1RU or 2RU device - Handling MPLS / IGP only * Ideally 16 to 48 ports of 10Gig - SFP * Non-blocking line rate capable on all ports. * MPLS / OSPF /BFD / ISIS / RSVP-TE capably. * Deep buffers on the ports would also be nice * With a possible option of 40Gig uplinks.. Thanks
DropBox peering issue in SF bay area ? Rare and Odd
Anyone from dropbox please contact n...@fiberinternetcenter.com Multiple peering session - peering sessions are up/established - prefixes are received - but no website and customers complaining to us. Thank You Bob Evans CTO
Re: Working with Spamhaus
Would be nice to have an RBL service that attended NANOG meetings. Would make for a more trusted RBL we can tell customers to make use. Spamhaus ever attend a NANOG meetings ? Thank You Bob Evans CTO On Tue, Jul 28, 2015 at 11:41:08PM -0600, Bryan Tong wrote: Yes that is part of it. There are other blocks they listed as well. Well, http://www.spamhaus.org/sbl/query/SBL263089 has a fair amount of shady stuff going on, and http://www.spamhaus.org/sbl/listings/esited.com gives a pretty decent history of what Spamhaus has been doing. Note the (escalation) entries in there, which indicates a lack of interest on esited.com's part in fixing any of the problems. - Matt
Re: Working with Spamhaus
I see that point - however, spamhaus has become a haus-hold word these days and everyone runs into these issuesits not malware or bots we block from a network level blackhole. Yet it is basic network operations these days to have to deal with someone complaining about their hacked mail server is now fixed yet they cant get mail. We usually tell them the quickest way is to address spamhaus to get it removed and in parallel also move the mail server to a new IP and change the dns and rDNS to the new one. It gets us out of having to help with these RBL issues. When an RBL sends a notice we jump on it and get it to the customer...however, they usually dont send us or the customer anything. Thank You Bob Evans CTO delurk They come to M3AAWG on a regular basis and thereâs the M3AAWG hosting SIG that you might want to participate in. NANOG doesnât always have a mail abuse (and not very many network abuse) session on the agenda, plus just how many people doing routing or DNS seem to even care what their colleagues down the hall in the abuse team are doing or which conferences they attend? I remember a time (under the previous list management) when discussing spam here was deemed OT and non operational - off list warnings, suspensions and such. Ancient history I guess, but still .. /delurk âsrs On 29-Jul-2015, at 10:06 AM, Bob Evans b...@fiberinternetcenter.com wrote: Would be nice to have an RBL service that attended NANOG meetings. Would make for a more trusted RBL we can tell customers to make use. Spamhaus ever attend a NANOG meetings ? Thank You Bob Evans CTO
Re: How long will it take to completely get rid of IPv4 or will it happen at all?
It is true - you I have had to throttle back for years for optimum transport on many carriers. In fact, if you have an ATT transit in your mix of BGP you wont get a ping response at 1500 MTU from that ATT router. On Sun, 28 Jun 2015 08:02:52 -0700, Owen DeLong said: On Jun 27, 2015, at 11:48 , manning bmann...@karoshi.com wrote: Quite a few folks actually. (the 802.5 802.4 specs) . This is kind of like asking when we will stop using ethernet framing (ethernet was designed for a 3Mbps transmission rate) yet we are deploying 100Gbps networks. Still stuck on that 1500byte limitation. When can we get rid of that? Many networks have Its called Jumbo Frames Unfortunately, enough people do things to break PMTU Discovery that it's not usually feasible to send jumbograms outside your directly controlled networks. So you may actually have jumbogram support all the way one end to the other, but you can't rely on it and have to throttle back to 1500 (or even smaller) in self-defense
Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6
It would not surprise me to find ARCnet (Datapoint's) still running in some corner somewhere. Thank You Bob Evans CTO On Jun 29, 2015, at 8:42 AM, Stephen Satchell l...@satchell.net wrote: On 06/29/2015 01:16 AM, a.l.m.bu...@lboro.ac.uk wrote: Hi, I knew several people who built their career path on the assumptions of IPX. Ouch. or DECnet ;-) Or XNS. On the other hand, people did have a nice career with SNA...but they weren't trying to push packets over the LAT -jav
How long will it take to completely get rid of IPv4 or will it happen at all?
Our fundamental issue is that an IPv4 address has no real value as networks still give them away, it's pennies in your pocket. Everything of use needs to have a cost to motivate for change. Establishing that now won't create change it will first create greater conservation. There will be a cost that will be reached before change takes place on a scale that matters. Networks set the false perception and customer expectation that address space is free and readily available. Networks with plenty, still land many customers today by handing over a class C to customer with less than 10 servers and 5 people in an office. We have a greater supply for packets to travel than we do for addresses required to move packets. Do you know how many packets a single IP address can generate or utilize, if it was attached too The World's Fastest Internet in someplace like Canadaland or Sweden on init7's Fiber7 ? No matter how large the pipe the answer is always, all of it. It's address space we should now place a price upon. Unlike, My Space's disappearance when Facebook arrived there is no quick jump to IPv6. There is no coordinated effort required that involves millions of people to change browser window content. But to answer your question... Everything that is handed over for free is perceived as having no value. Therefore, IPv4 has to cost much more than the cost to change to IPv6 today. While the IPv6 addresses are free, it is expensive to change. Businesses spend lots of money on a free lunches. It's going to take at least the price of one good lunch per IP address per month to create the consideration for change. That's about $30 for 2 people in California. Offering a /48 of free IPv6 space to everyone on the planet didn't make it happen. There is no financial incentive to move to IPv6. In fact there is more reason not to change than to change. The new gear cost $$$ (lots of it didn't work well and required exploration to learn that), IT people need hours to implement (schedules are full of day-to-day issues), networks keep growing with offerings that drop Internet costs and save everyone money, business as usual is productive on IPv4 (business doesn't have time for distraction), many of us get distracted by something more immediate and interesting than buying a new wi-fi router for the home. What will come first ? A) the earths future core rotation changes altering the ionosphere in such a way that we are all exposed to continuous x-rays that shorten our lifespan OR B) the last IPv4 computer running will be reconfigured to IPv6 Thank You Bob Evans CTO Randy, How long do you think it will take to completely get rid of IPv4? Or is it even going to happen at all? On Sat, Jun 27, 2015 at 4:57 AM, Randy Bush ra...@psg.com wrote: the rirs have run out of their free source of short ints to rent to us. i am sure everyone will move to ipv6 in a week. news at eleven. randy
Re: How long will it take to completely get rid of IPv4 or will it happen at all?
When will the change happen then you might ask. Very simple. If the largest destinations like fb/twitter and others start to drop v4. Agreed, IPv4 will be here a long time, because, not one company will risk financial loses and stock devaluation over address space. The day that a large company flips to IPv6 only in an IPv4 world will be the day to short as many shares of that stock as possible. This creates the big market for IPv4. Costs price per IP address must get beyond the price of a good lunch once per month. Because, that's an amount that businesses understand and begin to pay attention. IPv4 address space is now a profit center and will cost more to the end user than transit and network costs... Or... how will IPv6 catch on in any other way ?
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
Thanks Jared Cables are 3 to 6 feet long - swapped them out already. All cables manufacture made purchased. They plug into the switch directly. Each switch is them multi-mode fiber back to a main switch where the edgeMax router and other gear are connected. Bob Evans I have a variety of their gear and don't have problems like this. Have you run a cable tester on the wiring? This sounds quite odd and is something I haven't seen. They do most of their support in their forums vs email. The email is mainly for RMA support. What version software is on your controller and the UAP-Pros? Jared Mauch On Jun 19, 2015, at 6:01 AM, Bob Evans b...@fiberinternetcenter.com wrote: Ubiquiti Networks UniFi UAP-PRO Enterprise WiFi System - hard to recommend at this point. We saw people mention this brand here on the list - people like them. So what could we have set incorrectly ? They drop link and re-provision on their own at odd times day or night. We have completed everything tech support asked of us. (Really, lame emails they respond with as if they didn't read your text - they won't call and you can't call them). We used POE from ciscos - then changed to their POE provided. They didn't recommend it, but we plugged them all into APC UPSes. no difference. They all re-provision at different times even when no one is connected or in the building at odd hours like 2am. Each one does this 2-3 times per 24 hour period. Has anyone else experienced this? Anyone know what we may have set incorrectly ? Is this normal - do people put up with the 2 mins the APs are unavailable about 3 times a day? (UniFi support acts like it's not a big issues.) We use the UniFi controller on mac os x. We use their EdgeMax Edge Router. All the latest software in everything UniFi. Thank You Bob Evans
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
Mel, Thanks, for all the detail. Everything is in doors and directly connected by new 3 to 6 foot manufactured cables on a cisco switches. All cables have been changed - even tired crossover cables - same results. I'm thinking it has something to do with the controller communications...All these APs shouldn't need a controller after configuration and boot up. But we leave it up. Thank You Bob Evans CTO Bob, I've deployed tons of Ubiquiti gear, and have seen this problem before. It always turns out to be poor quality cable installation. POE does not tolerate low quality connectors, especially in outdoor environments. There are many aspects to a quality cabling job, so the best thing you can do is seek out a qualified installer with outdoor POE experience. The most common problem I see is people using crimp-on RJ45 connectors directly on the ends of their cable runs. This is not how structured cabling is designed to work, in particular because most crimp-on connectors are intended for stranded copper wire (such as that used in very flexible patch cords, designed to run horizontally over only a few dozens of feet), whereas the riser and plenum cable used for long-distance runs has solid core wires. The tiny teeth in standard crimp connectors are designed to penetrate stranded wire, to make a solid electrical contact. With solid core wire, they just bend to the side of the copper core, making tenuous contact, which will conduct POE current poorly (resulting in the resets you see) and eventually fail altogether as the improper connection corrodes over time. The correct installation process is to use punch-down RJ45 jacks at each end of the cable run, and connect from those jacks to your equipment (radio at one end, POE switch at the other). On the outdoor side, the jack/plug junction needs to be in a NEMA weatherproof enclosure, with weathertight fittings. And, for human and equipment safety, you must use shielded Cat5e/6 cable anytime you go outdoors, grounding only one end (usually the radio end), and protecting the cable with an inline lightning protector between the RJ45 jack and the radio. If you haven't done that, then that's the first thing to fix. BTW, avoid homemade patch cables whenever possible. Quality factory cables are hydraulically pressed and the plug is hermetically fused for a vastly superior connection compared to anything you can do with simple hand crimpers. And all outdoor cables must be UV-grade cabling with weatherproof sheathing and water repellant inside (so-called flooded cable). -mel beckman On Jun 19, 2015, at 4:54 AM, Hal Ponton h...@buzcom.net wrote: What version of the controller are you using, we're running 3.something at that works fine. We've turned off auto update on all of the sites on the server, and Nagios monitors them, we certainly don't see reboots 2-3 times a day, the last time ours rebooted was when we lost power at our office. Contact me off list if you want me to take a look. Regards, Hal Ponton Senior Network Engineer Buzcom / FibreWiFi Tel: 07429 979 217 Email: h...@buzcom.net On 19 Jun 2015, at 11:01, Bob Evans b...@fiberinternetcenter.com wrote: Ubiquiti Networks UniFi UAP-PRO Enterprise WiFi System - hard to recommend at this point. We saw people mention this brand here on the list - people like them. So what could we have set incorrectly ? They drop link and re-provision on their own at odd times day or night. We have completed everything tech support asked of us. (Really, lame emails they respond with as if they didn't read your text - they won't call and you can't call them). We used POE from ciscos - then changed to their POE provided. They didn't recommend it, but we plugged them all into APC UPSes. no difference. They all re-provision at different times even when no one is connected or in the building at odd hours like 2am. Each one does this 2-3 times per 24 hour period. Has anyone else experienced this? Anyone know what we may have set incorrectly ? Is this normal - do people put up with the 2 mins the APs are unavailable about 3 times a day? (UniFi support acts like it's not a big issues.) We use the UniFi controller on mac os x. We use their EdgeMax Edge Router. All the latest software in everything UniFi. Thank You Bob Evans
Ghosts in our 6 New Ubiquity Pros - provision issues.
Ubiquiti Networks UniFi UAP-PRO Enterprise WiFi System - hard to recommend at this point. We saw people mention this brand here on the list - people like them. So what could we have set incorrectly ? They drop link and re-provision on their own at odd times day or night. We have completed everything tech support asked of us. (Really, lame emails they respond with as if they didn't read your text - they won't call and you can't call them). We used POE from ciscos - then changed to their POE provided. They didn't recommend it, but we plugged them all into APC UPSes. no difference. They all re-provision at different times even when no one is connected or in the building at odd hours like 2am. Each one does this 2-3 times per 24 hour period. Has anyone else experienced this? Anyone know what we may have set incorrectly ? Is this normal - do people put up with the 2 mins the APs are unavailable about 3 times a day? (UniFi support acts like it's not a big issues.) We use the UniFi controller on mac os x. We use their EdgeMax Edge Router. All the latest software in everything UniFi. Thank You Bob Evans
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
Mike, Good to know they are reliable. It is an odd looking problem. We will try the forums. Thank You Bob Evans I've had their gear for a few years now. It's effectively up until I upgrade the software. Might want to ask on their forums or on the WISPA UBNT list. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: Bob Evans b...@fiberinternetcenter.com To: nanog@nanog.org Sent: Friday, June 19, 2015 5:01:49 AM Subject: Ghosts in our 6 New Ubiquity Pros - provision issues. Ubiquiti Networks UniFi UAP-PRO Enterprise WiFi System - hard to recommend at this point. We saw people mention this brand here on the list - people like them. So what could we have set incorrectly ? They drop link and re-provision on their own at odd times day or night. We have completed everything tech support asked of us. (Really, lame emails they respond with as if they didn't read your text - they won't call and you can't call them). We used POE from ciscos - then changed to their POE provided. They didn't recommend it, but we plugged them all into APC UPSes. no difference. They all re-provision at different times even when no one is connected or in the building at odd hours like 2am. Each one does this 2-3 times per 24 hour period. Has anyone else experienced this? Anyone know what we may have set incorrectly ? Is this normal - do people put up with the 2 mins the APs are unavailable about 3 times a day? (UniFi support acts like it's not a big issues.) We use the UniFi controller on mac os x. We use their EdgeMax Edge Router. All the latest software in everything UniFi. Thank You Bob Evans
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
We have all APs set with static addresses. EdgeMax only hands out IPs to clients using the APs. This happens when people are using the APs and when no one is even in the building at 2am when there are no clients connected. It can happen to one then 5 hours later it happens again...then doesn't happen again for 12 hours. Totally random no interval. It is nice to know that others have no issues with these UniFi AP Pros. They seem to be fine except for the 2 mins or so they randomly drop link and reboot themselves. All are on APC UPSes and other devices in the same switch , like voip phones, never drop the ports. They are all new, delivered in various batches over time. We checked and all are the latest versions. Bob Evans The IP can change on the UniFi without having to re-adopt or re-provision. APs are identified by MAC address at the UniFi protocol level (not layer 2). On 06/19/2015 09:09 AM, Naslund, Steve wrote: Here is another though. If your APs are re-provisioning every eight hours, what is your DHCP lease time? Are you sure the APs are able to renew their leases (if not, could your scope be full)? Do you see the IP addresses on the APs changing when they come back up? These could indicate a DHCP server issue. If the AP gets a new IP address it will likely have to be re-adopted to the controller. You might want to static address one or more APs to test this theory. Steven Naslund Chicago IL
RE: Ghosts in our 6 New Ubiquity Pros - provision issues.
That's possible but I if they are re-provisioning on a regular schedule I kind of doubt it. It would be easy to test though. Plug an AP directly into your switch with a quality pre-manufactured patch cord and see how it acts. If it exhibits the same symptom it is probably not cabling. Also, have you checked your interface counters for any packet errors? Yes, no packet errors crcs or frags. Don't forget to look at your controller because if the controller became unreachable for any length of time that could easily cause your APs to re-provision as they reconnect with the controller. This is did not know - thought the controller was just to provision and monitor. After all why would a manufacturer make one point of failure for a campus setup that uses thier own edgerouter for the dhcp etc. Doesnt seem correct. But will will investigate it. I might set up a ping every second from the site of the access points to the controller and make sure the availability of the controller is 100%. Yes that and what the ciscos report on the port link. If you are on Cisco switches you should have log messages regarding PoE be granted on particular ports as well as up down messages on the interfaces. Yep and we get them. Do you see the ports going up and down? It is important to have NTP on the APs and switches so that you can correlate events in time (i.e. did the AP reboot causing the Ethernet link to drop or did the link drop causing the reboot?) I am sure its the APs dropping - as non of the other devices VOIP phones etc drop in the logs. Thanks Steven Bob Steven Naslund Chicago IL Bob, I've deployed tons of Ubiquiti gear, and have seen this problem before. It always turns out to be poor quality cable installation. POE does not tolerate low quality connectors, especially in outdoor environments. There are many aspects to a quality cabling job, so the best thing you can do is seek out a qualified installer with outdoor POE experience. The most common problem I see is people using crimp-on RJ45 connectors directly on the ends of their cable runs. This is not how structured cabling is designed to work, in particular because most crimp-on connectors are intended for stranded copper wire (such as that used in very flexible patch cords, designed to run horizontally over only a few dozens of feet), whereas the riser and plenum cable used for long-distance runs has solid core wires. The tiny teeth in standard crimp connectors are designed to penetrate stranded wire, to make a solid electrical contact. With solid core wire, they just bend to the side of the copper core, making tenuous contact, which will conduct POE current poorly (resulting in the resets you see) and eventually fail altogether as the improper connection corrodes over time. The correct installation process is to use punch-down RJ45 jacks at each end of the cable run, and connect from those jacks to your equipment (radio at one end, POE switch at the other). On the outdoor side, the jack/plug junction needs to be in a NEMA weatherproof enclosure, with weathertight fittings. And, for human and equipment safety, you must use shielded Cat5e/6 cable anytime you go outdoors, grounding only one end (usually the radio end), and protecting the cable with an inline lightning protector between the RJ45 jack and the radio. If you haven't done that, then that's the first thing to fix. BTW, avoid homemade patch cables whenever possible. Quality factory cables are hydraulically pressed and the plug is hermetically fused for a vastly superior connection compared to anything you can do with simple hand crimpers. And all outdoor cables must be UV-grade cabling with weatherproof sheathing and water repellant inside (so-called flooded cable). -mel beckman
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
Thank You Charles, Been on NANOG a while - all the basic stuff we know well. Like, cables, cluster occurrences etc. Looking for the UniFi specific experience. Its not the switches, power, cables, ports show no CRC issues etc. We even setup another network with just 2 and it happens randomly - so its some code or something. Think I'm going to let one of the guys here login the the controller and see if we missed a setting in the latest code. NANOGs real good at having someone with specific targeted knowledge appear. Thank You Bob Evans CTO On 2015-06-19 05:01, Bob Evans wrote: Ubiquiti Networks UniFi UAP-PRO Enterprise WiFi System - hard to recommend at this point. We saw people mention this brand here on the list - people like them. So what could we have set incorrectly ? They drop link and re-provision on their own at odd times day or night. Drop link all the way down to layer 1? What does re-provision mean? Lose/re acquire DHCP lease? \ What is your network topology? What kind of switches are you using? What's the length of the cable runs? Have you had an electrician check your wiring? How many access points are you running? How many fail? Do they fail in any kind of cluster/pattern? That's just the basic questions. Lots more information needed if you want free support from the NANOG hive mind :D They have millions of satisfied customers in deployments from some of the worlds largest shopping malls to multi state ISPs. Different gear across that customer base of course. We have completed everything tech support asked of us. (Really, lame emails they respond with as if they didn't read your text - they won't call and you can't call them). We used POE from ciscos - then changed to their POE provided. POE from ciscos mid span injector, or switch port? They didn't recommend it, but we plugged them all into APC UPSes. no difference. The midspan injectors you mean? H, wonder why they didn't want you to put them in UPS. Did they provide any explanation? They all re-provision at different times even when no one is connected or in the building at odd hours like 2am. Each one does this 2-3 times per 24 hour period. Interesting. Any repeated offenders? Has anyone else experienced this? Anyone know what we may have set incorrectly ? Is this normal - do people put up with the 2 mins the APs are unavailable about 3 times a day? (UniFi support acts like it's not a big issues.) Do they come back on their own? What's the downtime time window? We use the UniFi controller on mac os x. Mac OSX isn't a server platform. Sorry. Use Windows 2k12 or Ubuntu Server (or your favorite debian or Redhat flavor). I've had zero problems on either of those platforms. What's the topology between the access points and your controller server?
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
Mell, God idea , but , yes we did - no loops all are spokes - we know cabling and setup our switches and routers to syslog those events. Thank You Bob Evans CTO Have you done a network analysis for viruses or bridge loops? This could be a broadcast storm caused by either of those network faults. -mel On Jun 19, 2015, at 10:08 AM, Sam Tetherow tethe...@shwisp.net wrote: Only have 1 Pro on my network and it hasn't given me any issues, several of the original AP and AP-LR as well without issues. What is the uptime on the AP? You should be able to ssh into the APs using the controller username and password. It is a linux base so 'uptime' will tell you. You can also check for ethernet errors using 'ip -s link' on the AP side. On 06/19/2015 11:45 AM, Bob Evans wrote: We have all APs set with static addresses. EdgeMax only hands out IPs to clients using the APs. This happens when people are using the APs and when no one is even in the building at 2am when there are no clients connected. It can happen to one then 5 hours later it happens again...then doesn't happen again for 12 hours. Totally random no interval. It is nice to know that others have no issues with these UniFi AP Pros. They seem to be fine except for the 2 mins or so they randomly drop link and reboot themselves. All are on APC UPSes and other devices in the same switch , like voip phones, never drop the ports. They are all new, delivered in various batches over time. We checked and all are the latest versions. Bob Evans The IP can change on the UniFi without having to re-adopt or re-provision. APs are identified by MAC address at the UniFi protocol level (not layer 2). On 06/19/2015 09:09 AM, Naslund, Steve wrote: Here is another though. If your APs are re-provisioning every eight hours, what is your DHCP lease time? Are you sure the APs are able to renew their leases (if not, could your scope be full)? Do you see the IP addresses on the APs changing when they come back up? These could indicate a DHCP server issue. If the AP gets a new IP address it will likely have to be re-adopted to the controller. You might want to static address one or more APs to test this theory. Steven Naslund Chicago IL
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
Great details ! Going to implement now. Thank You Bob Evans CTO On 6/19/15 10:57 AM, Bob Evans wrote: Thank You Charles, Been on NANOG a while - all the basic stuff we know well. Like, cables, cluster occurrences etc. Looking for the UniFi specific experience. Its not the switches, power, cables, ports show no CRC issues etc. We even setup another network with just 2 and it happens randomly - so its some code or something. Think I'm going to let one of the guys here login the the controller and see if we missed a setting in the latest code. NANOGs real good at having someone with specific targeted knowledge appear. I've got a bunch of regular UAPs spread out over multiple customers with various network setups including ERLs as routers, CenturyLink POS modems of various generations, Dink routers, etc. My controller is hosted off-site in Tacoma in our data center. Some issues I've run into, particularly on the consumer devices like the older CenturyLink/Qwest modems... 1) Broken MTU clamping/fixing on PPPoE links, causing the UAPs to have problems making a connection to the remote controller. Worked around by messing with the MSS using iptables on specifically the tcp/8080 and tcp/8443 port on the controller end. Other devices, had to make sure to disable the firewall feature on modem, in order to get it to stop eating ICMP packets (and thus breaking pmtu). 2) Faulty DNS server daemons on the routers. The UAPs would have issues randomly resolving the controller's IP address from hostname. Have this problem time to time with anyone using the built in DNS servers on the CenturyLink/Qwest modems. Resolved this issue by statically defining IP and DNS servers on the UAPs (DNS server set to 8.8.8.8). Also had to disable the firewall on one of the routers to get it to not intercept/mangle DNS packets. These two issues alone have caused me major issues with the devices randomly being unable to get new configurations or download firmware updates. On network switches connected to the UAPs, make sure that you've got the port set to whatever the switches' version of cisco 'portfast' is. In the Site Settings under the Unifi controller, disable Enable connectivity monitor and wireless uplink and see if the problem eases up. If you need to use the uplink monitor, manually set the IP you want to check with, and make sure the UAPs can actually ping said IP. I'm the head mod for /r/Ubiquiti, so feel free to bounce things off of me privately with your Unifi setup, and I'll be happy to give you a hand. I can also direct you to the unofficial Ubnt IRC channel where you can get a bunch more opinions. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
This is very helpful information. We will be implementing these steps. Thank You Bob Evans CTO On 6/19/15 12:26 PM, char...@thefnf.org wrote: snipped comments about much cpe sadness These two issues alone have caused me major issues with the devices randomly being unable to get new configurations or download firmware updates. Question. Once they have connected and are happy, do they drop off (re provision) like Bob is mentioning? I'm still not entirely sure what is meant by re provision. I've not seen it answered in the thread. Reprovisioning with Unifi happens any time you make a configuration change. The next time the device does it's check-in (don't remember how often it checks in, but its at least once a min), the UAP will get a copy of its updated configuration, load it, then activate the changes (and reboot if necessary). If the device never goes out of provisioning state, then it hasn't managed to pull its configuration or firmware properly and will likely keep trying. When the device is having complete connection issues, it will show up as Disconnected rather then Provisioning in the controller. Useful thing I've done - when a device is randomly having issues with provisioning, I'll setup the remote syslog option in the config, and have it remote log to my controller's syslog. Usually, it will dump exactly the reason why its failing the provision to syslog, making it easier to diagnose. I'm the head mod for /r/Ubiquiti, so feel free to bounce things off of me privately with your Unifi setup, Didn't know that sub reddit existed. Awesome. Its not as busy as the forums, but there's sometimes good info there. There's also the IRC channel as well, which has a mix of users and some Ubnt employees. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Ghosts in our 6 New Ubiquity Pros - provision issues.
re-provisioning is to go to the controller find its config and reboot. Thank You Bob Evans CTO snipped comments about much cpe sadness These two issues alone have caused me major issues with the devices randomly being unable to get new configurations or download firmware updates. Question. Once they have connected and are happy, do they drop off (re provision) like Bob is mentioning? I'm still not entirely sure what is meant by re provision. I've not seen it answered in the thread. I'm the head mod for /r/Ubiquiti, so feel free to bounce things off of me privately with your Unifi setup, Didn't know that sub reddit existed. Awesome.
Re: Greenfield 464XLAT (In January)
Actually , there is no better audience that I know of to ask this question. And my information might be more marketing related and hardware skeptical. My IPv6 direction choice was much easier than yours. You need to figure out how to build an IPv4 network today from scratch in a world where the IPv4 bus ride seats have largely assigned. When we setup our IPv6 ability, I chose to build a native IPv6 network. Tunneling and translation devices left me wondering about packet flow at those gateway points. Aside from verbal sales assurances, I still had the feeling that under loads these devices would break momentarily or cause latency issues. For web and email services it's not a big issue. Sure everyone could show me a twitch game playing well or a video conference call, but what happens when the device is under load or attacked ? Will service latency be detected by a cleaver well known gamer ? One that points to the issue as a flaw that makes others think our network is unusable for all kinds of services ? Overcome issues like this ISP forces you to use IPv6 ? The hardware costs can be small compared to consumer perceptions marketing dollars. So you might position to pitch upfront your new world Internet service from day one. European and Comcast has been implementing NAT 6 related things for years. My son made me move his connection to the smallest bandwidth DSL on ATT for his games. However, our Comcast has been fine perfectly for watching Amazon and Netflix streaming (most of the time). Thank You Bob Evans CTO Sincere apologies if this e-mail is inappropriate for this audience, We are (going to be) a startup ISP building a new network from the ground up. I was hoping I could get an opinion, or two, on how everyone feels about 464XLAT. I saw what everyone was saying about it in the 'Android doesn't support DHCPv6' discussion, but what about in the wireline side of things? The main reason we are even considering 464XLAT as opposed to dual-stack (the latter is, in my ignorant opinion, the better option.) is the fear of IPv4 depletion that we think might hit ARIN between now and the start of next year; causing us to pay a premium for IPv4 in the gray market. So I guess the real question here would be: is our fear real, or is it just bug on the wall? If our fear is real, what should we implement so that our users can still get to the v4 internet, are we even thinking soberly by suggesting 464XLAT? Thanks, - Nich
RE: Greenfield 464XLAT (In January)
I mean marketing/salesman like pitch. When you have something so new and familiarity is always the desire of the day by IT managers (hence, all the cisco only fans), it's better to be upfront and pitch it as new and improved before others decide to call it something else and choose a different network. We began with IPv4. Then many of us members at both ARIN and NANOG all agreed to push IPv6. I looked at all the methods available and decided we would build native IPv6 network and give the customer both. S, the networks are separate from each other and provided to customers on via separate ports. There is no place in our network where you can hop from IPv6 to IPv4 and visa versa. The customer can install such gear in their LAN and make routing those decisions at their end. (Now years later, a very tiny percentage of customers have link on their IPv6 port.) If anyone complains, it's the customers choice of gear or routing issues at their end, as nothing in our network is NATed. Thereby, reducing our potential service labor costs of dealing with a customers understanding of trace routes in NAT space - and other similar issues that they try to make your staff's problem. Thank You Bob Evans CTO A network needs users or it is useless. I am curious as to how your native IPv6 network communicated with (if at all) the v4 world. Has anyone confronted you about your network being IPv6? I might have problems with reading comprehension, but in your statement So you might position to pitch upfront your new world Internet service from day one., do you mean pitch as in, setup; or pitch as, into the trash. Thank you, - Nich Warren -Original Message- From: Bob Evans [mailto:b...@fiberinternetcenter.com] Sent: Thursday, June 11, 2015 9:20 AM To: Nicholas Warren Cc: nanog@nanog.org Subject: Re: Greenfield 464XLAT (In January) Actually , there is no better audience that I know of to ask this question. And my information might be more marketing related and hardware skeptical. My IPv6 direction choice was much easier than yours. You need to figure out how to build an IPv4 network today from scratch in a world where the IPv4 bus ride seats have largely assigned. When we setup our IPv6 ability, I chose to build a native IPv6 network. Tunneling and translation devices left me wondering about packet flow at those gateway points. Aside from verbal sales assurances, I still had the feeling that under loads these devices would break momentarily or cause latency issues. For web and email services it's not a big issue. Sure everyone could show me a twitch game playing well or a video conference call, but what happens when the device is under load or attacked ? Will service latency be detected by a cleaver well known gamer ? One that points to the issue as a flaw that makes others think our network is unusable for all kinds of services ? Overcome issues like this ISP forces you to use IPv6 ? The hardware costs can be small compared to consumer perceptions marketing dollars. So you might position to pitch upfront your new world Internet service from day one. European and Comcast has been implementing NAT 6 related things for years. My son made me move his connection to the smallest bandwidth DSL on ATT for his games. However, our Comcast has been fine perfectly for watching Amazon and Netflix streaming (most of the time). Thank You Bob Evans CTO Sincere apologies if this e-mail is inappropriate for this audience, We are (going to be) a startup ISP building a new network from the ground up. I was hoping I could get an opinion, or two, on how everyone feels about 464XLAT. I saw what everyone was saying about it in the 'Android doesn't support DHCPv6' discussion, but what about in the wireline side of things? The main reason we are even considering 464XLAT as opposed to dual-stack (the latter is, in my ignorant opinion, the better option.) is the fear of IPv4 depletion that we think might hit ARIN between now and the start of next year; causing us to pay a premium for IPv4 in the gray market. So I guess the real question here would be: is our fear real, or is it just bug on the wall? If our fear is real, what should we implement so that our users can still get to the v4 internet, are we even thinking soberly by suggesting 464XLAT? Thanks, - Nich
nanog.org Website down ?
Not sure what's up - however I see what's down this AM. From the hotel nanog.org was not reachable. S, I tunneled out of the hotel to my office, still not reachable at 6:15 AM nanog.org (50.31.151.73) www.nanog.org (50.31.151.73) Bob Evans CTO Fiber Internet Center
Re: Alcatel-Lucent 7750 Service Router (SR)
I will be getting one to try. I am pretty sure it will support the ol' show ? ,config ? If not that might be a problem :-) Thank You Bob Evans CTO What's the price point of an SR-A4? Comparable to the MX104 or ASR9001? -- Stephen On 2015-05-06 7:13 PM, Craig wrote: If you know Juniper and Cisco, the learning curve isn't so bad to pick up the ALU CLI, after working with it for a brief time, you catch on quickly. Their products are quite impressive, and a # of the carriers, are moving to them and some have already moved to them and are quite happy with their decision. On Wed, May 6, 2015 at 6:24 PM, Colton Conor colton.co...@gmail.com wrote: I am worried as most tech's know Cisco and Juniper, so going to ALU would be a learning curve based on replies I am getting off list. On Wed, May 6, 2015 at 5:22 PM, Dan Snyder sliple...@gmail.com wrote: They are definitely good for that. We use them in part of our network for something very similar. I am not sure why they aren't mentioned that much. I know that they have been pretty popular in the past couple years. We are planning on using 7750 SR-a4's in the future but right now we mainly have 7750SR7/12s. Sent from my iPhone On May 6, 2015, at 6:00 PM, Colton Conor colton.co...@gmail.com wrote: Taking full BGP routes from 4+ carriers on 10G connections. Why is ALU never mentioned, but Juniper MX and Cisco are all day long? The new 7750 SR-a4 looks like a Juniper MX80 or MX104 killer. On Wed, May 6, 2015 at 4:58 PM, Dan Snyder sliple...@gmail.com wrote: We have been using them for almost 8 years now and have been pretty happy. What are you looking to use them for? Sent from my iPhone On May 6, 2015, at 5:48 PM, Colton Conor colton.co...@gmail.com wrote: I was wondering if anyone was using a Alcatel-Lucent 7750 Service Router (SR) in their network? How does this platform compare the the Cisco ASR, Brocade MLXe, and Juniper MX line?
Re: yarr - Yet Another Route Server Implementation [WAS: Euro-IX quagga stable download and implementation]
My experience tells me Martins direction is a good one. You would be surprised to learn how much time already went into whats out there that people trust now. Besides - it has very limited marketing appeal. The IXs number is small. The big ones already have something working well. I wouldn't implement something new. When I chose, I went for something a big network ran for years. As a result it was reliable and easy to maintain. Had few and simple problems. Simply ran 2 and had people get a session with both. No one ever lost routes when I took one down to upgrade - or when we had a hardware failure. Thank You Bob Evans CTO On Mon, 4 May 2015, Sebastian Spies wrote: sorry, for the double post. dmarc fuckup... Hey there, considering the state of this discussion, BIRD seems to be the only scalable solution to be used as a route server at IXPs. I have built a large code base around BGP for the hoofprints project [1] and BRITE [2] and would enjoy building another state-of-the-art open-source route-server implementation for IXPs. Would you be so kind to send me your feedback on this idea? Do you think, it makes sense to pursue such a project or is it not relevant enough for you? How about (instead of another implementation) helping one of the existing projects? Writing another implementation is easy. Keeping it up to date, testing it and supporting it over multiple years is what I would worry about. I would *strongly* suggest to solve that issue first before starting on another implementation. - Martin
RE: rack cable length
You must build them if you want the professional look. No way around that - unless you want to take up rack space with some sort of cable management wrapping system and that becomes a pain to make future changes or replace cables. Thank You Bob Evans CTO Or you build the cable to fit the span. I must be getting old. Joe -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rafael Possamai Sent: Friday, April 17, 2015 3:00 PM To: North American Network Operators Group Subject: Re: rack cable length Hi Shawn, If you don't leave slack, you can't really pull the server out of the RU for maintenance (hot swaps, etc). Your best choice is to purchase cable management trays if that makes sense (Dell servers usually come with those). Otherwise you just need to deal with the loops and whatnot the best way you can. If your colo hardware is really random (dells, HPs, supermicros) then it gets worse, but if your hardware is homogeneous then you can come up with some way of attaching brackets to the side of the rack that could help you avoid a rats nest in the back of your rack (granted you can't find cable management trays or they are too expensive to justify the investment). On Fri, Apr 17, 2015 at 1:44 PM, shawn wilson ag4ve...@gmail.com wrote: This is probably a stupid question, but We've got a few racks in a colo. The racks don't have any decent cable management (square metal holes to attach velcro to). We either order cable too long and end up with lots of loops which get in the way (no place to loop lots of excess really) or too short to run along the side (which is worse). It appears others using the same racks have figured this out, but... Do y'all just order 10 of each size per rack in every color you need or is there a better way to figure this out? I'm guessing something like 24 inches + 1.75 inchex x Us) + 24 inches and round up to standard length...? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: ASN to IP Mapping
Step 1: Input an IP prefix for the originating ASN of a prefix https://radar.qrator.net Step2: Check the RIR whois (as stated below) for confirmation as to who's assigned space. Thank You Bob Evans CTO On Sat, Mar 7, 2015 at 12:37 PM, Andrew Iwamoto aiwam...@unleashed-technologies.com wrote: Is there a tool or method to determine IP blocks assigned to an organization by ASN? I.e. if I have an organization's ASN number I want to know all blocks assigned to that ASN. That's RIR/NIR-dependent, so you probably have to go thru all of them to map all possible IP blocks. Other references suggested bgp.he.net that will only list advertised networks, and IRRs will only have IRR-listed networks. For instance, on ARIN for AS 15141: http://whois.arin.net/rest/asn/AS15141 Find the organization name; click on the link http://whois.arin.net/rest/org/BAUSCH-1.html Find the networks link: http://whois.arin.net/rest/org/BAUSCH-1/nets Network ResourcesBAUSCH-LOMB (NET-161-242-0-0-1 http://whois.arin.net/rest/net/NET-161-242-0-0-1.html)161.242.0.0 - 161.242.255.255 Look for the other RIRs; rinse and repeat. Rubens
Re: Verizon Policy Statement on Net Neutrality
Asymmetric service was introduced to discourage home users from deploying commercial services. As were bandwidth caps. N, it was not. It was a technology issue from the very beginning. Technology limits of coax cable plants even before DOCSIS. Also dslam designs were such that they knew the direction of packets would be based on the need to deliver content. But Byte transfer caps (not bandwidth) were based on the high throughput limits of the C.O. and headend gear together with a marketers ability to over selling to a consumer. Bob Evans
Re: Verizon Policy Statement on Net Neutrality
Just think of all that innovation and investment that's been stifled over the last 50 years under Title II. Anyone remember having to rent their rotary phones from ATT? Yes, I am that old. You were not allowed to connect a phone of your own. Bob Evans CTO
Re: Comcast New England dropped for 5-15 min? Anyone
Since, we reduced ourselves to the level of troubleshooting consumer home access on a cable network. I can let you know that this happens to me at home, in silicon valley area of California routinely several times a week. In fact, so much that I have ATT, Comcast and Verizon hot spot for the rare event it happens to the first two at the same time. I simply flip between access points. The only thing I found worth the time it to test from home is to the destination points where our network has sessions with ATT, Comcast, etc.. With more than one consumer provider at here at home, it have happens often enough and it becomes clear that it's rarely worth the effort to troubleshoot from a consumer end point, unless of course if you work for them. Thank You Bob Evans CTO Hey, anyone had problems just now? My team and I at homes lost internet access for about 10 min. I also had many sites drop off. Still digging, but maybe trouble upstream? I'm in 50.133.128.0/17 at home. --Andrey
Re: MultiMode Fiber Connectivity... (850nm) Power Question
Thank You Bob Evans CTO Hello, I was looking for feedback on the following question:- When connecting two MM SFP/SFP+/XFP 's together...(short range). What should be the best practice receive power range ? Is it true that if the rx power is higher than (x?) then it shortens the life of the optics ? Yes, but thats only true about single mode frequencies not multimode (MM) because those are not as powerful. All MM is expected to go a very limited distance, so levels are never high. We have MM 3 foot jumpers between gear running for years. (assumption being made here is that MAX Rx Power is not being exceed as per the spec sheets of the optics) Regards Faisal Imtiaz Snappy Internet Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
RE: Has anyone imagined what could be the future HCI
This group is the most imaginative I have ever participated in. I imagine stuff like that all the time. Most here love science fiction. Helps makes for good group of problems solvers. At NANOG meetings I often imagine it as a comic con without all the dressing up. :-) However, the discussions here are about issues and problems directly related equipment and configurations of moving packets. Imagine this...if we discussed other stuff we would become so distracted, we would probably never get much done and everyone's Internet would suck. Thank You Bob Evans CTO Fiber Internet Center The views expressed are my own and are often stolen, acquired or somehow become those of others before I get to profit on them. But, I don't care. :-) Thanks Valdis! i am sure someone has imagined it:) was asking about the community imagination , my though it would be all virtualized on the cloud, on a bigger scale not the one we have now. Were it will end up not to buy any laptops, smartphone...etc. No processing or availability limits, your views? To: lobna_go...@hotmail.com CC: nanog@nanog.org Subject: Re: Has anyone imagined what could be the future HCI From: valdis.kletni...@vt.edu Date: Mon, 9 Feb 2015 08:16:02 -0500 On Mon, 09 Feb 2015 01:48:01 +, lobna gouda said: Has anyone imagined this? away on increasing processing power or visual clearance of what we already have, what could be the next HCI? Yes, somebody has imagined it.
Could someone from Charter that is knowledgable on SV1 and LOA processes please contact me.
Hello, I am having a heck of a time with this Charter order. Today's issue - I was sent an incomplete LOA from the project manager (PM). Basically, asking me for charter's information on port numbers and data for the cross connect at SV1 (11 Great Oaks, San Jose)? Obviously, I can't provided that as I can't read minds. ( If I could, Bill Gates would be working for me. ) At the start...PM sent the field tech out to customer prem to verify the fiber. A month later, did it again. The Charter field tech called me asking why he had to go twice. Who's on first? (old Abbot and Costello reference). It's been like this at almost every step on this order which is now many many months behind. I think this is stuck in some sort of order twilight zone. My sales team and my customer is getting upset. Thank You Bob Evans CTO b...@fiberinternetcenter.com Blank Charter LOA-CFA.docx Description: MS-Word 2007 document
Re: Office 365 Expert - I am not. I have a customer that...
Wonder when Cloud providers get a clue, step up and help recommend a circuit size based on users and the services their customer buy from them. When they think that poor customer word of mouth will cost them more sales then they are currently gaining from customers who would *not* move away from on-prem if they understood all the costs including increased bandwidth? Agreed - it will be the smart ones that don't wait for that end user experience to go bad. In the meantime, I can tell you sitting here in silicon valley that all these sharp VCs don't see the hole in many of these basic business plans called Cloud, Rack of servers in multiple locations. Bob Evans CTO
Re: Office 365 Expert
Thanks for your input Joel...Yes, it's a lot of bandwidth, today. In fact, our smallest customer is 10 meg/sec. Our biggest is 10 Gig/second. Here in Silicon Valley California most companies are outsourcing everything except the circuit they need to access it..it's the new portability initiative! I recall 13 years ago when I said I was going to start a Fiber Only ISP...everyone including my previous VCs, Hedge Funds and business partners in my first ISP laughed at me. It was the Dot Bomb period. Today, everyone here asks for fiber to do all this crazy things they now can't live without. It's all about Bigger, Faster, Cheaper and mostly Store it someplace else that has lead to these big pipes. Thank You Bob Evans CTO My suggested rule of thumb if you can't actually measure the traffic in advance for your population: count the number of workstation devices that will be your network, figure at least 0.5 Megabit of WAN for each typical business user workstation or laptop. I can't help but laugh (laughing with, not laughing at--all due respect to the NA part of NANOG) at this. I've been spending the last 4 years working on various UN networks where getting 0.5Mb of bandwidth to a site can be a challenge, and 4 Mbit/second for an office of 8 users is an unaffordable luxury. And these are sites where the end users want to move to Office 365. We've done a bit of testing, and one of the issues with O365 is that O365 is a BIG thing and you have to decide which slice of O365 you are calling O365 at a particular site. For some people, that's just outsourced Exchange (in which case we would allocate 30K-50Kbps per office user downstream bandwidth, and drop in a WAN Opt box plus do some shenanigans to break into the HTTPS through proxy). For other people, O365 is the whole nothing is on my hard disk (but cache) thing, plus Lync (not just voice, but voice+video). Those folks really are going to require major bandwidth; this is where numbers like 512K/simultaneous user make more sense. You can excuse (or at least explain) Microsoft's lack of benchmarks and guidance because of the complexity of O365 and also because they have the sort of North American viewpoint that makes it hard for them to understand high latency/low bandwidth pipes. They try hard, but often just don't get it because of the amazing resources and richness available to a company of that size. I had a great conversation with them about 3 years ago about Exchange and AD forest design where they were strongly advocating centralizing everything in data centers, rather than pushing anything like a DC or mailbox server out to a branch office. When I asked about the bandwidth required, they said that it was not much. Pressed for details, they said we do it ourselves, and it hardly impacts the bandwidth on our most poorly-connected offices. Pressed even further, it turns out that a T3/E3 is the lowest link they would consider acceptable for an office. (My total upstream bandwidth budget at one agency for 100 offices and 9,000 users in 24 timezones is less than a single T3... Thanks Microsoft!) Anyway, not adding much to this conversation since it's clear that Bob is asking in the context of bandwidth is cheap, fast, and inexpensive, but I couldn't help but giggle at the kinds of numbers you guys are throwing around here for people to read email and work on spreadsheets. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms
Microsoft - RE: Office 365 Expert - I am not. I have a customer that...
Thanks Frank... I do have a customer with 500 meg/sec service running 350 meg/sec average all day just 800 employees - no company driven focused use of MS office 365. Applications used and time of day, etc. So, I don't think one can compare a college's overall app bandwidth usage to a business primarily using office 365. I'm really looking for a minimum bandwidth recommended requirement for 100 employees all using Office 365 hosted docs that are all outside the LAN. MS has no such number. MS just leaving it to the individual case-by-case discovery process. I bet Microsoft can't answer that simple question or they wouldn't have these GB per user equations that use X for average document size. Best, I have to go on so far is what one of our customers thinks is needed. Thank You Bob Evans CTO 1 Mbps/user seems very high -- the local college has over 200 employees using O365 (and over 1400 students) and its broadband connection is just 250 Mbps and they're at less than 150 Mbps during the day. Frank -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Bob Evans Sent: Wednesday, January 07, 2015 3:03 PM To: Roy Hirst Cc: nanog@nanog.org Subject: Re: Office 365 Expert - I am not. I have a customer that... Thanks to those of you that answered...It is hypotheticalHowever, I found another customer that uses Office 365 heavily ... said they discovered 1 meg/sec per Microsoft Office 365 user works well in most scenarios. This customer has 80 users and a 100 meg/sec connection with us. Thank You Bob Evans CTO On 1/6/2015 12:37 PM, Bob Evans wrote: I have a customer that heavily uses Microsoft Office 365. It's hosted. All the data I see about usage per user appears theoretical. In that the formulas assume people are taking turns using the bandwidth as if there is a patient line of packets at the Internet gas pump. Nobody is clicking at the same time. We all know that is not the real world. Does anyone have any experience with Office 365 hosted that can tell me the practical bandwidth allocation (NOT in KB per month, but in megabits/sec) for 100 users (during normal work hours) needs to be available ? Thank You in advance, Bob Evans CTO Fiber Internet Center
Re: Office 365 Expert - I am not. I have a customer that...
Thanks Jimmy - I agree - It's pretty much what we do today...it's just this one customer wanted Office 365 specific details. I don't think anyone knows. Including Microsoft, app creator. Wonder when Cloud providers get a clue, step up and help recommend a circuit size based on users and the services their customer buy from them. All that investment in co-lo infrastructure and it's left the middle man. VCs in the cloud sector should be realizing that customer experience in their cloud investment can be hindered as they leave this up to the middle. But, they (and MS) should publish something other than the monthly GB transfer/seats they charge by. Enterprise circuits are not sold by GB transfer. After all we just want to get it right and help make the cloud service provider's apps run well. Thank You Bob Evans CTO On Tue, Jan 6, 2015 at 2:37 PM, Bob Evans b...@fiberinternetcenter.com wrote: [snip] Does anyone have any experience with Office 365 hosted that can tell me the practical bandwidth allocation (NOT in KB per month, but in Most likely in the real world where packets don't line up neatly... O365 is most probably not the largest bandwidth user, when there is Pandora and Youtube. It depends on factors that may be specific to the organization which are truly unpredictable for each individual user, but you could gather data for your specific population of users. I believe I would just ignore O365, since the bandwidth usage is not much, and pick a standard rule of thumb for the amount of bandwidth your typical Office user actually needs to get work done, that includes more than sufficient 'slack' for O365. My suggested rule of thumb if you can't actually measure the traffic in advance for your population: count the number of workstation devices that will be your network, figure at least 0.5 Megabit of WAN for each typical business user workstation or laptop. Assuming equal numbers of active users and workstations all operating 8 hours a day ( if there are many more devices than users, or many more users than devices, then adjust in proportion). *Each internal workgroup server or Office manager's workstation counts as 300% of a workstation. (In other words: better figure 1.5 Megabits for each of those, instead of 0.5.) *Each Wireless tablet or phone connected by WiFi = 33% of a workstation. so add 0.17 Megabits for each staff person that may connect a smartphone. *Designer, Engineer workstations are 500% (So figure 2.5 Mbit for each of those). Add an extra safety margin of either 2 Megabits, or 30%, whichever is greater. So for 100 standard workstations, 100 Tablets, 2 Internal servers, 1 Office manager desktop, and 2 Designers. I would sayget a 100 Megabit WAN. megabits/sec) for 100 users (during normal work hours) needs to be available ? Thank You in advance, Bob Evans CTO Fiber Internet Center -- -JH