Re: Inaccessible network from Verizon, accessible elsewhere.

2011-12-11 Thread Joseph Snyder 
I believe 130.81 is blocked. Traceroute to your gateway address.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

NetSecGuy  wrote:

I should have included reverse traces to begin with. No firewall on VPS.

Trace from the VPS to a router close to me.

traceroute to 130.81.199.4 (130.81.199.4), 64 hops max, 40 byte packets
1 106.187.33.2 (106.187.33.2) 1 ms 0 ms 0 ms
2 124.215.199.121 (124.215.199.121) 6 ms 1 ms 13 ms
3 59.128.4.121 (59.128.4.121) 2 ms otejbb204.kddnet.ad.jp
(124.215.194.177) 2 ms 2 ms
4 lajbb001.kddnet.ad.jp (203.181.100.14) 126 ms 100 ms
lajbb002.kddnet.ad.jp (203.181.100.22) 162 ms
5 ix-la1.kddnet.ad.jp (59.128.2.70) 108 ms ix-la1.kddnet.ad.jp
(59.128.2.178) 102 ms 102 ms
6 lap-brdr-03.inet.qwest.net (63.146.26.69) 99 ms 101 ms 99 ms
7 63.146.26.210 (63.146.26.210) 99 ms 101 ms 99 ms
8 0.ae3.XL3.LAX15.ALTER.NET (152.63.113.186) 102 ms 102 ms 101 ms
9 * * *
10 * * *

Tracer from VPS to a router close to my other location, not Verizon.

traceroute to 4.59.244.49 (4.59.244.49), 64 hops max, 40 byte packets
1 106.187.33.2 (106.187.33.2) 1 ms 1 ms 1 ms
2 124.215.199.121 (124.215.199.121) 9 ms 1 ms 1 ms
3 59.128.4.121 (59.128.4.121) 2 ms otejbb204.kddnet.ad.jp
(124.215.194.177) 9 ms 59.128.4.121 (59.128.4.121) 2 ms
4 lajbb001.kddnet.ad.jp (203.181.100.18) 108 ms
lajbb002.kddnet.ad.jp (203.181.100.22) 101 ms 101 ms
5 ix-la2.kddnet.ad.jp (59.128.2.102) 116 ms 116 ms
ix-la2.kddnet.ad.jp (59.128.2.186) 125 ms
6 xe-11-3-0.edge2.LosAngeles9.Level3.net (4.53.228.13) 111 ms 101 ms 101 ms
7 vlan70.csw2.LosAngeles1.Level3.net (4.69.144.126) 110 ms
vlan90.csw4.LosAngeles1.Level3.net (4.69.144.254) 108 ms
vlan60.csw1.LosAngeles1.Level3.net (4.69.144.62) 103 ms
8 ae-63-63.ebr3.LosAngeles1.Level3.net (4.69.137.33) 110 ms 117 ms
ae-73-73.ebr3.LosAngeles1.Level3.net (4.69.137.37) 108 ms
9 ae-4-4.ebr4.Washington1.Level3.net (4.69.132.82) 178 ms 180 ms 166 ms
10 ae-64-64.csw1.Washington1.Level3.net (4.69.134.178) 174 ms 166 ms 166 ms
11 ae-62-62.ebr2.Washington1.Level3.net (4.69.134.145) 172 ms 165 ms 172 ms
12 ae-8-8.car2.Baltimore1.Level3.net (4.69.134.106) 181 ms 174 ms 174 ms
13 ae-11-11.car1.Baltimore1.Level3.net (4.69.134.109) 181 ms * 174 ms

RE: Inaccessible network from Verizon, accessible elsewhere.

2011-12-11 Thread Joseph Snyder 
I hope it's not an outdated martian problem firewall or route filter. For the 
Traceroute from linode to FiOS, Traceroute to the FiOS gateway address.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Network IP Dog  wrote:

>From 90701 - Artesia, CA. FIOS

No Go here too!!!



C:\WINDOWS\system32>tracert 106.187.34.1

Tracing route to gw-li377.linode.com [106.187.34.1]
over a maximum of 30 hops:

1 22 ms 34 ms <1 ms Tomato [192.168.100.1]
2 49 ms 1 ms 1 ms Verizon [192.168.1.1]
3 36 ms 6 ms 6 ms L100.LSANCA-VFTTP-114.verizon-gni.net
[173.58.21
1.1]
4 24 ms 9 ms 9 ms G0-9-1-4.LSANCA-LCR-21.verizon-gni.net
[130.81.1
85.72]
5 24 ms 9 ms 8 ms so-4-1-0-0.LAX01-BB-RTR1.verizon-gni.net
[130.81
.151.246]
6 24 ms 9 ms 8 ms 0.ae1.BR3.LAX15.ALTER.NET [152.63.2.129]
7 38 ms 8 ms 8 ms ae6.edge1.LosAngeles9.level3.net
[4.68.62.169]
8 25 ms 10 ms 10 ms 63.146.26.70
9 24 ms 9 ms 8 ms lajbb001.kddnet.ad.jp [59.128.2.173]
10 24 ms 9 ms 8 ms lajbb001.kddnet.ad.jp [59.128.2.181]
11 140 ms 110 ms 108 ms otejbb203.kddnet.ad.jp [203.181.100.9]
12 140 ms 124 ms 111 ms cm-fcu203.kddnet.ad.jp [124.215.194.164]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * ^C
C:\WINDOWS\system32>tracert 106.187.34.33

Tracing route to li377-33.members.linode.com [106.187.34.33]
over a maximum of 30 hops:

1 22 ms 1 ms <1 ms Tomato [192.168.100.1]
2 31 ms 1 ms 1 ms Verizon [192.168.1.1]
3 51 ms 10 ms 11 ms L100.LSANCA-VFTTP-114.verizon-gni.net
[173.58.21
1.1]
4 42 ms 9 ms 33 ms G0-9-1-4.LSANCA-LCR-21.verizon-gni.net
[130.81.1
85.72]
5 40 ms 15 ms 9 ms so-4-1-0-0.LAX01-BB-RTR1.verizon-gni.net
[130.81
.151.246]
6 31 ms 8 ms 8 ms 0.ae1.BR3.LAX15.ALTER.NET [152.63.2.129]
7 61 ms 10 ms 16 ms lap-brdr-03.inet.qwest.net [63.146.26.209]
8 31 ms 10 ms 10 ms 63.146.26.70
9 31 ms 9 ms 9 ms lajbb001.kddnet.ad.jp [59.128.2.173]
10 31 ms 9 ms 8 ms lajbb001.kddnet.ad.jp [59.128.2.181]
11 125 ms 118 ms 109 ms otejbb203.kddnet.ad.jp [203.181.100.9]
12 156 ms 111 ms 143 ms 124.215.199.122
13 126 ms 112 ms 137 ms 124.215.199.122
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * ^C
C:\WINDOWS\system32>


E = 4:32 & Cheers!!!

-Original Message-
From: Lee [mailto:ler...@gmail.com] 
Sent: Sunday, December 11, 2011 6:44 AM
To: NetSecGuy
Cc: nanog@nanog.org
Subject: Re: Inaccessible network from Verizon, accessible elsewhere.

On 12/10/11, NetSecGuy  wrote:
> I have a Linode VPS in Japan that I can't access from Verizon FIOS,
> but can access from other locations. I'm not sure who to blame.

I can't get to 106.187.34.33 or 106.187.34.1 using Verizon FIOS

C:\>tracert 106.187.34.33

Tracing route to li377-33.members.linode.com [106.187.34.33]
over a maximum of 30 hops:
[.. snip ..]
5 23 ms 4 ms 4 ms
so-14-0-0-0.RES-BB-RTR2.verizon-gni.net [130.81.22.56]
6 73 ms 6 ms 7 ms 0.ae2.BR2.IAD8.ALTER.NET [152.63.34.73]
7 8 ms 6 ms 7 ms dcp-brdr-03.inet.qwest.net [63.146.26.105]
8 8 ms 9 ms 9 ms sl-crs1-dc-0-1-0-0.sprintlink.net
[144.232.19.229]
9 28 ms 26 ms 44 ms sl-crs1-dc-0-5-3-0.sprintlink.net
[144.232.24.37]
10 177 ms 176 ms 177 ms lajbb001.kddnet.ad.jp [59.128.2.173]
11 43 ms 41 ms 42 ms sl-crs1-oma-0-9-2-0.sprintlink.net
[144.232.2.177]
12 291 ms * 301 ms cm-fcu203.kddnet.ad.jp [124.215.194.164]
13 286 ms 279 ms 282 ms 124.215.199.122
14 81 ms 81 ms 82 ms sl-crs1-sj-0-5-3-0.sprintlink.net
[144.232.20.99]
15 88 ms 86 ms 87 ms sl-st20-pa-9-0-0.sprintlink.net
[144.232.8.108]
16 405 ms 406 ms 399 ms 144.223.243.126
17 364 ms 386 ms 406 ms pajbb001.kddnet.ad.jp [111.87.3.41]
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * ^C

C:\>tracert 106.187.34.1

Tracing route to gw-li377.linode.com [106.187.34.1]
over a maximum of 30 hops:
[.. snip ..]
5 5 ms 24 ms 24 ms so-3-1-0-0.RES-BB-RTR2.verizon-gni.net
[130.81.151.232]
6 7 ms 7 ms 7 ms 0.ae2.BR2.IAD8.ALTER.NET [152.63.34.73]
7 8 ms 7 ms 7 ms dcp-brdr-03.inet.qwest.net [63.146.26.105]
8 84 ms 84 ms 84 ms lap-brdr-03.inet.qwest.net [67.14.22.78]
9 171 ms 174 ms 176 ms 63.146.26.70
10 178 ms 177 ms 177 ms lajbb001.kddnet.ad.jp [59.128.2.173]
11 283 ms 284 ms 284 ms otejbb203.kddnet.ad.jp [203.181.100.9]
12 289 ms 287 ms 287 ms cm-fcu203.kddnet.ad.jp [124.215.194.164]
13 * * * Request timed out.
14 83 ms 81 ms 82 ms sl-crs1-sj-0-12-0-1.sprintlink.net
[144.232.9.224]
15 * * * Request timed out.
16 403 ms 407 ms 404 ms 144.223.243.126
17 * * * Request timed out.
18 501 ms 499 ms 501 ms
otejbb203.kddnet.ad.jp.100.181.203.in-addr.arpa [203.181.100.137]
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed

Re: Megaupload.com seized

2012-01-22 Thread Joseph Snyder 
I would disagree, to me I would guess that the court would interpret the 
disabling of access or removal to refer to the material and not the url. The 
url is just a reference to the material in question. If you build a bashing 
system that does not let you comply with the law, that becomes your problem, 
not the courts. If you show good faith explain the issue and propose a 
reasonable timeline to resolve the issue or show financial hardship and appeal 
to the court for more time, then you can avoid, a lot of headaches.

Nick B  wrote:

I just made the brain melting mistake of trying to read the DMCA. The text
which jumps out at me is:

`(2) EXCEPTION- Paragraph (1) shall not apply with respect to material
residing at the direction of a subscriber of the service provider on a
system or network controlled or operated by or for the service provider
that is removed, or to which access is disabled by the service provider,
pursuant to a notice provided under subsection (c)(1)(C), unless the
service provider--


`(A) takes reasonable steps promptly to notify the subscriber that it
has removed or disabled access to the material;


`(B) upon receipt of a counter notification described in paragraph (3),
promptly provides the person who provided the notification
under subsection
(c)(1)(C) with a copy of the counter notification, and
informs that person
that it will replace the removed material or cease disabling
access to it
in 10 business days; and


`(C) replaces the removed material and ceases disabling access to it not
less than 10, nor more than 14, business days following receipt of the
counter notice, unless its designated agent first receives
notice from the
person who submitted the notification under subsection
(c)(1)(C) that such
person has filed an action seeking a court order to restrain
the subscriber
from engaging in infringing activity relating to the material on the
service provider's system or network.



I'm about 90% sure that in a fair court, it would be concluded that
disabling the reported URL qualifies as disabling access to the material.
The court might then issue an injunction to, in the future, disable *all*
*possible* access to the material, but that's not the current text of the
law. YMMV
Nick B

On Sun, Jan 22, 2012 at 11:58 AM, Roland Perry <
li...@internetpolicyagency.com> wrote:

> In article <596B74B410EE6B4CA8A30C3AF1A15**5ea09c8c...@rwc-mbx1.corp.**
> seven.com<596b74b410ee6b4ca8a30c3af1a155ea09c8c...@rwc-mbx1.corp.seven.com>>,
> George Bonser  writes
>
> The problem is going to be the thousands of people who have now lost
>> their legitimate files, research data, personal recordings, etc. that
>> they were using Megaupload to share.
>>
>
> But that's an operational risk of using any commercial entity as a
> filestore. Thousands of people lost[1] a lot of work when 
> fotopic.netcollapsed:
> http://en.wikipedia.org/wiki/**Fotopic.net;
>
> [1] As it's getting on for a year since an apparent rescue attempt, and
> nothing has emerged, this seems a reasonable assumption.
> --
> Roland Perry
>
>

Re: VZ FiOS DNS issues:

2012-01-22 Thread Joseph Snyder 
Try a full rebind on your cpe or power cycle, whichever is easier. This seems 
to have worked for a few on the forums.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

James Laszko  wrote:


On Jan 22, 2012, at 8:11 AM, "Jamie Bowden"  wrote:

> 
> Any Verizon techs around today? I don't know why you can't pass DNS traffic 
> this morning, but it's the second time in as many weeks as it has been an 
> issue, and it's rather annoying (Google is the example, but the exact same 
> failure happens using any destination, on VZ's own or any other public DNS 
> servers, phone support are of course, useless):

Have a look at:

http://forums.verizon.com/t5/FiOS-Internet/DNS-issues-in-SoCal/td-p/393781/page/11

Are you by chance in So Cal? VZ has been having some serious pot holes on their 
information super highway of late.


Regards,


James Laszko
Mythos Technology Inc


> 
> C:\Users\jamie>tracert -d 71.252.0.12
> 
> Tracing route to 71.252.0.12 over a maximum of 30 hops
> 
> 1 <1 ms <1 ms <1 ms 192.168.2.254
> 2 <1 ms <1 ms <1 ms 192.168.1.1
> 3 8 ms 9 ms 13 ms 96.231.199.1
> 4 14 ms 9 ms 9 ms 130.81.183.118
> 5 9 ms 9 ms 9 ms 130.81.151.232
> 6 9 ms 9 ms * 130.81.20.19
> 7 11 ms 9 ms 9 ms 71.252.0.12
> 
> Trace complete.
> 
> C:\Users\jamie>nslookup www.google.com 71.252.0.12
> Server: nsrest01.verizon.net
> Address: 71.252.0.12
> 
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> *** Request to nsrest01.verizon.net timed-out
> 
> C:\Users\jamie>tracert -d 8.8.8.8
> 
> Tracing route to 8.8.8.8 over a maximum of 30 hops
> 
> 1 <1 ms <1 ms <1 ms 192.168.2.254
> 2 <1 ms <1 ms <1 ms 192.168.1.1
> 3 7 ms 8 ms 9 ms 96.231.199.1
> 4 8 ms 9 ms 8 ms 130.81.183.118
> 5 9 ms 28 ms 10 ms 130.81.22.56
> 6 8 ms 9 ms 9 ms 152.63.36.237
> 7 20 ms 19 ms 19 ms 152.63.0.153
> 8 21 ms 18 ms 18 ms 152.63.21.73
> 9 41 ms 47 ms 49 ms 152.179.72.66
> 10 17 ms 18 ms 19 ms 209.85.255.68
> 11 * * * Request timed out.
> 12 * * * Request timed out.
> 13 22 ms 19 ms 19 ms 72.14.236.200
> 14 20 ms 31 ms 18 ms 216.239.49.145
> 15 18 ms 19 ms 19 ms 8.8.8.8
> 
> Trace complete.
> 
> C:\Users\jamie>nslookup www.google.com 8.8.8.8
> Server: google-public-dns-a.google.com
> Address: 8.8.8.8
> 
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> DNS request timed out.
> timeout was 2 seconds.
> *** Request to google-public-dns-a.google.com timed-out
> 
> C:\Users\jamie>

Re: Verizon FiOS - is BGP an option?

2012-03-14 Thread Joseph Snyder 
I will just say no on all parts of this current part of the conversation and 
leave it at that.

- j

Curtis Maurand  wrote:

On 3/14/2012 9:00 PM, Robert E. Seastrom wrote:
> Christopher Morrow writes:
>
>> On Wed, Mar 14, 2012 at 8:14 PM, Robert E. Seastrom wrote:
>>> Faisal Imtiaz writes:
>>>
 I am not familiar with VZ's FIOS network...
 however I suspect that if they are using a Redback at the Headend, it
 would allow you to have a 'bridge' network with secure arp
 settings. (it's a feature that we have seen on Redback's...)
>>> AFAIK Verizon does not use Redback/Ericsson stuff for FIOS and never has.
>>>
>>> A cursory survey of two (older, BPON, Tellabs) builds found ethernet
>>> OUI 00:90:1a, i.e. Juniper ERX.
>> yes, all edge boxes for FIOS are ERX... better support for CALEA there
>> was one of the major drivers.
> So it was _one_ of the drivers, but was it a more major driver than
> "for the love of God, not Redback!"? :)
>
the last I knew, Verizon was an Alcatel house for switching and Alcatel 
managed to get tcp/ip into their switching gear. so I'm left to wonder.

--C

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder 
Any details on how much this cost, maybe I just missed it in the article. 40k. 
It sounds interesting but in the US this would only make sense in cities and 
most people don't live in MDUs. Where I live a lot of peoples driveways are a 
mile or two long.

Marcel Plug  wrote:

This article from arstechnica is right on topic. Its about how the
city of Amsterdam built an open-access fibre network. It seems to me
this is the right way to do it, or at least very close to the right
way..

http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars

-Marcel

On Fri, Mar 23, 2012 at 11:35 PM,  wrote:
> On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:
>
>> "The indication of above average or below average is based on a comparison 
>> of the actual test result to the current NTIA
>> definition of broadband which is 768 kbps download and 200 kbps upload. Any 
>> test result above the NTIA definition is
>> considered above average, and any result below is considered below average."
>
> That's the national definition of "broadband" that we're stuck with.  To show
> how totally cooked the books are, consider that when they compute "percent of
> people with access to residential broadband", they do it on a per-county basis
> - and if even *one* subscriber in one corner of the county has broadband, the
> entire county counts.
>

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder 
Lol too early in the morning, that much for so few, but if you are going to 
govt fund copper replacement, it's probably the way to go. Not sure how costly 
that would be in the US since even in the cities there are a lot of duplexes.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Joseph Snyder  wrote:

Any details on how much this cost, maybe I just missed it in the article. 40k. 
It sounds interesting but in the US this would only make sense in cities and 
most people don't live in MDUs. Where I live a lot of peoples driveways are a 
mile or two long.

Marcel Plug  wrote:

This article from arstechnica is right on topic. Its about how the
city of Amsterdam built an open-access fibre network. It seems to me
this is the right way to do it, or at least very close to the right
way..

http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars

-Marcel

On Fri, Mar 23, 2012 at 11:35 PM,  wrote:
> On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:
>
>> "The indication of above average or below average is based on a comparison 
>> of the actual test result to the current NTIA
>> definition of broadband which is 768 kbps download and 200 kbps upload. Any 
>> test result above the NTIA definition is
>> considered above average, and any result below is considered below average."
>
> That's the national definition of "broadband" that we're stuck with.  To show
> how totally cooked the books are, consider that when they compute "percent of
> people with access to residential broadband", they do it on a per-county basis
> - and if even *one* subscriber in one corner of the county has broadband, the
> entire county counts.
>

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder 
For those who didn't Google it.

http://www.ftthcouncil.org/en/knowledge-center/case-studies/amsterdam-city-fiber-project-analysis
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Joseph Snyder  wrote:

Lol too early in the morning, that much for so few, but if you are going to 
govt fund copper replacement, it's probably the way to go. Not sure how costly 
that would be in the US since even in the cities there are a lot of duplexes.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Joseph Snyder  wrote:

Any details on how much this cost, maybe I just missed it in the article. 40k. 
It sounds interesting but in the US this would only make sense in cities and 
most people don't live in MDUs. Where I live a lot of peoples driveways are a 
mile or two long.

Marcel Plug  wrote:

This article from arstechnica is right on topic. Its about how the
city of Amsterdam built an open-access fibre network. It seems to me
this is the right way to do it, or at least very close to the right
way..

http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars

-Marcel

On Fri, Mar 23, 2012 at 11:35 PM,  wrote:
> On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:
>
>> "The indication of above average or below average is based on a comparison 
>> of the actual test result to the current NTIA
>> definition of broadband which is 768 kbps download and 200 kbps upload. Any 
>> test result above the NTIA definition is
>> considered above average, and any result below is considered below average."
>
> That's the national definition of "broadband" that we're stuck with.  To show
> how totally cooked the books are, consider that when they compute "percent of
> people with access to residential broadband", they do it on a per-county basis
> - and if even *one* subscriber in one corner of the county has broadband, the
> entire county counts.
>

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder 
USF is more of a free for all get ISPs to build in 80% of the locations that 
nobody would build in their right mind vs a mini monopoly model for l2 that I 
equate this with.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Owen DeLong  wrote:

We've been funding it for years without getting it because of the stupid way in 
which it has been funded.

I suggest you look into USF in more detail.

Owen

On Mar 24, 2012, at 6:06 AM, Joseph Snyder wrote:

> Lol too early in the morning, that much for so few, but if you are going to 
> govt fund copper replacement, it's probably the way to go. Not sure how 
> costly that would be in the US since even in the cities there are a lot of 
> duplexes.
> -- 
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
> 
> Joseph Snyder  wrote:
> 
> Any details on how much this cost, maybe I just missed it in the article. 
> 40k. It sounds interesting but in the US this would only make sense in cities 
> and most people don't live in MDUs. Where I live a lot of peoples driveways 
> are a mile or two long.
> 
> Marcel Plug  wrote:
> 
> This article from arstechnica is right on topic. Its about how the
> city of Amsterdam built an open-access fibre network. It seems to me
> this is the right way to do it, or at least very close to the right
> way..
> 
> http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars
> 
> -Marcel
> 
> On Fri, Mar 23, 2012 at 11:35 PM,  wrote:
>> On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:
>> 
>>> "The indication of above average or below average is based on a comparison 
>>> of the actual test result to the current NTIA
>>> definition of broadband which is 768 kbps download and 200 kbps upload. Any 
>>> test result above the NTIA definition is
>>> considered above average, and any result below is considered below average."
>> 
>> That's the national definition of "broadband" that we're stuck with. To show
>> how totally cooked the books are, consider that when they compute "percent of
>> people with access to residential broadband", they do it on a per-county 
>> basis
>> - and if even *one* subscriber in one corner of the county has broadband, the
>> entire county counts.
>>

Re: Muni Fiber

2012-03-25 Thread Joseph Snyder 
Hmm even most urban environments aren't worth deploying in or are probably 
marginal profit. So I would expect 30-45% of population of the US to not be 
worth or marginally worth deploying. I am assuming most urban less than 250k 
and probably spread out. Not to mention to provide transit without services to 
residential is a margins game to begin with and without at least a 20-30% take 
rate it probably isn't worth the cost of l3 infrastructure. On the other hand 
for actual dense urban environments it makes perfect sense as long as the are 
willing to maintain it.

I see the possibilities, but have a gut feeling it would become a political 
mess and unreliable, not to mention cost us more than we pay now.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Leo Bicknell  wrote:

In a message written on Sun, Mar 25, 2012 at 05:29:04PM +0100, Nick Hilliard 
wrote:
> most of the expense of laying fibre is associated with ducting + wayleave.
> Once you have that in place, blowing new fibre is relatively inexpensive.
> So rather than amortising the cost according to the lifetime of the fibre,
> it makes much more sense to amortise over the lifetime of the ducting.

Maybe.

In rural deployments it's much more likely the fiber is aerial,
it's far cheaper to attach to existing poles with few cables on
them than it is to bury the fiber.

Even in urban areas where buried duct is the norm, being able to
use old ducts varies a lot with the geography and how active the
area is to other development. I've seen plenty of ducts where it
had been cut and repaired several times before use that running a
new cable through it was impossible and it simply had to be replaced.
In other locations 20 years later a new cable goes through like
butter.

But I think it's all a bit of a tangent; when talking about
_residential_ fiber it's prudent to run 2-6 strands to every home
day one, and then, well, there's basically never a point in running
more. The chance of blowing more fiber down the duct later is near
zero. It's also why I'm not a fan of *PON schemes, eliminate the
splitter and run a single star topology. 20 years from now Petabit
optics will look different than today's GigE in some way, but I'll
bet money they are tuned to run on single mode fiber. They may not
like the splitters and the like though. By doing a star back to a
wiring center you enable all technologies. GPON today, direct GigE
or 10GE where necessary, and all future technologies.

-- 
Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

Re: Quad-A records in Network Solutions ?

2012-03-28 Thread Joseph Snyder 
I agree, but in a big company it generally would cost at least 10s of thousands 
of dollars just for training alone. The time away from the phones that would 
have to be covered would exceed that. Let's say you had 8000 phone staff and 
they were getting $10/be and training took an hour. That is 80k coverage 
expenses alone. For a large company I would expect a project budget of at least 
250k minimal. And probably more if the company exceeds 50,000 employees.

Arturo Servin  wrote:


Another reason to not use them.

Seriusly, if they cannot expend some thousands of dollars (because it 
shouldn't be more than that) in "touching code, (hopefully) testing that code, 
deploying it, training customer support staff to answer questions, updating 
documentation, etc." I cannot take them as a serious provider for my names.

Regards,
.as

On 28 Mar 2012, at 21:16, John T. Yocum wrote:

> 
> 
> On 3/28/2012 12:13 PM, Carlos Martinez-Cagnazzo wrote:
>> I'm not convinced. What you mention is real, but the code they need is
>> little more than a regular expression that can be found on Google and a
>> 20-line script for testing lames. And a couple of weeks of testing, and
>> I think I'm exaggerating.
>> 
>> If they don't want to offer support for it, they can just put up some
>> disclaimer.
>> 
>> regards,
>> 
>> Carlos
>> 
>> 
>> On 3/28/12 3:55 PM, David Conrad wrote:
>>> On Mar 28, 2012, at 11:47 AM, Carlos Martinez-Cagnazzo wrote:
 I'm not a fan of conspiracy theories, but, c'mon. For a provisioning
 system, an  record is just a fragging string, just like any other
 DNS record. How difficult to support can it be ?
>>> 
>>> Of course it is more than a string. It requires touching code, (hopefully) 
>>> testing that code, deploying it, training customer support staff to answer 
>>> questions, updating documentation, etc. Presumably Netsol did the 
>>> cost/benefit analysis and decided the potential increase in revenue 
>>> generated by the vast hordes of people demanding IPv6 (or the potential 
>>> lost in revenue as the vast hordes transfer away) didn't justify the 
>>> expense. Simple business decision.
>>> 
>>> Regards,
>>> -drc
>>> 
>>> 
>> 
> 
> That's assuming their system is sanely or logically designed. It could be a 
> total disaster of code, which makes adding such a feature a major pain.
> 
> --John

Re: Dear Linkedin,

2012-06-09 Thread joseph . snyder 
My biggest problem still is the multiple computer issue.  I am on at least 3-5 
physical computers and 1-20 virtual machines, and 2 cellphones a day.  I 
honestly do not want to store a database of passwords encrypted or not on an 
open service.  

As I have never had a virus or malware on any of my computers in the last 20 
something years I trust my local machine/network more.  The problem is it 
creates a distribution problem that is painful and tedious to deal with.  

So I stick with 10-15 long reasonably secure passwords that get used for stuff 
that just doesn't matter because there is an assumed no security (facebook, 
linkedin, whatever, and honestly who cares if this stupid stuff is hacked, its 
really just to avoid the hassle it would cause) and 1 unique password per 
critical sites (bank, benefits, financials).  I store them on a local 3x3 
levels of encrypted virtual drives with (2) 32-48 remembered passwords to 
access them just in case I forget any. 

Then I lock the 2 passwords up in a safe in a sealed envelope just in case 
something happens to me.

 If you are cautious on what and where you use them you honestly only need to 
change the criticals once a year or if there is a security event, heck outside 
of the bank account, I almost never login to any of the other accounts except 
to change the password.

And for all other internet stuff, who cares, the assumption is it will be 
hacked, don't put stuff on the open internet that you don't want the entire 
world to know.

Re: The state of TACACS+

2014-12-29 Thread joseph . snyder 
Change the root when any senior person leaves.  It shouldn't be known to a 
large set of staff members.  During the bubble burst rifs we were changing them 
on 40k+ devices every week.  Make sure you verify the pass before disconnecting 
the login acct making the change.  Also make sure you understand the AAA 
process well when trying to do this so that you don't lock yourself out.

On December 29, 2014 10:32:51 AM EST, Colton Conor  
wrote:
>Scott,
>
>Thanks for the response. How do you make sure the failsafe and/or root
>password that is stored in the device incase remote auth fails can't be
>accessed without having several employees engaged? Are there any
>mechanisms
>for doing so?
>
>My fear would be we would hire an outsourced tech. After a certain
>amount
>of time we would have to let this part timer go, and would disabled his
>or
>her username and password in TACAS. However, if that tech still knows
>the
>root password they could still remotely login to our network and cause
>havoc. The thought of having to change the root password on hundreds of
>devices doesn't sound appealing either every time an employee is let
>go. To
>make matters worse we are using an outsourced firm for some network
>management, so the case of hiring and firing is fairly consistent.
>
>On Mon, Dec 29, 2014 at 9:22 AM, Scott Helms  wrote:
>
>> Colton,
>>
>> Yes, that's the 'normal' way of setting it up.  Basically you still
>have
>> to configure a root user, but that user name and password is kept
>locked up
>> and only accessed in case of catastrophic failure of the remote
>> authentication system.  An important note is to make sure that the
>fail
>> safe password can't be accessed without having several people engaged
>so it
>> can't be used without many people knowing.
>>
>>
>> Scott Helms
>> Vice President of Technology
>> ZCorum
>> (678) 507-5000
>> 
>> http://twitter.com/kscotthelms
>> 
>>
>> On Mon, Dec 29, 2014 at 10:15 AM, Colton Conor
>
>> wrote:
>>
>>> We are able to implement TACAS+. It is my understanding this a
>fairly old
>>> protocol, so are you saying there are numerous bugs that still need
>to be
>>> fixed?
>>>
>>> A question I have is TACAS+ is usually hosted on a server, and
>networking
>>> devices are configured to reach out to the server for
>authentication. My
>>> question is what happens if the device can't reach the server if the
>>> devices network connection is offline? Our goal with TACAS+ is to
>not have
>>> any default/saved passwords. Every employee will have their own
>username
>>> and password. That way if an employee gets hired/fired, we can
>enable or
>>> disable their account. We are trying to avoid having any
>organization wide
>>> or network wide default username or password. Is this possible? Do
>the
>>> devices keep of log of the last successful username/password
>combinations
>>> that worked incase the device goes offline?
>>>
>>> On Sun, Dec 28, 2014 at 5:02 PM, Robert Drake 
>>> wrote:
>>>
>>> > Picking back up where this left off last year, because I
>apparently only
>>> > work on TACACS during the holidays :)
>>> >
>>> >
>>> > On 12/30/2013 7:28 PM, Jimmy Hess wrote:
>>> >
>>> >> Even 5 seconds extra for each command may hinder operators, to
>the
>>> extent
>>> >> it would be intolerable; shell commands should run almost
>>> >> instantaneously  this is not a GUI, with an hourglass.  
>Real-time
>>> >> responsiveness in a shell is crucial --- which remote auth should
>not
>>> >> change.   Sometimes operators paste a  buffer with a fair number
>of
>>> >> commands,  not expecting a second delay between each command --- 
>a
>>> >> repeated delay, may also break a pasted sequence.
>>> >>
>>> >> It is very possible for two of three auth servers to be
>unreachable,
>>> in
>>> >> case of a network break, but that isn't necessary.  The
>"response
>>> >> timeout"  might be 5 seconds,  but in reality, there are cases
>where
>>> you
>>> >> would wait  longer,  and that is tragic,   since there are some
>obvious
>>> >> alternative approaches that would have had results  that would be
>more
>>> >> 'friendly'  to the interactive user.
>>> >>
>>> >> (Like remembering which server is working for a while,   or
>remembering
>>> >> that all servers are down -- for a while,  and having a  50ms 
>timeout,
>>> >>   with all servers queried in parallel,  instead of a 5 seconds
>>> timeout)
>>> >>
>>> > I think this needs to be part of the specification.
>>> >
>>> > I'm sure the reason they didn't do parallel queries was because of
>both
>>> > network and CPU load back when the protocol was drafted.  But it
>might
>>> be
>>> > good to have local caching of authentication so that can happen
>even
>>> when
>>> > servers are down or slow.  Authorization could be updated to send
>the
>>> > permissions to the router for local handling. Then if the server
>dies
>>> while
>>> > a session is open only accounting would be affected.
>>> >
>>

Re: Verizon FIOS filtering?

2013-03-18 Thread joseph . snyder 
Did you ever resolve this?

Harry Hoffman  wrote:

>Hi All,
>
>Does anyone know if Verizon automatically performs network filtering in
>response to scanning behavior?
>
>I'm having some weird connectivity issues to a host and trying to
>figure
>out why.
>
>Cheers,
>Harry

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: Verizon FIOS filtering?

2013-03-18 Thread joseph . snyder 
Are you sure the edu isn't triggering any sort of filtering on host that do 
scanning?

Harry Hoffman  wrote:

>Hi All,
>
>Sorry, got pulled away on other projects. No, still trying to figure
>out
>what's going on. This is traffic originating from FIOS's network.
>
>I have a host located in a .edu that is configured to send back icmp
>host prohibited replies for connections that aren't specifically
>allowed
>in the host based firewall.
>
>The .edu border routers filter very little (standard MS ports
>135,137,139,445 udp/tcp).
>
>I can ssh from my verizon fios router (a linux box) to my .edu host
>(also a linux box).
>
>If I run nmap -sT -Pn <.edu host> I'll get back different results of
>what ports are filtered. I assume that this is a result of what nmap
>decides to cache when it receives the ICMP messages.
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.028s latency).
>Not shown: 999 closed ports
>PORT   STATESERVICE
>23/tcp filtered telnet
>
>Nmap done: 1 IP address (1 host up) scanned in 3.78 seconds
>[hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:53 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.034s latency).
>Not shown: 998 closed ports
>PORTSTATESERVICE
>21/tcp  filtered ftp
>199/tcp filtered smux
>
>Nmap done: 1 IP address (1 host up) scanned in 20.43 seconds
>[harryh@firefly ~]$ nmap -Pn -sT some.host.edu
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.078s latency).
>Not shown: 996 closed ports
>PORT STATESERVICE
>21/tcp   filtered ftp
>111/tcp  filtered rpcbind
>256/tcp  filtered fw1-secureremote
>3389/tcp filtered ms-wbt-server
>
>Nmap done: 1 IP address (1 host up) scanned in 2.52 seconds
>[hhoffman@firefly ~]$ nmap -Pn -sT some.host.edu
>
>Starting Nmap 6.01 ( http://nmap.org ) at 2013-03-16 14:56 EDT
>Nmap scan report for some.host.edu (123.45.67.89)
>Host is up (0.030s latency).
>All 1000 scanned ports on some.host.edu (123.45.67.89) are closed
>
>For a short period of time after the scans commence I'm not able to
>connect from my FIOS host to my .edu host on tcp/22, a port that is
>specifically allowed in the .edu host's firewall rules.
>
>There is no software on either end that would perform any tarpit-like
>functionality.
>
>Cheers,
>Harry
>
>
>
>On 03/18/2013 08:50 AM, joseph.sny...@gmail.com wrote:
>> Did you ever resolve this?
>> 
>> Harry Hoffman  wrote:
>> 
>>> Hi All,
>>>
>>> Does anyone know if Verizon automatically performs network filtering
>in
>>> response to scanning behavior?
>>>
>>> I'm having some weird connectivity issues to a host and trying to
>>> figure
>>> out why.
>>>
>>> Cheers,
>>> Harry
>> 

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: Andros Island Connectivity?

2013-04-30 Thread joseph . snyder 
Doesn't cable Bahamas sell in andros

Warren Bailey  wrote:

>I suggested VSAT. Probably the quickest and cheapest.
>
>
>Sent from my T-Mobile 4G LTE Device
>
>
>
> Original message 
>From: Mike Lyon 
>Date: 04/30/2013 1:35 PM (GMT-08:00)
>To: "Aaron C. de Bruyn" ,memb...@wispa.org
>Cc: NANOG mailing list 
>Subject: Re: Andros Island Connectivity?
>
>
>Aaron,
>
>Cross-posting this over to the WISPA list to see if there are any
>Wireless
>ISPs over there that can help you.
>
>-Mike
>
>
>
>On Tue, Apr 30, 2013 at 1:28 PM, Aaron C. de Bruyn
>wrote:
>
>> I just had a client drop an interesting requirement on me.
>>
>> They are on Andros Island (Bahamas) for about a year.  I'm working on
>> getting an exact address from the adminisphere above me, but all I've
>been
>> told so far is they are 'near the naval base'.
>>
>> They just called and said "We need internet access yesterday".
>>
>> None of the people on-site are technical, and all their data is
>accessed
>> via RDP on a server in the United States.
>>
>> Having never been there, I have no idea if it's like downtown San
>Francisco
>> where the internet grows on trees, or if it's like the Sahara desert
>which
>> might require dragging your own fiber in on camelback...
>>
>> Does anyone have pointers on who to talk to or how I can get them
>internet
>> access?
>>
>> -A
>>
>
>
>
>--
>Mike Lyon
>408-621-4826
>mike.l...@gmail.com
>
>http://www.linkedin.com/in/mlyon

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

2012-06-17 Thread joseph . snyder 
It's about time and cost. If it's an emergency situation, trying to guess who 
might own the address waste time to get confirmation, if it is a complete 
guessing game. Then a warrant has to be gotten. You need to know who to put on 
the warrant to make a request.

Cameron Byrne  wrote:

But whois info is really the linchpin for LEAs trying to find criminals?

I find that very hard to believe.

CB

Re: job screening question

2012-07-06 Thread joseph . snyder 
I agree. Let the person talk do a few probing questions based off what they 
say. If you yourself have any value you should be able to tell if they have a 
chance.

Also I would prefer someone who says I don't know for sure but maybe something 
along these lines, and then wants to know the right answer. Passion is also 
important, if you are willing to hire someone who is in it for just a paycheck, 
save yourself the headache and get a contractor.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Matthew Palmer  wrote:

On Thu, Jul 05, 2012 at 11:04:05PM -0400, Robert E. Seastrom wrote:
> Diogo Montagner  writes:
> > For screening questions (for 1st level filtering), IMO, the questions
> > has to be straight to the point, for example:
> >
> > 1) What is the LSA number for an external route in OSPF?
> >
> > This can have two answer: 5 or 7. So, I will accept if the candidate
> > answer 5, 7 or 5 and 7. Later on (the next level of the interview), a
> > techinical interviewer will chech if the candidate understand the
> > differences of LSA 5 and 7.
> 
> Frankly, this feels a bit like asking what the 9th byte in an IP
> header is used for (it's TTL, but who's, uh, counting?) -- "That's why
> God gave us packet analyzers" should be counted as an acceptable
> answer. If not, you'll find yourself skipping over plenty of
> extremely well qualified candidates in favor of those who have crammed
> recently for some sort of exam in hopes of compensating for their
> short CV.

Ugh, I know someone (thankfully no longer a current colleague) who ardently
*defends* his use of questions like "what does the -M option to ps do?" on
the basis that "any senior person who knows what they're doing should know
all the options to ps!". No, you useless tit, anyone who knows what they're
doing should know how to read a bloody manpage.

Trivia tests get you hiring people who know trivia. Knowing trivia has it's
productivity benefits, but if you can't apply it, it's useless.

- Matt

-- 
Politics and religion are just like software and hardware. They all suck,
the documentation is provably incorrect, and all the vendors tell lies.
-- Andrew Dalgleish, in the Monastery

Re: using "reserved" IPv6 space

2012-07-14 Thread joseph . snyder 
If it is a hostile lab environment, then pre decide on the address space to be 
used by the company and auto include that into all production routers policies 
to drop it like a hot potatoes covered in lava.

Brandon Ross  wrote:

On Fri, 13 Jul 2012, Owen DeLong wrote:

> On Jul 13, 2012, at 4:24 PM, Randy Bush wrote:
>
>> keep life simple. use global ipv6 space.
>>
>> randy
>
> Though it is rare, this is one time when I absolutely agree with Randy.

It's even more rare for me to agree with Randy AND Owen at the same time.

-- 
Brandon Ross Yahoo & AIM: BrandonNRoss
+1-404-635-6667 ICQ: 2269442
Schedule a meeting: https://tungle.me/bross Skype: brandonross

Re: IPv6 Ignorance

2012-09-17 Thread joseph . snyder 
I agree with the way you are looking at it.  I know it sounds impressive to 
talk about hosts, but in ipv6 all that matters is how many subnets do I have 
and how clean are my aggregation levels to avoid large wastes of subnets.  Host 
addressing is not an issue or concern.  So to talk about 128 bits instead of 
the reality of the 64 is silly.


Owen DeLong  wrote:

>
>On Sep 16, 2012, at 20:23 , Randy Bush  wrote:
>
>> [ yes, there are a lot of idiots out there.  this is not new.  but ]
>> 
>>> "We are totally convinced that the factors that made IPv4 run out of
>>> addresses will remanifest themselves once again and likely sooner
>than
>>> a lot of us might expect given the "Reccomendations" for "Best
>>> Practice" deployment."
>> 
>> while i am not "totally convinced," i am certainly concerned.  we are
>> doing many of the same things all over again.  remember when rip
>forced
>> a homogenous, often classful, mask length in a network and we chewed
>> through /24s?  think /64 in ipv6, except it's half the bits not 1/4
>of
>> them.  remember when we gave out As and Bs willy nilly?  look at the
>> giant swaths of v6 we give out today in the hopes that someone will
>> deploy it.
>> 
>> and don't bs me with how humongous the v6 address space is.  we once
>> though 32 bits was humongous.
>> 
>> randy
>
>We thought 32 bits was humongous in the context of a research project
>that would connect universities, research institutions and some
>military
>installations.
>
>In that context, 32 bits would still be humongous.
>
>Our estimation of humongous didn't change, the usage of the network
>changed dramatically. The experiment escaped from the laboratory
>and took on a life of its own. Once that happened, the realization that
>32 bits wasn't enough was very nearly immediate.
>
>The IPv6 address space offers 61 bits of network numbers each of which
>holds up to 64 bits worth of hosts. Obviously you never want to fill
>one
>of those subnets (nor could you with any available hardware), but it
>means
>that you don't have to waste time thinking about rightsizing network
>assignments.
>
>I won't say we will never run out of IPv6 address space, but I will say
>that I'll be surprised if IPv6 doesn't hit a different limit first.
>
>Guess what... If it turns out that our current behavior with respect to
>IPv6
>addresses is ill-advised, then, we have 6+ more copies of the current
>IPv6 address space where we can try different allocation strategies.
>
>Rather than fretting about the perils of using the protocol as
>intended,
>let's deploy it, get a working end-to-end internet and see where we
>stand.
>
>Owen

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

RE: guys != gender neutral

2012-09-29 Thread joseph . snyder 
Intention is everything, words are only part of it.  If you can't determine 
intention and you get upset then it is you that has the problem.  Ask or let it 
go and assume the best intentions.  The world be a lot better off if we all did 
this.

Lorell Hathcock  wrote:

>We may not all be guys.  We may not all be gals.  But we are definitely
>all
>CLOWNS.  This is a substitution that should be acceptable to all and it
>really works.
>
>Sales-clown.  Yep!
>Mail-clown.  Yep!
>Fire-clown. Yep!
>Police-clown.  Yep!
>Congress-clown.  Yep!  Yep!
>
>-Original Message-
>From: Landon Stewart [mailto:lstew...@superb.net] 
>Sent: Thursday, September 27, 2012 3:56 PM
>To: Owen DeLong
>Cc: nanog@nanog.org
>Subject: Re: guys != gender neutral
>
>On 27 September 2012 11:34, Owen DeLong  wrote:
>
>> When did "people" stop being an acceptable gender-neutral substitute 
>> for {guys,gals}?
>>
>> Owen
>>
>>
>Using the word 'people' is good but I like to say 'humans'.
>
>What's up humans?
>Can I get you humans to drink?
>
>This rarely offends anyone.
>
>--
>Landon Stewart 
>Sr. Administrator
>Systems Engineering
>Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more "Ahead
>of
>the Rest": http://www.superbhosting.net

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: Typical additional latency for CGN?

2012-10-08 Thread joseph . snyder 
Owen DeLong  wrote:

>
>On Oct 7, 2012, at 3:18 PM, Cameron Byrne  wrote:
>
>> On Oct 7, 2012 1:48 PM, "Tom Limoncelli"  wrote:
>>> 
>>> Have there been studies on how much latency CGN adds to a typical
>>> internet user?   I'd also be interested in anecdotes.
>>> 
>> 
>> Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does
>not
>> meaningfully add latency. CGN is not enough of a factor to impact
>happy
>> eyeballs in a way that improves ipv6 use.
>> 
>>> I've seen theoretical predictions but by now we should have
>>> measurements from early-world deployments.
>>> 
>> 
>> Most mobile providers have been doing what is commonly called cgn for
>5 to
>> 10 years. CGN is not a new concept or implementation for mobile.
>> 
>
>True, but, as we have discussed before, mobile users, especially in the
>US,
>have dramatically lowered expectations of internet access from their
>mobile
>devices vs. what they expect from a household ISP.
>
>We expect half the services we want to be crippled by mobile carriers
>because
>they don't like competition. We file lawsuits when that happens on our
>terrestrial connections.
>
>Owen

Except now you have to do mediation, since class action lawsuits are now null 
and void. :)
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.