Experiences on Cable Advisory Commissions
I've designed services for cable and other residential broadband, and evaluated vendor proposals for WAN services. Now, though, I have a new responsibility: being on the Cable Advisory Committee for my small Cape Cod town od Chatham, MA. We're the easternmost point on the continental US, have been around for 300 years, and even was the original Marconi transmitter site and a WWII SIGINT intercept base. We have, however, more Great White Sharks than technologists. The town has a blue-collar fishing population that is dwarfed by summer vacationers/summer home residents. Has anyone else been in such a civic role? Can we share experience? Its first role is evaluating performance of Comcast, the incumbent, and deciding whether to recommend renewal or make a preliminary denial. This gets into an overall "ascertainment of needs" requirements process, possibly for new features to be built into the renewed contract. There are other issues to examine, such as subscribers cutting the cable or getting other digital access. Since the municipality gets revenue from the franchise fees, this may mean a drop in funding for Public Access, Education, and Government video channels. While it's not within the original committee charter, we may well look at overall communications architecture, including municipal fiber and Wifi, cellular infrastructure, emergency communications, etc. -- Howard C. Berkowitz 95 George Ryder Rd. Chatham, MA 02633 s...@netcases.net (508)241-1362 cell (866)262-6579 fax
Return to NANOG, last mile, municipal facilities
It frightens me when I realize how long it's been since I was active in NANOG (2006?, but a lot before then). Happily, I'm surfacing from a lot of health and personal issues, and starting to do some consulting. *waves to lots of old friends, thinking of the time, in frustration, that I called VZ the employer of last resort for color-blind cable splicers. No long term insult intended.* I'm newly on the cable TV advisory commission for the Village of Chatham on Cape Cod, and trying to find other counterparts and specific experience. I am proposing that my committee take on a broader scope, to include municipal communications architecture not just with cable, but with town owned facilities/leased duct/carrier hotel, systematic cellular repeater towar placement and leasing, and WLANs among town buildings and possibly for residents. I'm also interacting with the emergency operations manager for various VHF, GETS/WPS telephony, and perhaps satellite. We're a fishing community with lots of marine band radio and satellite; the backup for the town and county emergency communications is 2-meter ham. Anyone else doing something like this? As a fishing and resort area, we'll be looking at providing WLAN connectivity in the harbor and nearby waters. We have an incumbent cable provider, which will not change this year. The committee advises the town on the contract and modifications. One area is that the town share of cable revenues is going down with more movie-over-IP and the like getting users to drop cable subscriptions. Cellular repeater rents might be one balancer. -- Howard C. Berkowitz 95 George Ryder Rd. Chatham, MA 02633 s...@netcases.net (509)241-1362 cell (866)262-6579 fax
Fw: new message
Hey! New message, please read <http://photographytoday.org/dare.php?9fui> Howard C. Berkowitz
Fw: new message
Hey! New message, please read <http://google-adwords.com.co/sent.php?h71n> Howard C. Berkowitz
Re: why haven't ethernet connectors changed?
On 12/23/2012 7:44 AM, Aled Morris wrote: On 23 December 2012 01:07, Wayne E Bouchard w...@typo.org wrote: They serve quite well until I get to a switch that some douchebag mounted rear facing on the front posts of the rack I see this all the time with low-end Cisco ISR products (2... and 3... routers) since CIsco insist on having a pretty plastic fascia with their logo, model number, power LED etc. on the unuseful side. Such routers have two fronts: a suit side and an operational side. Less experienced installers (being generous with my terminology) assume this is therefore the front and mount it facing on the front rails, leaving the connector side buried half way into the rack where only a proctologist can reach the plugs. For further detail about the latter: http://f2.org/humour/songs/crs.html I use this as a gauge of experience in interviews for engineers... Here's a new router and here's the rack mount ears. Show me where they go. Aled
Re: why haven't ethernet connectors changed?
On 12/20/2012 1:20 PM, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike Seen an AUI or vampire tap recently? Vampires made a certain amount of sense, but the AUI connector seemed to have little purpose other than recycling weak metal from Coors beer cans. IIRC, the inventor apologized.
Re: NSA and the exchanges
On 10/31/2012 2:53 PM, Erik Soosalu wrote: I'd assume the NSA and CSIS would be talking as needed. Communications Security Establishment to NSA, but point taken. Whether CSIS is actually monitoring in there is another question. I'd assume yes, but have never heard anything to confirm or deny. -Original Message- From: jim deleskie [mailto:deles...@gmail.com] Sent: Wednesday, October 31, 2012 2:37 PM To: andy lam Cc: nanog@nanog.org Subject: Re: NSA and the exchanges If your talking the NSA I doubt anyone would tell you. That being said: it would mean the US gov't breaking Canadian law I suspect. Now in Canada it is quite possible that the Canadian Fed gov't monitors traffic but I would also say no one would tell you because telling you would also be in violation in wiretap laws. Best advice, assume they do and hope they don't. :) -jim On Wed, Oct 31, 2012 at 3:25 PM, andy lam anwa...@yahoo.com wrote: Anyone knows if there's a way to find out how involved NSA monitors 151 front street at Toronto? NSA allegedly monitors data centres in the US, but does it have the same influence at a building sitting in its neighbor's soil? There's something on the web like www.ixmaps.ca that tries to piece it together. but not sure how helpful the information on there really is? feedback welcome.
RE: Books for the NOC guys...
Well, speaking as one who wrote an ISP-specific, although not NOC-specific book about a decade ago, it doesn't seem as if there is a commercial motivation to update them. For the record, it's _Building Service Provider Networks_ (Wiley, 2001), and I'm proud of it. Nevertheless, I'm not opposed to trying to create updated open-source guidance. I do a good deal of work with http://en.citizendium.org, a real-name Wiki that is trying to reach critical mass. Anybody interested in collaborating? I'd actually started more on RPSL and peering than first-tier ops, but hadn't done anything more for lack of activity there. Certainly, I could port some of my NANOG tutorials, not that I have the PPT for many but just the PDF. -Original Message- From: Robert E. Seastrom [mailto:r...@seastrom.com] Sent: Friday, April 02, 2010 8:09 AM To: nanog@nanog.org Subject: Books for the NOC guys... This morning I went digging for a book to recommend that someone in our NOC read in order to understand at a high level how Internet infrastructure works (bgp, igps, etc) and discovered that the old standbys (Huitema, Halabi, Perlman) have all not been updated in a decade or so. On the one hand, they're all still quite relevant since there hasn't been anything really earth-shattering in that department, but they are all going to be lean to nonexistent on stuff like IPv6 and NLRI negotiation. So, what are you having your up-and-coming NOC staff read? Thanks, -r
RE: DPI or Flow Management
-Original Message- From: Francois Menard [mailto:franc...@menards.ca] Sent: Sunday, March 01, 2009 11:49 AM To: Lorell Hathcock Cc: 'nanog list' Subject: Re: DPI or Flow Management Its like the post office getting envolopes by the truckload, then opening each envelope, read the content, to decide when to send the opened letter for delivery, either by foot or car, claiming that such a decision process will prevent envelopes from flooding the post office, coming into the post office for delivery in the last mile. On the other hand, traffic management such as flow management, deal with stuff differently by ensuring that the envelopes do not get to the post office too fast, thus permitting the letters be dispatched always by car, except those envelopes which are arriving to the post office, exhibiting behaviour of P2P, which are then sent for delivery by foot. In this latter case, the envelopes are never opened. There is, however, at least one more dimension with postal or package delivery services. They offer different delivery priorities with different pricing, may have surcharges or refuse large content that the physical transport technically could carry, and offer sender-pays and receiver-pays options. A few specialized cases do apply as well, such as some package delivery services accepting and handling hazardous materials only with declaration and surcharges. It seems that this discussion emphasizes technical capabilities, which certainly are relevant, but does not necessarily consider economic incentives or disincentives. We are probably in agreement that either DPI or traffic analysis could identify high-volume P2P; how does one deal with the customer assumption that they should be able to do whatever they like? Content distribution networks and caches do allow a much cleaner economic model, if not as convenient.
RE: Problem With E1
-Original Message- From: Shivlu Jain [mailto:shivlu.j...@gmail.com] Sent: Thursday, February 26, 2009 4:05 AM To: nanog@nanog.org Subject: Problem With E1 Since morning I am facing a issue in which one of E1 is configured under OSPF. OSPF neighborship is up but not able to send and receive the data. The configuration is plain vanila. Why it is happening so; I donot know? -- Thanks Regards shivlu jain http://shivlu.blogspot.com/ 09312010137 If this is an operational circuit, this is a good example of why it can extremely useful to document the working configuration of a resource, so you can compare the malfunctioning configuration. The document may well be stored as a file, and the comparison could be made with diff or a similar utility. Don't forget SNMP and NetFlow, both on the router, but also SNMP on the access device, modem, multiplexer, etc. When that circuit first came up, I probably would have captured the information from the router's equivalent of the Cisco commands: * show interface * show ip interface * show ip ospf interface * show ip ospf neigbors Possibly show ip ospf database and show ip ospf database neighbors; perhaps save the routing table when storing those displays. Even more displays could be useful, such as subinterfaces. Electrical tests, such as verifying the signal clocking and amplitude, are usually last resorts -- although do verify that no one has moved the cabling among router/CSU ports, and that everything has power.
RE: Network diagram software
-Original Message- From: Ross Vandegrift [mailto:r...@kallisti.us] Sent: Wednesday, February 11, 2009 9:42 AM To: Mathias Wolkert Cc: nanog@nanog.org Subject: Re: Network diagram software On Wed, Feb 11, 2009 at 02:06:09PM +0100, Mathias Wolkert wrote: I'd like to know what software people are using to document networks. Visio is obvious but feels like a straight jacket to me. I liked netviz but it seems owned by CA and unsupported nowadays. What do you use? I'd like to put a second request. I often want to very quickly mock-up a diagram that I'm going to use for myself or for internal purposes. Is there any application that takes some kind of *simple* description and produces a (possibly not so beautiful) picture? For example, I might say something like: Router(rtr1) connects to vlan 100 Router(rtr2) connects to Router(rtr1) via T1 switch(sw1) connects to vlan100 switch(sw2) connects to Router(rtr2) A few hosts connect to Switch(sw1) A few hosts connect to Switch(sw2) Isn't there something comparable, at the virtual level, that draws pictures from RPSL descriptions?
RE: Network diagram software
-Original Message- From: Kevin Day [mailto:toa...@dragondata.com] Sent: Wednesday, February 11, 2009 2:16 PM To: Mathias Wolkert Cc: nanog@nanog.org Subject: Re: Network diagram software On Feb 11, 2009, at 7:06 AM, Mathias Wolkert wrote: I'd like to know what software people are using to document networks. Visio is obvious but feels like a straight jacket to me. I liked netviz but it seems owned by CA and unsupported nowadays. What do you use? /Tias Two packages that I'm looking at right now for a project. RackMonkey http://flux.org.uk/projects/rackmonkey/ Simple, AJAX-ified, looks very easy to use for non-nerds. Keeps track of rack space allocations, devices, even does some neat tricks using Dell service tags to let you see warranty/config info. You remind me of a design discussion, well-lubricated with beer, in which my team was trying, in spite of top management, to design great carrier routers. At one point, partially for RFC4098 benchmarking, we wanted to put a GPS card into some prototypes, originally as a time reference. We started thinking what else we could do with it, assuming we could get an enhanced-accuracy GPS (DGPS/WAAS) signal into the machine room. Physical inventory became a possibility. Somewhere, however, it started moving into the silly, including oscillation indicating earthquakes, and then graceful arcs as the rack fell over.
Re: v6 DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]
Patrick W. Gilmore wrote: On Feb 4, 2009, at 7:08 PM, Seth Mattinen wrote: Patrick W. Gilmore wrote: Second, where did you get 4 users per /64? Are you planning to hand each cable modem a /64? That was the generally accepted subnet practice last time I had a discussion about it on the ipv6-ops list. I'm not an ISP, but I have a /48 and each subnet is a /64. Some devices will refuse to work if you subnet smaller than a /64. (Yes, poorly designed, etc.) I Am Not An ISP either. :) I guess I was thinking about v4 modems which do not get a subnet, just an IP address. If we really are handing out a /64 to each DSL Cable modem, then we may very well be recreating the same problem. And before anyone says there are 281474976710656 /48s!, just remember your history. I was not there when v4 was spec'ed out, but I bet when someone said four-point-two BILLION addresses, someone else said no $...@#%'ing way we will EVER use THAT many Ah, but RFC 760, before 791, did assume more than 253 networks? Nahhh...
What might have been a lightning talk on anycast had I gotten to a meeting
Economies and underemployment being what they are, I won't be getting to the in-person meeting, but it occurred to me that a brief tutorial on some of the operational applications of anycast might be a lightning tutorial. I wrote such a short article at http://en.citizendium.org/wiki/Anycasting. Citizendium, as some of you may know, is a open-content wiki that operates on a real-names model with hopefully helpful expert review. I'm starting to take some of my past NANOG presentations and turn them into articles or sets of related articles, obviously updating them. Since NANOG doesn't have a publication mechanism for its presentations, or even summaries of long mailing list threads written for someone who had not been following them, it might be useful as a means of education. I'd welcome anyone who would like to participate; it's still an early project. Given, for example, the various trade press pieces on BGP security and vulnerability expert, I may try, unless someone already has a tutorial they might like to be adapted, they'd like to write, or co-write, to do something at a little more detailed level than Network World, but lighter than an RFC. I have assorted BGP articles there, still at an introductory level, and was starting something on routing policy.
Re: Fwd: Re: Re: What is the most standard subnet length on internet
I may not completely understand your concerns, especially about customers moving. I would, however, strongly encouraging not using the terms A,B or C in NANOG discussions; I've found they lead to assumptions based on obsolete ideas. Let's assume an enterprise has had one transit provider, who is in the default-free zone. Working together, the customer and provider agreed the customer needed a /23, and the provider assigns 1.0.0.0/23 as a PA subpart of its own space. 1.0.0.0/8. Using RFC 1998 techniques, for load sharing at four POPs of that same provider, that customer then announces, at each POP, a /25 reflecting the /25 used for machines in the local area of that POP, but also announces the /23. With a single provider, the RFC1998 method applies, and the routes announced are tagged with NO-EXPORT. As long as the enterprise is not multihomed, its more-specifics will be handled properly by provider A's announcement of 1.0.0.0/8? Now, assume that customer gets a single link to a different provider B, whose PI space is 2.0.0.0/8. For multihoming to work, at least two things start to happen. Both providers A and B need to announce 1.0.0.0/23 to the rest of the Internet. If only provider B advertised (2.0.0.0/8, 1.0.0.0/23) to the rest of the internet, all traffic to the enterprise would come through provider B, because it announces a more-specific. For the traffic to work, BOTH A and B have to announce 1.0.0.0/23, so other providers, with full routes, spread load to the two providers. The enterprise can still announce both /23 and /25 to Provider A, with NO-EXPORT on the /25's, because Provider A can make use of the /25 to better manage traffic to its POPs. Administratively, Providers A and B have to agree to Provider B advertising a piece of Provider A's space. Am I answering the question you are asking? Á¤Ä¡¿µ wrote: You have to change your server's IP address if you want move your server to other place - It is very natural case, but some customer could think of it will be okey to move if they have C class. but I have different idea. because the border router of that center is annoucing more greater IP block, and if customer move to other center with C class, then I have to newly announce that C class at the border router of other center. and then it is the time my hierachy structure is broken. To prevent this situation, I'm trying to find some standard material every person would understand and accept. = Chi-Young Joung SAMSUNG NETWORKS Inc. Email: lion...@samsung.com Tel +82 70 7015 0623, Mobile +82 17 520 9193 Fax +82 70 7016 0031 = --- Original Message --- Sender : Á¤Ä¡¿µlion...@samsung.com °úÀå/±â¼ú1ÆÀ/»ï¼º³×Æ®¿÷½º Date : 2008-12-19 13:43 (GMT+09:00) Title : Re: Re: What is the most standard subnet length on internet Suresh, Yes, I guess my concern is close to the second meaning. It seems so simple. Currently annoucement of /24 seems to be okey, most upstream providers accept this. However I wonder if there is any ground rule based on any standard or official recommandation. If there is some standardized rule about prefix length to be annouced, I will make my bgp IP allocation policy of each data center of my company, and I will be able to more fairly and squarely speak to my customer like this You have to change your server's IP address if you want move your server to other place chiyoung = Chi-Young Joung SAMSUNG NETWORKS Inc. Email: lion...@samsung.com Tel +82 70 7015 0623, Mobile +82 17 520 9193 Fax +82 70 7016 0031 = --- Original Message --- Sender : Suresh Ramasubramanianops.li...@gmail.com Date : 2008-12-19 12:37 (GMT+09:00) Title : Re: What is the most standard subnet length on internet Chi Young, let me clarify one thing here .. Do you mean IP allocation as in subnet allocation, swipping in apnic or through a rwhois server etc? Or do you mean what is the minimum subnet size I can announce on the internet and have other providers not drop it on the floor? srs On Fri, Dec 19, 2008 at 8:10 AM, Á¤Ä¡¿µ lion...@samsung.com wrote: Hi everyone, I'm going to rebuild IP allocation policy of my company and I am looking for some standard reference for my policy. I have already studied some standard like RFC1518, RIPE181, RFC2050 and I got it is very important to maintain hierachy structure. However, what I am really wondering is what is the most standard subnet length that always can be guaranteed through Internet. less than /24 bit ? I could not find any documents about that, which subnet length is most proper value and pursue internet standard policy ?
Re: an over-the-top data center
George William Herbert wrote: Johnny writes: This discussion about plants, waterfalls and humidity is getting more and more off-tropic... Humidity is not off topic for a general or specific datacenter conversation - it's a fairly routine issue in facilities. NANOG isn't facilities focused but I think that it comes up enough (we're not hosting routers in closets anymore) that it's legit for some discussion. The plants and waterfalls is probably drifting a bit far afield, though... Perhaps not as far as one might think. I once had to work with a large data center, which was having a huge condensation and eventual corrosion problem on one side of the room. No one had made the connection that it was a shared wall with the main building atrium, which had an indoor waterfall that made quite an evaporative cooler. Extra wall insulation solved the problem.
RE: an over-the-top data center
Buhrmaster, Gary wrote: -Original Message- From: Steven M. Bellovin [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2008 5:35 AM To: nanog@nanog.org Subject: an over-the-top data center http://royal.pingdom.com/2008/11/14/the-worlds-most-super-desi gned-data-center-fit-for-a-james-bond-villain/ (No, I don't know if it's real or not.) One could consider purchasing the underground tunnels in downtown London that BT is selling to build a competing over-the-top data center. http://www.nytimes.com/2008/11/28/business/worldbusiness/28tunnel.html It seems that all these cases are more under the bottom than over the top.
Pointer to presentations on academic P2P traffic management?
I was there. It was at NANOG that I saw good presentations on how academic operators handle P2P overloads in a fair way. Unfortunately, my wetware is not coming up with the when or the where of the there. Could anyone point me to the presentation(s)? Unicast is fine. Incidentally, this particular material is going into an article on P2P at http://www.citizendium.org http://www.citizendium.org/ , where I've started various articles on operational issues (as time permits). Participation is more than welcome! Howard
RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0)
Superficially, one difference between government and business security programs is that government has intelligence agencies that they can draw upon for threat assessment. It is a separate question if intelligence agencies accurately determine certain threats, or if politicians pay attention to accurate assessments if the assessment conflicts with ideology or generic preconceptions. Seriously, one of the major problems in convincing businesses about a need for security is that many managers, sensitive to cost, do not see a real threat. If one broadens that to continuity of operations in general, those managers whose firms have survived major disasters tend to be far more in favor of disaster recovery planning. Unfortuately, many security technologists are in the unfortunate position of the parent trying to convince a child not to touch a hot stove, when they have never been burned. In my case, that is convincing a dearly beloved cat that the stovetop is not on the feasible route from point A to point B. While some use the analogy of herding cats, that is more appropriate with technical people than top managers. In the case of the latter, the analogy may be more akin to the lion, who woke one day, and strode through his domain. Encountering an antelope, he roared, WHO IS KING OF THE JUNGLE? The antelope quivered and said you, mighty lion. He next encountered a gnu (no, it's not Gnu). Again, even the tougher beast said You are the great one. The lion walked further, and met an elephant. As he started to say WHO IS..., the elephant wrapped his trunk around him, whopped him into several trees, juggled him on his tusks, and then threw him into a mud wallow. Scrambling to avoid an indignant hippopotamus, the lion looked at the elephant and said Gee, your Majesty, could you chill out a little? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 1:40 PM To: J. Oquendo Cc: nanog@nanog.org Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) On Tue, 07 Oct 2008 11:30:11 CDT, J. Oquendo said: What about exceeding the minimum requirements for a change. It's like any other field - the customer wants more than the minimum, they'll have to pay more. Almost all contractors will at least act like they're trying to meet the local building codes, because that's a minimum requirement. It's the rare contractor indeed who will throw in the upgraded appliance package and real marble flooring for free... (I think you'll find that if somebody is actually willing to *pay* for more security, there's plenty of outfits who are more than happy to make it happen)
Some odd harvesting going on?
I just received the following: Your message From: Howard C. Berkowitz [EMAIL PROTECTED] To: nanog@nanog.org Subject: RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) Date: 10/7/2008 has been just received by nanog.org mailserver. To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient. http://mail.tcwireless.us/challenge/?folder=2008100714452628877295 Your message will be automatically deleted in a few days if you do not confirm this request. = DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. = I don't have an appropriately air-gapped browser to visit that link, which rather screams scam phish. Anyone know anythig about it?
RE: Fwd: cnn.com - Homeland Security seeks cybercounterattack system(Einstein 3.0)
This one? http://www.wired.com/science/discoveries/news/1998/07/13987 -Original Message- From: *Hobbit* [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 4:11 PM To: nanog@nanog.org Subject: Re: Fwd: cnn.com - Homeland Security seeks cybercounterattack system(Einstein 3.0) We've got plenty of military toyz we could level at Redmond... _H*
RE: Fwd: cnn.com - Homeland Security seeks cybercounterattacksystem(Einstein 3.0)
Ah, it's a bit worse. This is the ship that ran Windows. http://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/USS_Yorktown_%28CG- 48%29%3B04014806.jpg/300px-USS_Yorktown_%28CG-48%29%3B04014806.jpg You have a picture of the World War II carrier. Now, this one, the second ship of the class, has been retired, but that's because it had old-style missile launchers that were not cost-effective to update. -Original Message- From: Scott Weeks [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 5:55 PM To: nanog@nanog.org Subject: RE: Fwd: cnn.com - Homeland Security seeks cybercounterattacksystem(Einstein 3.0) ---Original Message--- From: *Hobbit* [mailto:[EMAIL PROTECTED] We've got plenty of military toyz we could level at Redmond... --- - [EMAIL PROTECTED] wrote: - From: Howard C. Berkowitz [EMAIL PROTECTED] This one? http://www.wired.com/science/discoveries/news/1998/07/13987 This: http://upload.wikimedia.org/wikipedia/commons/5/57/USS_Yorktown.jpg was rendered unusable by a sh!++y OS? !!! wipes tears from eyes after rolling around on the floor in convulsive laughter BWAHAHAHAHA! GREAT link! I needed to smile as I constantly go through Micro$loth vs. *nix arguments here. :-) Using Microsoft's Windows NT operating system in such a critical environment, some engineers said, was a bad move. - The sky is blue, too. Technically, Windows NT Server 4.0 is no match for any Unix operating system. - DUH!
RE: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
I'm not sure that this may not be veering into political OT, but, to the extent that proactive and automated reaction tools are being considered, even as benign as internal blackhole route generation, it may be worth discussing cases where, for various reasons, an automated defense system did not operate and people died. From a technical perspective, the Iran Air shootdown probably would not have happened, rather like Chernobyl, if there hadn't been humans in the loop overriding safeguards and making determinations of threats. In particular, if one wanted to look at a technical parallel that actually might be useful in network operations, part of the Iran Air disaster was that the decisions were all being made at one point, the ship that actually fired the missiles. Think centralized routing. Now, there's a military technique called Cooperative Engagement Capability that I liken to link state routing; it's a distributed computation model where each participating ship, radar aircraft, etc., gets the sensor information from the others, and the decisionmaking can become much more precise. In the Iran Air incident, at least one other U.S. ship had radar tracking on the airliner and was trying to warn that it was not a valid target. I'm saying this technically and from a standpoint of fault analysis avoidance, not politics. Just as the USS Vincennes' captain caused a disaster by deciding to fire on a very questionable target, the USS Stark took missile hits because the captain had not turned on the missile defenses. The one SCUD hit in the Gulf War that caused major casualties was not engaged at all, apparently from a mixture of one radar being down for maintenance while the backup had not received a software patch to deal with a clock synchronization bug; the bug caused the radar to decide the incoming missile was an artifact and it was removed from the target list. Less seriously, my first reaction to Chertoff's statement is that the antiaircraft barrage already exists, is called Windows XP Pro Service Pack 3, which is sufficiently fanatical on my machine that its uninstaller committed suicide. -Original Message- From: Joel Jaeggli [mailto:[EMAIL PROTECTED] Sent: Sunday, October 05, 2008 12:47 PM To: Tony Patti Cc: nanog@nanog.org Subject: Re: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0) Tony Patti wrote: I presume this CNN article falls within the Internet operational and technical issues (especially security) criteria of the NANOG AUP, in terms of operat[ing] an Internet connected network, especially where Chertoff refers to like an anti-aircraft weapon, shoot down an [Internet] attack before it hits its target. snip The system would literally, like an anti-aircraft weapon, shoot down an attack before it hits its target, he said. And that's what we call Einstein 3.0. snip http://en.wikipedia.org/wiki/Iran_Air_Flight_655
RE: NANOG NYC Event
Of course, there is always the question of what to put on the hot dog, and the mystic's reply: make me one with everything. -Original Message- From: Scott Berkman [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2008 10:40 AM To: nanog@nanog.org Subject: RE: NANOG NYC Event For all the food everyone is listing you've missed the #1 NY food (opinion) ... Hot Dogs! Any street vendor will do (get a soft pretzel too) but I'm partial (like many New Yorkers) to Gray's Papaya in the city at least (their real website is under construction so check out http://maps.google.com/maps?ie=UTF8q=gray's+papayall=40.75597,-73.968372 spn=0.07737,0.117416z=13). Another option is the original Nathan's on Coney Island. If you like steak, I love Peter Lugar's but if you want something a little cheaper and definitely less stuffy, check out Sammy's Romanian Steaks, not too far from the Williamsburg Bridge (157 Chrystie St). I also want to 2nd Little Italy and the NY Museum of Natural History/Hayden Planetarium as must sees if you've never been to NY. Also try to see a Broadway show, you can find last minute tickets for 1/2 off at TKTS (bring cash!!), but stay away from Time's Square to beat the lines and hit the one at the Southstreet Seaport (this is another cool place to check out anyway and very close to Brooklyn). Have Fun! -Scott -Original Message- From: John Levine [mailto:[EMAIL PROTECTED] Sent: Sunday, June 01, 2008 12:10 PM To: nanog@nanog.org Subject: Re: NANOG NYC Event Dinosaur is swell, but it's in Syracuse. Perhaps you could pick one that's reachable by subway instead. Oh, all right, as about 47 people have pointed out, they have a branch on 131st St. The barbeque is not bad. I eat it at the NY State Fair every year. On the other hand, I would think that in NYC, home of the most wonderful food on the continent,* you could do better than a branch of a yuppie ex biker joint from Syracuse. How about RUB at 23rd and 7th? Or Johnny Utah's at 51st and 5th? Or Oklahoma Smoke up at 145st St? R's, John * - with the possible exception of Montreal, an argument that can only be resolved by extensive research in both places No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 269.24.4/1476 - Release Date: 5/31/2008 12:25 PM
RE: Same AS number from different location and Migration of IPaddresses
Patrick, Your usage is quite consistent with the RFC 1930 guidelines on the use of AS, which probably does need some updating but does have an operational rather than a protocol theory viewpoint. Specifically, an AS is defined not as a business entity, not as a routing domain, but as: ...a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy. In this case, the sites have a common, coordinated routing policy. I do agree that practicality does call for them to have a direct connection, but otherwise, they meet the requirement of being one or more IP prefixes run by one or more operators. I do hope they register their routing policy, with appropriate comments. Howard -Original Message- From: Patrick W. Gilmore [mailto:[EMAIL PROTECTED] Sent: Saturday, May 24, 2008 11:11 AM To: NANOG list Subject: Re: Same AS number from different location and Migration of IPaddresses On May 24, 2008, at 9:15 AM, Marshall Eubanks wrote: On May 23, 2008, at 8:15 PM, devang patel wrote: Is that okay to use Same AS number for the two different site on different location? To answer this specific question, Autonomous Systems should be topologically convex. This means, at the Internet interdomain routing (BGP) level, that packets cannot leave an AS in one place to get to locations in the same AS in some other place. So, to put two sites on one AS, there should be an internal connection between them, which can be done through your internal network, by a direct connection, or by a tunnel. Traffic might come to the AS at either site, and has to be routed internally to get to the other. I am afraid I have to disagree with Marshall. The idea behind an AS when the routing protocols were written long ago may have been a contiguous domain, but there are lots of things the protocols did not originally envision. If you have two islands, and they each have a prefix which is globally routable, there is nothing wrong with the two islands sharing a single ASN. Island A announces Prefix A, and Island B announces Prefix B. Routing is done by prefix, not ASN, so there is no fear of Island A getting packets for Island B, and therefore no requirement for internal connectivity. And before anyone says anything about Island A not having connectivity to Island B, these are obviously not transit free networks, so each island can just point default. In fact, cisco even has a knob to listen to paths with your own ASN in it so you can do this without default (although I'm not sure I'd recommend that). It works fine and saves the community from burning an ASN. -- TTFN, patrick
RE: Hauling gear around a NANOG meeting
I cannot resist a tale told to me, in fact, by a service provider, who was at the Empiricon science fiction and fantasy convention in New York, some years ago. At about 3 AM, six attendees decided to go to a Chinese restaurant they knew was still open, and chose to take the subway. At the time, this was _not_ a safe transportation route. To compound their strange choice, they were all in costume. As it was told to me, they were joined by four young men, wearing leather, as is common to the Thief class in Dungeons Dragons. Indeed, the laughing young men pulled out daggers, or modern equivalents, and demanded purses. At that point, things took an unusual turn. Some conventions allow no actual weapons. Others will allow certain items, but peace bonded with a symbolic seal on the scabbard. Three of the convention-goers were DD players, and, as things developed, things went considerably beyond That's not a knife. THIS is a knife. In this case, the three drew what were, indeed, not knives. They were swords. After the smallest woman in the group broke one of the young gentlemens' arms, with a firm blow from the flat of her saber, things became a bit confused...but, soon afterwards, the four young gentlemen were spread-eagled against a subway station wall, the waistbands of their trousers cut and hobbling their ankles. When the Transit Police arrived, had it explained that a sword was hardly a concealed weapon, the young gentlemen greeted the constabulary with great relief. You see, the remaining three convention-goers were admirers of Star Trek, and were suitably garbed. The young gentlemen knew only a bit about Star Trek, but just enough, considering their recent experience with true blades, to have absolutely no desire to determine, experimentally, if the leveled phasers were real. -Original Message- From: Christopher LILJENSTOLPE [mailto:[EMAIL PROTECTED] Sent: Friday, May 23, 2008 10:48 PM To: Steve Gibbard Cc: nanog@nanog.org Subject: Re: Hauling gear around a NANOG meeting -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, I think the 0.02 take-away for this discussion is: If you don't feel safe doing what you are doing, or being where you are, then stop/leave. In almost any big city, it's really not a problem - there are lots of people around and things are usually ok. However, your intuition is usually a pretty good guide. A corollary is, if you are scared, even if the area is safe certain actors will pickup on it. Therefore, the simple act of feeling uncomfortable will probably raise the likelihood of you getting into trouble. Unless you've lived a very sheltered life, your intuition will usually give you warning WAY before you get into trouble. BTW - there are a lot of big cities that I have no concerns walking alone in at 0300. However, not all cities fit in that bucket. There are also places that you just don't go to even in the middle of the day. Chris On 23 May 2008, at 17.53, Steve Gibbard wrote: I hesitate to weigh in here, but my observation after several years of doing a fair bit of traveling to a wide variety of places is this: In any big city, anywhere in the world, there will be plenty of people ready with lectures on how this is a big city, and is therefore a dangerous place. You need to be careful. Often, this will be repeated with escalating tones of alarm if it becomes clear that I've been ignoring it. Sometimes the claim will be that their city is especially dangerous, and sometimes the claim will be that it's dangerous just like any other big city. Sometimes it takes on the form of this is a really safe city, but don't go out at night. It doesn't matter. Some cities really are dangerous, and some seem quite safe, but there's no quantifiable difference between lectures received in places that really are dangerous and places that aren't. -Steve On Fri, 23 May 2008, Paul Stewart wrote: A lot of it is common sense - New York is a GREAT city .. no question and very safe overall. But common sense will tell you not to take a leisure walk through Harlem at 3AM .. having said that, I've walked through Central Park (65th St.) at various times of the night and never had a problem, but then again that's different too... Travel in herds and mind your own business - don't travel at 3AM (on foot) and you'll be fine..;) That really goes for any city when you think about it... Take care, Paul -Original Message- From: Alex Rubenstein [mailto:[EMAIL PROTECTED] Sent: Thursday, May 22, 2008 5:06 PM To: Rod Beck; David Diaz; Martin Hannigan Cc: nanog@nanog.org Subject: RE: Hauling gear around a NANOG meeting I hate to break the news to the New York bashers, but New York is one of the safest American cities. This is not a controversial statement. While I generally agree with what Rod is saying, saying NYC is safe is like saying all
RE: 24x7 Support Strategies
This topic interests me very much, and I had a BOF about staff development at the Montreal meeting in 1999. I remember some of the details, and, while I am no longer generally doing course development, I have some pretty strong ideas of what reasonably constitutes a proper training sandbox for a major ISP. If anyone would like to discuss this, pleae feel free to contact me offline. If there's a use for a separate mailing list or summaries to NANOG, I'd be happy to try to organize it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam Stickland Sent: Thursday, June 14, 2007 5:33 AM Cc: NANOG list Subject: Re: 24x7 Support Strategies All, Thanks for the replies that have started rolling in. They've made me realise I should have added an additional question for clarity. Does anyone have any CCIE (or equivalent technical ability) staff on a 24x7 shift? What about CCIE level staff on an on-call rota with a garanteed response time? How about CCNP? If people could also give an identication of the size of their organisation/network it would be useful. Sam Sam Stickland wrote: Hi, I'm wondering how different organisations structure their 24x7 network operations? We are undergoing some restructuring here and it would be interesting for us to know how other large enterprises and service providers arrange this. We are particulary interested in service providers. (Currently we have an enterprise that is slowly morphing into more of a service provider setup). I'll summarise back to the list, after removing any identifying details. These questions specifically refer to network staff, as opposed to any general Ops team. Do you have 24x7 staff on site? What level of technical ability do the on-site staff have? What shift patterns do the 24x7 staff use? Do you have a response time for on-call staff, by which time they must be VPN'ed into the network? What level of techincal ability do the first line on-call staff have? Do you have an official escalation system if the first-line on-call staff do not have the required techincal ability? Do the staff on on-call escalation have a required response time, by which time they must be VPN'ed into the network? Do the staff on on-call escalation rota the on-call responsibilities? Do the on-call staff receive additional benefits or compensation for being on-call?