Re: Cloudflare, dirty networks and politricks

2016-07-28 Thread Donn Lasher via NANOG 
On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo"  wrote:


>While many are chanting: #NetworkLivesMatter, I have yet
>to see, read, or hear about any network provider being
>the first to set precedence by either de-peering, or
>blocking traffic from Cloudflare. There is a lot of
>keyboard posturing: "I am mad and I am not going to take
>it anymore" hooplah but no one is lifting a finger to
>do anything other than regurgitate "I am mad... This is
>criminal."

(long discussion, was waiting for a place to jump in..)

If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they 
protect the website of seller of the product. We shouldn’t be de-peering Cloud 
Flare over sites they protect any more than we would de-peer GoDaddy over sites 
they host, some of which, no doubt, sell gray/black market/illegal 
items/services.

If, on the other hand,  you can find a specific network actually generating the 
volumes of DDoS, you should have a conversation about de-peering….

$0.02…

Re: I recommend dslreports.com/speedtest these days (was Speedtest.net not accessible in Chrome due to deceptive ads)

2016-07-21 Thread Donn Lasher via NANOG 
On 7/21/16, 2:19 PM, "NANOG on behalf of Jay R. Ashworth" 
 wrote:



>- Original Message -
>> From: "Janusz Jezowicz" 
>
>> Since this morning Speedtest.net is not accessible in Chrome
>> Reason:
>> https://www.google.com/transparencyreport/safebrowsing/diagnostic/#url=c.speedtest.net
>> 
>> For any ISPs/content providers linking to speedtest.net you may want to
>> swap links to a different website or host your own speed test.
>
>So far, I am very pleased with how it works, though I think it's letter
>grades on speed are a bit pessimistic (65Mbps is a "C").
>
>Specifically, it measures bufferbloat, with both a realtime graph and a 


Are you talking about the dslreports speedtest? I like that one, very detailed 
results.

http://speedtest.dslreports.com/


I’d agree with the pessimistic scoring.. 160Mbit was given a “B” grade.

Re: Netflix banning HE tunnels

2016-06-20 Thread Donn Lasher via NANOG 

On 6/20/16, 1:45 PM, "NANOG on behalf of Mark Andrews"  wrote:




>For a lot of homes it actually makes sense.  You laptops are safe
>as they are designed to be connected directly to the Internet.  We
>do this all the time.  Similarly phone and tablets are designed to
>be directly connected to the Internet.  I know that lots of us do
>this all the time.  Think about what happens at conferences.  There
>is no firewall there to save you but we all regularly connect our
>devices to the conference networks.
>
>Lots of other stuff is also designed to be directly connected to
>the Internet.


I’m sorry, but this just isn’t the reality of consumer devices. Expecting your 
off-the-shelf computer, video player, tv, fridge, etc, to be safe on public IP 
addresses is.. Unwise at best. Search any publicly available security list for 
dozens of known vulnerabilities in those devices, to say nothing of the private 
exploit databases.

To place them there, have them be owned, crash, or better yet, stream your 
midnight-milk-and-cookies-run-in-your-superman-undies to the public internet, 
and then expect the vendors to be responsible… is not a realistic expectation.

Re: Netflix banning HE tunnels

2016-06-15 Thread Donn Lasher via NANOG 
On 6/12/16, 8:10 PM, "NANOG on behalf of Seth Mattinen" 
 wrote:



>On 6/7/16 4:23 AM, Davide Davini wrote:
>> Today I discovered Netflix flagged my IPv6 IP block as "proxy/VPN" and I
>> can't use it if I don't disable the HE tunnel, which is the only way for
>> me to have IPv6 at the moment.
>
>
>This is a rights management issue not a technical one. Netflix is not to 
>blame, HE is not to blame. Hate on geolcaotion all you want, but that's 
>what the content owners insist upon and Netflix has no choice but to 
>disable access from sources that they can't geolocate well enough to 
>make the content owners happy.
>
>~Seth

As someone who has been trying to get solid, consistent IPv6 at home since 
2010, I continue to resort back to my HE tunnels, which have been both useful 
and dependable.

Given the data Netflix client has available to it (IPv4 address, IPv6 address, 
anything else exposed to android/IOS/windows/etc app) it’s surprising to me 
that missing/incorrect geolocation data on an IPv6 address is enough to block 
service.

The end result is, yet again, making IPv6 adoption harder than it needs to be.

Re: Mobile providers in the US for backup access

2016-04-20 Thread Donn Lasher via NANOG 

As a 3+ year “customer” of freedom-pop, I agree.

Their IP service was a bargain until the WiMax->LTE migration. Now the service 
is useless.
Their technical support continually redefines lack of effort.




On 4/20/16, 11:42 AM, "NANOG on behalf of Owen DeLong"  wrote:

>I had horrible experience when I tried to use Freedom POP many years ago.
>
>Their customer service is awful and completely uncooperative. Their equipment 
>did not work well
>in my environment at all.
>
>I would not wish them on my worst enemy.
>
>Owen
>
>> On Apr 20, 2016, at 1:35 PM, Mike Hammett  wrote:
>> 
>> I'd look at FreedomPOP's Netgear 341U. $20 - $50 NRC, single digit MRC for 
>> low usage. 
>> 
>> 
>> 
>> 
>> - 
>> Mike Hammett 
>> Intelligent Computing Solutions 
>> http://www.ics-il.com 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> http://www.midwest-ix.com 
>> 
>>

Re: Juniper vMX evaluation - how?

2016-04-13 Thread Donn Lasher via NANOG 

<2cents>

Avoid vMX 14.x - go straight to 15.x, save yourself worlds of pain. 15.x runs 
well kvm/esxi/etc.





On 4/13/16, 2:14 PM, "NANOG on behalf of Josh Baird" 
 
wrote:





>It was a struggle to get anywhere with vMX when we last tried ~8months
>ago.  Nobody at Juniper seemed to know anything about it or who to talk
>to.  In any event, you may be able to get more information by asking over
>at juniper-nsp@.
>
>Josh
>
>On Wed, Apr 13, 2016 at 4:58 PM, Jeremy Austin  wrote:
>
>> On Wed, Apr 13, 2016 at 12:54 PM, Bruce Simpson  wrote:
>>
>> >
>> > Is some special magic required to acquire an evaluation copy? The 60 day
>> > trial license is directly downloadable from the above link, but the
>> tarball
>> > is not. $CLIENT was just referred to it by $RESELLER.
>>
>>
>> I'd be interested as well — I submitted a form, nothing but crickets.
>>
>>
>> --
>> Jeremy Austin
>>
>> (907) 895-2311
>> (907) 803-5422
>> jhaus...@gmail.com
>>
>> Heritage NetWorks
>> Whitestone Power & Communications
>> Vertical Broadband, LLC
>>
>> Schedule a meeting: http://doodle.com/jermudgeon
>>