RE: IP DSCP across the Internet

[Charles Wyble]

I presume nothing is honored. I just encapsulate everything if I'm crossing 
networks outside my corporate WAN.

Amazing how handy openvpn with no crypto is. :)  

-Original Message-
From: "Mark Tinka" 
Sent: ‎5/‎6/‎2015 12:39 AM
To: "Ramy Hashish" ; "nanog@nanog.org" 

Subject: Re: IP DSCP across the Internet



On 5/May/15 12:27, Ramy Hashish wrote:
> Good day all,
>
> A simple question, does Internet trust IP DSCP marking? Assume two ASs
> connected through two tier 1 networks, will the tier one networks trust any
> DSCP markings done from an AS to the other?

I wouldn't bet on it.

Some providers honor, most remark. We remark.

We can only honor DSCP values on private circuits (l2vpn, l3vpn, that
sort o' thing).

Mark.

!DSPAM:5549a92270553521610807!

RE: IP DSCP across the Internet

[Charles Wyble]

I presume nothing is honored. I just encapsulate everything if I'm crossing 
networks outside my corporate WAN.

Amazing how handy openvpn with no crypto is. :)  

-Original Message-
From: "Mark Tinka" 
Sent: ‎5/‎6/‎2015 12:39 AM
To: "Ramy Hashish" ; "nanog@nanog.org" 

Subject: Re: IP DSCP across the Internet



On 5/May/15 12:27, Ramy Hashish wrote:
> Good day all,
>
> A simple question, does Internet trust IP DSCP marking? Assume two ASs
> connected through two tier 1 networks, will the tier one networks trust any
> DSCP markings done from an AS to the other?

I wouldn't bet on it.

Some providers honor, most remark. We remark.

We can only honor DSCP values on private circuits (l2vpn, l3vpn, that
sort o' thing).

Mark.

!DSPAM:5549a92270553521610807!

Re: Prism continued

[Charles Wyble]

Also checkout kibana.org for a rather splunk like experience. 

Chip Marshall  wrote:

>On 2013-06-12, Phil Fagan  sent:
>> Speaking of Splunk; is that really the tool of choice?
>
>I've been hearing a lot of good things about logstash these days
>too, if you prefer the open source route.
>
>http://logstash.net/
>
>-- 
>Chip Marshall 
>http://2bithacker.net/

--
Charles Wyble 
char...@knownelement.com / 818 280 7059 
CTO Free Network Foundation (www.thefnf.org)

Re: Prism continued

[Charles Wyble]

Decent frontend... hmm...

grep --color

Monies please!

Phil Fagan  wrote:

>And a basic front-end and your in business!!
>On Jun 12, 2013 6:15 PM, "Scott Weeks"  wrote:
>
>>
>>
>> --- eyeronic.des...@gmail.com wrote:
>> From: Mike Hale 
>>
>> >> Splunk
>>
>> It would make sense.  It's a friggin' sick syslog analyzer. 
>Expensive
>> as hell, but awesome.
>> --
>>
>>
>> So is "tail -f /var/log/router.log | egrep -v 'term1|term2|term3'"
>> or "cat /var/log/router.log | egrep -v 'term1|term2|term3' | less"
>>
>>
>> ;-)
>> scott
>>
>>

--
Charles Wyble 
char...@knownelement.com / 818 280 7059 
CTO Free Network Foundation (www.thefnf.org)

Re: chargen is the new DDoS tool?

[Charles Wyble]

Hmmm. Do you not run a default deny at your border, which would catch this sort 
of thing? Granted thats not always possible I suppose. Maybe block all UDP you 
dont specifically need? Do you have an ids/ips? If not, look at SecurityOnion 
on a SPAN port, it will provide great insight into whats happening. 

Generally these sort of legacy services are only used for malicious activity 
and will light up an ids/ips like a Christmas tree. 

They must be old boxes. I cant think of any recent os distributions which would 
even have these services listening, let alone installed. 

Bernhard Schmidt  wrote:

>Heya everyone,
>
>we have been getting reports lately about unsecured UDP chargen servers
>in our network being abused for reflection attacks with spoofed sources
>
>http://en.wikipedia.org/wiki/Character_Generator_Protocol
>
>| In the UDP implementation of the protocol, the server sends a UDP
>| datagram containing a random number (between 0 and 512) of characters
>| every time it receives a datagram from the connecting host. Any data
>| received by the server is discarded.
>
>We are seeing up to 1500 bytes of response though.
>
>This seems to be something new. There aren't a lot of systems in our
>network responding to chargen, but those that do have a 15x
>amplification factor and generate more traffic than we have seen with
>abused open resolvers.
>
>Anyone else seeing that? Anyone who can think of a legitimate use of
>chargen/udp these days? Fortunately I can't, so we're going to drop
>19/udp at the border within the next hours.
>
>Regards,
>Bernhard

--
Charles Wyble 
char...@knownelement.com / 818 280 7059 
CTO Free Network Foundation (www.thefnf.org)

Re: What hath god wrought?

[Charles Wyble]

Sorry. The occupy site was on a shared hosting plan at the company I worked for.

Source determined via Whois output for the attacking ip found via our analysis. 
It was a rather crude dos attack (repeated get requests). At first we figured 
they were just mirroring the site for offline analysis or something, but it 
soon became evident they were just hammering the site.

Yes we could of sued. However the inevitable stonewalling, endless resources of 
the feds etc would of made for a long and exhaustive legal battle. 

This was at the height of the occupy activities. Far worse offenses were being 
committed by federal, state and local govts during that period than a dos 
attack by DHS.


"Jason L. Sparks"  wrote:

>"No attempt to hide the source IP"
>"I mean, they were using a shared hosting plan"
>
>What makes you certain it was DHS?
>
>Genuinely curious, because this is a hell of a claim.
>--
>Jason
>
>
>On Mon, May 20, 2013 at 3:29 PM, Mike Hale
>wrote:
>
>> Would it be futile though?  I mean...DHS running a DOS against an
>> American organization is the kind of stuff that makes Constitutional
>> lawyers salivate.
>>
>> I'm not trying to call you out, btw.  I'm genuinely curious why the
>> hosting company itself didn't file suit.  You've got a US Government
>> agency abusing your resources and acting in a blatantly illegal
>> manner.  That's the kind of stuff that results in letters of
>> resignation when publicized.
>>
>> On Mon, May 20, 2013 at 12:13 PM, Charles Wyble
>>  wrote:
>> > Yes. I'm aware of that. It would be futile in most cases, which is
>a
>> huge problem in and of itself, as that's really the only recourse.
>> >
>> > I mean they were using a shared hosting plan. Not exactly deep
>pocketed.
>> >
>> > My point is that the abuse of power is blatant and they are
>unafraid of
>> any kind of retaliation. They don't need to hide.
>> >
>> > Mike Hale  wrote:
>> >
>> >>"Sue them?"
>> >>Uhm...yes?  That's why we have courts that we can sue federal
>agencies
>> >>in.
>> >>
>> >>On Mon, May 20, 2013 at 11:58 AM, Charles Wyble
>> >> wrote:
>> >>> No proxy needed. No need to hide.
>> >>>
>> >>> While working for a very large hosting company, I once observed
>DHS
>> >>hammering an occupy related website. No attempt to hide the source
>ip
>> >>or anything.
>> >>>
>> >>> What are you going to do? Sue them? If they wish to take a site
>> >>offline, they will ddos it or simply seize the domain under the
>> >>national security banner.
>> >>>
>> >>>
>> >>>
>> >>> "<<"tei''>>>"  wrote:
>> >>>
>> >>>>On 20 May 2013 01:58, Michael Painter  wrote:
>> >>>>>
>> >>>>
>>
>http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/
>> >>>>>
>> >>>>
>> >>>>More on the same topic.
>> >>>>
>>
>http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/#more-19475
>> >>>>
>> >>>>Maybe the FBI use this to commit crimes in USA using a foreign
>> >>company
>> >>>>as proxy so nothing dirty show on the books. That way the FBI can
>> >>>>avoid respecting USA laws.
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>--
>> >>>>--
>> >>>>ℱin del ℳensaje.
>> >>>
>> >>> --
>> >>> Charles Wyble
>> >>> char...@knownelement.com / 818 280 7059
>> >>> CTO Free Network Foundation (www.thefnf.org)
>> >>
>> >>
>> >>
>> >>--
>> >>09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>> >
>> > --
>> > Charles Wyble
>> > char...@knownelement.com / 818 280 7059
>> > CTO Free Network Foundation (www.thefnf.org)
>>
>>
>>
>> --
>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>
>>

--
Charles Wyble 
char...@knownelement.com / 818 280 7059 
CTO Free Network Foundation (www.thefnf.org)

Re: What hath god wrought?

[Charles Wyble]

Yes. I'm aware of that. It would be futile in most cases, which is a huge 
problem in and of itself, as that's really the only recourse. 

I mean they were using a shared hosting plan. Not exactly deep pocketed. 

My point is that the abuse of power is blatant and they are unafraid of any 
kind of retaliation. They don't need to hide. 

Mike Hale  wrote:

>"Sue them?"
>Uhm...yes?  That's why we have courts that we can sue federal agencies
>in.
>
>On Mon, May 20, 2013 at 11:58 AM, Charles Wyble
> wrote:
>> No proxy needed. No need to hide.
>>
>> While working for a very large hosting company, I once observed DHS
>hammering an occupy related website. No attempt to hide the source ip
>or anything.
>>
>> What are you going to do? Sue them? If they wish to take a site
>offline, they will ddos it or simply seize the domain under the
>national security banner.
>>
>>
>>
>> "<<"tei''>>>"  wrote:
>>
>>>On 20 May 2013 01:58, Michael Painter  wrote:
>>>>
>>>http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/
>>>>
>>>
>>>More on the same topic.
>>>http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/#more-19475
>>>
>>>Maybe the FBI use this to commit crimes in USA using a foreign
>company
>>>as proxy so nothing dirty show on the books. That way the FBI can
>>>avoid respecting USA laws.
>>>
>>>
>>>
>>>
>>>--
>>>--
>>>ℱin del ℳensaje.
>>
>> --
>> Charles Wyble
>> char...@knownelement.com / 818 280 7059
>> CTO Free Network Foundation (www.thefnf.org)
>
>
>
>-- 
>09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

--
Charles Wyble 
char...@knownelement.com / 818 280 7059 
CTO Free Network Foundation (www.thefnf.org)

Re: What hath god wrought?

[Charles Wyble]

No proxy needed. No need to hide.

While working for a very large hosting company, I once observed DHS hammering 
an occupy related website. No attempt to hide the source ip or anything. 

What are you going to do? Sue them? If they wish to take a site offline, they 
will ddos it or simply seize the domain under the national security banner. 



"<<"tei''>>>"  wrote:

>On 20 May 2013 01:58, Michael Painter  wrote:
>>
>http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/
>>
>
>More on the same topic.
>http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/#more-19475
>
>Maybe the FBI use this to commit crimes in USA using a foreign company
>as proxy so nothing dirty show on the books. That way the FBI can
>avoid respecting USA laws.
>
>
>
>
>--
>--
>ℱin del ℳensaje.

--
Charles Wyble 
char...@knownelement.com / 818 280 7059 
CTO Free Network Foundation (www.thefnf.org)

Last mile multihoming

[Charles Wyble]

So isnt the most likely interruption to service due to a last mile physical 
media issue?  Or say a regional fiber cut that takes out the towers you can 
reach and the upstream connection from your cable and telco providers? Imo at 
the edge, BGP mostly protects you from layer 8 fail  (if youve done some basic 
best practice configuration). In theory, issues below that (at least in the 
dist/core at l1 to 3) are handled by other redundancy protections hidden from 
you (hsrp, fiber ring with protected path etc).  

As for dfz explosion, would mpls/private as/ vrf be a workable approach for bgp 
at the edge? 

So I live in Austin. I have available to me two hfc providers (grande and twc) 
and att. I also have sprint/clear vzw/tmo. I havent done an analysis of wisp 
offerings (if any are on list, please email me at char...@thefnf.org as im 
looking for a non ilec path for redunancy).

So lets break this down:

I only know of one att co in town. (Im sure if there is more, you will let me 
know). So the chances of that failing are decently high. Also my experience 
with att dsl have been mixed, unless im homed direct to the co. Vz dsl otoh has 
always been rock solid. Also att is retiring dsl/copper. I refuse to use uverse 
as they dont offer a unbundled modem/router or a way to do bridge mode. Oh and 
no ipv6. (If you can put a modem in bridge mode and still have working tv, 
please let me know. Ive not been able to find a solution).

The chances of someone driving into the dslam serving my complex or the 
pedastal down the street is high (100% as it has happend a couple times).

So this means I need a wireless backhaul. All of the providers I can reach 
colocate on exactly one tower. Surrounded by a chain link fence, across from a 
walmart. (Im in north austin near cameron and 183 for anyone who lives in 
town). The chances of the fiber serving that tower being cut is unknown, but 
not outside the realm of possibility. Or say the walmart big rig over 
correcting due to a driver coming around the blind curve near there and plowing 
into thr tower. Etc.

So my best bet for uninterrupted connectivity seems to be running two openvpn 
tunels on my home edge pfsense router, each to a endpoint in a colo.

I already have a full rack of gear in joesdatacenter in kc, and its fully 
redundant. I also run all of my web/mail/software dev from there, so its not 
soley for bgp purposes. Most folks I imagine may have their stuff in a colo as 
well and not want to run that at home. (I started a thread on that once upon a 
time). It so happens, that I have various things which I cant run there (rf 
equipment which I need to frequently reflash and move around). So running bgp 
on my colo gear and announcing a /48 that ive assigned to my house seems like a 
good idea. And I can easily cross connect to kcix and have lots of bgp fun. The 
latency would be a bit high, but it already is and I dont have any redundant 
connectivitym

Ok. So thats great. Now who is my secondary? Is a vps at say linode sufficient 
for a secondary bgp announcer? Will they sell me bgp enabled transit? Will 
other vps providers?  Do I need a box in a rack at a local nap? Is there an ix 
in austin, or should I rack a box in Dallas?

Once i have two providerdls, then i can easily use pfsense multi wan failover 
and if a circuit goes down, life goes on as I rely on bgp to detect the link 
failure and handle it. Yes? No? Maybe?

So to me, this seems like a solved problem. Run multilple diverse (carrier, 
media type) circuits to your edge, put a pfsense (asa, whatever is your poison 
but i like pfsense the best for multi wan failover), openvpn (i cant stand 
ipsec) to colo, cross connect to ... oh I dunno he.net :) bgp for free. Done. 

For about... hmmm.. 500.00 a month? (Many colos might not do bgp with you for 
less then a quarter rack, and I presume anyone serious enough about 
uninterrupted service on a reasonable budget can do 500.00 a month). 

Thie discussion on soho multihoming has been fascinating to me, and I wanted to 
go through a thought exercise for what I imagine is a common scenario (main 
gear in a bgp enabled sp,  office gear needing to be reachable by remote 
personnel in a non bgp enabled sp).

Would love to hear what you folks think. 



--
Charles Wyble 
char...@thefnf.org / 818 280 7059 
CTO Free Network Foundation (www.thefnf.org)

Re: news from Google

[Charles Wyble]

That is an Akami error. 


On Dec 3, 2009, at 6:57 PM, Jorge Amodio wrote:

> talking about evil http://www.bing.com/ :
> 
>> Oops
>> This isn't the page you wanted!
>> 
>> Try this
>> Refresh the page. If you get this message again, please check back later.
>> 
>> Ref A: 7d09ba2186d4448a8dd2b99ad2c12b3a Ref B: 
>> B498C04FE4F5DC107DF8FC65998D9838 >Ref >C: Thu Dec 03 18:54:06 2009 PST
> 

Re: news from Google

[Charles Wyble]

LOL.

One place I worked at hosted a bunch of websites and called them by business 
unit. so xxx_nnn

One business unit was particularly problematic and frequently returned 500 
errors. The version in production was xxx_4xx  when the next major rev came 
out we skipped 5xx and went to 6xx. :) 


On Dec 3, 2009, at 12:36 PM, Matthew Petach wrote:

> On Thu, Dec 3, 2009 at 12:09 PM, Scott Berkman  wrote:
>> Also reminds me of the Level 3 DNS servers in the 4.2.2.[1-8++] range.
>> 
>>-Scott
>> 
> 
> I suppose I've been too brainwashed by HTTP...I looked at that, and
> thought that it would amusing to have a DNS server in the 4.0.2 range.  ^_^;
> 
> (for reference... http://en.wikipedia.org/wiki/HTTP_402#4xx_Client_Error
> 
> 402 Payment Required
> 
> :D
> 
> Matt
> 

Re: news from Google

[Charles Wyble]

8.8.8.8  6.6.6.6 would have been really really funny. :) 


On Dec 3, 2009, at 10:21 AM, Jorge Amodio wrote:

>> now Google DNS, anything more?
> 
> GoogleNation.
> 
> Cheers
> Jorge
> 

Re: port scanning from spoofed addresses

[Charles Wyble]

On Dec 3, 2009, at 9:53 AM, Matthew Huff wrote:

> The source address appears to be fixed as well as the source port (), 
> scanning different destinations and ports.
> 
> 


Some script kiddies found nmap and decided to target you for some reason. It 
happens. It's annoying. 

Re: Flash Media Servers as Open Proxies

[Charles Wyble]

H..

This is most interesting. Have you spoken with Adobe about the issue? I don't 
have an immediate handle on how they have reacted to security issues in the 
past. 
Sane defaults would be nice. :( 

You might want to ping Akami as they have substantial operational experience 
with flash media server. 

I look forward to a writeup on the topic. 


On Dec 3, 2009, at 9:45 AM, Marshall Eubanks wrote:

> I recently found out that the Adobe Flash Media Server (FMS) can operate "out 
> of the box"
> as an open proxy, enabling other people to steal server resources and 
> bandwidth. Furthermore,
> I also found that there is an ecosystem of pirates taking advantage of this 
> "feature" to
> illegally stream sports events (and maybe other stuff as well). Each event 
> uses multiple (stolen)
> servers and can amount to thousands of streams and Gbps of consumed bandwidth.
> 
> I believe but am not 100% sure that there are similar problems with Window 
> Media Servers.
> 
> I would like to hear (off-list) from people who have experience fighting this 
> so that we could
> maybe pool techniques. I will try to write this up further later.
> 
> Regards
> Marshall Eubanks
> 

Re: Policy News

[Charles Wyble]

View -> Organize by thread.

Then just hit the little circle, which selects all messages. Then  
delete.



On Nov 18, 2009, at 11:13 AM, Matthew Dodd wrote:

I think he meant being able to easily delete an entire thread of  
emails, like you might be able to if you were using Gmail. Sadly I  
don't know of any feature that does this in Mail.app, but you can  
always make a Smart Mailbox with the rule Any Recipient : Contains :  
"na...@merit.edu" and delete things within that mailbox.


Best,

-Matt Dodd

On Nov 18, 2009, at 2:01 PM, Chris Meidinger wrote:


Command+0 for the activity viewer - then click on the stop sign

Sent from my iPhone. Please execute spelling errors.

On 18.11.2009, at 17:43, Steven Bellovin  wrote:

Does anyone know an easy way to do "kill thread" in MacOS's  
Mail.App?  It's getting increasingly hard to read the NANOG list  
on my Mac without such a capability.  (Yes, the question is  
serious on its own, apart from any other meanings you may choose  
to read into it.)

Re: Failover how much complexity will it add?

[Charles Wyble]

On Nov 8, 2009, at 2:39 PM, a...@baklawasecrets.com wrote:



So if my requirements are as follows:

- BGP router capable of holding full Internet routing table.   
(whether I go for partial or full, I think I want something with  
full capability).


- Capable of pushing 100meg plus of mixed traffic.

What are my options?  I want to exclude openbsd, or linux with quagga.


Why is that?

Re: Redundant Data Center Architectures

[Charles Wyble]

On Oct 28, 2009, at 10:38 AM, Roland Dobbins wrote:



On Oct 28, 2009, at 8:26 PM, Stefan Fouant wrote:

I'm wondering what are the growing trends in connecting Data  
Centers for redundancy in DR/COOP environments.


'DR' is an obsolete 40-year-old mainframe concept; it never works,  
as funding/testing/scaling of the 'backup' systems is never adequate  
and/or allowed.


Very true.



Layer-2 between sites is evil, as well.



Indeed. Now VmWare actually supports layer3 for vsphere, maybe we will  
start to see it go away. :)


Layer-3-independence and active/active/etc. is where it's at in  
terms of high availability in the 21st Century.  GSLB, et. al.


Yep.

That way all your environments get adequate(ish) funding. Vs  
management saying "oh it's just backup/dr, we will fund it next year".

Re: Is v6 as important as v4? Of course not [was: IPv6 internet broken, cogent/telia/hurricane not peering]

[Charles Wyble]

On 10/14/09 8:11 AM, Patrick W. Gilmore wrote:


Typing less does not mean you are actually thinking. You should try the
latter before your next pithy post. Or at least read the post to which
you are replying.



Now now boys and girls. Settle down and be civil. :)

Re: DreamHost admin contacts

[Charles Wyble]

On 10/13/09 2:19 PM, Justin Shore wrote:

Andy Ringsmuth wrote:

Barring that, what recommendations might the NANOG community have for
an extremely rock-solid e-mail hosting company? I realize that may
mean self-promotion, but hey, bring it on.


I would strongly recommend against GoDaddy's hosted email. See my
earlier post on 9/8 about their idiotic use of ancient SORBS data.


I would strongly recommend against GoDaddy's hosted anything. See 
 for their idiotic .


There fixed that for you :)

Re: DreamHost admin contacts

[Charles Wyble]

+1 for intermeida. I'm digging it.

Though I've yet to find a way to turn off copying the originator of the 
e-mail when hitting reply all. Anyone know how to fix that?


On 10/13/09 1:48 PM, Jeff Saxe wrote:

Barring that, what recommendations might the NANOG community have for
an extremely rock-solid e-mail hosting company?  I realize that may
mean self-promotion, but hey, bring it on.


Some people, when they say "email hosting company", inherently mean "hosting specifically 
of Microsoft Exchange email, contacts, and calendar". If that's what you're after, then I would 
recommend my employer's chosen hosted Exchange partner, Intermedia. They 
maintain server farms of Exchange clusters, and they have a very good customer portal (both at the 
administrator-of-the-site level and the individual end user). They also have an 
FTP-up-a-PST-file-and-merge-it-into-a-mailbox function that makes the initial migration from some other 
Exchange repository faster and more parallelizable than without it. We are extremely pleased, and we have 
basically stopped hosting Exchange for our own customers on our own in-house hardware, just using 
Intermedia as a branded service.

Re: IPv6 internet broken, cogent/telia/hurricane not peering

[Charles Wyble]

Matt

*note, however, that I also opted to stay in college in 1991, rather than
join Cisco because I felt they did not have a workable business model;
in 1995, I rejected Mosaic Communications, because the idea of trying
to compete with a freely downloadable browser seemed like business
suicide; and I rejected Google's offer letter in early 2000, because it
was clear that trying to compete with altavista by trying to support a
company off revenues from search advertising was completely ludicrous.
Given that track record, some may take my scathing indictment of
Cogent's walled garden approach to IPv6 as a clear indicator of future
earnings potential.  :/


*rofl*


*cries*

That was good!

Re: cross connect reliability

[Charles Wyble]

Marshall Eubanks wrote:


On Sep 17, 2009, at 5:52 PM, Seth Mattinen wrote:


Michael J McCafferty wrote:

All,
Today I had yet another cross-connect fail at our colo provider. 
From

memory, this is the 6th cross-connect to fail while in service, in 4yrs
and recently there was a bad SFP on their end as well. This seemes like
a high failure rate to me. When I asked about the high failure rate,
they said that they run a lot of cables and there is a lot of jiggling
and wiggling... lots of chances to get bent out of whack from activity
near my patches and cables.
Until a few years ago my time was spent mostly in single tenant data
centers, and it may be true that we made fewer cabling changes and made
less of a ruckus when cabling... but this still seems like a pretty high
failure rate at the colo.
I am curious; what do you expect the average reliability of your 
FastE

or GigE copper cross-connects at a colo?



Never to fail? Seriously; if you're talking about a passive connection
(optical or electrical) like a patch panel, I'd expect it to keep going
forever unless someone damages it.



Or until someone pulls out the wrong cable (which has happened to me).



That's not a failure though. It's a disconnection. It happens but is 
readily attributable to a cause.


Random failures of a single ports connectivity bizzare and annoying. 
Whole switches? Seen it.

Whole panels? Seen it.
Whole blades? Seen it.

Single port on a switch or patch panel? Never.

Re: Intelligent network monitoring systems (commercial/open source, what have you)

[Charles Wyble]

We use Cacti for this purpose, but it still requires creating custom
datasources for the vendor-specific SNMP MIBs.



+1 for cacti.

I think pretty much everything requires bringing in the mibs and setting 
up mappings etc.


I've used Nagios/Cacti/Ganglia/MRTG.

Re: Intelligent network monitoring systems (commercial/open source, what have you)

[Charles Wyble]

Drew Weaver wrote:

Ah, I was mainly interested in an Orion like system that actually has all of 
that kind of worked-in.


Yeah I got that. I am not aware of anything that does that. Not to say 
it doesn't exist, but if it does it's somewhat well hidden.


http://www.frank4dd.com/howto/nagios/cisco-patch-update-monitoring.htm 
looks interesting and has come up in several searches I've done in the 
past when needing to monitor cisco kit.


I'm guessing CiscoWorks might have what you are looking for?

I've never been happy with the big commercial NMS products. NAGIOS(with 
SNMP plugin)+mrtg/cacti+smokeping has served me and many of my 
colleagues very well.


There is alerting and trending which must be taken into consideration.

Alerting is pretty easy, especially with giving nagios knowledge of 
hierarchy (if a switch or router stops responding you don't get alerts 
for all the servers attached/downstream of it). You can easily automate 
the setup with things like nmap2nagios and other tools.


Trending (which it seems is your primary concern) is harder. Zabbix has 
some cool SLA reporting and dashboards.


I seem to recall a FLOSS NMS thread a few months ago on here, or maybe 
it was c-nsp. Dunno.



Are you primarily concerned with monitoring, or with trending/capacity 
planning?





Thanks for the heads up.
-Drew
-Original Message-

Re: Intelligent network monitoring systems (commercial/open source, what have you)

[Charles Wyble]

Most of these threads usually result in telling the poster to RTFM with 
a link to it :) I'm too lazy to link the manual. :)


c-nsp has extensive archives with lots of questions about various 
specific SNMP mibs that weren't immediately evident from RTFM.


It all comes down to SNMP to the best of my knowledge.

Drew Weaver wrote:

Howdy,

Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? 


What I mean is, many times these days there are several different sub systems you have to monitor 
inside of a router/switch and not just interface utilization, the "CPU", and the 
"RAM".

Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line 
card statistics, etc?

Can anyone recommend anything other than "customize MRTG a lot" that we can use 
to get a better look into these systems?

thanks,
-Drew
 

Re: OT: Voice Operators' Group forming

[Charles Wyble]

jamie wrote:

puck.nether.net .


Right. That's what I meant.



way to volunteer someone else's box :-)


Good point. My apologies.

Google groups then. :)

Re: OT: Voice Operators' Group forming

[Charles Wyble]

Hiers, David wrote:

Hi NANOG,
I'd like to announce the formation of a NANOG-knockoff group for voice 
operators, the Voice Operators' Group.


Very cool! :)



Voice network operators share many of the same challenges as IP network 
operators; we register with registrars (CILLI, OCN, and ACNA as well as ASN and 
DNS), route traffic (point codes as well as IP addresses), resolve names (CNAM 
as well as DNS), manage reachability (to countries, LATAs and NPA/NXXs as well 
as  to IP networks), and deal with equipment issues.


Indeed we do!


NANOG has been so useful at the IP layer that it seems like a good idea to try to duplicate it a little further up the stack.  



Yep.



For now, the group is on Yahoo:

http://tech.groups.yahoo.com/group/voip_operators_group/

Of course, we're looking for a better place, name, and charter.



Might I recommend google groups, or puck.nether.org. An IPTV list was 
recently formed.


NAVOG  works for me.

Re: Recommendations for Hong Kong datacenter, and a sanity check for my geopolitical conclusions ?

[Charles Wyble]

Yes, thank you - that was the datacenter I had read about in my own research.  
What did you think of the height of that building and its location on reclaimed 
sea land ?  It makes me nervous, but as I said in a different message in this 
thread, it looks like ALL of urban HK is reclaimed so ... who knows.


Well where does the HK govt put there servers? If they outsource them to 
a colo, then that might be an interesting place to start. Sinking into 
the sea seems a remote possibility. I don't know much about Hong Kong. I 
imagine others on the list might be able to speak to that better.





I was saying that I did not want the servers _inside of_ China, for obvious 
reasons.  Although the actual geography of shenzhen makes it much more 
appealing, even though we want greater freedom RE: content/filtering/freedom of 
speech/etc. (if only for principles sake).


Something something govt event, something something shutting 
down/throttling all connectivity to get there message out.


The point is, that placing servers directly in China presents 
significant operational issues, that a business can understand (hey 
guess what we can't hit our VPN at random times completely outside our 
control). It has nothing to do with free speech, and everything to do 
with continuity of operations.


China is difficult. I was tangentially related to a China deployment 
project for a massive e-commerce company.  My manager was discussing the 
project, and I told him I wanted nothing to do with it.


Every time my team mate turned around there was another discussion with 
legal going on. Not to mention EVERYTHING was 100% outsourced.


It was pure unbridled hell for everyone involved with the project.

Re: Open Source / Low Cost NMS for Server Hardware / Application Monitoring

[Charles Wyble]

I would disagree; nagios is not limited to small systems... We're 
currently monitoring about 8500 services on 2834 routers with nagios 
quite successfully and have been doing so for nearly a decade now -- we 
started with Netsaint. With custom scripts receiving data from our 
inventory management system, Nagios config generation for 99% of the 
hosts is completely automated with only a handful of special cases that 
are hand-modified as needed. Our investment, both in initial/ongoing 
man-hours, hardware, etc is minimal so our ROI is decent too ;)


--
Marc




+1 / what he said

I auto generate my nagios configs from an in house asset management 
system as well. It works great. Monitoring over 1k devices. We built a 
custom reporting system around nagios as well.

Seeking facilities managers at colo facilities

[Charles Wyble]

All,

I'm working on a grant for a new type of power co generation.

We need a letter of interest as part of our application.

Are there any facilities managers who would be interested in working 
with me on this? Specifically folks who are doing work with container 
based systems.


More details available upon request, serious responses only.

Thanks.

Charles Wyble
char...@thewybles.com

Re: Visio diag automations

[Charles Wyble]

A CMDB is simply a database.

The data model I built in Access was essentially a CMDB.

So yes, it can be done.

Windows Data Access can be used with lots of things. That's all Viso 
uses for the integration.



I rather like http://onecmdb.org/wiki/

g...@centrum.is wrote:

Has anybody done the same where a CMDB system was the data source?

Rgds,
GSH

--Original Message--
From: Charles Wyble
To: nanog@nanog.org
Subject: Re: Visio diag automations
Sent: Jul 19, 2009 17:49

This is built into visio.

You can link a drawing to an access database.

I did that a few years back. For all the desktops and servers. Right 
click on the icon pulled up all the data.


Did layers... had the network jacks, furniture, computers, printers... 
everything.




Peter Hicks wrote:

Bobby Mac wrote:


I have to create Visio diagrams for sales engagements for a webhosting
provider.  I use the same template based on our standard architecture but
vary the number/model/detail of the servers.  I am sick of the 
cut-n-paste
approach and am wondering who has automated some of these processes.  
What I

would like to do is provide a standard data file (excel, csv, ect..) and
have that populate the detailed areas of the diagram.  My boss won't 
pay for

any software but I can use open source under XP or cygwin.
I attempted to do data-driven diagrams with Visio, but quickly gave up. 
 I don't think Visio is the right tool for the job.


Have you thought about writing the diagram in HTML+CSS and laying it out 
that way?


Diagramming is one of the biggest problems I've had in the 10+ years 
I've been doing networking.



Poggs





Sent from my BlackBerry® wireless device, available from Siminn

Re: Visio diag automations

[Charles Wyble]

This is built into visio.

You can link a drawing to an access database.

I did that a few years back. For all the desktops and servers. Right 
click on the icon pulled up all the data.


Did layers... had the network jacks, furniture, computers, printers... 
everything.




Peter Hicks wrote:

Bobby Mac wrote:


I have to create Visio diagrams for sales engagements for a webhosting
provider.  I use the same template based on our standard architecture but
vary the number/model/detail of the servers.  I am sick of the 
cut-n-paste
approach and am wondering who has automated some of these processes.  
What I

would like to do is provide a standard data file (excel, csv, ect..) and
have that populate the detailed areas of the diagram.  My boss won't 
pay for

any software but I can use open source under XP or cygwin.


I attempted to do data-driven diagrams with Visio, but quickly gave up. 
 I don't think Visio is the right tool for the job.


Have you thought about writing the diagram in HTML+CSS and laying it out 
that way?


Diagramming is one of the biggest problems I've had in the 10+ years 
I've been doing networking.



Poggs

DDOS Followup

[Charles Wyble]

I had a pleasant chat with tier 2 support and they changed my IP range. 
All is now well.


Thanks to all who replied.

Re: Request for contact and procedure information

[Charles Wyble]

I spoke with SBC.

2 hours on the phone (all with US based support which was awesome) came 
down to e-mail ab...@sbcglobal.net.


I'll let everyone know how it goes.

Re: Request for contact and procedure information

[Charles Wyble]

I did. Still getting pounded.

John Peach wrote:

Turn off whatever you have listening on port 80.

On Thu, 9 Jul 2009 21:25:48 -0400
Mark Price  wrote:


Turn off your DSL modem for awhile, and hope for a new dynamic IP?


Mark



On Thu, Jul 9, 2009 at 5:35 PM, Charles Wyble
wrote:

All,

I'm currently experiencing a DDOS attack on my home DSL connection.

Thousands of requests to port 80.

I'm on an SBC business class account.

I'm guessing that calling the regular customer support won't get me
anywhere.

Any suggestions?

Re: Request for contact and procedure information

[Charles Wyble]

I have a static range. :(




Mark Price wrote:

Turn off your DSL modem for awhile, and hope for a new dynamic IP?


Mark

Request for contact and procedure information

[Charles Wyble]

All,

I'm currently experiencing a DDOS attack on my home DSL connection.

Thousands of requests to port 80.

I'm on an SBC business class account.

I'm guessing that calling the regular customer support won't get me 
anywhere.


Any suggestions?

Re: Level 3

[Charles Wyble]

So. where is all this talent going? NTT? AT&T? Verizon? Dare I say 
it cogent? :)


Also has anyone filed complaints with the FTC or DOJ?


Jason LeBlanc wrote:
To boot almost all the original Telcove crew we had are gone.  They're 
losing the better people through attrition as they're frustrated at not 
being able to help their customers.  I also have a feeling Level3 makes 
changes during business hours that are not announced.  I have no proof 
but I have a feeling due to some odd changes in routing I see every now 
and then.

Re: Possible outage in Camarillo, CA USA

[Charles Wyble]

Chaim Rieger wrote:



CalTrans went through an major fiber line,


What's your source for CalTrans being the culprit?

Re: Possible outage in Camarillo, CA USA

[Charles Wyble]

Chaim Rieger wrote:

Matthew Black wrote:

A colleague reports that Verizon and ATT have a cut cable in Camarillo,
CA, in the vacinity of Lewis Road and Dawson. Anyone have more
information on this outage? Thanks.


confirmed outage

CalTrans went through an major fiber line,
landlines, T1, Cell, and 911 are all down, in Oxnard, Camarillo,
Thousand Oaks, etc...

Vzw Fios is not affected

VZW is on scene working on it, no ETA yet



See outages list for some discussion.

Also http://twitter.com/socalincidents

911 is back up in Ventura.

Re: Nanog Webcast Equipment

[Charles Wyble]

You can reply off-list if you wish.



Would love to see replies and/or summary on list if possible. It's a 
somewhat complex problem, and there are many solutions out there. Having 
feedback on what was used and any feedback on it would be great!

Re: Looking for Security / Operational Contact at New York Times

[Charles Wyble]

They don't have a 24/7 NOC?


Stasiniewicz, Adam wrote:

Yup, I have already tried, but it is fairly late in NY.  So I was hoping to
catch someone tonight, instead of waiting until tomorrow morning when
someone cluefull would answer the phone / process online contact forms.


-Original Message-
From: Martin Hannigan [mailto:mar...@theicelandguy.com] 
Sent: Thursday, June 25, 2009 11:03 PM

To: Stasiniewicz, Adam; nanog@nanog.org
Subject: Re: Looking for Security / Operational Contact at New York Times

If this is a private problem, why not look them up in 411 and call
them directly?



On 6/25/09, Stasiniewicz, Adam  wrote:

Hello,



In the off chance there is someone who works at the New York Times on this
list, please contact me ASAP, there is a very nasty problem with one of

your

internet facing system (details will only be provided to @nytimes.com or
related addresses).  And as always, please respond off list.



Thanks,
Adam Stasiniewicz

608-554-1522

Re: tor

[Charles Wyble]

This is rapidly heading off topic, and I imagine the MLC will be 
stepping in shortly. :)

Re: Is your ISP blocking outgoing port 25?

[Charles Wyble]

Do you provide your users an SMTP server to use, with some out bound 
spam filtering?


It would seem this is to be expected, as you don't want your IP ranges 
showing up on RBL filters.


Do you force SSL connectivity like AT&T does?

Paul Stewart wrote:

We still do it and never get any complaints - we don't filter static IP
customers but dynamic customers can either use our SMTP relays or
alternate ports

Paul


-Original Message-
From: Zhiyun Qian [mailto:zhiy...@umich.edu] 
Sent: Thursday, June 18, 2009 3:37 PM

To: nanog@nanog.org
Subject: Is your ISP blocking outgoing port 25?

It has been long heard that many ISPs block outgoing port 25 for the
purpose
of reducing spam originated from their network.
 
I wonder which ISPs are still doing so. I know comcast has been doing

that
but they cancelled it after many complaints. It seems to be the same
case
for Verizon.
 
AT&T is the major one that I know of that is still enforcing this

policy.
But they said they can unblock port 25 upon request. I am not sure how
easy
it is.
 
One simple way to test if your ISP is blocking outgoing port 25 is to

try:
"telnet mx2.hotmail.com 25" or "telnet gmail-smtp-in.l.google.com 25".
If
the connection fails, it could be due to the fact your ISP is blocking
outgoing port 25, although it can also be other reasons such as local
firewall configuration. Can someone perform the test and let me know
result
if possible? Thanks a lot! 
 
Regards.

-Zhiyun


 




"The information transmitted is intended only for the person or entity to which it 
is addressed and contains confidential and/or privileged material. If you received this 
in error, please contact the sender immediately and then destroy this transmission, 
including all attachments, without copying, distributing or disclosing same. Thank 
you."

Re: Is your ISP blocking outgoing port 25?

[Charles Wyble]

Zhiyun Qian wrote:

It has been long heard that many ISPs block outgoing port 25 for the purpose
of reducing spam originated from their network.
 


Well blocking or redirecting to there servers, which have an 
undocumented filtering policy. All one needs to do in order to bypass 
that is use a vpn. Something lightweight like n2n could be used by the 
bot herders of the world.


I worked for a company that sent out several hundred thousand messages 
per day (an online card/invitations company). We ran spam assassian on 
our outbound farm, to prevent folks from using us to send spam. I 
presume the large service providers do the same.


 
AT&T is the major one that I know of that is still enforcing this policy.

But they said they can unblock port 25 upon request. I am not sure how easy
it is.


It's trivial. A web form. You get the link when you try to send mail to 
port 25 anywhere else. At least with Yahoo/SBC dsl.


I got the business class DSL from AT&T and no such nonsense exists.

Re: WISP NMS recommendations

[Charles Wyble]

This list is quite active:

http://lists.wispa.org/mailman/listinfo/wireless




+1 for Wispa. Several knowledgeable people on there, and it's quite active.

Lately both NANOG and WISPA have had very high signal. Hopefully it 
keeps up! :)

Re: Wireless bridge

[Charles Wyble]

2.4 and 5GHz license-free Wifi is license free because the frequencies
are shared with the ISM (Industrial/Scientific/Medical) services. In an
industrial area, competing WiFi is the least of your worries. These
frequencies are also used by industrial grade heating units. Got anyone
in the neighbourhood running a large plastic shrink wrap machine, for
example?


Good point.



You can't directly detect these other users with a Wifi transceiver.
Depending on the nature of the interference you *might* be able to hear
it directly on a scanner (if you can find one that covers those
frequencies), but you really need a good spectrum analyzer to tell
what's going on.


Check out http://www.ubnt.com/airview/ for a decent one. There is also 
wispy.

Re: Wireless bridge

[Charles Wyble]

+1 for Ubnt gear!

Joel Jaeggli wrote:

Pair of Ubuquiti power station 2 or 5 bridges, 5 would be preferable,
under $200 per end.

http://www.ubnt.com/downloads/ps5_datasheet.pdf

Peter Boone wrote:

Re: Wireless bridge

[Charles Wyble]

Might I suggest Ubnt.com ?

Or a vendor that I use http://www.wlanparts.com/category/ubiquiti/

Couple of these 
http://www.wlanparts.com/product/BULLET2-D13/Ubiquiti_BULLET2_and_13dBi_24GHz_Panel_Antenna__BULLET2D13.html 



(100.00 per side or so).


Peter Boone wrote:

Hi NANOG,

I'm looking for some equipment recommendations for a wireless bridge between
two locations approximately 500-800 meters apart. The current setup for this
company has been extremely unstable and slow. I don't have a lot of
experience in this area so I was hoping someone could give me a few
pointers.

Currently, both locations are using Linksys WRT54GL's flashed with DD-WRT
firmware (Yes, 802.11g. All extra bells and whistles are disabled in the
firmware. They were set up for WDS so other wireless clients could connect
to the same access point, with varying degrees of success. Not very
important). They are connected to SmartAnt 2300-2500 MHz 14 dBi directional
antenna mounted on the roof (extended pretty high for perfect line of
sight). I'm not sure when they got these antenna exactly but I'm told it was
when WiFi was very new. The network is very small so both locations share
the same subnet (192.168.1.0/24).

They have gone through numerous Linksys access points over the years. The
wireless settings are tweaked as best as possible, and we have found the
connection to be most stable when the TX is limited to 6-9 Mbps.

We have explored other options as well. An internet connection at each
location + VPN is out due to very slow upstream speeds (the buildings are in
an industrial area, ADSL is the only option.) The max they offer on regular
business accounts is 800 kbps up. T1 lines are even slower and even more
expensive. They won't offer us any other solutions such as fibre. We have
considered running fibre/coax but there is too much construction activity
and other property in the way.

I'm looking into RouterBOARD right now, considering a RB433AH and R52H
wireless card, but I'm not sure this will actually solve the problem. It's
difficult to determine if the issue is with the antennas or access points
(for example, after a good thunderstorm, the wireless link will be down for
at least 12 hours, but will fix itself eventually. Resetting either access
point will keep the link down for at least 30 minutes. Using an airgun on
the access points tends to make them more reliable, even if they are clean
and dust free. From the admin interface, each access point will report
seeing a very good and strong signal from the other, yet they refuse to
communicate until they feel like it a few hours later.)

Any suggestions welcome. I'm sure you can tell cost is a bit of a factor
here but it will be easy for me to justify a higher price if I'm confident
it will be effective.

While I'm at it, I've been reading along on the list for over a year now;
thanks everyone for sharing your real world experiences :)

Peter

Re: Cogent input - no peering with Global Crossing in Europe [Re: NANOG Digest, Vol 17, Issue 46]

[Charles Wyble]

Ouch... latency must be awful.

I suppose this is based on Cogents reputation but who knows. The whole 
peering aspect of the networking business is often a mystery.


AKK wrote:


My main concern for European Cogent users is - no European peering with 
global crossing - traffic goes via NY JFK. It has been like this for at 
least a year and staff been giving assurances this should be sorted 
soon. Probably there are more bad peerings - please share.



6:  so-7-0-0c0.rt1.mil.it.geant2.net (62.40.112.174) asymm  5  14.446ms
7:  so-7-1-0.rt1.fra.de.geant2.net (62.40.112.61)asymm  6  27.120ms
8:  TenGigabitEthernet7-3.ar1.FRA4.gblx.net (207.138.144.45) 246.852ms
9:  po3-20G.ar7.NYC1.gblx.net (67.16.134.74) asymm 12 122.810ms
10:  te2-1.ccr01.jfk07.atlas.cogentco.com (154.54.11.61)  asymm 12 
123.003ms
11:  te4-1.ccr01.jfk02.atlas.cogentco.com (154.54.1.221)  asymm 13 
118.334ms
12:  te4-3.ccr01.lon01.atlas.cogentco.com (130.117.1.106) asymm 14 
198.997ms
13:  te2-7.ccr02.ams03.atlas.cogentco.com (130.117.1.169) asymm 14 
204.575ms
14:  te2-3.ccr01.dus01.atlas.cogentco.com (130.117.3.90)  asymm 15 
213.653ms
15:  te7-1.ccr01.muc01.atlas.cogentco.com (130.117.49.154) asymm 14 
225.144ms
16:  te3-1.ccr01.vie01.atlas.cogentco.com (130.117.49.30) asymm 22 
254.543ms
17:  te3-8.ccr01.bts01.atlas.cogentco.com (130.117.49.25) asymm 21 
248.505ms
18:  te1-1.ccr01.tsr01.atlas.cogentco.com (130.117.48.58) asymm 20 
243.334ms
19:  te1-3.ccr01.tsr01.atlas.cogentco.com (130.117.0.18)  asymm 20 
249.374ms
20:  149.6.112.2 (149.6.112.2)asymm 19 
273.730ms
21:  149.6.112.2 (149.6.112.2)asymm 19 
268.122ms
22:  down-int.caucasus.net (62.168.172.205)   asymm 21 
268.647ms
23:  down-int.caucasus.net (62.168.172.205)   asymm 21 
274.430ms
24:  sw.caucasus.net (62.168.168.60)  asymm 21 
277.811ms





nanog-requ...@nanog.org wrote:

Send NANOG mailing list submissions to
nanog@nanog.org
  

IPTV List serv

[Charles Wyble]

I know someone was asking about a VOIP list serv the other day.

Well IPTV is another big area that could use a list.


Check out https://puck.nether.net/pipermail/iptv-users/

3fn shutdown

[Charles Wyble]

What do folks think?

How were they shutdown? AS stopped from announcing? Physical power?

http://voices.washingtonpost.com/securityfix/2009/06/ftc_sues_shuts_down_n_calif_we.html

Re: Fiber cut - response in seconds?

[Charles Wyble]

Sounds like a lot of work to me. Wouldn't it be easier to just find the carrier
neutral colo facilities where all the peering/transit between major networks
happens, and pay them money to put up a fake wall that you can colo your
optical taps behind?


Yeah it's not like that's ever gonna happen! :)




Drive Slow, and remember, don't open any doors that say "This Is Not An Exit",


ROFL

Re: Fiber cut - response in seconds?

[Charles Wyble]

David Barak wrote:


Paranoia 101 teaches us that any given encryption approach will eventually fall before a brute-force onslaught of sufficient power and duration[1]. 


Of course. Hence my comment bout the likely hood of success depending on 
how much computing power they have access to. How much easier does my 
job get if I have access to thousands of encrypted e-mails vs 1 
encrypted e-mail? Once I factor your PKI root private key, your toast. 
It was my impression that the various algorithms were designed to 
prevent traffic analysis attacks, or at least vastly reduce there 
effectiveness, and if some magical corner case is discovered it should 
be further mitigated by key rotation right? I'm an operations guy, not a 
math wizard. :)


 I'm not trying to argue that the attacker in this case could 
necessarily detect a flaw in the algorithm; rather, they'll get an 
effectively infinite number of chances to bang against it with no 
consequences.  Once it's cracked, the attacker will *still* have the 
physical access which is thus compromised, and then has free access to 
all of the transmissions.


Sure. However couldn't they do this in a lab environment? Various 
botnets give them access to massive amounts of computing power on an 
ongoing basis. I presume that the folks with sufficient expertise and 
knowledge to do these attacks use exploits / back doors that ensure 
continued access to this computing power, which won't be 
detected/patched by the little tykes doing spamming/phising/data 
correlation.


Then there is the ability to buy a whole lot of specialized number 
crunching compute gear as well.


Granted the US govt has there own (classified) encryption algorithms and 
as such that can't be replicated in a lab environment and requires 
access to the physical medium carrying traffic encrypted by said 
algorithms.








Physical security is a prerequisite to all of the other approaches to 
communication security.  Those cases where physical security is presumed to be 
non-existant have to rely on a lot of out-of-band knowledge for any given 
method to be resistant to attack, and it's very hard to make use of a 
connection of that type for regular operations.


Really? The US Military uses a whole lot of wireless (satellite, ground 
baed, surface to air) links. Those links can be sniffed (by people with 
sufficient motivation/funding/gear to do so). They rely on encryption to 
protect them.

Re: Fiber cut - response in seconds?

[Charles Wyble]

David Barak wrote:
Encryption is insufficient - if you let someone have physical access for a long enough period, they'll eventually crack anything. 


Really? I don't think so. I imagine it would be much more dependent on 
the amount of computing power the attacker has access to. More encrypted 
blobs won't help. If that was the case then the various encryption 
schemes in wide use today would be cracked already. Bad guys can setup 
networks and blast data through it and have complete access. I don't see 
them cracking encryption.

Re: Fiber cut - response in seconds?

[Charles Wyble]

Cheaper?

To quote sneakers were the united states govt. we don't do that sort 
of thing.


Martin Hannigan wrote:

It would also be cheaper to add an additional layer of security with
encryption vs. roving teams of gun toting manhole watchers.

YMMV,

Best!

Marty



On 6/2/09, Deepak Jain  wrote:

No. And here's why: If you're a naughty foreign intelligence team, and
you know your stuff, you already know where some of the cables you'd
really like a tap on are buried. When you hear of a construction
project
that might damage one, you set up your innocuous white panel truck
somewhere else, near a suitable manhole. When the construction guy with
a backhoe chops the cable (and you may well slip him some money to do
so), *then* you put your tap in, elsewhere, with your actions covered
by
the downtime at the construction site. That's why the guys in the SUVs
are in such a hurry, because they want to close the window of time in
which someone can be tapping the cable elsewhere.

At least that's what I heard. I read it somewhere on the internet.
Definitely. Not at all a sneaky person. No sir.

And if you were a naughty foreign intelligence team installing a tap, or a
bend, or whatever in the fiber contemporaneously with a known cut, you could
also reamplify and dispersion compensate for the slight amount of affect
your work is having so that when its tested later, the OTDR is blind to your
work.

Ah, the fun of Paranoia, Inc.

Deepak Jain
AiNET

Re: Fiber cut - response in seconds?

[Charles Wyble]

I do feel this might be the last post from Mr Pooser. :)

Your on to them it seems. ;)

A very interesting idea. I imagine it wouldn't be hard for foreign 
actors to get access to the data feed of construction, observe for signs 
of a cut and then  splice in a tap.


Though wouldn't that tap be found via the real response team?



Dave Pooser wrote:

Right. So why the "near instant" response time. If it's a diverse path,
one would imagine that they could respond in a few hours or a day and
not have any impact.


Just a guess, but: A cut cable is one thing. A cut cable in which people
wearing different suits and driving a different brand of SUV might splice in
a fiber tap is something altogether different.

Re: Fiber cut - response in seconds?

[Charles Wyble]

Joel Jaeggli wrote:


Charles Wyble wrote:


Joel Jaeggli wrote:

It's pretty trivial if know where all the construction projects on your
path are...

How so? Setup OTDR traces and watch them?


When you lose link on every pair in a bundle, but don't lose any of the
buildings you're serving via diverse paths, you have a pretty good idea
what happened. Knowing which of the three construction projects on that
path is likely to be digging a trench is a facilities issue.



Right. So why the "near instant" response time. If it's a diverse path, 
one would imagine that they could respond in a few hours or a day and 
not have any impact.


The fact that they are so closely monitoring the construction and 
wanting to fix it that fast seems a bit over the top for redundant systems.





I've seen this happen on a university campus several times. no black
helicopters were involved.

Care to expand on the methodology used? A campus network is a lot
different then a major metro area.


Given the location the guys in the blacks suvs likely have at least
situational awareness of all of the contruction projects in their
immediate vicinity. 


One would hope. Though given the archaic nature of many govt systems, 
that could involve a lot of manual paper pulling... or are the 
bid/reward/permit systems all automated on the east coast? :)


they don't have to monitor everyone's cable, just

their own and near instantaneous response implies proximity so it may
well be more akin to a campus network.


True.

Re: Fiber cut - response in seconds?

[Charles Wyble]

Joel Jaeggli wrote:

It's pretty trivial if know where all the construction projects on your
path are...


How so? Setup OTDR traces and watch them?



I've seen this happen on a university campus several times. no black
helicopters were involved.


Care to expand on the methodology used? A campus network is a lot 
different then a major metro area.

Fiber cut - response in seconds?

[Charles Wyble]

http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR2009053002114_pf.html

Not sure if I fully believe the article. Responding to a fiber cut in 
seconds?


I suppose it's possible if $TLA had people monitoring the construction 
from across the street, and they were in communication with the NOC.

Re: Geo Location and DNS

[Charles Wyble]

Check the archives. This gets discussed on a regular basis. Both google
and akami have methods in place for this to be corrected.

Clue Store wrote:

Hi All,
I am having a hell of a time trying to figure out who it is I need to
contact to get this fixed. I just got a new /21 allocation from ARIN and am
announcing it with no issues. I can ping anywhere and the planet can see me.
The issue I am having is that when I surf out on this new allocation, it
sends me to sites as if I were in Canada. A google search is all things
canadian. Not that I have anything against canadians, but I also cannot surf
to alot of sites using various DNS servers (my own, 4.2.2.2, etc). Anyone
have any clue where I can get this fixed??


TIA,
Max

Re: two interfaces one subnet

[Charles Wyble]

What does two interfaces in one subnet mean?

Two NICs? Or virtual interfaces?



Mikael Abrahamsson wrote:

On Mon, 11 May 2009, Chris Meidinger wrote:

I've been looking through RFC's trying to find a clear statement that 
having two interfaces in the same subnet does not work, but can't find 
it that statement anywhere.


I don't know if it still works, but it did in Linux little over 10 years 
back. Proxy-arp:ed all the IPs in the /27 in the /24 and everything was 
fine (legacy reasons plus radiolink which I didn't want to run a lot of 
broadcasts over). There are "legitimate" cases where you might want to 
do this.

Re: DHCPv6 PD chains vs bridging

[Charles Wyble]

David W. Hankins wrote:

On Tue, May 05, 2009 at 04:22:04PM -0400, Paul Timmins wrote:
Sorry for the top post, but as a crazy thought here, why not throw out an 
RA, and if answered, go into transparent bridge mode? Let the sophisticated 
users who want routed behavior override it manually.


Customer premise gear has a 'front side' and a 'back side',



I presume by front you mean wan and back you mean lan?


 and it is

already well ingrained behaviour for 'back-to-back port chaining' to
create a single large bridged network in the home. 


Really? What CPE?

My topology at home is

motorolla dsl modem[1]->cisco 1841->catalyst 2924->wireless router->clients

The connection between the modem and router is a routed connection. The 
default configuration of the Linksys kit I have seen is routed. I had to 
change it to operate as a bridge (a one click option in the gui), and 
turn off the local DHCP server to make a flat wired/wireless network.


Otherwise it insists on being a router.



[1]
(It would appear that SBC recently changed their network to only allow 
their CPE with it's very limited configuration options. It's routed. 
Public IP on the WAN  and a fixed private IP (192.168.1.254). It hands 
out 1 private DHCP address (192.168.1.64)




 What is the

customer's anticipated result from front-to-back chaining?


I'm not sure how many people do this. Many people have one integrated 
device hanging off their DSL modem. They then purchase wireless 
extenders to increase the reach. This is what I overhear being recommend 
by Frys and BestBuy sales folks, and it seems to work well.


I don't know how many will do it in the future. I imagine that vendors 
will just make beefer wireless routers to handle increased load. They 
already have different models and software feature sets for "high end 
gamers".

Re: Where to buy Internet IP addresses

[Charles Wyble]

Ricky Beam wrote:
On Tue, 05 May 2009 13:28:25 -0400, Charles Wyble 
 wrote:
Utility companies utilize Zigbee pretty extensively. So that's 
millions and millions of addresses right there.


But does the entire planet need to talk to those critters?  No.  Nor 
should they even be able to.



Really we don't have enough debates going on in this thread?


Those little gadgets can very happily live within a link-local only 
network, or isolated private network.


Exactly. Behind the utilities (closely monitored and highly restrictive) 
firewall. Most likely behind multiple firewalls. (border fw, internal 
operations fw, monitoring network firewall). No reason they shouldn't 
have a fully routeable address.





I know the subject of "nat" in IPv6 will have people chasing me with 
pitchforks, but there are a lot of things in the world that don't need 
to be accessable by the entire world and should be (must be) protected 
from even accidentally being exposed to the Evil Internet(tm).  Everyone 
will chime in with "firewall them", but the risk exists as long as they 
have global addresses.  Having to break into a machine in order to get 
at the internal network (ala today's NAT) makes the network much safer 
-- not "safe", but safer than directly naked on the internet.


This is no different then having machines with a public IP on the net 
today. A firewall is such a small part of an overall security architecture.


Don't troll.

EVDO followup

[Charles Wyble]

So I found an article about updating the EVDO modem PRL in Linux (or I 
should say via a standard AT method)


http://kenkinder.com/using-verizon-wireless-evdo-pc5740-and-linux/


I'll let folks know how it goes.

Re: Where to buy Internet IP addresses

[Charles Wyble]

([*] according to the wiki, firewire and zigbee are the only things 
using EUI-64.  I don't know of anyone using firewire as a network 
backbone.  (obviously, not that you care.)  Zigbee is relatively new and 
similar to bluetooth; will people use them as a NIC or connect little 
zigbee gadgets to the internet -- well, there are coffee makers, vending 
machines, and christmas lights on the internet, so as a novelty, 
certainly. How many bluetooth devices are running IP over bluetooth?  
That said, I could see PAN meshes (personal area networks) eating a huge 
number of addresses, but /64???)



Utility companies utilize Zigbee pretty extensively. So that's millions 
and millions of addresses right there.

Re: Is everyone getting the shimizuhar...@yahoogroups.jp ugliness?

[Charles Wyble]

Yes. I'm getting that as well. It's appending weird characters onto 
every message. I'm getting many messages in duplicate (with and without 
the characters).


Though this message I only received once and without the characters.

It appears threads started yesterday are affected.

Jack Bates wrote:

nanog-bounces+alamiki1623=yahoo.co...@nanog.org

I'm rather shocked that yahoogroups.jp allows a group to have addresses 
included in it that haven't confirmed opt-in. The constant loop of nanog 
through the group to my mailbox as trash (I don't read foreign 
languages, thus trash) is annoying.


Anyone else having this problem? Who can kindly kill that address from 
the list feed until the genius piping that address's email into 
shimizuhar...@yahoogroups.jp stops (and hopefully kindly deletes the 
group or removes my email address from it).



Jack

Re: Broadband Subscriber Management

[Charles Wyble]

Quite a bit of overhead. Good article here:
http://blog.ioshints.info/2009/03/adsl-overhead.html



Curtis Maurand wrote:


I don't understand why DSL providers don't just administratively down 
the port the customer is hooked to rather than using PPPoE which costs 
bandwidth and has huge management overhead when you have to disconnect a 
customer.  I made the same recommendation to the St. Maarten (Dutch) 
phone company several years ago.  They weren't listening either.   That 
way you can rate limit via ATM or by throttling the port administratively.


Just a suggestion

Re: Looking for AT&T / Verizon / Sprint WWAN service impressions- on or off-list replies welcome

[Charles Wyble]

What is it about the bloody telcos. You want to spend money, but yet you 
can't reach the right people to get your questions answered or schedule 
the service.


Gah.

I experienced this recently, trying to have some inside wiring work done 
at my house. They rolled a tech, but then he claimed he "wasn't 
prepared" to do the work. What exactly was he prepared to do, on an 
inside wiring call?  It took multiple calls / disconnects to SBC to get 
to the right dept and have a tech deployed who was actually prepared to 
install the jack.


Do these places take courses on anti sustainability? It's amazing they 
are still in business.




Crooks, Sam wrote:
 
After much hassle and several false starts and disconnects in getting in

touch with the right department in Sprint, I spoke to a woman in
technical support in the group that supports 3G data cards.  


She said:

- public IP addresses are used
- static IP available for $3/mo additional
- maximum 3G data plan is 5GB/mo of data transfer, retail reate, $60/mo
(which is typically cheaper than your typical ADSL/IDSL or ISDN service
cost)


Sam Crooks

Re: Looking for AT&T / Verizon / Sprint WWAN service impressions - on or off-list replies welcome

[Charles Wyble]

Crooks, Sam wrote:

I'm considering use of AT&T / Verizon / Sprint WWAN services and the
Cisco 3G router interface cards/integrated module in C880 routers for
primary or backup WAN network connectivity for routers.



I haven't used the integrated cards with cisco gear. However I do have 
300+ cards deployed throughout the United States (EVDO USB modems on 
Linux boxes).




I'm looking for information from users of these services on the
following: 


- addressing - Do these WWAN services use dynamic, PPPoE or static IP
assignment typically? Any of the 3? All?
   - is static IP assignment available?


We have static IP assignment for our Verizon cards. Sprint cards aren't 
static.




- do these service providers use NAT within their network?


Verizon doesn't. Not sure about Sprint. T-mobile doesn't either.




- How is the service reliability?  In most cases, is the service
available for use when you need to use it?


We have found it to be quite reliable, although a small subset (about 15 
to 20 connections) have been giving us issues. I posted on this last 
week or so. No resolution from Verizon as of yet.



- How is the service coverage area?  Do you have problems getting
sufficient coverage in the deplouyment location to support desired
speeds (say 512kbps up/down as a minimum)?


Frequently you will need to deploy an external antenna as a booster. 
Dunno if the Cisco cards have the option, but I would imagine they do. 
It's almost a necessity in the vast majority of indoor deployments.




- is ESP / IKE / IPsec permitted through un-rate-limited and un-molested
by the providers?
- If you build a IPsec/GRE tunnel over these services, do you have
frequent issues with the tunnel dropping, or a dynamic routing protocol
running through the tunnel going down frequently?




We use OpenVPN without incident. Dunno bout GRE/IPSEC.


Also interested in similar information on impressions of similar EMEA
WWAN service providers, particularly Vodaphone and T-Mobile, if anyone
has experiences with these.



I have used T-mobile EDGE via Linux with great success (even ran a skype 
conference call over it). See my blog post on the configuration at:

http://charlesnw.blogspot.com/2008/10/blackberry-pearl-8120-linux-ubuntu-804.html

Speed tests I did gave me 126k. So you would most likely want HSDPA for 
sure. I have yet to try HSDPA but hear excellent things about it. They 
recently released a USB dongle which does wifi/hsdpa/edge. See 
http://www.i4u.com/article23865.html for more.



I agree with the other posters about POC and site survey. All sorts of 
strange environmental issues can pop up and wreak havoc on signal.


This for branch office environments? Retail? Industrial? (My deployments 
are retail locations).

Re: [OT] Re: Fiber cut in SF area

[Charles Wyble]

I sense a thread moderation occurring here shortly.

valdis.kletni...@vt.edu wrote:

On Mon, 13 Apr 2009 14:39:23 EDT, Izaac said:


Do you realize that you're putting trust in the sane action of parties
who conclude their reasoning process with destruction and murder?


And how is that different from a US general plotting destruction and the
killing of enemy troops during an offensive?  And yet we usually trust our
generals and call them "sane".

Re: BGP FlowSpec support on provider networks

[Charles Wyble]

Fouant, Stefan wrote:

Hi folks,

I am trying to compile data on which providers are currently supporting
BGP Flowspec at their edge, if there are any at all.  The few providers
I've reached out to have indicated they do not support this and have no
intention of supporting this any time in the near future.  I'm also
curious why something so useful as to have the ability to advertise flow
specification information in NLRI and distribute filtering information
is taking so long to gain a foothold in the industry... 



See ipv6 :)

Re: Outside plant protection, fiber cuts, interwebz down oh noes!

[Charles Wyble]

I didn't say it was sabatoage...


 It would appear
> that this was a deliberate act


I tried to be very careful to say that it appears to have been 
sabatoage, but that it's not confirmed. Also this isn't the middle of 
the ocean, but cable underground. That usually doesn't get cut unless 
it's by a back hoe. And speaking of unions construction crews charge 
lots of money to work in the middle of the night, so it's usually 
avoided. :)


Rod Beck wrote:

Hold on. Who says this sabotage?

These incidents happen all the time without sabotage being involved. A 
ship sank off the coast of Pakistan and took out both international 
cables serving the country ...


We had the undersea earthquake that seven seven cables in the Taiwan 
straits.


The truth is that physical diversity is an ideal, not a reality.

I have seen lots of accidents that took multiple operators and seriously 
disrupted in a given locality.


The only difference here is that in the Heart of Geek Territory. Hence 
the Natives are restless ...


Roderick S. Beck
Director of European Sales
Hibernia Atlantic


-Original Message-
From: Charles Wyble [mailto:char...@thewybles.com]
Sent: Thu 4/9/2009 11:04 PM
To: nanog@nanog.org
Subject: Outside plant protection, fiber cuts, interwebz down oh noes!

Seriously though I want to start some discussion around outside plant
protection. This isn't the middle of the ocean or desert after all.

There were multiple fiber cuts in a major metropolitan area, resulting
in the loss of critical infrastructure necessary to many peoples daily
lives (though twitter stayed up so it's all good). :) It would appear
that this was a deliberate act by one or more individuals, who seemed to
have a very good idea of where to strike which resulted in a low cost,
low effort attack that yielded significant results.


So allow me to think out loud for a minute

1) Why wasn't the fiber protected by some sort of hardened/locked
conduit? Is this possible? Does it add extensive cost or hamper normal
operation?

2) Why didn't an alarm go off that someone had entered the area? It was
after business hours, presumably not in response to a trouble ticket,
and as such a highly suspicious action. Does it make sense for these
access portals to have some sort of alarm? I mean there is fiber running
through and as such it could carry the signaling. Would this be a
massive cost addition during construction?

3) From what I understand it's not trivial to raise a manhole cover.
Most likely can't be done by one person. Can they be locked? Or were the
carriers simply relying on obscurity/barrier to entry?

Re: Fiber cut in SF area

[Charles Wyble]

Jared Mauch wrote:


On Apr 9, 2009, at 3:58 PM, Robert M. Enger wrote:



That AT&T has stopped provisioning protection fiber for automatic 
restoral is mind boggling.


That our crack (or on crack) govt contracting/emergency-preparedness 
staff didn't demand protected facilities for 911 is another mind 
boggling issue.


This costs $$$ and usually isn't a problem as there are other ways 
to communicate.  The law-enforcement folks qualify for GETS so get 
priority on wired/PSTN.  They can also get radio priority w/ WPS.






I didn't know about WPS.

http://policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=839&issue_id=32006 



Interesting stuff.

Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?

[Charles Wyble]

Yep verizon does indeed filter all unsolicated inbound traffic to the 
EVDO network. It can be a blessing or a curse. :)


Skywing wrote:

Verizon filters unsolicited inbound traffic for their EVDO customers in my 
experience.

- S

-Original Message-
From: Roland Dobbins 
Sent: Thursday, April 09, 2009 09:32
To: NANOG list 
Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?


On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:


Please share your thought and thanks in advance :)


No, IMHO.  Most broadband operators don't insert firewalls inline in
front of their subscribers, and wireless broadband is no different.

The infrastructure itself must be protected via iACLs, the various
vendor-specific control-plane protection mechanisms, and so forth, but
inserting additional state in the middle of everything doesn't buy
anything, and introduces additional constraints and concerns.

---
Roland Dobbins  // +852.9133.2844 mobile

   Our dreams are still big; it's just the future that got small.

   -- Jason Scott

Outside plant protection, fiber cuts, interwebz down oh noes!

[Charles Wyble]

Seriously though I want to start some discussion around outside plant 
protection. This isn't the middle of the ocean or desert after all.


There were multiple fiber cuts in a major metropolitan area, resulting 
in the loss of critical infrastructure necessary to many peoples daily 
lives (though twitter stayed up so it's all good). :) It would appear 
that this was a deliberate act by one or more individuals, who seemed to 
have a very good idea of where to strike which resulted in a low cost, 
low effort attack that yielded significant results.



So allow me to think out loud for a minute

1) Why wasn't the fiber protected by some sort of hardened/locked 
conduit? Is this possible? Does it add extensive cost or hamper normal 
operation?


2) Why didn't an alarm go off that someone had entered the area? It was 
after business hours, presumably not in response to a trouble ticket, 
and as such a highly suspicious action. Does it make sense for these 
access portals to have some sort of alarm? I mean there is fiber running 
through and as such it could carry the signaling. Would this be a 
massive cost addition during construction?


3) From what I understand it's not trivial to raise a manhole cover. 
Most likely can't be done by one person. Can they be locked? Or were the 
carriers simply relying on obscurity/barrier to entry?

Re: Fiber cut in SF area

[Charles Wyble]

Yep it leads to:




Activity Type Code Desc: PROGRESS COMMENTS
Activity Type Code: PROG

OTDR readings were taken by AT&T West and a cut was located 1600 ft from
the San Jose, CA central office. AT&T West technicians are onsite
working to isolate the exact location of the cut. There are 4 cables
impacted. AT&T Mobility has 61 GSM and 45 co-located UMTS sites out of
service off of Santa Clara Base Station Controllers 15 & 23, and Santa
Clara Radio Network Controller 4. E911 has 52 Location Measuring Units
down. The AT&T West Santa Cruz 11 central office (41,803 ATNs) is
experiencing an SS7 isolation and the San Martin central office (11,904
ATNs) lost it's umbilical and is isolated at this time. The Bailey
remote site (4,973 ATNs) is also isolated. Scott's Valley has 3 out of 4
SS7 links down. The Santa Cruz 01, Aptos, Scott's Valley, Felton,
Boulder Creek, Ben Lomand, San Jose 11, San Jose 13, San Jose 21 central
offices have trunks impacted such that all lines are busy and incoming
calls are receiving trouble messages. The Santa Cruz County SO (178,040
ATNs), Scott's Valley PD (12,007 ATNs) and the UC Santa Cruz PD (14,909
ATNs) are all without ALI at this time. The Gilroy PD PSAP and the
Morgan Hill PD and CDF have been rerouted with ALI/ANI. The Felton CDF
has not been rerouted. There are 17 DSLAMS and 4 ATMS out of service
impacting DSL service. There are 3 SMDI Links down impacting voicemail
service. Verizon's Morgan Hill and Gilroy central offices are currently
isolated. There have been 224,865 blocked calls.



Robert M. Enger wrote:


That AT&T has stopped provisioning protection fiber for automatic 
restoral is mind boggling.


That our crack (or on crack) govt contracting/emergency-preparedness 
staff didn't demand protected facilities for 911 is another mind 
boggling issue.


That there is no over-under wide-area back-up coverage for the cellular 
canopy ...


We posture and orate about being prepared for terrorist attacks and 
natural disasters, and then events like these reveal the reality:

   The emperor has no clothes.



Roy wrote:

Service to South Santa Clara county is completely down: Internet,
landline, and cellphones.  Both Verizon and AT&T are affected.  911 is
also down.

My cellphones show one or no bars.   Normally they are all four bars.

The idea that all of that is lumped in one fiber bundle is mind boggling.

On Thu, Apr 9, 2009 at 11:05 AM, Matthew Kaufman  
wrote:
 

I saw my Sonic.net-over-AT&T ADSL go dark at 02:30 local and it is still
down, served on a fiber remote out of SNCZCA01. (I'm guessing the 200 
Paul
outages are associated with where this ATM terminates and that's the 
cause,
rather than the service in/out of Santa Cruz County, but I have no 
way of

telling which from here)

My own Gatespeed.net microwave to Equinix SV-3 is working fine (no 
surprise
there), and I'm not seeing significant routing problems in/out of 
there with

transit or peering. (Not even any down peers, so no inter-Equinix-site
outage apparently).

Matthew Kaufman
matt...@eeph.com





  

Re: Fiber cut in SF area

[Charles Wyble]

Yeah. It's on outages. Not much useful there.

Christopher Morrow wrote:

isn't there a mailing list for this sort of thing? outages@ I think it is?

(not that I mind, just a little advert for the appropriate forum, and
a place that MAY have some useful info on this topic)
-chris

On Thu, Apr 9, 2009 at 1:51 PM, Ravi Pina  wrote:

News coverage:

http://cow.org/r/?5459
http://cow.org/r/?545a

And not that I expect any useful updates:

http://twitter.com/attnews

-r

On Thu, Apr 09, 2009 at 08:14:15AM -0700, Craig Holland wrote:

Just dropping a note that there is a fiber cut in the SF area (I have a
metro line down).  AboveNet is reporting issues and I've heard unconfirmed
reports that ATT and VZW are affected as well.

Rgs,
craig

Re: Fiber cut in SF area

[Charles Wyble]

Ravi Pina wrote:

News coverage:

http://cow.org/r/?5459
http://cow.org/r/?545a

And not that I expect any useful updates:

http://twitter.com/attnews




Lots of folks covering the same thing...

http://search.twitter.com/search?q=fiber+cut
http://search.twitter.com/search?q=outage

Also reports of power outages as well:
http://search.twitter.com/search?q=power+outage



Here is something interesting...
http://twist.flaptor.com/trends?gram=outage&table=1&tz=-7
http://twist.flaptor.com/trends?gram=fiber%20cut&table=1&tz=-7

Re: attacks on MPLS?

[Charles Wyble]

Wayne E. Bouchard wrote:

Meh...

Sure, it rehashes what we pretty well already know, "If a bad guy can
get access to your network or your management tools, you're boned."


Naturally. If one gets to the control plane of your routers and/or 
management network you have big problems. :)


However if they develop a script kidde tool that twiddles the bits in 
the middle that's a bit more concerning, as it may be difficult to 
detect without significant monitoring.




It's still worth reminding folks that they need to take appropriate
measures to defend and monitor these devices. Too many networks and
servers get hacked not because the attacker was good, but because the
administrators (some of whom tend to be good security guys) became
complacent and stopped doing routine upkeep. So in that sense, a
little fear can be a good thing.



Oh of course.

Re: attacks on MPLS?

[Charles Wyble]

Well if we pull apart the article a bit



Quote 1)
Network infrastructure security has been in the limelight lately, with 
researchers uncovering big vulnerabilities in the Domain Name System 
(DNS), the Border Gateway Protocol (BGP), TCP, and in Cisco routers.



Wasn't aware of any big vulns in BGP (are they referring to the defcon 
talk that rehashed ages old bgp trust exploitation?). Cisco vulns (I 
realize cisco released several patches recently but not aware of any 
signifcant vulns).


Quote 2)
own set of switches and management infrastructures, and their own set of 
surrounding technologies," he says, "and the average attacker could not 
get his hands on that equipment."


H. Really? 
http://www.gns3-labs.com/2009/01/23/mpls-vpn-and-traffic-engineering/ + 
torrent the appropriate IOS images. That seems like it would be enough 
to build a lab environment for exploit development.


Seems like the article is a lot of  fear mongering.


Steven M. Bellovin wrote:

http://www.darkreading.com/securityservices/services/data/showArticle.jhtml?articleID=216403220


--Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: Verizon EVDO Issues

[Charles Wyble]

Update...


First, thank you to all who replied off list. The general summary of the 
offlist replies, is that a PRL update may be needed. This of course 
doesn't appear doable via Linux, and our vendor (IRG) swore up and down 
this wouldn't be required.


We had the tech remove the USB dongle (model 720) from the system and 
place it in his laptop. Came up and worked fine once vzaccess twiddled 
whatever bits it needed to.






Charles Wyble wrote:

Been troubleshooting a very strange problem for a couple of weeks now.

I have a few hundred systems deployed throughout the United States 
utilizing EVDO connectivity with Verizon as a carrier. They are stationary.


Over the past few weeks clusters of them in SF and Lewisville TX and a 
few other areas have been failing intermittently. They are offline for 
several days, then online for a few days then go offline again. They are 
running Linux and PPPD.


Has anyone else seen anything like this? I realize that there are very 
few other organizations with a network footprint like ours (few hundred 
static EVDO cards). Other large users like FedEx and Amtrak aren't 
reporting any issues. Verizon wants to replace the cards, but that 
doesn't seem like a viable solution, as it's localized to a few areas 
and is intermittent.


Replies on or off list appreciated.

Re: Verizon EVDO Issues

[Charles Wyble]

Do they maintain a continuous data link in normal operation (like, say, 
connectivity for a LAN, or backhaul for a camera or some such), or do they 
request the data link when they need to send [whatever] (like a discrete SCADA 
system)? My (user only) experience is that cellular data service doesn't 
handle long sessions well. 




Continuous operation. They have been working fine for some time. We have 
about 20 locations that aren't working, and over 200 that are working 
just fine.

Verizon EVDO Issues

[Charles Wyble]

Been troubleshooting a very strange problem for a couple of weeks now.

I have a few hundred systems deployed throughout the United States 
utilizing EVDO connectivity with Verizon as a carrier. They are stationary.


Over the past few weeks clusters of them in SF and Lewisville TX and a 
few other areas have been failing intermittently. They are offline for 
several days, then online for a few days then go offline again. They are 
running Linux and PPPD.


Has anyone else seen anything like this? I realize that there are very 
few other organizations with a network footprint like ours (few hundred 
static EVDO cards). Other large users like FedEx and Amtrak aren't 
reporting any issues. Verizon wants to replace the cards, but that 
doesn't seem like a viable solution, as it's localized to a few areas 
and is intermittent.


Replies on or off list appreciated.

Re: shipping pre-built cabinets vs. build-on-site

[Charles Wyble]

Sending that one full rack has proven successful for us, but that
was specialists with some experience, and it was road only. Every
time I see suitcases being thrown around in airports...well...



Baggage handlers have nothing on FedEX folks. They literally hurl 
packages into the truck like baseballs. I used to work for a major 
fullfillment company, and one afternoon we were in the IT office and we 
got to see first hand how FedEX loaded up the items they were shipping 
from one of our West Coast facilities. :)


Of course our packing / prep took this into account and so the items 
survived.

Re: shipping pre-built cabinets vs. build-on-site

[Charles Wyble]

Joe Abley wrote:

Hi all,

Anybody here have experience shipping pre-built cabinets, with ~20U of 
routers and servers installed, connected and tested, to remote sites for 
deployment?



Not pre built cabinets, but I have shipped/received over $1,000,000.00 
worth of gear (routers/switches/desktops/servers) all over the United 
States utilizing FedEx.


Packed everything with lots and lots of foam peanuts and shrink wrap, 
with standard pallets and crates. Never had an issue.


Checkout FedEx Custom Critical pricey but excellent (used them to 
ship something same day once. that was really expensive as it 
required a dedicated aircraft but when you gotta have it as close to 
right now as possible, they fit the ticket). :)

Re: Register.com DNS hosting issues

[Charles Wyble]

Seth Mattinen wrote:

Jeffrey Negro wrote:

No ETA given to me, just the stock line of "We apologize.. blah blah...
as soon as possible.. blah blah."



This is probably a good time to remind the uninitiated to have some
secondary DNS with a totally separate company if your DNS is that
important to you.



Preferably with a provider that announces out of multiple ASN :)

AT&T and Akami both provide good distributed DNS service. I imagine 
there are other carriers, but I can't comment on them as I haven't used 
them.

Re: Google Over IPV6

[Charles Wyble]

Steven M. Bellovin wrote:

On Fri, 27 Mar 2009 14:46:50 +0100
Daniel Verlouw  wrote:


On Fri, 2009-03-27 at 09:34 -0400, Steven M. Bellovin wrote:

It's working for me, too, though I noticed that tcptraceroute (at
least the version I have) doesn't do well with ipv6.google.com.

seems to work fine from over here:

# tcptraceroute6 www.google.com 80
traceroute to www.google.com (2001:4860:a003::68) from
2001:7b8:3:30::, port 80, from port 62699, 30 hops max, 60
byte packets
 1  2001:7b8:3:30::2 (2001:7b8:3:30::2)  0.505 ms  0.246 ms  0.228 ms 
 2  pr61.ams04.net.google.com (2001:7f8:1::a501:5169:1)  1.664 ms
1.619 ms  1.641 ms 
 3  2001:4860::23 (2001:4860::23)  220.972 ms  174.560 ms  120.445 ms 
 4  2001:4860:a003::68 (2001:4860:a003::68)  9.101 ms [open]  9.196 ms
9.055 ms 


# tcptraceroute6 -V
traceroute6: TCP & UDP IPv6 traceroute tool 0.9.3 ($Rev: 483 $)


Traceroute6 works; I'm talking about tcptraceroute, which is useful for
seeing what happens to connections in the presence of ACLs, firewalls,
and the like.  I don't seem to have a tcptraceroute6.



Very cool. apt-get install ndisc6 gives me tcptraceroute6. Didn't know 
about tcptraceroute(6). Thanks for sharing! :)

Re: First steps towards v6 support by ATT?

[Charles Wyble]

yea... maybe they do, I don't see that from my view of 7018's routing
data (limited as it may be)


Interesting.




http://www.corp.att.com/gov/solution/network_services/data_nw/ipv6/

Looks like they have established a tunnel in the United States perhaps?


how did you gather that? Maybe Tom knows more about this and can let
us all know?

From:

Remote Access Service to IPv6 Internet

   * Support IPv6 for small (or satellite) locations and individual remote
users
   * Reach a dynamically configurable IPv6 Tunnel Gateway through IPv4 ISPs
through fractional T1, DSL or dial-up access
   * The Tunnel Setup Protocol (TSP) will be used to create tunnels to
transport IPv6 traffic over an IPv4 network to the gateway



wow, 'tsp'... uhm, what's that I wonder? This:
http://www.broker.ipv6.ac.uk/download.html

perhaps?? yeek!


Yes looks like. Especially with the mention of DSL/dial up access.

Plus I seem to recall some discussion around the ipv6 mandate having 
some language specifying they had to support it transit wise, but not 
necessarily be on v6 addresses. [1]


Anyone from .gov with ATT connectivity care to comment (both on the 
nature of the native/tunneled v6 offering and the actual requirements of 
meeting the mandate)



[1] Language from 
http://georgewbush-whitehouse.archives.gov/omb/memoranda/fy2005/m05-22.pdf



"Meaning the network backbone is either operating a dual stack network 
core or it is operating in a pure
IPv6 mode, i.e., IPv6-compliant and configured to carry operational IPv6 
traffic."

Re: First steps towards v6 support by ATT?

[Charles Wyble]

Christopher Morrow wrote:

On Thu, Mar 26, 2009 at 8:32 PM, Charles Wyble  wrote:

While researching at&t and ipv6 I came across
http://www.feise.com/~jfeise/blogs/index.php?blog=8 and also


doesn't that blog basically say: "it's broke Jim..." and that 7018
(really 7132) passes off the anycast into HE.net?



Yes. It does say it's broken. However it's entirely possible that AT&T 
hands out different routes to their l33t enterprise/govt customers with 
t1 or better who pay real money, vs end users.






http://www.corp.att.com/gov/solution/network_services/data_nw/ipv6/

Looks like they have established a tunnel in the United States perhaps?



how did you gather that? Maybe Tom knows more about this and can let
us all know?


From:

Remote Access Service to IPv6 Internet

* Support IPv6 for small (or satellite) locations and individual 
remote users
* Reach a dynamically configurable IPv6 Tunnel Gateway through IPv4 
ISPs through fractional T1, DSL or dial-up access
* The Tunnel Setup Protocol (TSP) will be used to create tunnels to 
transport IPv6 traffic over an IPv4 network to the gateway



Granted that doesn't necessarily mean it's in the United States, but I'm 
guessing it would be due to being an offering targeted at the United 
States Government. :)



Hence my request for more comments/information.

Maybe off topic for NANOG but then what does that even mean anymore? :)

First steps towards v6 support by ATT?

[Charles Wyble]

While researching at&t and ipv6 I came across 
http://www.feise.com/~jfeise/blogs/index.php?blog=8 and also 
http://www.corp.att.com/gov/solution/network_services/data_nw/ipv6/


Looks like they have established a tunnel in the United States perhaps?

I realize that getting native v6 support to DSL users isn't exactly a 
high priority for US IPSes, but building tunnel servers that are on the 
same continent as the user base is nice. :)  of course that tunnel 
might be broken.



Can anyone comment on this?

Re: Akamai wierdness

[Charles Wyble]

I usually just call their toll free support number when their are 
occasional issues.  This is from a content provider perspective (using 
Akamai as a CDN for the sites I support). Never had an issue getting a 
hold of anyone and getting the issue resolved (two times I have called 
them, it was issues on our side anyway).




Paul Stewart wrote:

Not to add to a potential "peeing" contest here but we have Akamai
equipment in our network - it's a very important component to our
service delivery.  If/when there is ever a problem (quite rare in our
experience other than the odd hardware failure that has no impact
anyways due to the cluster configuration) we send an email to
n...@akamai.com.

Typical response times on a 24X7 basis never normally exceed 20 minutes
at most.  I can remember one time where it might have been an hour.

That's a long ways from "blackhole" based on our experience... 


Paul Stewart


-Original Message-
From: JC Dill [mailto:jcdill.li...@gmail.com] 
Sent: Monday, March 23, 2009 5:03 PM

Cc: NANOG list
Subject: Re: Akamai wierdness

Paul Wall wrote:

Patrick Gilmore wrote [context inserted]:
  

Perhaps using the RFC required address [...@akamai] would be more


productive than e-mailing 10k strangers?

Normally I see emails like this and, if it's Not In My Back Yard, and

the

Internet is not going nutz, the delete key explains how worried i am.

Back to your email:

  

using the RFC required address


The correct catty response to the Akamai question is :

cc...@akamai.com.

 That's C as in "Customer", Care as in "they actually care".

I would end the email there, but it really gets me how someone that is
in-house doesn't realize that n...@akamai is a black hole.


Paul, you might want to test a theory of this nature before you post 
about it to more than a thousand of your colleagues.  This morning I 
sent email to n...@akamai.com and received a personalized 
(non-autoresponder) reply 17 minutes later.


jc





 




"The information transmitted is intended only for the person or entity to which it 
is addressed and contains confidential and/or privileged material. If you received this 
in error, please contact the sender immediately and then destroy this transmission, 
including all attachments, without copying, distributing or disclosing same. Thank 
you."

Re: Dynamic IP log retention = 0?

[Charles Wyble]

Can we please get this thread closed or something?

Jim Popovitch wrote:

On Sat, Mar 14, 2009 at 23:17, Joe Greco  wrote:

"Looking around" Rockefeller Center generally isn't a crime.

"Looking around" where you're in my back yard and peeking in the windows
is, at a minimum, trespass, and if our local cops notice you doing it, you
can expect that you may find yourself ... severely inconvenienced.

There is no "freedom to look around" on private property, despite what you
appear to think.


Isn't Rockefeller Center private property?   ;-)

-Jim P.

Re: Anyone using any Linux SSL proxies?

[Charles Wyble]

valdis.kletni...@vt.edu wrote:

On Sat, 14 Mar 2009 21:56:26 PDT, Mike Lyon said:

Howdy,

I am wondering what folks are recommending/using these days for Linux SSL
proxies? I need to build a linux box that basically acts as an SSL offloader
would (like a BigIP / Cisco ACE / Netscaler would do). Listen on port 443,
decrypt the SSL and then forward the request onto the webserver on port 80.


How much traffic?  That would be a major consideration



Check out http://www.apsis.ch/pound/

It would appear the magic search term on google is linux reverse ssl 
proxy  I started searching for linux ssl proxy. That turned up a lot 
of stuff for wrapping plain text in encryption, not the other way 
around. :)



And yes how much traffic is a major consideration. If a lot, then you 
would want to utilize an accelerator card supported by openssl.

Re: FYI RE: microsoft please contact me off list

[Charles Wyble]

What were the traffic characteristics that lead you to believe you were 
under a DDOS attack?


Thomas P. Galla wrote:

Here is what I got back  OBTW thanx

Thomas


=

Sent: Thursday, March 12, 2009 4:22 PM
To: Thomas P. Galla
Subject: FW: microsoft please contact me off list
Importance: High

Thomas,

I work in the research group managing the network range that you are reporting. 
 Your network could be randomly included 
Honeymonkey(http://en.wikipedia.org/wiki/HoneyMonkey) or another research 
project(http://research.microsoft.com/en-us/um/redmond/projects/strider).  
Could you give me more details on what you are seeing or the IP range on your 
side that is being hit?

Thx
Steve



Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203


-Original Message-
From: Thomas P. Galla [mailto:t...@bluegrass.net]
Sent: Thursday, March 12, 2009 3:35 PM
To: nanog@nanog.org
Subject: RE: microsoft please contact me off list

Sorry I am getting dos attacked from below and it would be nice if microsoft 
working abuse ph# or noc# or a name ?



Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203


-Original Message-
From: Thomas P. Galla [mailto:t...@bluegrass.net]
Sent: Thursday, March 12, 2009 3:24 PM
To: nanog@nanog.org
Subject: microsoft please contact me off list

Can a person in charge contact me off list




mail:~ $ whois -h whois.arin.net 131.107.65.41

OrgName:Microsoft Corp
OrgID:  MSFT
Address:One Microsoft Way
City:   Redmond
StateProv:  WA
PostalCode: 98052
Country:US

NetRange:   131.107.0.0 - 131.107.255.255
CIDR:   131.107.0.0/16
NetName:MICROSOFT
NetHandle:  NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType:Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate:1988-11-11
Updated:2004-12-09

RTechHandle: ZM39-ARIN
RTechName:   Microsoft
RTechPhone:  +1-425-882-8080
RTechEmail:  n...@microsoft.com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  ab...@msn.com

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName:   Hotmail Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  ab...@hotmail.com

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName:   MSN ABUSE
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  ab...@msn.com

OrgNOCHandle: ZM23-ARIN
OrgNOCName:   Microsoft Corporation
OrgNOCPhone:  +1-425-882-8080
OrgNOCEmail:  n...@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  ipr...@microsoft.com

# ARIN WHOIS database, last updated 2009-03-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
mail:~ $ whois -h whois.arin.net 131.107.65.41





Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203




No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 
20:42:00


No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 
20:42:00



--
Charles N Wyble char...@thewybles.com
(818)280-7059 http://charlesnw.blogspot.com
CTO SocalWiFI.net

Re: microsoft please contact me off list

[Charles Wyble]

Yes I agree. I forgot to do the *raises an incredulous eyebrow* bit. :)

By the way try calling that number and reaching an operator then 
asking for the NOC.


chris.ra...@nokia.com wrote:

More likely spoofed sources.

Good luck.
 

Re: microsoft please contact me off list

[Charles Wyble]

You are getting dossed from a Microsoft network range? Really? Perhaps 
they got bit by a worm targeting windows systems? :)




Thomas P. Galla wrote:

Sorry I am getting dos attacked from below and it would be nice if microsoft 
working abuse ph# or noc# or a name ?



Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203


-Original Message-
From: Thomas P. Galla [mailto:t...@bluegrass.net]
Sent: Thursday, March 12, 2009 3:24 PM
To: nanog@nanog.org
Subject: microsoft please contact me off list

Can a person in charge contact me off list




mail:~ $ whois -h whois.arin.net 131.107.65.41

OrgName:Microsoft Corp
OrgID:  MSFT
Address:One Microsoft Way
City:   Redmond
StateProv:  WA
PostalCode: 98052
Country:US

NetRange:   131.107.0.0 - 131.107.255.255
CIDR:   131.107.0.0/16
NetName:MICROSOFT
NetHandle:  NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType:Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate:1988-11-11
Updated:2004-12-09

RTechHandle: ZM39-ARIN
RTechName:   Microsoft
RTechPhone:  +1-425-882-8080
RTechEmail:  n...@microsoft.com

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  ab...@msn.com

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName:   Hotmail Abuse
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  ab...@hotmail.com

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName:   MSN ABUSE
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  ab...@msn.com

OrgNOCHandle: ZM23-ARIN
OrgNOCName:   Microsoft Corporation
OrgNOCPhone:  +1-425-882-8080
OrgNOCEmail:  n...@microsoft.com

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  ipr...@microsoft.com

# ARIN WHOIS database, last updated 2009-03-11 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
mail:~ $ whois -h whois.arin.net 131.107.65.41





Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203




No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.237 / Virus Database: 270.11.5/1979 - Release Date: 03/11/09 
20:42:00



--
Charles N Wyble char...@thewybles.com
(818)280-7059 http://charlesnw.blogspot.com
CTO SocalWiFI.net

Re: Redundant Array of Inexpensive ISP's?

[Charles Wyble]

This seems similiar to Cisco performance routing.

See 
http://www.cisco.com/en/US/products/ps8787/products_ios_protocol_option_home.html 
for more.




Tim Utschig wrote:

  Talari
Networks


--
Charles N Wyble char...@thewybles.com
(818)280-7059 http://charlesnw.blogspot.com
CTO SocalWiFI.net

Re: Network SLA

[Charles Wyble]

What products/services do you use for traffic generation?  Also what 
sort of testing methodology do you use? As for random probes that 
certainly seems like a nice feature.


Holmes,David A wrote:

We use BRIX for SLA's by measuring round trip times, jitter, and packet
loss across all of our backbone links. In conjunction with a traffic
generator to add background traffic, and potentially invoke queueing on
interfaces, we have found that BRIX enables us to accurately predict the
behavior of new applications, particularly multicast and HD video,
without the need to implement elaborate QoS configurations. BRIX is now
owned by EXFO, a fiber optic test equipment manufacturer. Low values for
rtt, jitter, and packet loss imply a relatively queue-free network,
which makes confident predictions about network behavior easier.
When we last looked at the technology, the Cisco IP SLA probes did not
capture a random distribution of network events, as the probes are
triggered every N minutes. BRIX randomizes the probes within a
configurable window, so that, over time, all time intervals are covered
by the accumulated probes.




--
Charles N Wyble char...@thewybles.com
(818)280-7059 http://charlesnw.blogspot.com
CTO SocalWiFI.net

Re: McColo and SPAM

[Charles Wyble]

Is that an off the shelf tool or custom built?