Re: The US government has betrayed the Internet. We need to take it back
This has been known for years so why the sudden list spam Calea in Canada goes into full force jan 1 2014 and yes it was meant to stop pedo bears but it is much farther reaching Sent from my iPhone On 2013-09-06, at 5:33 PM, "Scott Weeks" wrote: > > > --- s...@circlenet.us wrote: > From: Sam Moats > > There only options are to: > > Disobey the law, unacceptable in my opinion > > Close down services, noble but I need to eat and you probably want to > keep getting email > > Compromise your principles and obey the law, the path often choosen. > > > > So, there's no choice except to get a 5-gallon bucket of gov't-ky > jelly and take it? So many things come to mind on your flag-waving > emails, I can't think of what to say first. And believe me, that's > not usual... ;-) After a while, you'll become raw and probably > change your mind. > > scott >
Re: will ISP peer with 2 local WAN routers?
Offer to provide a /29 out of your own arin assigned block works wonders Sent from my iPhone On 2013-08-29, at 7:40 PM, "Joe Maimon" wrote: > > > Adam Greene wrote: >> Hi guys, >> >> >> >> I have a customer who peers via eBGP with Lightpath aka Cablevision (AS >> 6128) and Level3 (AS 3356) and wants to do some dual-WAN router redundancy. > > I am not optimistic for your odds in having 6128 do anything other than > /30 for you. > > (Though even then you still have options, up to and including eem IP > takeover) > > >> >> I have heard that carriers will sometimes agree to set up a /29 WAN subnet >> for a customer and peer with (2) customer routers. > > Carriers who do that and more are my favorites. > >
Re: ARIN WHOIS for leads
Lol yet we can't use the side cutters cause we all report to the corporate overlords Sent from my iPhone On 2013-07-26, at 8:18 PM, "Jon Lewis" wrote: > On Fri, 26 Jul 2013, Larry Stites wrote: > >> NANOG : network operators are precisely those who directly assisted in >> creating the 'magic lamp' and the cork which held the marketing Jeanie >> inside. The same operators who took the cork out and rubbed the 'magic >> lamp'... The Jeanie is now out of the bottle and you all are complaining >> about it, all the while creating new magic, more lamps and more >> Jeanie's... Go figure. NANOG complaining about being harassed by the >> marketing technologies it has created... > > We're also the people at the controls, and the people holding the wire > cutters (physical and virtual), so we're not a good demographic to piss > off. > > -- > Jon Lewis, MCP :) | I route > | therefore you are > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ >
Re: ARIN WHOIS for leads
Welcome to nanog aka the cold call jungle Sent from my iPhone On 2013-07-25, at 6:31 PM, "Otis L. Surratt, Jr." wrote: > -Original Message- > From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] > Sent: Thursday, July 25, 2013 6:20 PM > To: Justin Vocke; nanog@nanog.org > Subject: RE: ARIN WHOIS for leads > >> Wouldn't that defeat the purpose of maintaining the whois? > > Yep! > >> We registered a few domains and get the same thing, I think it's > something that people are going to have to live with. :/ > > I agree. We just politely tell them we are not interested and move on > about our day. Some cold callers we have taken up on offers. It just > depends who calls and whether or not we are looking for new service. > WHOIS Privacy is nice for the domains and we use for some of our domains > but not all. We just hate when customers get those scam notices and call > us or open tickets about it. > > Otis > > Original message > From: Justin Vocke > Date: 07/25/2013 4:04 PM (GMT-08:00) > To: nanog@nanog.org > Subject: ARIN WHOIS for leads > > > Sent this little e-mail to ARIN: > > I'm not sure that you guys can do anything about this, but it's worth > looking into. I registered AS626XX a week ago, and since it's > registration, I've been getting calls from "wholesale" carriers trying > to get me to purchase IP transit from them. Someone is obviously using > your database of contact information to generate sales leads. > > 512-377-6827 was one of the numbers trying to get more information about > my network and how they could "help" me. > > My guess is someone is using your mass whois database, looking at the > most recently issued/created AS numbers, and cold calling. > > Just thought I'd pass this along. > - > > Due to the amount of calls I've received, I'm guessing its probably a > good idea to remove my contact info from the registration and setup > role's instead. > > Does this sorta thing happen frequently with new registrations or did I > just draw the short straw? > > Best, > Justin >
Re: Prism continued
Only victim in all of this is the poor NSA contractor who had to sift thru my browser history Sent from my iPhone On 2013-06-15, at 4:24 PM, "Matthew Petach" wrote: > On Thu, Jun 13, 2013 at 7:20 AM, Jon Lewis wrote: > >> On Wed, 12 Jun 2013 goe...@anime.net wrote: >> >> cellphones with cameras are probably better for the purposes of covert >>> mass surveillance, especially ones with front facing cameras. far more of >>> them out there, and wireless to boot. >>> >>> suprised everyone gets their panties in a bunch over presumed games >>> console monitoring, what about all your iphones already out there? >> >> My iPhone lives in a holster that covers both cameras when not in use or >> charging. Do you throw a sheet over your gaming console when you're not >> using it? > > You'd be amazed at how many hours of footage > the government has of the inside of my pants > pockets... > > :D > > Matt
Re: Data Center Installations
Zip ties have no reason to be in a dc grr Sent from my iPhone On 2013-05-01, at 6:57 PM, "Mike Lyon" wrote: > Is hard to beat Monoprice :) > > But no, I have purchased velcro in bulk from ULine (not the kind for > wrapping cable though) and found it to be cheaper and I usually got it the > next day for not that much shipping. > > -Mike > > > > On Wed, May 1, 2013 at 4:49 PM, Michael Loftis wrote: > >> On Wed, May 1, 2013 at 4:33 PM, Mike Lyon wrote: >>> For bulk velcro, I found Uline to be fairly cheap. >> >> I have to ask, is this an April fools joke? ULine isn't cheap for >> anything. Monoprice, $13, around $25 delivered depending on where >> you're at and how yu ship it, for 5x black hook and loop 5yd per >> roll... vs. ULine $28 (1x black hook and loop 75') and probably about >> same S&H. No easy way to get them to quote S&H but last time I >> ordered from them (they're about the only place to get some stuff) >> ULine is over 2x as much. Oh and Monoprice has it in quite a few >> colors if you don't care for black. If you're going for pre-made >> cable wrap type stuff it's a bit more, but still half or less than >> ULine. >> >> ULine is definitely a supplier of last resort, but they've got a lot >> of different stuff. >> >> > > > -- > Mike Lyon > 408-621-4826 > mike.l...@gmail.com > > http://www.linkedin.com/in/mlyon
Re: "authority" to route?
Careful though cause the crayons must be crayola approved Sent from my iPhone On 2012-11-14, at 5:28 PM, "joel jaeggli" wrote: > On 11/14/12 2:40 PM, Joe Abley wrote: >> On 2012-11-12, at 14:43, Jim Mercer wrote: >> >>> Is there a common practice of providers to vet / validate requests to >>> advertise >>> blocks? >> Yes, most providers whose customers request a particular route to be pointed >> towards them will ask for ambiguous instructions, written on letterhead with >> crayon, and signed illegibly by someone who may or may not have authority to >> do so but who in any case cannot be identified clearly by their scrawl. > Some providers ask for route objects and appropriate import/export > policy in RADB. that fandamently no higher quality an attestation than a > LOA but it's a lot easier to read. >> Ideally the letterhead should be crudely constructed in photoshop and then >> faxed across a noisy analogue line. >> >> Once you have one of those babies in your file, no lawyer can touch you. >> >> >> Joe >> >> >> > >
Re: RFC becomes Visio
Just be happy they didn't ask for power point Sent from my iPhone On 2012-10-02, at 5:03 PM, "William F. Maton Sotomayor" wrote: > On Tue, 2 Oct 2012, Michael Hallgren wrote: > >> Le mardi 02 octobre 2012 à 23:25 +0200, Dan Luedtke a écrit : >>> On Fri, 2012-09-28 at 19:31 +0100, Nick Hilliard wrote: Here's a visio diagram you can send them: http://www.foobar.org/~nick/bgp-network-diagram.vsd >>> >>> Is there a .png version of it somewhere? >>> The whole thread made my day, I'm eager to see this diagram as well. >>> I don't have this MS Visio thingy you all use to set up your Avian >>> Carrier BGP sessions... >> >> Don't use ``MS Visio thingy'', prefer TeX with metapost, PGF/TikZ (or >> PSTRicks). The output is by far more beautiful, and maintaining the >> document much more slim. > > I still miss doing this stuff using gpic/groff. ;-) > > wfms
Re: Cisco 7206 IOS for PPPoE Termination
You are joking I hope Sent from my iPhone On 2012-09-23, at 3:38 PM, "Shahab Vahabzadeh" wrote: > Dear Paul, > Thanks for you reply, May I have those optimization knobs for > virtual-template and throttles? > Maybe looking into your configurations help me in this field. > I will look for the service provider image too. > Thanks > > On Sun, Sep 23, 2012 at 11:17 PM, PC wrote: > >> For this application, you may wish to consider the service provider images. >> >> The latest 15.x(S) image works, as it is the derivative of what was >> formerly the service-provider oriented 12.2(SRx) images. >> >> However, it's unlikely to drop steady state CPU, but it may contain some >> optimizations for concurrent PPP (re)negotiations on the G2 platform during >> session recovery. >> >> PPPoE will generally handle more users on ethernet as it is easier to push >> packets on when not dealing with the ATM encapsulations, but to what extent >> this holds true on the 7200, I can't tell you for sure. >> >> I'd also read the broadband aggregation guide under the IOS documentation >> on cisco.com, and tune all the knobs that may help you, there are some >> pointers on what items on virtual-templates are punitive in performance, >> other optional items such as disabling SNMP counters on virtual access >> interfaces to reduce cpu usage, and other items that may help little by >> little. There are also various knobs to throttle PPPoE renegotiation rates >> during recovery. >> >> I wish you luck (and consider getting another and/or bigger router to >> split the load). >> >> On Sun, Sep 23, 2012 at 1:23 PM, Shahab Vahabzadeh < >> sh.vahabza...@gmail.com> wrote: >> >>> Which software you used before for them? >>> >>> On Sun, Sep 23, 2012 at 10:43 PM, Rinse Kloek >>> wrote: >>> 6000 PPP users on a NPE-G2 is way too much imho. Currently we do no more than 3000 users on a NPE-G2 with PPPoA. (Max cpu 50%). 5 years ago, we did about 5000 users on a NPE-G2, but as traffic ratio's grow each year the maximum users a NPE-G2 can handle will drop each >>> year. Don't forget an NPE-G2 is a software based plaform, so traffic >>> forwarding is done in software CPU. regards, Rinse Kloek Op 23-9-2012 20:51, Shahab Vahabzadeh schreef: > Hello everybody, > I am using C7206 VXR NPE-G2 routers as BRAS in my network and the >>> current > IOS is *c7200p-adventerprisek9-mz.**124-24.T.bin* on them. >>> > > Also their memory upgraded to 2GB instead of 1GB. > And I have near 6500 online user on each of my BRAS and there is no > speciefic feature except aaa with radius and ordinary features. > There router is also terminating dot1q too because my PSTN centers >>> traffic > comes through dot1q vlans to BRAS es. > I think I have some problem with current IOS, My CPU Usage is abnormal >>> and > Its near %70 or %80. > And when I have a network problem and some of PSTN centers goes down >>> CPU > go > to %99 and it gets problem to recovery. > Do you know any good IOS for me as a service provider to use? > I heard that some service providers have near 8000 online user on 7206. > Thanks > > >>> >>> >>> -- >>> Regards, >>> Shahab Vahabzadeh, Network Engineer and System Administrator >>> >>> Cell Phone: +1 (415) 871 0742 >>> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 >>> >> >> > > > -- > Regards, > Shahab Vahabzadeh, Network Engineer and System Administrator > > Cell Phone: +1 (415) 871 0742 > PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: Heads-Up: GoDaddy Broke the Interwebs...
And this is bad why? Sent from my iPhone On 2012-09-11, at 1:14 PM, "Jason Bertoch" wrote: > Now it's CNN > > /Jason > > > -Original Message- > From: Kyle Creyts [mailto:kyle.cre...@gmail.com] > Sent: Tuesday, September 11, 2012 1:55 PM > To: Operations Dallas > Cc: nanog@nanog.org > Subject: Re: Heads-Up: GoDaddy Broke the Interwebs... > > No DDoS or Anonymous attack appears to have been involved. > > On Tue, Sep 11, 2012 at 10:54 AM, Kyle Creyts > wrote: >> http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=410 >> >> On Mon, Sep 10, 2012 at 1:27 PM, Operations Dallas >> wrote: >>> I thought I saw an article on routergod.com from Dance Patrick > regarding anycast DNS.. >>> ~oliver >>> >>> Sent via DynaTAC. Please forgive spelling and grammar. >>> >>> -Original Message- >>> From: bill.ing...@t-systems.com >>> Date: Mon, 10 Sep 2012 19:13:27 >>> To: ; >>> Subject: RE: Heads-Up: GoDaddy Broke the Interwebs... >>> >>> >>> Looks like this may be a DDoS attack from Anonymous: >>> >>> http://techcrunch.com/2012/09/10/godaddy-outage-takes-down-millions-o >>> f-sites/ >>> >>> >>> -Original Message- >>> From: Aaron C. de Bruyn [mailto:aa...@heyaaron.com] >>> Sent: Monday, September 10, 2012 1:07 PM >>> To: NANOG mailing list >>> Subject: Heads-Up: GoDaddy Broke the Interwebs... >>> >>> For the last ~15 minutes I've been receiving complaints about DNS > issues. GoDaddy DNS is apparently b0rked. I'm also seeing a lot of > tweets about their hosting and VPS being down. I'm unable to access the > control panel for one of my customer accounts. >>> >>> >>> -A >>> >> >> >> >> -- >> Kyle Creyts >> >> Information Assurance Professional >> BSidesDetroit Organizer > > > > -- > Kyle Creyts > > Information Assurance Professional > BSidesDetroit Organizer > >
Re: Bandwidth spikes due to Microsoft release of windows 8 on MSDN
Or R2 service pack 3 Sent from my iPhone On 2012-08-15, at 12:48 PM, "Matthew Petach" wrote: > On Wed, Aug 15, 2012 at 10:34 AM, Blake Pfankuch wrote: >> Anyone seeing a significant increase of traffic with this? >> > > Not yet. Maybe everybody's waiting until service pack 2 is released? > > Matt >
Re: Update from the NANOG Communications Committee regarding recent off-topic posts
On list spam has been minimal but off list cold call type emails have been mounting for several months Sent from my iPhone On 2012-07-30, at 5:29 PM, "Brian Dickson" wrote: >> >> As a quick update, we've implemented some list settings last week >> to help >> to >> >> keep spam off the list. New subscribers are moderated until we're >> comfortable >> with their posts. We rejected the idea of keyword based message >> filtering >> since not only is a lot of work to maintain, it's trivial to get >> around it >> if >> you really want to post banned words. >> Comments and suggestions are welcome. >> Matt Griswold, on behalf of the NANOG Communications Committee >> >> I've always liked the idea found in xkcd.com/810 ;-). > > Brian
RE: Rate shaping in Active E FTTx networks
Juniper dynamic application awareness does a decent job and so does the cisco counterpart saves buying more hw From: Erik Muller [er...@buh.org] Sent: Thursday, July 26, 2012 10:21 PM To: nanog@nanog.org Subject: Re: Rate shaping in Active E FTTx networks On 7/26/12 12:45 , Jason Lixfeld wrote: > Hi all, > > I'm trying to gauge what operators are doing to handle per-subscriber > Internet access PIR bandwidth in Active E FTTx networks. > > I presume operators would want to limit the each subscriber to a > certain PIR, but within that limit, do things like perform preferential > treatment of interactive services like steaming video or Skype, etc., > ahead of non-interactive services like FTP. > > My impression is that a subscriber's physical access in these networks > is exponentially larger than their allocated amount of Internet access. > This would leave ample room on the physical access access for other > services like Voice and IPTV that might run on separate VLANs than the > Internet access VLAN. That said, I doubt there's really that much of a > concern about allocating PIR on these other service VLANs. > > So in terms of PIR for Internet access, is there some magic box that > sits between the various subscriber aggregation points and the core, > which takes care of shaping the subscriber's Internet access PIR, while > making sure that the any preferential treatment of interactive services > is performed. > > Is that a lot to ask for one box? The ridiculously deep buffers > required in order to shape to PIR vs. police to it (because policing to > a PIR is just plain ugly) and the requirements to perform any sort of > preferential packet treatment above and beyond that seem like quite a > lot to ask of one box. Am I wrong? > > Who might make a box like this, if it exists? And if not, what are > folks using the achieve these results? > > Thanks in advance for any insights.. I've seen a few deployments using Packeteer's (now BlueCoat) PacketShaper for this purpose; the only downside I've heard with that platform is cost. Sandvine and Fortinet are a couple other options that have different approaches, but have a lot of this functionality rolled in alongside their broader security services. -e
RE: airFiber (text of the 8 minute video)
that statement posted a few days ago saying that the former Motorola Canopy team designed this product turned me off right away From: Greg Ihnen [os10ru...@gmail.com] Sent: Friday, March 30, 2012 6:36 PM To: Dylan Bouterse Cc: 'nanog@nanog.org' Subject: Re: airFiber (text of the 8 minute video) On Mar 30, 2012, at 6:01 PM, Dylan Bouterse wrote: > A couple of thoughts. First, it's not fair to compare 24GHz to 2.4 or even > 5Gig range due to the wave length. You will get 2.4GHz bleed through walls, > windows, etc. VERY close to a 5GHz transmitter you may get some bleed through > walls but not reliably. 24GHz will not propagate through objects as it's > millimeter wavelength. That coupled with the fact it is a directional PTP > product, you will be able to get a good amount of density of 24GHz PTP links > using the same frequency in a small area (downtown for instance). The comparison isn't on wavelength, it's on the unlicensed-ness of it. Think CB vs Ham Radio. Where 2.4GHz and 5.8GHz are congested people have no where to go but up. You may not be alone up there. Guys already running 24GHz links might look at the sudden availability of cheap 24GHz gear in a different light. Granted there's many things in AirFiber's favor regarding congestion being less of a problem. The short range and high directivity, high cost, etc, but remember this isn't the only 24GHz product out there. In the kind of places where one of these links might be needed, others might have the same need. If you're thinking about the implications of possible congestion/interference when you're thinking about a link between the main office and the warehouse at a plant to give the guys in the warehouse internet that's not mission critical that's one thing. If it's key infrastructure for your ISP business then things start to look different. The licensed links start looking better regarding reliability down the road because you have a protected frequency. For ISPs out in farm country this is less of an issue, but in the more urban areas it is a concern. You start getting interference to your backhaul and you've got serious issues. You possibly have downgraded service or no service at many towers involving lots of customers. > > Another point, the GPS on the airFiber will also allow for frequency reuse to > a point. I would like to see smaller channel sizes though. I hear it will be > a software upgrade down the road. I'm shocked the old Canopy guys didn't code > that into the first release to be honest. The GPS/reuse thing is for transmitters that are synced, that is transmitters belonging to the same system. Someone else's system won't be synced with yours and you won't see that benefit. So if you're thinking that's going to help between competitors it won't. Greg > > Dylan > > -Original Message- > From: Owen DeLong [mailto:o...@delong.com] > Sent: Thursday, March 29, 2012 7:18 PM > To: Oliver Garraux > Cc: NANOG list > Subject: Re: airFiber (text of the 8 minute video) > > > On Mar 29, 2012, at 12:33 PM, Oliver Garraux wrote: > >>> Also keep in mind this is unlicensed gear (think unprotected airspace). >>> Nothing stops everyone else in town from throwing one up and soon you're >>> drowning in a high noise floor and it goes slow or doesn't work at all. >>> Like what's happened to 2.4GHz and 5.8GHz in a lot of places. There's few >>> urban or semi-urban places where you still can use those frequencies for >>> backhaul. The reason why people pay the big bucks for licenses and gear for >>> licensed frequencies is you're buying insurance it's going to work in the >>> future. >>> >>> Greg >> >> I was at Ubiquiti's conference. I don't disagree with what you're >> saying. Ubiquiti's take on it seemed to be that 24 Ghz would likely >> never be used to the extent that 2.4 / 5.8 is. They are seeing 24 Ghz >> as only for backhaul - no connections to end users. I guess >> point-to-multipoint connections aren't permitted by the FCC for 24 >> Ghz. AirFiber appears to be fairly highly directional. It needs to >> be though, as each link uses 100 Mhz, and there's only 250 Mhz >> available @ 24 Ghz. >> >> It also sounded like there was a decent possibility of supporting >> licensed 21 / 25 Ghz spectrum with AirFiber in the future. >> >> Oliver > > I don't think it's an FCC issue so much as 24Ghz has so much fade tendency > with atmospheric moisture that an omnidirectional antenna is about as > effective as a resistor coupled to ground (i.e. dummy load). > > The only way you can get a signal to go any real distance at that frequency > is to use a highly directional high-gain antenna at both ends. > > Owen > > > >
Re: Verizon FiOS - is BGP an option?
Peering is generally for a comercial endevor to my understandind fios is a residential service so which are you trying to accomplish Sent from my iPhone On 2012-03-13, at 7:32 PM, "Christopher Morrow" wrote: > On Tue, Mar 13, 2012 at 8:20 PM, Faisal Imtiaz > wrote: >> So I have to ask you the big question... >> >> Why do you want to do BGP with Comcast or Verizon ? (Over FIOS or >> Cable ?) >> >> Is the intent to Peer with their network ? (which they will >> rightfully only >> allow on bigger fatter connections).. > > 'peer' has many connotations, I think most of the cases of it over > FIOS are just: "I want bgp so I can announce my prefixes, and see > yours/default/etc" (which leads to 'multihoming' and other normal (for > businesses) activities on the Internet. > >> >> or >> Are you trying to delivery your IP's to a End Customer behind that >> FIOS / >> Cable Connection ? ... >> (there a ways to accomplish this without needing their cooperation..) > > or you are multihomed > or you want some semblence of 'the internet is down' so other bits of > your infrastructure can take over > or you want ... a thousand other things. >
Re: NANOG Operational TTL Alert for 160-bit Headers (aka IPv4)
Someone has been drinking the bong water Sent from my iPhone On 2012-03-03, at 5:03 PM, "Guru NANOG" wrote: > Common Misconception - IPv4 is Out of Address Space > > NANOG Operational TTL Alert for 160-bit Headers (aka IPv4) > > The 8-bit TTL field is reduced to 4-bits plus two 11 bits stuck at 1 > for a long time > > The new 8-bit fields are: SD11 > > Packets without the 11 will enter Deep Packet Inspection processing > (slow) > > SD are new Source and Destination Address bits set via the generic > 128-bit records > > 4+8+12+30+6 = 60 + 68 = 128 > > VRHL+111.T1.000+Port12+30+Frag6 > > T1 sets the TTL bits - Use T0 at your own risk - VRHL=0101=5 > > NANOG.GURU.☺ >
Re: Canadian ops working under a U.S. TN visa
Had 4 HD,s held for a week Sent from my iPhone On 2012-02-16, at 7:59 PM, "John Levine" wrote: >>> I am in the last-moment phase of moving from Canada to the U.S. >>> for a >>> one-year contract. Tomorrow I will be crossing at the Peace Bridge >>> at >>> Niagara to apply for my TN visa. >> >> And here I thought it was just West Virginia and Alabama that >> required their >> own separate visas for furriners. ;) > > Watch out or I'll tell you about the time I was busted at the > Rainbow Bridge for > undeclared photo albums. > > R's, > John >
Re: Console Server Recommendation
Currenly run 80+ raritan ksx boxes under the cc device with zero issue alot more expensive than othe solutions but the single point of touch is a life saver Sent from my iPhone On 2012-01-30, at 6:44 PM, "Christopher J. Pilkington" wrote: > On Jan 30, 2012, at 16:52, Robert Hajime Lanning > wrote: > >> Avocent Cyclades ACS uses Cat5 straight through cables to Cisco >> consoles. > > We have Cyclades ACS boxen also, but ours require rollover cables, not > straight, when talking to a Cisco console. YMMV. >
Re: recommendations for external montioring services?
Solar winds as you send in the specific mib required to monitor and a week later it's general release Sent from my iPhone On 2011-12-13, at 7:11 PM, "Robert Brockway" wrote: > On Mon, 12 Dec 2011, Eric J Esslinger wrote: > >> I'm not looking to monitor a massive infrastructure: 3 web sites, 2 >> mail >> servers (pop,imap,submission port, https webmail), 4 dns servers >> (including lookups to ensure they're not listening but not >> talking), and >> one inbound mx. A few network points to ping to ensure connectivity >> throughout my system. Scheduled notification windows (for example, >> during work hours I don't want my phone pinged unless it's everything >> going offline. Off hours I do. Secondary notifications if problem >> persists to other users, or in the event of many triggers. That >> sort of >> thing). Sensitivity settings (If web server 1 shows down for 5 min, >> that's not a big deal. Another one if it doesn't respond to repeated >> queries within 1 minute is a big deal) A Weekly summary of issues >> would >> be nice. (especially the 'well it was down for a short bit but we >> didn't >> notify as per settings') I don't have a lot of money to throw at >> this. I > > Hi Eric. The feature set you are describing should be in any > monitoring > system worthy of the name. I've used Nagios to good effect for the > best > part of the last 12 years or so. Before that I used Big Brother, > which > sucked in various ways. > > I did an evaluation on a wide variety of FOSS monitoring systems 2-3 > years > ago and Nagios won at the time (again). Generally I found the > alternatives had problems that I considered to be quite serious > (such as > being overly complicated or doing checks so frequently that they > loaded > the systems they were supposed to be monitoring[1]). > > I'm currently trialing Icinga, a fork of Nagios. > > Puppet can be set up to manage Nagios/Icinga config which cuts down > on the > admin overhead. > > Nagios/Icinga can be hooked up to Collectd to provide performance > data as > well as alert monitoring. > > One concern about external monitoring services is the level of > visibility > they need to have in to your network to adequately monitor them. > > My recommendation is to do a proper risk assessment on the available > options. > >> DO have detailed internal monitoring of our systems but sometimes >> that >> is not entirely useful, due to the fact that there are a few 'single >> points of failure' within our network/notification system, not to >> mention if the monitor itself goes offline it's not exactly going >> to be >> able to tell me about it. (and that happened once, right before the >> mail >> server decided to stop receiving mail). > > There are a couple of ways to deal with this. Some monitoring > applications can fail-over to a standby server if the primary > fails. But > this isn't even really necessary. You will arguably gain higher > reliability by running multiple _independent_ monitors and have them > monitor each other[2]. I have often used this approach. > > The principal aim here is to guarantee that you are alerted to any > single > failure (a production service, system or a monitor). Multiple > simultaneous failures could still produce a blackspot. It is > possible to > design a system that will discover multiple simultaneous failures, > but it > takes more effort and resources. > > > [1] Sometimes I wonder if the people developing certain systems have > any > operational experience at all. > > [2] A system designed to fail-over on certain conditions may fail to > fail-over, ah, so to speak. > > Cheers, > > Rob > > -- > Email: rob...@timetraveller.orgLinux counter ID #16440 > IRC: Solver (OFTC & Freenode) > Web: http://www.practicalsysadmin.com > Director, Software in the Public Interest (http://spi-inc.org/) > Free & Open Source: The revolution that quietly changed the world > "One ought not to believe anything, save that which can be proven by > nature and the force of reason" -- Frederick II (26 December 1194 – > 13 December 1250)
Re: BGP conf
Why would you want to advertise full verizon routes out to the ix? You shoud only be advertising your own network via ix Sent from my iPhone On 2011-11-01, at 7:59 PM, "Edward avanti" wrote: > Halo, > First, I accept this might not really right list for request, have > use nsp > cisco list but only first post to was succeed, sent several other > for past > 4 day and none appear (verified by list archive) so please excuse > request. > > I am in need of a cisco config for BGP setup, we have a require to > include > IX peering at new location as well as our Verizon link, we like to > take > full bgp from Verizon and send to IX what they send us, I spend days > reading google, and so many conflict web site example, so many > example seem > insecure no prefix list so on. end result to date is only sore eyes, > would > someone who do same (not need be Verizon) be kind to send us off list > working running config (yes without your password heh) or at least > how to > apply to BGP router including access/prefix list and interfaces so > we have > an idea on what do, if you take two full BGP feed from two transit > carrierin load share and IX, that good, because that our stage three > plan, > but I can work without two transit. > > I am not ignorant with cisco 7201, but am total newby to BGP. > > Best Thanks > Edwardo
RE: Telus mail server admin
Sorry if that came off harsh but per Telus business support there are no mail admins at Telus. -Original Message- From: John Levine [mailto:jo...@iecc.com] Sent: Friday, October 07, 2011 1:03 AM To: nanog@nanog.org Subject: Re: Telus mail server admin >DISCLAIMER: This communication and any files transmitted with it may >contain information that is privileged or confidential and is intended >to be for the use of the individual (s) or entity named above. This >material may contain confidential or personal information which may be >subject to the provisions of the Municipal Freedom of Information & >Protection of Privacy Act. If you are not the intended recipient of this >communication and any files transmitted with it, any use, review, >retransmission, distribution, dissemination, copying, printing, or other >use of, or taking of any action in reliance upon this communication, is >strictly prohibited. If you have received this e-mail in error, please >contact the sender and delete the original and any copy of this e-mail, >and any printout thereof, immediately. Finally, the recipient should >check this e-mail and any attachments for the presence of viruses. The >Dryden Police Services Board and the Corporation of the City of Dryden >accepts no liability for any damage caused by any virus transmitted by >this email. Wow. I was thinking about answering the question, but now I don't dare. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly PS: I spent ten years as an elected official with no disclaimer in my e-mail, and lived!
Telus mail server admin
Looking for a Telus tech with a clue to contact me offline regarding an issue that has arisen this week. DISCLAIMER: This communication and any files transmitted with it may contain information that is privileged or confidential and is intended to be for the use of the individual (s) or entity named above. This material may contain confidential or personal information which may be subject to the provisions of the Municipal Freedom of Information & Protection of Privacy Act. If you are not the intended recipient of this communication and any files transmitted with it, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or taking of any action in reliance upon this communication, is strictly prohibited. If you have received this e-mail in error, please contact the sender and delete the original and any copy of this e-mail, and any printout thereof, immediately. Finally, the recipient should check this e-mail and any attachments for the presence of viruses. The Dryden Police Services Board and the Corporation of the City of Dryden accepts no liability for any damage caused by any virus transmitted by this email.
Re: ouch..
Nat444 or frontal labotomy hmm let's see at least with the second I would still be able to make a living as a micro soft network admin;) Sent from my iPhone On 2011-09-14, at 6:07 PM, "James Jones" wrote: > On 9/14/11 2:46 PM, Leo Bicknell wrote: >> In a message written on Thu, Sep 15, 2011 at 09:24:25AM +1200, Don >> Gould wrote: >>> How many of you have sat and thought about the merit of this web >>> site? >> Ok, I'll take a swing at your list... >> >>> * Does Juniper break promises? >> Yes. >> >>> * Does Cisco break them? >> Yes. >> >>> * What bad things and experiences have you had with Cisco, Juniper? >> It might take me several days, and many pages to compile that list. >> >>> * What is the best technology for each company? >> Cisco: The AGS+ was ahead of its time. >> Jiniper: The Olive is quite nifty. >> >>> * Did you know that Cisco has a 100Gb solution? >> Yes, but I can't afford it. >> >> Now, with that out of the way, how much does everyone else hate >> even the >> thought of NAT444? >> >> :) :) :) >> > > Just the thought of NAT444 makes my stomach turn. > > >
RE: OT: Given what you know now, if you were 21 again...
Get an executive MBA then you can dictate to us lowly techs what technology we will use without ever having to know why. Plus you will earn 10x the $$$ by the time you are 30 without having to recertify every couple years. From: Scott Berkman [sc...@sberkman.net] Sent: Wednesday, July 13, 2011 7:01 PM To: Saku Ytti Cc: nanog@nanog.org Subject: Re: OT: Given what you know now, if you were 21 again... Saku nailed it. Learn the networking basics and underlying concepts (OSI!), everything else is an "application" that runs on that, and can be picked up pretty easily if you understand what it depends on. Wireshark (or your favorite capture tool) is your friend. That said, I feel knowing some of the parallels like *nix and vendor specifics (ie if you know Cisco IOS, many others follow this interface like a standard) really comes in useful over time. -Scott On Thu, 2011-07-14 at 00:28 +0300, Saku Ytti wrote: > On (2011-07-13 14:08 -0700), Larry Stites wrote: > > > Given what you know now, if you were 21 and just starting into networking / > > communications industry which areas of study or specialty would you > > prioritize? > > Again? Buy AAPL, INTC and MSFT with loan money and study *cough*, finer things > in life. > > But in all seriousness, networking like I suppose most professions are not > about knowing one thing and stopping. It's evolving rather rapidly so most > thing you know now are irrelevant in decade or two. What you should learn is > how to learn, how to attack problems and learn to love doing both. >
RE: Multitenant FWs
Paloalto Networks build some nice gear From: David Oramas [david.ora...@aptel.com.au] Sent: Sunday, May 01, 2011 8:42 PM To: nanog@nanog.org Subject: Multitenant FWs Hi, What do you guys recommend for Multitenant Firewalls with support for over 1,000+ users/contexts? I have looked at Centrinet's Accessmanager and Barracuda NG Firewall. Any other players/products? Many Thanks in advance for the input,
Re: OT: Question/Netflix issues?
Netflix is currently down Sent from my iPhone On 2011-03-22, at 6:47 PM, "Raul Rodriguez" wrote: > What does the AS path look like from them to you? > > -RR > > On 3/22/11, Joe Blanchard wrote: >> Greetings, >> >> I know this is way off topic, but is anyone else getting calls/ >> tickets >> about Netflix access problems? >> >> I tried (sucessfully) to duplicate the issues, seems like extremely >> slow >> responses from the servers I have tested, as well seems the web >> servers >> are also either overloaded or just dropping packets. Just wondering >> if >> anyone else is seeing the same. >> >> Kind Regards, >> -Joe Blanchard >> > > -- > Sent from my mobile device >
RE: Switch with 24x SFP PVLAN QinQ Layer 2
Rad ETX 1002 and ETX 201A as CPE -Original Message- From: Nick Colton [mailto:ncol...@allophone.net] Sent: Wednesday, March 02, 2011 9:17 AM To: Adam Armstrong Cc: nanog@nanog.org Subject: Re: Switch with 24x SFP PVLAN QinQ Layer 2 Adam, Have you looked at the Calix E7 platform or the Adtran TA5000? Both are Layer 2 only. Nick Colton Allo Communications On Wed, Mar 2, 2011 at 3:19 AM, Adam Armstrong wrote: > Hi All, > > I'm scouring the Internet for potential devices to use in a FTTB/FTTP > scenario. > > Requirements are basically just 24/48 SFP ports, PVLAN and selective QinQ. > Most devices that fit the requirements are Layer 3, which pushes the cost > per port too high. > > Has anyone come across anything I've not found yet? > > Thanks, > adam. > >
Re: 6453 routing leaks (January and Today)
Would love a pm on the platform in question Sent from my iPhone On 2011-02-25, at 12:23 PM, "Paul Stewart" wrote: > Yes, very scary actually > > Human error is unavoidable - it's going to happen at times - BUT > > In our communities design, there has been times where we have missed > a tag > on an inbound customer for example. It scares the crap out of me to > think > that something like that simple mistake could cause route leakage. > Thankfully, anytime it has happened it would caught pretty quickly > and fixed > - in the meantime the routes simply didn't leave our network (the > way it > should be). > > Obviously the scales are different between someone like ourselves > and that > of TATA - but the principles and common sense remain. > > Paul > > > > -Original Message- > From: Richard A Steenbergen [mailto:r...@e-gerbil.net] > Sent: Friday, February 25, 2011 12:52 PM > To: Jared Mauch > Cc: NANOG list > Subject: Re: 6453 routing leaks (January and Today) > > On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote: >> Update: >> >> I have had a source ask me to post the following: >> >> -- snip -- >> The problem with route leaking was caused by specific routing >> platform >> resulting in some peer routes not being properly tagged. >> We are deploying additional measures to prevent this from happening >> in >> the future >> -- snip -- > > Hopefully someone learned a lesson about BGP community design, and how > it should fail safe by NOT leaking if you accidentally fail to tag a > route. Always require a positive match on a route to advertise to > peers, > not the absence of a negative match. > > -- > Richard A Steenbergenhttp://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 > 2CBC) > >
