Re: Current diameter of the Internet?

[Nathan Angelacos]

On Mon, 2024-07-22 at 17:57 -0400, Josh Luthman wrote:
> Right, that's why I asked where the 3 days come from.
> 
> I found an India website and I'm located in Ohio.  That's pretty
> close to the opposite side of the world.  I'm assuming it's a
> terrestrial service.  My results are comparable to others in this
> thread, 200-280 ms on the higher end.

To be serious, from my experience Comcast  consumer internet in
Monterey CA to Eritrea / Burkina Faso (which is pretty crazy to get to)
was within that range.

Re: Current diameter of the Internet?

[Nathan Angelacos]

On Mon, 2024-07-22 at 17:05 -0400, Sean Donelan wrote:
> 
> OMG, Not trying to solve Einstein's General Theory of Relativity.
> 
> Just trying to choose reasonable timeouts for my TCP packets 
> :-)


To quote someone I respect

I have a bridge loop here for you. :D

Re: Current diameter of the Internet?

[Nathan Angelacos]

On Sun, 2024-07-21 at 16:10 -0700, Michael Thomas wrote:
>  
> 
>  
>  
> On 7/21/24 4:05 PM, Josh Luthman wrote:
>  
> > 
> > Mel, 
> > 
> > 
> > 
> > Voyager is using radio waves, which travel faster than the speed of
> > light (in a vacuum, too!).  But my point is more Earth to outside
> > the solar system is ~24 hours so where did circumnavigating the
> > globe get three days of latency?
> >  
>  


I'm the one who said 3 days.  I was wrong.   Can we go with 1.833 days
RTT (22 hrs out, 22 hrs back)?

Sorry folks.

Re: Current diameter of the Internet?

[Nathan Angelacos]

On Sat, 2024-07-20 at 00:58 -0500, Stas Bilder wrote:
> Pity we can’t ping Voyagers.
> 
> S.


ROTFL,   you actually had me pull out Star Trek - The Movie... Wow...
what a blast from 1979.

So yeah ... According to our media outlets, RTT of the internet is ...
um 3 days.

Re: "Hypothetical" Datacenter Overheating

[Nathan Ward via NANOG]

On 16/01/2024 at 10:50:13 PM, Saku Ytti  wrote:

> On Tue, 16 Jan 2024 at 11:00, William Herrin  wrote:
>
> You have a computer room humidified to 40% and you inject cold air
>
> below the dew point. The surfaces in the room will get wet.
>
>
> I think humidity and condensation is well understood and indeed
> documented but by NEBS and vendors as verboten.
>
> I am more interested in temperature changes when not condensating and
> causing water damage. Like we could theorise, some soldering will
> expand/contract too fast, breaking or various other types of scenarios
> one might guess without context, and indeed electronics often have to
> experience large temperature gradients and appear to survive.
> When you turn these things on, various parts rapidly heat from ambient
> to 80-90c. So I have some doubts if this is actually a problem you
> need to consider, in absence of condensation.
>

Here’s some manufacturer specs:

https://www.dell.com/support/manuals/en-nz/poweredge-r6515/per6515_ts_pub/environmental-specifications?guid=guid-debd273c-0dc8-40d8-abbc-be059a0ce59c=en-us

3rd section, “Maximum temperature gradient”.

>From memory, the management cards alarm when the gradient is exceeded, too.

--
Nathan Ward

Rackspace contact

[Nathan Book via NANOG]

Can someone at Rackspace contact me off list? We have issues reaching a
Rackspace customer's site.

Thanks,

*Nathan Book* | IT/Broadband Specialist | GMN Broadband

Re: New addresses for b.root-servers.net

[Nathan Ward]

On 2/06/2023 at 10:22:46 AM, Wes Hardaker  wrote:

>
> 2. I'll note that we are still serving DNS requests at the addresses that
> we switched away from in 2017 [1][2].  At that time we actually only
> promised 6 months and we've doubled that time length with our latest
> announced change.  But we do need a date after which we can turn off
> service to an address block if some reason demands it.
>

Hi Wes,

Seems to me that this could be heavily informed by historical data from
this earlier renumbering.

Do you have query rates over time for the old and new addresses since this
change in 2017?

Even if you end up with the same answer of 12mo, data supporting it may
give comfort to the community.

Maybe you make a call that once it’s at say 1% or 0.1% or something like
that, then it’s OK to turn off - and make a prediction for when that might
be based on the historical data.

--
Nathan Ward

Offline contact for MS Windows network stack dev? (Win10 IPv6 bug Q.)

[Nathan Anderson]

Not sure this is the best place to ask, but I'm not sure where else to go at 
this point...  I'm trying to find somebody on the Windows development team that 
might be able & willing to help me track down some info on a bizarre IPv6 bug 
I've been chasing in Win10 & its related fix.

I can confirm the bug in question was silently fixed somewhere in between 
10.0.18362.657 and 10.0.18362.693 and that it seems to be within the tcpip.sys 
component, but the release notes for KB4535996 make zero mention of it.  The 
fix has also seemingly never been backported to LTSC 2019.

Essentially the problem is that, in a dual-stack environment, if a DNS lookup 
returns both an A and an  record, Windows will prefer to make a connection 
to the target host via v4, claiming that it chose to do so because it is 
"Prefer[ring] [the] Aoac Interface", as if the given network interface only 
supports Connected/Modern Standby for IPv4 and not v6.  Despite this, with the 
exact same drivers on the exact same host with the exact same hardware & 
network interfaces connected to the exact same LAN, the seemingly-fixed 
tcpip.sys no longer behaves this way.  (It actually even works on "buggy" 
tcpip.sys after a fresh reboot, but only for some undefined amount of time 
before it reverts to this behavior.  My theory is the codepath that is causing 
this is only *supposed* to be followed while the PC is *actually* asleep & not 
during normal operation, but some bit in memory is getting flipped when some 
event occurs, and the logic that is taking this particular bit into account is 
faulty.)

If anybody can put me in touch with somebody who can pull a changelog of 
tcpip.sys between those two versions, I'd really appreciate it!  I'm just 
trying to better understand the exact nature of the bug & the fix, since a 
NetTrace would implicate buggy network interface drivers, but that clearly 
can't be the whole story.  And I'd like to figure out if a workaround is 
available for still-supported Windows versions that do not incorporate the 
actual fix (e.g., some registry entry that will make Windows ignore the 
freaking AOAC support reported by the network interface driver...the NetTrace 
entry implies Windows is following RFC 6724 and that it is considering the IPv6 
destination to be "unreachable" [merely because of lack of AOAC support in the 
driver for IPv6?!], which is clearly not the case).

Thanks!

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

Re: jon postel

[Nathan Angelacos]

> 
> Early unix had a similar philosophical debate. Everything is a simple
> file (including most devices), make commands which do one thing and
> do it well so they can be connected together in new ways (an almost
> prescient view on the ubiquity of multi-cpu/core systems), when in
> doubt generalize and let the user specialize for their needs, don't
> try to guess everything your program will be used for.



Oh. you mean SaaS?  or WebSockets?  or REST? or :)

I remember an old guy I worked with.   We were decommissioning our
Prime for this new thing called "Novell 286"

He said "The computer industry is like the car industry in the 50's.  
We add more grille, more fenders, more wings.   But it is still a car."

Re: jon postel

[Nathan Angelacos]

On Sun, 2022-10-16 at 13:23 -0700, Randy Bush wrote:
> it's been 24 years, and we still live in his shadow and stand on his
> shoulders.  we try not to stand on his toes.
> 
> randy

I got on the "interwebs" just before Al Gore invented the internet (no
political statement, just that is the way it was back then.)   15 3.5"
floppy disks, a 33Mhz 486, slackware, (and a really reliable USRobotics
modem.)

I found this thing called "RFC"... and Jim Postel was a man I really
wanted to meet.  

Thanks, Randy, for reminding me of the shoulders I stand on.

Re: FCC chairwoman: Fines alone aren't enough (Robocalls)

[Nathan Angelacos]

On Tue, 2022-10-04 at 08:05 -0600, Jawaid Bazyar wrote:
> Phone spam pretty much always involves the knowledge and involvement
> of the provider. There are no phone providers who don't know when one
> of their customers are making millions of robocalls.
> 
> International toll fraud also always involves the collusion of
> corrupt small country telephone monopolies.
> 
> So unlike email spam, where there are a million ways to send a
> million emails a minute without someone being aware, phone spam is
> definitively collisional. (Is that a word?)
> 

collusion:  

noun:
secret or illegal cooperation or conspiracy, especially in order to
cheat or deceive others.

Law:
illegal cooperation or conspiracy, especially between ostensible
opponents in a lawsuit.


Yup.  Having worked for a small VoIP provider, your comment is exactly
on point.

RE: iCloud/Apple Mail contact.

[Nathan Anderson]

Did you ever manage to find out who at Apple to speak to about getting things
added to or changed in this database?

 

Quite irritating how there is zero public-facing information about this.  Also,
an Apple employee authored RFC 6186, yet they don't implement it??

 

-- Nathan

 

From: NANOG [mailto:nanog-bounces+nathana=fsr@nanog.org] On Behalf Of Matt
Hohman
Sent: Wednesday, July 20, 2022 10:28 AM
To: nanog@nanog.org
Cc: Jonathan Dukes
Subject: iCloud/Apple Mail contact.

 

Hello,

 

Looking for an iCloud/Apple admin contact me off list. 

 

I’ve exhausted all the usual support channels on this one and some of the
responses have been quite comical.

 

Background:

Every time you setup an email account in Apple Mail it will check the domain
entered against a database of email server settings and conveniently autofill
those settings.

 

10 or so years ago we reached out to our business contact at Apple to setup
email server auto discovery for our domain, over the last decade our contact
has left and any attempts to reach Apple to get this info updated have been
fruitless. The autofilled info now points to a long dead email server.

 

 

Thanks,
Matt Hohman
Technical Director
New Heights Foundation

IPv6 on Lumen/CL

[Nathan Anderson]

We have a circuit on AS209 that was originally provisioned v4-only.  I'm now 
trying to get Lumen to turn v6 up on it.  How long does this typically take?  
I've had a configuration ticket open for nearly 3 biz days now with no movement 
(or even acknowledgement).  For anybody who has gone through this with them, is 
this unusual or nah?

When they do get around to it, what can I expect in terms of how they will 
prefer to set this up?  Separate BGP session running over v6 itself, or modify 
existing session to have it also carry v6 NLRIs?

Thanks,

-- Nathan

Re: What say you, nanog re: Starlink vs 5G?

[Nathan Stratton]

I use Comcast Business for my primary at home, but it is so bad that I was
forced to get Starlink as backup. I am not in a city, but close enough that
there would be issues.

><>
nathan stratton


On Thu, Jun 23, 2022 at 9:47 PM John Levine  wrote:

> It appears that Eric Kuhnke  said:
> >Adding a terrestrial transmitter source mounted on towers and with CPEs
> >that stomps on the same frequencies as the last 20 years of existing two
> >way VSAT terminals throughout the US seems like a bad idea. Even if you
> >ignore the existence of Starlink, there's a myriad of low bandwidth but
> >critical SCADA systems out there and remote locations on ku-band two way
> >geostationary terminals right now.
>
> I think the original thought was that the satellite service would be used
> in
> rural areas and 5G in cities so there'd be geographic separation, but
> Starlink
> is selling service all over the place.
>
>

Re: V6 still not supported

[Nathan Angelacos]

On Fri, 2022-03-18 at 13:17 -0700, Michael Thomas wrote:
> 
> > 
> We weren't part of the wars. What I saw was what eventually became ipv6
> and I remember talking to one of my coworkers about how hard he
> thought it would be to implement. He concurred that he didn't think it
> would be any big deal. One of our big issues is that we didn't have
> anybody to interop with, that and nobody was asking for it unlike v4
> features.

Classic Second System Effect, as described by Fred Brooks... in 1975. 
"The Mythical Man-Month" is a great book for remembering how we got
here.

https://en.wikipedia.org/wiki/Second-system_effect

But as all you have said, here we are.

Re: CC: s to Non List Members (was Re: 202203080924.AYC Re: 202203071610.AYC Re: Making Use of 240/4 NetBlock)

[Nathan Angelacos]

On Tue, 2022-03-08 at 19:25 -0500, Tom Beecher wrote:
> 
> 
> The only way IPv6 will ever be ubiquitous is if there comes a time
> where there is some forcing event that requires it to be. 
> 
> Unless that occurs, people will continue to spend time and energy
> coming up with ways to squeeze the blood out of v4 that could have
> been used to get v6 going instead. I don't foresee anything changing
> for most of the rest of our careers, and possibly the next generation
> behind us. 


Exactly.   The only thing I see changing anything is when the MTU gets
low enough that you are sending more encapsulation headers than
payload.   When the effective MTU is 8, then... But by then I'll have a
1Tb link to my house... so who cares?!

Re: VPN recommendations?

[Nathan Angelacos]

On Sat, 2022-02-12 at 13:24 -0700, Grant Taylor via NANOG wrote:
> On 2/11/22 12:35 PM, William Herrin wrote:
> > The thing to understand is that IPSec has two modes: transport and 
> > tunnel. Transport is between exactly two IP addresses while tunnel 
> > expects a broader network to exist on at least one end.
> 
> That is (syntactically) correct.  However, it is possible to NAT many
> LAN IPs (say RFC 1918) to one single Internet IP (say from a SOHO
> ISP) 
> and use IPSec /Transport/ Mode to a single remote IP.  The IPSec sees
> exactly two IPs.
> 
> > "Tunnel" mode is what everyone actually uses
> 
> I may be enough of an outlier that I'm a statistical anomaly.  But
> I'm using IPSec /Transport/ Mode between my home router and my VPSs. 
> I have a tiny full mesh of IPSec /Transport/ Mode connections.
> 

+1 on *cough* enterprise networks.

> Using the aforementioned many-to-one NAT, my home LAN systems access
> the single globally routed IP of each of my VPSs without any problem.
> 

+1

> Aside:  I did have to tweak MTU for LAN traffic going out to the VPS
> IPs.

+1

> 
> So -1 for '"Tunnel" mode is what everyone actually uses', and +1 for 
> /Transport/ Mode 

+1

Re: New minimum speed for US broadband connections

[Nathan Angelacos]

20 miles from Sacramento.

Mother-in-law has an ATT  DSLAM *at the end of her driveway*  on
the other side of the street.  ATT swears she can get internet. Until
she tries to sign up, and "oh no... wrong side of the street"

She is at 700Kbps over a WISP ... *after* she trimmed the trees to get
line of sight.

sigh.

Re: Open source mapping of US high voltage electrical grid

[Nathan Stratton]

Very cool, thanks, Eric.

><>
nathan stratton


On Sat, Jan 15, 2022 at 9:48 PM Eric Kuhnke  wrote:

> Possibly of interest for network operators who have inter-city circuits,
> where the underlying carrier is something on OPGW fiber in high voltage
> lines.
>
> These people seem to be making an effort at mapping out high voltage
> lines, hydroelectric dams, substations, etc.
>
> https://openinframap.org
>
>

Re: An update on the AfriNIC situation

[Nathan Angelacos]

On Mon, 2021-08-30 at 16:08 -0700, Owen DeLong via NANOG wrote:
> 
> 
> 
> I am here doing what I am doing because I have ethics and morals.
> Because even though I often disagree with Lu, in this case, he
> happens to be right and AFRINIC must not be allowed to act so
> irresponsibly in this matter.
> 
> Owen
> 

Amen.  Sucks to be moral.  But at the end of the day, you have to go to
sleep and say I did what was moral. 

To me, that is NANOG.

RE: Amazon Prime Video IP reputation

[Nathan Gerencser]

Geoguard takes care of Amazon and are usually responsive.

n...@geoguard.com<mailto:n...@geoguard.com>

Nathan Gerencser, Network Engineer
MetaLINK Technologies

From: NANOG  On Behalf Of 
Josh Luthman
Sent: Monday, August 23, 2021 8:47 AM
To: Eric C. Miller 
Cc: nanog@nanog.org
Subject: Re: Amazon Prime Video IP reputation

I've had a couple calls over the weekend from customers that got blocked.  Was 
there any resolution to this or place to contact them?  TBW page is only a link 
to the forums.

Josh Luthman
24/7 Help Desk: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


On Wed, Aug 18, 2021 at 3:51 PM Eric C. Miller 
mailto:e...@ericheather.com>> wrote:
We found that ipqualityscore.com<http://ipqualityscore.com> seems to match up 
with the CGNATs that we are having the most trouble with. They indicated a 1-3 
day turnaround in responding to mis-classifications. We might have to make a 
habit of calling them every 30 minutes until they do something.

From: NANOG 
mailto:ericheather@nanog.org>>
 On Behalf Of Joshua Stump
Sent: Wednesday, August 18, 2021 1:40 PM
To: nanog@nanog.org<mailto:nanog@nanog.org>
Subject: RE: Amazon Prime Video IP reputation

I’m having the same with one of my valid IPv4 /21 right now. Amazon Prime, HBO 
Max, and Hulu confirmed. Just started within the last couple days.

Joshua Stump
Network Admin
Fourway.NET<https://fourway.net/>
800-733-0062

From: NANOG 
mailto:nanog-bounces+jstump=fourway@nanog.org>>
 On Behalf Of Eric C. Miller
Sent: Tuesday, August 17, 2021 7:31 PM
To: NANOG mailto:nanog@nanog.org>>
Subject: Amazon Prime Video IP reputation

Does anybody know which IP reputation service Amazon uses for Prime video? 
Within the last couple of hours several of our CGNAT publics are showing up as 
VPN or proxy when someone tries to watch Amazon video.

Any help would be appreciated!

Thank you!
Eric

QVC.com Technical Contact

[Nathan Gerencser]

Looking for a contact, trying to clear up a reachability issue. Please reach 
out to me off-list.

Thanks,
Nathan Gerencser
MetaLINK Technologies

Re: A crazy idea

[Nathan Angelacos]

On Mon, 2021-07-19 at 08:51 -0700, Randy Bush wrote:
> > Well, for SLAAC you need a /64
> 
> this is not true
> 
> randy


That is cool!   Can you point me to the correct RFC please?

Re: 10 years from now... (was: internet futures)

[Nathan Stratton]

I mix Starlink and Comcast over two openvpn tunnels to my datacenter in
Ashburn.

><>
nathan stratton


On Mon, Mar 29, 2021 at 3:38 PM Matt Erculiani  wrote:

> I wouldn't be the least bit surprised if anyone out there was trying to
> mix their StarLink kit and existing broadband service to optimize
> performance and/or add redundancy though.
>
> The underlying technologies will change, but what people try to do with
> them will remain relatively unchanged.
>
> Back 20 years ago people were talking about their Frame Relay P2P
> services, now they talk about their Ethernet P2P services.
>
> -Matt
>
> On Mon, Mar 29, 2021 at 1:10 PM Aaron C. de Bruyn 
> wrote:
>
>> On Mon, Mar 29, 2021 at 11:39 AM Matt Erculiani 
>> wrote:
>>
>>> I think the best way to think about what 10 years from now will look
>>> like is to compare 10 years ago to the present:
>>> https://mailman.nanog.org/pipermail/nanog/2011-April/thread.html
>>>
>>
>> Multi-homing your DSL connection?
>> I can't wait to multi-home my 10x10 array of StarLink satellites in a few
>> years...
>>
>> -A
>>
>
>
> --
> Matt Erculiani
> ERCUL-ARIN
>

Re: Where do your 911 fees go and why does 911 fail

[Nathan Stratton]

On Wed, Dec 30, 2020 at 2:13 PM Sean Donelan  wrote:

> The folks on this list likely know where the central Tennessee backup
> tandem office is located. Although its semi-public knowledge, I avoided
> mentioning its location until the immediate threat passed.  LATAs don't
> have much legal meaning anymore, but every LATA had at least two tandem
> offices.
>
> Nevertheless, the "cloud" still depends on physical infrastructure.
>
> I'm sure there will be several investigations by regulators why all
> the 911 PSAPs didn't fail-over to the backup tandem office. Of course,
> single-homed circuits physically connected to the Nashville CO wouldn't
> fail-over.
>

Amazing how much data is in LERG.

-Nathan

AT Wireless contact

[Nathan Anderson]

This is probably a long shot, but are there any AT Wireless engineers here, & 
one who wouldn't mind contacting me off-list?  I may be misinterpreting what 
I'm seeing, but I think you might have a small number of MMSC servers that are 
down...

-- Nathan

Re: questions asked during network engineer interview

[Nathan Stratton]

On Mon, Jul 20, 2020 at 4:45 PM Sander Steffann  wrote:

> > I find there's a strong INVERSE correlation between the quantity of
> > certificates on an applicant's resume and their ability to do the
> > job.
>
> Never got a certificate, don't want one either :)
>

That's what I said about high school, my parents were not thrilled, but at
least for me, it worked out.

-Nathan

Amazon Prime Video Contact

[Nathan Gerencser]

Anybody have a contact at Amazon that could help clear up an issue with an  IP 
prefix being blocked from accessing the Prime Video service?

Thanks in advance.

Nathan Gerencser, Network Engineer
MetaLINK Technologies

Re: Quagga for production?

[Nathan Brookfield]

Hi Mate,

Yep on and off for about 15 years, very solid, very reliable.  I tend to use 
Bird this hmorning we rays for this task but Zebra and Quagga are rock solid.

Kindest Regards,

Nathan Brookfield (VK2NAB)
Simtronic Technologies Pty Ltd


On 23 Feb 2020, at 23:29, Dmitry Sherman  wrote:



Hello,

Anybody working with Quagga for production peering with multiple peers and 
dynamic eBGP/iBGP announcement?



Thanks.

Dmitry

Re: Quagga for production?

[Nathan Brookfield]

Hi Mate,

Yep on and off for about 15 years, very solid, very reliable.  I tend to use 
Bird this hmorning we rays for this task but Zebra and Quagga are rock solid.

Kindest Regards,

Nathan Brookfield (VK2NAB)
Simtronic Technologies Pty Ltd


On 23 Feb 2020, at 23:29, Dmitry Sherman  wrote:



Hello,

Anybody working with Quagga for production peering with multiple peers and 
dynamic eBGP/iBGP announcement?



Thanks.

Dmitry

RE: DiviNetworks

[Nathan Babcock]

So interesting thing about Divi.  I am a regional WISP operator and we did sign 
a deal with them and let them use our space.  One of the issues we developed 
while they were active on our network was all of our IP’s started being homed 
in the UK for google.  So anytime a customer would go to google or any google 
service, it would reroute us the .uk version of the site.  This took about 6 
months to start happening, so we didn’t have any issues for that long letting 
them use our IP space.  After a day or so of us cutting them off it went away 
and never came back.  I have discussed this with them at length in email phone 
and in person at conferences.  They assured me that this wasn’t them, but when 
I turned it back on, the issue came back in under a week.  Turn them off…. Goes 
away.  So we removed their connection.  This was over a year ago, and I have 
been talking with them again about this but am significantly more cautious 
about moving forward if for nothing else the above reason alone.  Not to 
mention the other items Mike pointed out which are of the greatest concern.  

 

What they do is create a VPN connection on your edge router and utilize your IP 
space for Geo location IP services and allow their customers to use IP’s from 
all over the world to check their sites for compatibility/interoperability.  
That’s what they tell you.  I’ve not seen any indication to believe otherwise 
in my dealings with them which is why we are talking with them again.

 

From: NANOG  On Behalf Of 
Justin Wilson
Sent: Thursday, February 6, 2020 1:35 PM
To: Mike Fuller 
Cc: nanog@nanog.org
Subject: Re: DiviNetworks

 

They don’t lease your IP space is the thing.

 

 

Justin Wilson

li...@mtin.net  



—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog





On Feb 6, 2020, at 2:07 PM, Mike Fuller mailto:m...@google.com> > wrote:

 

I'd be very cautious about engaging with any company whose business model is to 
get a short-term lease of your IP-space.  Many companies use IP reputation 
data, and so you are essentially lending that reputation to a 3rd party, who 
may use it in ways you don't anticipate until the reputation is sufficiently 
damaged, and then return it to you and move on to another ISP.

Some organizations' response to unwanted traffic is simply to block large IP 
ranges or entire ASes, and not everyone is good about following-up and expiring 
such blocks in the future.  I realize your customers haven't ended-up on any 
spam/abuse blocklists, but that doesn't mean they won't be, or that their IP 
reputation hasn't already been affected in less obvious ways.  You should ask 
yourself if you are being sufficiently compensated for these risks as reputable 
IPv4 space is at a premium, so replacing the IPv4 space you lent out could get 
quite costly.

--
Mike Fuller :: Security Reliability Engineer :: Google :: AS15169

 

On Wed, Feb 5, 2020 at 12:15 PM Justin Wilson mailto:li...@mtin.net> > wrote:

Have several networks using them.  This he networks get paid, and no 
blacklists.  Contact me off list if you want more details



Justin Wilson
li...@mtin.net  


—
https://j2sw.com   - All things jsw (AS209109)
https://blog.j2sw.com   - Podcast and Blog

> On Feb 5, 2020, at 2:14 PM, Steve Saner   > wrote:
> 
> Has anyone here worked with DiviNetworks (https://divinetworks.com/) to 
> "sell" their unused bandwidth?
> 
> I'd be curious to hear any thoughts or experiences.
> 
> Steve
> 
> -- 
> --
> Steven Saner mailto:ssa...@hubris.net> >  
> Voice:  316-858-3000  
> Director of Network Operations  Fax:  316-858-3001 
>  
> Hubris Communicationshttp://www.hubris.net 
>  
> 

 

Re: Russian government’s disconnection test

[Nathan Angelacos]

> 
> Got crickets, so now I have to respond to my own post on 
> what I just found out about it.  Is that like talking to 
> yourself? :)

Not when others are listening.

Thanks for the update.

Re: 44/8

[Nathan Brookfield]

Yeah because v6 only is the answer plus tour assuming all of these clubs have 
routers and BGP and the money to get an allocation and ASN

On 23 Jul 2019, at 22:59, Naslund, Steve  wrote:

How about this?  If you guys think your organization (club, group of friends, 
neighborhood association, whatever...) got screwed over by the ARDC, then why 
not apply for your own v6 allocation.  You would then have complete control 
over its handling and never have to worry about it again.  If you are not sure 
how to get started, visit ARINs website.  It is not that difficult or expensive 
and it would not be hard to justify.

Steven Naslund
Chicago IL

> And after 75 messages, nobody has asked the obvious question. When is ARDC 
> going to acquire IPv6 resources on our behalf? Instead being all worried 
> about legacy resources >we're highly underutilizing.
> 
> Ham Radio is supposed to be about pushing the art forward. Let's do that.
> 
> -KC8QAY

RE: Facebook (account)

[Nathan Anderson]

Matt Harris wrote:
 
> On Apr 9, 2019, at 21:05, Nathan Anderson  wrote:
>
> > a FB page that this account of hers was apparently the only admin for.
> 
> Redundancy: it's not just a concept to be applied to devices and wiring.   

Preaching. To. The. Choir. :-)

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

Facebook (account)

[Nathan Anderson]

Fellow NetOps,

I realize this is an unorthodox / off-topic request, but I've been trying to 
help a friend out and don't know how to advise her next.

If there is someone from FB here who has connections to someone in account 
security and is willing to contact me off-list, I'd really appreciate it.  A 
friend had her FB account of many years hijacked and then held for ransom by a 
random dude.  When she asked FB to intercede, she appeared to have her account 
back for a short time (< 24 hrs) before FB themselves blocked the account, and 
that's where we are now.  It's been over 2 weeks and she has been going round 
and round with "CS" and getting nowhere...whoever these robots are keep 
repeating requests for her to send in ID, which she does, and then they repeat 
the request again and it just goes in a circle.  I have a feeling that I know 
what's going on behind-the-scenes, but we can't seem to get a living, breathing 
human over there who isn't just reading a script to actually listen to her.  
Seriously, what is the average person supposed to do under these circumstances?

If this was just the story of a lone FB account I'm not sure I would bother and 
I'd just tell her to get a new one.  But she runs a business (popular local 
coffee shop) with a FB page that this account of hers was apparently the only 
admin for.

Thanks in advance for any leads,

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: Youtube Outage

[Nathan Brookfield]

Australia too….

From: NANOG  On Behalf Of Oliver O'Boyle
Sent: Wednesday, October 17, 2018 1:08 PM
To: marshall.euba...@gmail.com
Cc: North American Network Operators' Group 
Subject: Re: Youtube Outage

Same in Montreal.

On Tue, Oct 16, 2018 at 9:52 PM Marshall Eubanks 
mailto:marshall.euba...@gmail.com>> wrote:
Reports (and humor) are flooding twitter.
On Tue, Oct 16, 2018 at 9:44 PM Ross Tajvar 
mailto:r...@tajvar.io>> wrote:
>
> You beat my email by seconds. Yes, it is widespread.
>
> On Tue, Oct 16, 2018 at 9:39 PM, Kenneth McRae via NANOG 
> mailto:nanog@nanog.org>> wrote:
>>
>> Is this widespread?
>
>


--
:o@>

Re: Oct. 3, 2018 EAS Presidential Alert test

[Nathan Stratton]

On Wed, Oct 3, 2018 at 4:18 PM  wrote:

> Iphone, vzw, silicon valley, rcvd.
>
> Interesting question though... I wonder if people on micro-cells and/or
> wifi calling don’t get the alerts. That would be extremely dumb and
> irresponsible of the cell phone carriers, so its likely the case :)
>

Very possible, I have two phones on a AT micro-cells and both missed it.

-Nathan

Re: Contacting AS6589 - "Beneficial Technologies"

[Nathan Brookfield]

The remainder of the advertisements being more /16’s from China Seems very 
very bogus.

Nathan Brookfield
Chief Executive Officer

Simtronic Technologies Pty Ltd
http://www.simtronic.com.au

On 2 Dec 2017, at 02:27, Carlos M. Martinez 
<carlosm3...@gmail.com<mailto:carlosm3...@gmail.com>> wrote:

Hello all,

I’m trying to reach anyone at AS 6589, “Beneficial Technologies”. They are 
announcing large chunk of LACNIC unallocated space, as can be seen here: 
https://bgp.he.net/AS6589

Although I usually give people the benefit of doubt, in this case we are 
talking about 5 /16 prefixes. Talk about fat fingers.

Private email is ok.

Thanks

Carlos
LACNIC CTO

Re: AS36040 Prefix Limits

[Nathan Brookfield]

Both sides should be filtering advertisements.

The IX may just filter by AS Path which is fairly normal by the originating AS 
or transiting AS should be filtering the prefixes they advertise as well/

Nathan Brookfield
Chief Executive Officer

Simtronic Technologies Pty Ltd
http://www.simtronic.com.au

On 19 Oct 2017, at 17:23, Andy Davidson 
<a...@nosignal.org<mailto:a...@nosignal.org>> wrote:

Hi, Mike

On 18/10/2017, 18:39, Mike Hammett <na...@ics-il.net<mailto:na...@ics-il.net>> 
wrote:

I am looking for someone that can speak authoritatively regarding AS36040's
ability to change their own prefix limits, prefix filtering, etc.
My current contact is advising the IX to do the filtering for them, which
is not something IXes should be doing.

Unless this is in conjunction with a multilateral peering session 
(“route-server”), when prefix-filtering is something that the IXP very much 
should be doing.

Andy

RE: USA local SIM card

[Nathan Anderson]

oblem, though...you'd 
still likely have to work out a separate solution for any time spent up there.)

Hope this helps,

--
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Max Tulyev
Sent: Sunday, September 17, 2017 10:08 AM
To: nanog@nanog.org
Subject: USA local SIM card

Hi All,

sorry for possible off-topic, I really did not know where to ask this.

I'm going to visit USA for two weeks. I want to buy a local prepaid SIM
card mostly for IP access.

Is it possible in USA to buy a prepaid SIM as a visitor, without long
term contract?

I need a public (can be dynamic) IP address, NOT over NAT, and (or)
IPv6, if possible.

My phone is GSM UMTS 3G.

Expected traffic volume is about 10G.

Will use it in New York City and Orlando City, not in rural areas.

Good data roaming tariff in Cannada will be a big advantage.

What can you advice?

Thank you!

Re: Arista hardware health and environmental nagios plugin

[Nathan Schrenk]

Bas,

Arista EOS supports ENTITY-SENSOR-MIB and exposes temperature sensors, etc,
via that MIB so you should be able to use any NAGIOS plugins that can pull
ENTITY-SENSOR-MIB data for environmental monitoring. For example,
https://exchange.nagios.org/directory/Plugins/Hardware/Others/check_
entPhySensorValue/details
I haven't used that specific NAGIOS plugin myself -- it just turned up when
I searched and looked like it would do the job.

To find the index of the temp sensor(s) you want to monitor (e.g. CPU, back
panel, front panel, etc) you can drop into a bash shell on your Arista
switches and run something like "snmptable localhost
ENTITY-MIB::entPhysicalTable" and look at the entPhysicalDescr column to
see the available sensors. The actual sensor values are provided in
ENTITY-SENSOR-MIB::entPhySensorTable.

The indices in entPhySensorTable are constructed by
adding entPhysicalContainedIn + entPhysicalParentRelPos. For example, on my
switch I see a sensor named "Back-panel temp sensor" with
entPhysicalContainedIn=116000 and entPhysicalParentRelPos=3 so the
index into the ENTITY-SENSOR-MIB::entPhySensorTable would be 116000+3 =
116003:

$ snmpwalk localhost ENTITY-SENSOR-MIB::entPhySensorTable |grep 16003
ENTITY-SENSOR-MIB::entPhySensorType.16003 = INTEGER: celsius(8)
ENTITY-SENSOR-MIB::entPhySensorScale.16003 = INTEGER: units(9)
ENTITY-SENSOR-MIB::entPhySensorPrecision.16003 = INTEGER: 1
ENTITY-SENSOR-MIB::entPhySensorValue.16003 = INTEGER: 326
ENTITY-SENSOR-MIB::entPhySensorOperStatus.16003 = INTEGER: ok(1)
ENTITY-SENSOR-MIB::entPhySensorUnitsDisplay.16003 = STRING: Celsius
ENTITY-SENSOR-MIB::entPhySensorValueTimeStamp.16003 = Timeticks:
(1063007379) 123 days, 0:47:53.79
ENTITY-SENSOR-MIB::entPhySensorValueUpdateRate.16003 = Gauge32: 5000
milliseconds


The entPhySensorValue value of 326 means 32.6 degrees Celsius because
entSensorPrecision=1 (meaning entPhySensorValue equals "degrees C times
10").

Nathan


On Fri, May 19, 2017 at 1:08 PM, bas <kilo...@gmail.com> wrote:

> Hello All,
>
> Does anyone have a ready to use nagios/icinga plugin for hardware health
> and temperature monitoring of arista devices that they are willing to
> share? (7050, 7280 and 7500)
>
> With google searches I can't find any available.
>
> Arista TAC replied: "nagios does snmp, so that should fit you needs"
>
> There is https://github.com/ncsa/nagios-plugins which should be able to be
> augmented to do the extra checks.
> And with pyeapi it shouldn't be rocket science either. (for a developer,
> which I am not)
>
> If I were to request our devops department to build it it would probably
> put in back of a very long queue.
>
> So if there is anyone out there that is willing to share it would be
> greatly appreciated.
>
> Thanks,
>
> Bas
>

Re: Please run windows update now

[Nathan Fink]

I show MS17-010 as already superseded in SCCM

On Fri, May 12, 2017 at 1:44 PM, Josh Luthman 
wrote:

> MS17-010
> https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Fri, May 12, 2017 at 2:35 PM, JoeSox  wrote:
>
> > Thanks for the headsup but I would expect to see some references to the
> > patches that need to be installed to block the vulnerability (Sorry for
> > sounding like a jerk).
> > We all know to update systems ASAP.
> >
> > --
> > Later, Joe
> >
> > On Fri, May 12, 2017 at 10:35 AM, Ca By  wrote:
> >
> > > This looks like a major worm that is going global
> > >
> > > Please run windows update as soon as possible and spread the word
> > >
> > > It may be worth also closing down ports 445 / 139 / 3389
> > >
> > > http://www.npr.org/sections/thetwo-way/2017/05/12/
> > > 528119808/large-cyber-attack-hits-englands-nhs-hospital-
> > > system-ransoms-demanded
> > >
> >
>

Re: Please run windows update now

[Nathan Brookfield]

Well it was patched by Microsoft of March 14th, just clearly people running 
large amounts of probably Windows XP have been owned.

Largely in Russia.

Nathan Brookfield
Chief Executive Officer

Simtronic Technologies Pty Ltd
http://www.simtronic.com.au

On 13 May 2017, at 14:47, Keith Medcalf <kmedc...@dessus.com> wrote:


The SMBv1 issue was disclosed a year or two ago and never patched.
Anyone who was paying attention would already have disabled SMBv1.

Thus is the danger and utter stupidity of "overloading" the function of service 
listeners with unassociated road-apples.  Wait until the bad guys figure out 
that you can access the same "services" via a connection to the DNS port (UDP 
and TCP 53) on windows machines ...

-- 
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı


> -Original Message-
> From: NANOG [mailto:nanog-bounces+kmedcalf=dessus@nanog.org] On Behalf
> Of Karl Auer
> Sent: Friday, 12 May, 2017 18:58
> To: nanog@nanog.org
> Subject: Re: Please run windows update now
> 
>> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
>> - In parallel, consider investigating low-hanging fruit by OU
>> (workstations?) to disable SMBv1 entirely.
> 
> Kaspersky reckons the exploit applies to SMBv2 as well:
> 
> https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
> -widespread-attacks-all-over-the-world/
> 
> I thought it was a typo in para 2 and the table, but they emailed back
> saying nope, SMBv2 is (was) also broken. However, they also say (same
> page) that the MS patch released in March this year fixes it.
> 
> Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> 
> Regards, K.
> 
> --
> ~~~
> Karl Auer (ka...@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
> 
> GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> 

Re: IANA IPv4 Recovered Address Space registry updated

[Nathan Brookfield]

https://www.iana.org/assignments/ipv4-recovered-address-space/

Nathan Brookfield
Chief Executive Officer

Simtronic Technologies Pty Ltd
http://www.simtronic.com.au

On 5 Mar 2017, at 11:29, Doug Barton 
<do...@dougbarton.us<mailto:do...@dougbarton.us>> wrote:

Paula,

Thank you for this update. Is there a convenient resource for viewing the delta?

Doug

On 03/01/2017 12:15 PM, Paula Wang wrote:
Hi,



An update has been made to the IANA IPv4 Recovered Address Space registry 
according to the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms 
by the IANA 
(https://www.icann.org/resources/pages/allocation-ipv4-post-exhaustion-2012-05-08-en).



The list of allocations can be found at: 
https://www.iana.org/assignments/ipv4-recovered-address-space/



Kind regards,



Paula Wang

IANA Services Specialist

PTI

RE: SNMP "bridging"/proxy?

[Nathan Anderson]

On Friday May 20, 2016 @ 21:45, Robert Drake <rdr...@direcpath.com> wrote:

> I would move away from this CPE vendor.

I'm not thrilled with it either, but at this moment in time, this is easier 
said than done for many unfortunately good and unavoidable reasons.  We will 
see how the future plays out, though.

> [...] Or possibly have cacti run the
> SQL query directly.  It looks like they have many general (non SNMP)
> templates that you could use to base it on.

Another interesting suggestion & possibility.  Thanks.

-- Nathan

RE: SNMP "bridging"/proxy?

[Nathan Anderson]

Hey, thanks guys!  I had never really looked that deeply into Net-SNMP and had 
only ever installed it either to use as a client (snmpget/snmpwalk) or a basic 
agent w/ standard MIBs for the host it's running on, so I was unaware of its 
extensibility.  And it even looks like it ships with a Perl module.  That 
sounds like a perfect solution; thanks for pointing me in the right direction.

-- Nathan

SNMP "bridging"/proxy?

[Nathan Anderson]

'lo all,

Is anybody out there aware of a piece of software that can take data from an 
arbitrary source and then present it, using a MIB or set of OIDs of your 
choosing, as an SNMP-interrogatable device?

We have some CPE that supports SNMP, but considers it to be a 
mutually-exclusive "remote management" protocol such that if you use another 
supported method for deployment and provisioning (e.g., TR-069), you cannot 
have both that AND SNMP enabled simultaneously.  It's one or the other.

We currently monitor and graph some device stats for these CPE with Cacti, but 
we want to be able to provision using a TR-069 ACS.  The ACS can collect some 
of the same data we are graphing right now, but cannot present it in a fashion 
that is nearly as useful as the way Cacti/RRDtool does (not to mention the 
staff is already used to navigating Cacti).  We know what SQL database table 
the stats are being stored in by the ACS, though, so my thought was that there 
must be some way that we can have a host respond to SNMP gets and then have it 
turn around and collect the value to be returned from a database.  Basically, 
an ODBC -> SNMP proxy.  We'd then point Cacti at that IP instead of the 
individual CPEs.  But I can't seem to find anything like this.

Thanks,

-- Nathan

Re: ATT Mobile Outage San Juan, PR 8+ hours, 1 Million out.

[Nathan Schrenk]

It looks like www.outages.org stopped being updated with outage data in
January 2013?

Nathan

On Wed, May 4, 2016 at 3:57 PM, Bill Woodcock <wo...@pch.net> wrote:

>
> > On May 4, 2016, at 4:37 PM, Javier J <jav...@advancedmachines.us> wrote:
> >
> > If there is a better mailing list please let me know.
>
> outa...@outages.org
>
> -Bill
>
>
>
>
>

RE: GeoIP database issues and the real world consequences

[Nathan Anderson]

+1; had similar thoughts, even when reading the article.  However, I don't 
really get especially angry/frustrated with the individual idiots who 
ignorantly used some sort of geolocation service to try to hunt down and exact 
revenge on somebody whom they *thought* they were being victimized by.  I'm not 
saying what they did was acceptable, but I fully expect that kind of behavior 
from the average joe.

What I do get upset hearing about, though, is law enforcement agencies using 
that kind of data in order to execute a warrant.  There is nothing actionable 
there, and yet from the sounds of it, some LEAs are getting search warrants or 
conducting raids on houses where they believe they have a solid 1-to-1 mapping 
of IP address to physical address.  Which is absolutely inexcusable.

The one area where a company like MaxMind might have some potential blame to 
shoulder is their marketing.  I know next-to-nothing about them and their 
product, having only heard about them for the first time in the context of this 
story, so I have no idea how they represent their solutions to prospective 
users.  And maybe it wasn't even them exaggerating what is technically 
possible, but some other front-end service that uses their APIs and their data. 
 But one has to wonder how someone in law enforcement might have gotten the 
idea that you can plug an IP address into a service like this and get back a 
lat/long that accurately represents to within a few meters where that traffic 
originated.

-- Nathan

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Todd Crane
Sent: Tuesday, April 12, 2016 10:58 PM
To: Jean-Francois Mezei
Cc: nanog@nanog.org
Subject: Re: GeoIP database issues and the real world consequences

I like (sarcasm) how everybody here either wants to point fingers at MaxMind or 
offer up coordinates to random places knowing that it will never happen. What 
ever happened to holding people responsible for being stupid. When did it start 
becoming ((fill in the blank)) coffee shop’s for you burning your tongue on 
your coffee, etc. I’ve seen/used all sorts of geolocation solutions and never 
once thought to myself that when a map pin was in the middle of a political 
boundary, that the software was telling me anything other than the place was 
somewhere within the boundary. Furthermore, most geolocation services will also 
show a zoomed-out/in map based on certainty. So if you can see more than a few 
hundred miles in the map that only measures 200x200 pixels, then it probably 
isn’t that accurate.

As to a solution, why don’t we just register the locations (more or less) with 
ARIN? Hell, with the amount of money we all pay them in annual fees, I can’t 
imagine it would be too hard for them to maintain. They could offer it as part 
of their public whois service or even just make raw data files public.

Just a though

—Todd

RE: Oh dear, we've all been made redundant...

[Nathan Eisenberg]

> Found on Staple's website:
> http://www.staples.com/NetReset-Automated-Power-Cycler-for-Modems-and-Routers/product_1985686

My coworker's immediate response was:
"Now we all need to get jobs as Automated Router Power Cycling technicians".

Mine was to check my calendar to see if I'd lost a week and a half, and it was 
suddenly April 1st.

RE: Dial Up Solutions

[Nathan Anderson]

What?

-- Nathan

From: NANOG [nanog-boun...@nanog.org] On Behalf Of Dovid Bender 
[do...@telecurve.com]
Sent: Saturday, October 17, 2015 6:31 PM
To: wi...@staff.gwi.net; nanog@nanog.org
Subject: Re: Dial Up Solutions

You can use Asterisk. All you need a digium/sangom T1/E1 card and a box.


--Original Message--
From: Will Duquette
Sender: NANOG
To: nanog@nanog.org
ReplyTo: wi...@staff.gwi.net
Subject: Dial Up Solutions
Sent: Oct 16, 2015 15:28

Does anyone have any suggestions on equipment for our ISP that is still
supporting dial up customers?

At the moment we are running 3Com Total Control 1000's but are running out
of spare parts as we have failures.  Given that this gear is so old trying
to source spare parts is proving to be difficult.

We do have access to an Cisco AS5200 but are looking for maybe a SIP based
solution that could possibly run on our VM farm?  Has anyone heard of
anything like that or does it even exist?

What kind of gear are you running if you still are supporting dial up
customers?

Thanks in advance

--
Will Duquette
GWI
Network Systems Engineer
www.gwi.net

Regards,

Dovid

RE: DamnTest: ignore

[Nathan Anderson]

On Thu, Sep 10, 2015, mikea wrote:

> This post includes the word Damn.
> 
> damn

Well, dayum.

-- Nathan

RE: load balancer product for dns content switching

[Sipes, Nathan]

A10Networks should be able to do what you are looking for. 



Nathan Sipes
Principal Network Architect
Tel: 713-369-9866
FAX: 303-763-3510 
Kinder Morgan
1001 Louisiana St
KMB 548
Houston, TX
77002
nathan_si...@kindermorgan.com



-Original Message-
From: NANOG [mailto:nanog-bounces+nathan_sipes=kindermorgan@nanog.org] On 
Behalf Of Robert Webb
Sent: Thursday, August 27, 2015 3:12 PM
To: Brooks Bridges bro...@firestormnetworks.net; nanog@nanog.org 
nanog@nanog.org
Subject: Re: load balancer product for dns content switching

F5 Big-IP? Pricey but it should do what you are looking for.

Robert


On Thu, 27 Aug 2015 12:13:37 -0700
  Brooks Bridges bro...@firestormnetworks.net wrote:
 Spent quite a bit of time researching products out there looking for 
one that will do content switching based on the domain being queried, 
and I'm coming up empty.  Can anyone point me in a decent direction?
 
For example:
 
 all requests are sent to one (HA) VIP, and then:
 
 host.bob.domain.com gets routed to dns server group 1 
 host.bill.domain.com gets routed to dns server group 2 and so on...
 
 Thanks for any advice
 
 --
 Brooks Bridges
Firestorm Networks
 Email: bro...@firestormnetworks.net
 Voice: +1.8006975891
Fax: +1.8889721835
 

LTE

[Nathan Anderson]

Is there anybody here who is fluent in LTE/3GPP networks and the standards that 
govern them?  I'm not sure where else to look.  I have a very specific question 
about UEs, UICCs, and the security negotiation (integrity  ciphers) that 
occurs during attachment both on the AS and NAS layers, and so far I have not 
found our vendor to be very helpful.  If there is somebody out there that knows 
something about this area, and is willing to chat with me about it, feel free 
to drop me a line off-list.

Thanks much,

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: SIP trunking providers

[Nathan Anderson]

Maybe I'm missing something here, but what does it matter if the RTP from your 
perspective ends in Chicago or not?  If it does end in Chicago, that only means 
they are proxying the audio before sending it on to the actual media gateway 
for that call where it finally drops onto the PSTN.  So all that happens is 
that the audio latency remains the same (or worse, because of the additional, 
unnecessary proxy) AND that the actual media gateway remains hidden from you.  
You won't be able to actually test and see the latency to the MG, and you will 
be under the (false) impression that latency across all calls is equally good 
because you are only measuring RTT to a specific and common media proxy.  By 
sending the audio directly to an MG closer to the point of exit from IP-land, 
it is taking a more direct route to the callee than you are seemingly asking 
for.

If you're not talking about adding a proxy to the equation, are you expecting 
to find a provider in Chicago that immediately goes from IP to PSTN within 
Chicago, regardless of the actual destination of the call?  Circuit-switched 
TDM is not a no-latency connection.  Physics is involved here.  The farther 
apart the caller is from the callee, the more latency there will be, regardless 
of the medium.  All other things being equal (similar network path, etc.), I 
doubt IP packet switching significantly increases the latency over and above 
TDM call trunking.  But I'm not an expert, and again, if I'm missing something 
here, I would love to be proven wrong.

--
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com


From: NANOG [nanog-boun...@nanog.org] On Behalf Of Mike Hammett 
[na...@ics-il.net]
Sent: Sunday, July 19, 2015 1:04 PM
Cc: nanog@nanog.org
Subject: Re: SIP trunking providers

I too am looking for the Chicago area. Low volume. I'm looking for people whose 
SIP and RTP hit the end of the road in Chicago. Not interested in someone whose 
SIP servers are in LA , but will redirect me to the nearest gateway... without 
telling me where said gateway is.




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

- Original Message -

From: Rafael Possamai raf...@gav.ufsc.br
To: nanog@nanog.org
Sent: Friday, June 19, 2015 4:40:48 PM
Subject: SIP trunking providers

Would anyone in the list be able to recommend a SIP trunk provider in the
Chicago area? Not a VoIP expert, so just looking for someone with previous
experience.


Thanks,
Rafael

RE: SIP trunking providers

[Nathan Anderson]

Okay, sure.  But I think we might be talking past each other here.  My whole 
response was predicated on the assumption that the media gateway that a given 
term call is sent to is picked based on its geographic proximity to either the 
ratecenter/CO or tandem of the callee.  It doesn't really make sense for a 
provider to do anything otherwise, AFAICT, so I doubt that they would.  If my 
assumption is correct, you gain no advantage by having your long-distance term 
calls go through a Chicago MG (which was my original argument to begin with), 
and any local Chicago calls would be sent to a local Chicago MG anyway, so 
you're sweating bullets over nothing.  And, like you said, origination for your 
end users would be hitting a Chicago MG already.

Soo...problem solved?

--
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com


From: NANOG [nanog-boun...@nanog.org] On Behalf Of Mike Hammett 
[na...@ics-il.net]
Sent: Monday, July 20, 2015 3:36 AM
To: nanog@nanog.org
Subject: Re: SIP trunking providers

I want the gateway in Chicago as well.

I am Chicago based. The end users are Chicago based. Therefore the origination 
would be coming from a Chicago area gateway. Half of the calls (inbound would 
be guaranteed to be local as they'd be coming in through a local tandem anyway. 
Most of the termination traffic would again be to local numbers, therefore 
would again have to be through local tandems.




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

- Original Message -

From: Nathan Anderson nath...@fsr.com
To: Mike Hammett na...@ics-il.net
Cc: nanog@nanog.org
Sent: Monday, July 20, 2015 4:11:37 AM
Subject: RE: SIP trunking providers

Maybe I'm missing something here, but what does it matter if the RTP from your 
perspective ends in Chicago or not? If it does end in Chicago, that only means 
they are proxying the audio before sending it on to the actual media gateway 
for that call where it finally drops onto the PSTN. So all that happens is that 
the audio latency remains the same (or worse, because of the additional, 
unnecessary proxy) AND that the actual media gateway remains hidden from you. 
You won't be able to actually test and see the latency to the MG, and you will 
be under the (false) impression that latency across all calls is equally good 
because you are only measuring RTT to a specific and common media proxy. By 
sending the audio directly to an MG closer to the point of exit from IP-land, 
it is taking a more direct route to the callee than you are seemingly asking 
for.

If you're not talking about adding a proxy to the equation, are you expecting 
to find a provider in Chicago that immediately goes from IP to PSTN within 
Chicago, regardless of the actual destination of the call? Circuit-switched TDM 
is not a no-latency connection. Physics is involved here. The farther apart the 
caller is from the callee, the more latency there will be, regardless of the 
medium. All other things being equal (similar network path, etc.), I doubt IP 
packet switching significantly increases the latency over and above TDM call 
trunking. But I'm not an expert, and again, if I'm missing something here, I 
would love to be proven wrong.

--
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com


From: NANOG [nanog-boun...@nanog.org] On Behalf Of Mike Hammett 
[na...@ics-il.net]
Sent: Sunday, July 19, 2015 1:04 PM
Cc: nanog@nanog.org
Subject: Re: SIP trunking providers

I too am looking for the Chicago area. Low volume. I'm looking for people whose 
SIP and RTP hit the end of the road in Chicago. Not interested in someone whose 
SIP servers are in LA , but will redirect me to the nearest gateway... without 
telling me where said gateway is.




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

- Original Message -

From: Rafael Possamai raf...@gav.ufsc.br
To: nanog@nanog.org
Sent: Friday, June 19, 2015 4:40:48 PM
Subject: SIP trunking providers

Would anyone in the list be able to recommend a SIP trunk provider in the
Chicago area? Not a VoIP expert, so just looking for someone with previous
experience.


Thanks,
Rafael

RE: SIP trunking providers

[Nathan Anderson]

Okay, fair enough.  I guess I made the assumption somehow that Mike was 
concerned solely about latency, which if that's all he is concerned about, then 
the points you bring up would largely be strawmen.  But I just re-read Mike's 
post, and he doesn't state his reasons for wanting the local gateway.  It must 
have been Dovid's reply that planted the seed of the idea in my mind that Mike 
was primarily concerned about latency.

-- Nathan


From: NANOG [nanog-boun...@nanog.org] On Behalf Of Naslund, Steve 
[snasl...@medline.com]
Sent: Monday, July 20, 2015 6:49 AM
To: nanog@nanog.org
Subject: RE: SIP trunking providers

End to end delay is not the most limiting factor.  Jitter is the issue and 
packet drops are the other issue that matters (more importantly the 
distribution of drops).  I think the best reason to select the local provider 
over the distant one is that the sooner he gets off the IP network the less 
impairments he will run into.  The TDM network as antiquated as it is, is less 
susceptible to congestion and call impairments than an IP backbone network is.  
I can tell you from running a bunch of International VOIP networks that they 
are just not as reliable as TDM.  The average internet connection just does not 
meet the reliability standards that the TDM voice network has achieved.  IP 
networks are affected by congestion and routing issues whereas the TDM network 
seldom has these type of problems.  An outage on a TDM circuit rarely affects 
other TDM circuits so they see a lot less higher level outages.  I can 
understand why he does not want to haul his voice cross country over IP when he 
is exiting locally most of the time.

Yes, I understand that the carrier might very well be hauling that traffic via 
IP even after he gets to his gateway point but at that point it becomes their 
problem to deal with.

Steven Naslund
Chicago IL


If you’re going to the PSTN, who gives a shit where you do the interconnect as 
long as its within 100ms.

If most of your calls are VOIP-VOIP within Chicago, then it makes some sense 
to set up a box and just send the external calls out to the trunking provider 
where you no longer really care where they are.

Absent significant network  suckage, there’s no place in the contiguous US 
that isn’t within 100 ms of any other place in the contiguous US these days.

Owen

[no subject]

[Nathan Angelacos via NANOG]

---BeginMessage---

Looks like there's an extra line break after:
---End Message---

[no subject]

[Nathan Angelacos via NANOG]

---BeginMessage---

Looks like there's an extra line break after this header line:

X-Virus-Scanned: ClamAV using ClamSMTP

So the SMTP headers are getting partitioned.

---End Message---

RE: mpls over microwave

[Sipes, Nathan]

I have been running MPLS over TDM and Ethernet microwave for about 8 years and 
the only issues are with microwave fade. 

Nathan Sipes
Principal Network Architect
Tel: 713-369-9866
FAX: 303-763-3510 
Kinder Morgan
1001 Louisiana St
KMB 548
Houston, TX
77002
nathan_si...@kindermorgan.com



-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett
Sent: Thursday, February 5, 2015 3:58 PM
To: nanog@nanog.org
Subject: Re: mpls over microwave

Shouldn't really be any different as long as your gear supports the appropriate 
MTUs. 




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com 



- Original Message -

From: Scott Weeks sur...@mauigateway.com
To: nanog@nanog.org
Sent: Thursday, February 5, 2015 3:55:04 PM
Subject: mpls over microwave 



Anyone doing MPLS over microwave radios? Please share your experiences on list 
or off. 

scott 

RE: cable modem firmware upgrade

[Nathan Anderson]

On Wednesday, January 28, 2015 8:11 PM, A MEKKAOUI wrote:

 Anyone knows how to upgrade Motorola SB6120 cable modem firmware other
 than going through the internet provider? Your help will be appreciated.

My employer managed a handful of small DOCSIS networks for a while where 99% of 
the modems were Motorola, and as far as I know, there is no way to push a 
firmware update to the modem from the ethernet side...only from the RF side.  
And trust me: I looked.  If I ever had to update the firmware on some batch of 
modems that weren't already deployed on a network, I would hook them up to a 
test CMTS that we had on the bench in order to do so.

I would strongly suspect that this is going to hold true for just about any 
DOCSIS modem.

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: Phasing out of telco TDM Backbones (was: Phasing out of copper)

[Nathan Anderson]

On Saturday, November 29, 2014 9:10 PM, Jay Ashworth  wrote:

 But let us not conflate being ok with telcos replacing analog copper
 last-mile with being ok with telcos replacing PCM with VoIP, especially
 in trunking applications, ... [snip]

Let's also not conflate audio codecs with L2.  PCM and VoIP are not 
mutually-exclusive things by any stretch.

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

[Nathan Angelacos]

On 04/14/2014 07:14 PM, Michael Thomas wrote:


It's much, much worse than that. I can still read code plenty fine, but
bugs can be
extremely obscure, and triply so with convoluted security code where
people are
actively going after you to find problems in most inventive ways.
Openssl, etc,
probably need to be treated more like Mars Landers than the typical
github forkfest.



You mean this one? http://en.wikipedia.org/wiki/Mars_Climate_Orbiter

;)

RE: Gmail throttling?

[Nathan Anderson]

On Friday, February 21, 2014 4:59 PM, Eduardo A. Suárez 
mailto:esua...@fcaglp.fcaglp.unlp.edu.ar wrote:

 some of our users have forwarded the email to Gmail and Gmail now are
 complaining that this is bulk mail and delaying it.
 
 We have SPF, DKIM, DMARC, even SRS to try these things do not happen :(

Have you double-checked your setup to make sure it is performing SRS correctly? 
 In my experience, Google is secretly blacklisting certain IPs for unknown, 
unpublished reasons, and implementing SRS seems to be a surefire workaround.

If you aren't on the secret blacklist, mail will still pass even if it fails 
SPF, but once you are on the blacklist, mail that fails SPF (either softfail or 
fail) will not be delivered.  If a user of yours is forwarding mail from your 
server to Gmail, the SPF check is not going to be against *your* SPF record, 
but against the original sender's SPF record, and so the check will fail (since 
the message looks like it is coming from you, and your MX won't be listed in 
the original sender's SPF record...thus, it will look like you are spoofing 
mail for the original sender).  Adding a valid SPF record to your domain and 
then implementing SRS on your mail server should ensure that all SPF checks 
pass, even for mail that your users are forwarding to Gmail.

I wrote a post detailing my experience and findings: 
http://www.brokenbitstream.com/gmail-spf-policy

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

Re: rr.com contact please

[Nathan Anderson]

On Sep 16, 2013, at 19:07, Matthew Petach mpet...@netflight.com wrote:

 On Mon, Sep 16, 2013 at 11:25 AM, goe...@anime.net wrote:
 
 Can someone from rr.com please contact me. Your abuse desk seems to
 believe this netblock does not belong to you: [snip]
 
 If they don't want it, I'll be happy to take it
 off their hands...

...fight ya for it.

-- Nathan

RE: Google having issues?

[Nathan Anderson]

At about 5 minutes to 4:00p PDT, downforeveryoneorjustme.com confirmed that 
it's not just you! for google.com; in fact, it's still saying that, although 
I can reach Google services on our network now.

I could also ping Google, but I tried to open a connection to port 80 on 
google.com via telnet around the time I started having problems, and I was just 
getting connection refused (immediate RST received upon transmission of SYN) 
across multiple Google IPs.  I then VPN'd over to an off-net DSL connection, 
and from there I had no trouble accessing Google, but OS X telnet (which 
apparently will automatically try multiple IPs if DNS resolution comes back 
with multiple A records) showed that it was still getting connection refused 
on a few IPs before it finally struck gold.

-- Nathan

-Original Message-
From: Derek Ivey [mailto:de...@derekivey.com] 
Sent: Friday, August 16, 2013 4:34 PM
To: win...@team-metro.net
Cc: nanog@nanog.org
Subject: Re: Google having issues?

I was having a hard time getting to Google Maps from my Verizon FiOS
connection and also from my Hurricane Electric IPv6 tunnel. I was able
to ping them though. Didn't try any other google services.

Derek

On Aug 16, 2013, at 7:32 PM, win...@team-metro.net
win...@team-metro.net wrote:


 Hey guys,


 I'm hearing reports of Google services (Search, Youtube, Mail, etc) going 
 down all over the place, providing extremely spotty service. Works fine for 
 me right now, but a lot of people seem to be having problems all over the 
 world.

 Any ideas what's going on?



 Thanks!

 ~ Em

RE: CNN broadcasting online free? Hogging my bandwidth...

[Nathan Anderson]

On Wednesday, August 14, 2013 6:24 PM, Zachary McGibbon 
mailto:zachary.mcgibbon+na...@gmail.com wrote:

 I noticed my bandwidth graphs were a little out of whack tonight and after
 much digging through pcap files I found that my chrome tab with 'cnn.com'
 had a live stream of cnn playing on the right side halfway down.

I'm seeing the same thing, too, but it appears to be video-only...no 
accompanying audio.

-- Nathan

RE: 10 Mbit/s problem in your network

[Nathan Anderson]

On Tuesday, February 26, 2013 7:58 PM, Owen DeLong mailto:o...@delong.com 
wrote:

 In fact, many of the hotels that have solved this intelligently have
 simply 
 placed DSLAMs in the phone room and run DSL to each room with
 a relatively inexpensive (especially when you buy 500 of them at a time)
 DSL modem in each room.

...or more likely (at least in my own probably limited experience), a CMTS and 
cable modems instead of a DSLAM and DSL modems.  Probably because so many of 
these hotels have an existing digital PBX system that drives all the phones in 
the rooms which isn't going to take very kindly to sharing its copper with a 
DSLAM, and because they already have coax run throughout the place to drive the 
televisions.  Easier to share the existing coax with a CMTS than it is to 
stretch a bunch of new telephone wire dedicated just to DSL; I mean, at that 
point, you might as well just pull some Ethernet.

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: Any experience with Grandstream VoIP equipment ?

[Nathan Anderson]

On Saturday, February 09, 2013 1:34 PM, Benny Amorsen 
mailto:benny+use...@amorsen.dk wrote:

 They are not perfect, but they are pretty good.

Have you played around with the T.38 support on the SPA-1XX line?  
Historically, it has been difficult to find a reasonably-priced, bare-bones (1 
FXS, no built-in router) ATA that also happens to do T.38 well.  PAP2T had no 
T.38 support at all.

SPA-112 price looks good, so I'm wondering what the catch is.

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: Any experience with Grandstream VoIP equipment ?

[Nathan Anderson]

On Monday, February 11, 2013 9:33 PM, John R. Levine mailto:jo...@iecc.com 
wrote:

 Man is this strange: when I set my DHCP server to assign the Sipura box a
 fixed IP address, the VoIP box didn't work.  When I let it assign an
 address out of the pool, it did work.

So what happens if you now configure the DHCP server so that the (working) IP 
is removed from the pool, and have the DHCP server explicitly assign it to the 
device instead?  Does it still work?  What if you turn the DHCP client off in 
the ATA, and try to manually assign the ATA both the fixed IP that didn't work, 
and the IP that does?

There has to be a difference somewhere, whether it is in the DHCP payload, the 
way a router or NAT engine upstream is treating that IP, or *something*.

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: Microsoft Product Activation server reachability

[Nathan Anderson]

TCP 80 is working fine now; wasn't last night, though.  In the past, my 
recollection is that ICMP ping to actual Microsoft IP space (not simply Akamai) 
would have simply been blackholed/dropped with no response, so seeing packet 
filtered come back + no response on any TCP ports made it seem like it could 
be an issue upstream of the actual server itself.

But I can now activate/reactivate products today, so all[1] is right with the 
world.

-- Nathan

[1] It's Friday and we are only a few days into 2013, so I'm trying to remain 
upbeat.

-Original Message-
From: Yang Yu [mailto:yang.yu.l...@gmail.com] 
Sent: Friday, January 11, 2013 9:13 AM
To: nanog@nanog.org
Subject: Re: Microsoft Product Activation server reachability

communication prohibited by filter is just an ICMP response code,
sadly Windows does not under it..
Type 3 (Destination unreachable)
Code 13 (Communication Administratively Prohibited - generated if a
router cannot forward a packet due to administrative filtering;)

ICMP echo request for this ip seems to be filtered by Microsoft. TCP
connection to port 80 is working fine.

tcping wpa.one.microsoft.com

Probing 94.245.126.107:80/tcp - Port is open - time=98.491ms


Yang

On Fri, Jan 11, 2013 at 2:01 AM, Nathan Anderson nath...@fsr.com wrote:

 So the ICMP message communication prohibited by filter must be a normal 
 response to ICMP ping through that gateway.

 Unfortunately, it's not completely fixed yet, but I'm guessing by this 
 measure of progress that they must be working on it.  I now get HTTP 403 in 
 response to any request I send to it.  Tried to reactive this copy of Windows 
 Server once more anyway, and now get Online activation cannot be completed 
 at this time. (Message number: 24579)  Before, it simply claimed I must not 
 have working internet connectivity.

 -- Nathan

 -Original Message-
 From: Scott Howard [mailto:sc...@doc.net.au]
 Sent: Thursday, January 10, 2013 10:55 PM
 To: Ben Carleton
 Cc: Nathan Anderson; nanog@nanog.org
 Subject: Re: Microsoft Product Activation server reachability

 Working now, tested from 3 hosts on different networks on both 80 and 443 :

 $ telnet wpa.one.microsoft.com 443
 Trying 94.245.126.107...
 Connected to wpa.one.microsoft.com.
 Escape character is '^]'.


   Scott



 On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote:


 - Original Message -
  From: Nathan Anderson nath...@fsr.com
  To: nanog@nanog.org nanog@nanog.org
  Sent: Thursday, January 10, 2013 11:24:16 PM
  Subject: Microsoft Product Activation server reachability
 
  Anybody else having a problem reaching (what appears to be) the sole
  Microsoft Product Activation server (wpa.one.microsoft.com)?
 
  $ ping wpa.one.microsoft.com
  PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes
  36 bytes from 213.199.189.41: Communication prohibited by filter
 
  I get this sourcing from our network, from ATT 3G, and from ye 
 residential
  DSL connection located in the greater Seattle area. They aren't 
 simply
  source-filtering. Either that or they are source-filtering for 
 0.0.0.0/0.
 
  This is apparently the only server/IP they have set up to respond 
 to these
  requests. wpa.one.microsoft.com resolves to that IP via every DNS 
 server
  I've tried (so no round-robin A records), Microsoft products that 
 need to
  activate over the internet only try to resolve that FQDN, and I've 
 looked
  for others without success (wpa.two.microsoft.com isn't valid, for 
 example).
 
  --
  Nathan Anderson
  First Step Internet, LLC
  nath...@fsr.com
 
 


 I am seeing the same from NYC metro. According to MS 
 (http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to 
 that host on 80 and 443 is all that should be required to activate. (and 
 wpa.one.microsoft.com has no , go figure)

 [ben@razor ~]$ ping wpa.one.microsoft.com

 PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data.

 From 213.199.189.41 icmp_seq=2 Packet filtered
 ^C
 --- wpa.one.microsoft.com ping statistics ---
 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 
 5260ms

 [ben@razor ~]$ telnet wpa.one.microsoft.com 80
 Trying 94.245.126.107...
 ^C
 [ben@razor ~]$ telnet wpa.one.microsoft.com 443
 Trying 94.245.126.107...
 ^C

 -- Ben

Microsoft Product Activation server reachability

[Nathan Anderson]

Anybody else having a problem reaching (what appears to be) the sole Microsoft 
Product Activation server (wpa.one.microsoft.com)?

$ ping wpa.one.microsoft.com
PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes
36 bytes from 213.199.189.41: Communication prohibited by filter

I get this sourcing from our network, from ATT 3G, and from ye residential DSL 
connection located in the greater Seattle area. They aren't simply 
source-filtering. Either that or they are source-filtering for 0.0.0.0/0.

This is apparently the only server/IP they have set up to respond to these 
requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've 
tried (so no round-robin A records), Microsoft products that need to activate 
over the internet only try to resolve that FQDN, and I've looked for others 
without success (wpa.two.microsoft.com isn't valid, for example).

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: Microsoft Product Activation server reachability

[Nathan Anderson]

So the ICMP message communication prohibited by filter must be a normal 
response to ICMP ping through that gateway.

Unfortunately, it's not completely fixed yet, but I'm guessing by this measure 
of progress that they must be working on it.  I now get HTTP 403 in response to 
any request I send to it.  Tried to reactive this copy of Windows Server once 
more anyway, and now get Online activation cannot be completed at this time. 
(Message number: 24579)  Before, it simply claimed I must not have working 
internet connectivity.

-- Nathan

-Original Message-
From: Scott Howard [mailto:sc...@doc.net.au] 
Sent: Thursday, January 10, 2013 10:55 PM
To: Ben Carleton
Cc: Nathan Anderson; nanog@nanog.org
Subject: Re: Microsoft Product Activation server reachability

Working now, tested from 3 hosts on different networks on both 80 and 443 :

$ telnet wpa.one.microsoft.com 443
Trying 94.245.126.107...
Connected to wpa.one.microsoft.com.
Escape character is '^]'.


  Scott



On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote:


- Original Message -
 From: Nathan Anderson nath...@fsr.com
 To: nanog@nanog.org nanog@nanog.org
 Sent: Thursday, January 10, 2013 11:24:16 PM
 Subject: Microsoft Product Activation server reachability

 Anybody else having a problem reaching (what appears to be) the sole
 Microsoft Product Activation server (wpa.one.microsoft.com)?

 $ ping wpa.one.microsoft.com
 PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes
 36 bytes from 213.199.189.41: Communication prohibited by filter

 I get this sourcing from our network, from ATT 3G, and from ye 
residential
 DSL connection located in the greater Seattle area. They aren't simply
 source-filtering. Either that or they are source-filtering for 
0.0.0.0/0.

 This is apparently the only server/IP they have set up to respond to 
these
 requests. wpa.one.microsoft.com resolves to that IP via every DNS 
server
 I've tried (so no round-robin A records), Microsoft products that 
need to
 activate over the internet only try to resolve that FQDN, and I've 
looked
 for others without success (wpa.two.microsoft.com isn't valid, for 
example).

 --
 Nathan Anderson
 First Step Internet, LLC
 nath...@fsr.com




I am seeing the same from NYC metro. According to MS 
(http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that 
host on 80 and 443 is all that should be required to activate. (and 
wpa.one.microsoft.com has no , go figure)

[ben@razor ~]$ ping wpa.one.microsoft.com

PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data.

From 213.199.189.41 icmp_seq=2 Packet filtered
^C
--- wpa.one.microsoft.com ping statistics ---
6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 
5260ms

[ben@razor ~]$ telnet wpa.one.microsoft.com 80
Trying 94.245.126.107...
^C
[ben@razor ~]$ telnet wpa.one.microsoft.com 443
Trying 94.245.126.107...
^C

-- Ben

RE: Wired access to SMS?

[Nathan Eisenberg]

 You could also hitch up an analog modem to a POTS line, and then let your 
 paging software dial your cell/home number. 
 You won't hear anything, but the CallerID will let you know that your 
 monitoring system is *desperately* trying to get in touch :-)

You could take it one step further and get an FXO card and put it in a very 
basic asterisk server.  Write a simple program which call be pinged with issue 
reports as an argument, then pass those arguments to festvox or other TTS 
application.  Output to WAV, convert to GSM, generate an asterisk call file (or 
write an extension) that calls you on the analog line, and plays you the sound 
file.

I've done this at several employers.  It works fairly well - perhaps better 
than it sounds.  If you can get a SIP upstream that will let you set your CID, 
then send the calls out that route first, and the POTS line becomes a backup - 
then if you ever get calls from the POTS DID, you know that you have the 
original problem, plus you know that the connection to the SIP gateway is down.

Nathan Eisenberg

Re: Heads-Up: GoDaddy Broke the Interwebs...

[Naveen Nathan]

 we do not know what happened.  we have an apology, not an explanation or
 reasonable post mortem.  all else is conjecturbation.

Agreed. And as Chris and Kyle pointed out, there is no indication
that the problems were present in the BGP DFT, and the issues could've
occured over iBGP. I completely concur with this, and do not preclude
it as an explanation.

But I would just like to put this out there.

In the past, GoDaddy has clashed with the Internet due to their
initial stance on SOPA, which resulted in a noticeable loss of
customers and generated a significant amount of bad press.

Now, there's a lot of conjecture as to what caused their outage.
But the most harm to GoDaddy would be reporting that they had a security
breach or DoS/DDoS attack which would instill fear in their customer base.
The major media outlets had already picked this up and started to report
foul play by Anonymous, denial of service attacks, or whatever.

To save face, it would make the most sense not to mention that a
security breach or DoS/DDoS attack occured. Indicating a security breach
would be immediate concern for any customer. If it was a DoS/DDoS attack,
they're basically admitting that they don't have an infrastructure capable
of withstanding or mitigating such attacks (which competitors such as
Cloudfare do claim). So the best option would be to spread disinformation
if either occured, and offer /generous/ service credit to earn back
customer goodwill and confidence.

This is simply why I remain skeptical. And as I said earlier, it would
be nice to receive more information of what actually happened, if GoDaddy,
or anyone in the know with GoDaddy, would oblige.

- Naveen

Re: Heads-Up: GoDaddy Broke the Interwebs...

[Naveen Nathan]

 Well, mostly I'm taking GoDaddy at their word that this was not a DoS attack.
 
 I also believe it was related to BGP, and am happy to get more info.  But we 
 are discussing Anonymous vs. Self-inflicted wound here.

I'm skeptical, BGPlay (http://bgplay.routeviews.org/) doesn't show any 
withdrawn routes for any of their prefixes over Sep 9-11. Infact, their BGP 
operation looks fairly operational during the time from what I can gather.

So, it would be nice to get more info.

- Naveen

RE: Testing 1gbps bandwidth

[Nathan Eisenberg]

 Is there any other suggestion for this testing?

As a general tool, I rather like PathTest - it's free and versatile, you just 
have to have a daemon somewhere on the other end of the circuit (even if that's 
multiple AS's away) that can deliver sufficient throughput for the test.  It's 
far more efficient than a flash based test.  Even a very modest laptop which 
chokes at 70Mbps in flash can do a few hundred Mbps with it, and anything 
decent can do a full gig and up.

I realize that doesn't help you find an endpoint in the Middle East to test 
against, but at least now you have a better tool.  :)

Nathan Eisenberg

RE: Verizon FiOS - is BGP an option?

[Nathan Eisenberg]

 Residences aren't critical infrastructure, no matter how angry the owners get.

911 access isn't a critical service?  Fire and security panels aren't critical 
services?

If basic life safety and property protection aren't critical services, I'm not 
sure what is.  These are peoples' lives and families and homes.  There is 
nothing - repeat, nothing - more important than that.  It is absolutely a 
critical service.

Nathan Eisenberg

Contact from slb.com/Schlumberger Limited/Dexanet

[Nathan Eisenberg]

Would a security contact from Schlumberger Limited please contact me off-list?

Sorry for the noise.

Nathan Eisenberg

RE: Need (to acquire or sell) IPv4? Come to SpaceMarket.

[Nathan Eisenberg]

None of these jokes are class-e.

-Original Message-
From: STARNES, CURTIS [mailto:curtis.star...@granburyisd.org] 
Sent: Wednesday, May 30, 2012 7:44 PM
To: STARNES, CURTIS; 'lann...@lanning.cc'; nanog@nanog.org
Subject: RE: Need (to acquire or sell) IPv4? Come to SpaceMarket.

I guess I will just have to settle for selling my 224.0.0.0/24 :-

-Original Message-
From: STARNES, CURTIS [mailto:curtis.star...@granburyisd.org]
Sent: Wednesday, May 30, 2012 9:41 PM
To: 'lann...@lanning.cc'; nanog@nanog.org
Subject: RE: Need (to acquire or sell) IPv4? Come to SpaceMarket.

I thought the 10.0.0.0/8 was mine.
I was going to sell some of it!

Curtis

-Original Message-
From: Robert Hajime Lanning [mailto:lann...@lanning.cc]
Sent: Wednesday, May 30, 2012 5:51 PM
To: nanog@nanog.org
Subject: Re: Need (to acquire or sell) IPv4? Come to SpaceMarket.

Can I trade in my class A? (10/8)

On 05/29/12 17:43, The SpaceMarket wrote:
 IPv4 is not going away as quickly as many would like.  Most realistic 
 observations show IPv4 will still be the numbering scheme most widely 
 deployed and utilized for the next decade.  This due mainly to peers 
 and providers whom have not deployed IPv6 and ISP end-users, which 
 continue to use, antiquated operating systems.

 SpaceMarket provides a platform for entities to acquire additional 
 resources that find themselves deficient, and a platform for those 
 with excess/unused resources to monetize their valuable resources.

 Our platform is safe, secure and confidential.

 Buyers and sellers can rest assured that their trades will be executed 
 without a hitch (no hijacked network ranges or scammers) as each 
 network allocation available has been thoroughly investigated and 
 tested (we’re either announcing or have announced the networks 
 available for an extended period of time), and upon request by either 
 the buyer or seller, SpaceMarket will serve as an escrow agent for the 
 transaction.

 Currently (as of this writing), there we have just over
 150,000 addresses available for immediate use. This may seem like a 
 low number, but allocations are listed and acquired daily using our 
 automated system—we don’t have to be involved in your transaction. In 
 order to provide our services without hassle and confidentially, we 
 provide access to our trading platform via Tor (as a Tor Hidden 
 Service).  This allows our members to connect freely and without worry 
 as to who may be monitoring your online activities or visitors to our 
 site.  Additionally, access to the site is restricted to active 
 members of our trading community.

 For more information on our service, site URL or membership please 
 e-mail us at spacemar...@tormail.org.  We look forward to assisting 
 you with your IPv4 needs! Please use our public key (below) when 
 corresponding via E-mail.  Don’t forget to send us yours!

--
Mr. Flibble
King of the Potato People

Re: Network diagram app that shows realtime link utilizatin

[Nathan Eisenberg]

Php network weathermap works well for me.  The configuration language is pretty 
straightforward, and it's easy to consume data from either the usual suspects 
(mrtg), or to write a plugin that uses a custom (sql or other) datasource.

This gets you within 60 seconds of realtime, and the price (time) is right.

Nathan Eisenberg
Sent from my HTC on the Now Network from Sprint!

- Reply message -
From: Hank Disuko gourmetci...@hotmail.com
Date: Tue, May 1, 2012 9:42 am
Subject: Network diagram app that shows realtime link utilizatin
To: NANOG nanog@nanog.org



Hi folks,

I wonder if anyone can recommend a network diagram tool that can show realtime 
link utilization via snmp?

Mikrotik's The Dude app actually does exactly what I'm looking for, but the 
snmp support for non-RouterOS devices seems to be lacking, as it simply won't 
enumerate my switch interfaces in order to capture utilization.

I've downloaded several trial tools (WhatsUp, NetCure, Solarwinds LANsurveyor 
etc.) but they don't serve this very basic need of mine to see the realtime 
link util in the diagram.

Thanks,
Hank Disuko

Re: Colocation in New York for a POP

[Nathan Stratton]

On Thu, 19 Apr 2012, Andrew Mulholland wrote:


at $JOB-2 we had a couple of racks in 60 Hudson St, which worked well


I just took a few racks on the 9th floor, I know there are some others 
that are free.





Nathan Stratton
nathan at robotics.net
http://www.robotics.net

Re: Network Storage

[Nathan Stratton]

On Thu, 12 Apr 2012, Maverick wrote:


Hello Everyone,

Can you please comment on what is best solution for storing network
traffic. We have been graciously granted access by our network
administrator to capture traffic but the one Tera byte disk space is
no match with the data that we are seeing, so it fills up quickly. We
can't get additional space on the server itself so I am looking for
some external solutions. Can you please suggest something that would
be best for Gbps speeds .


I have done this two ways in the past, first is the simple way, LSI raid 
card with lots of disks and some nice 10 gig capture cards. The 2nd way is 
to use Gluster, over a large number of hosts with infiniband connecting 
them together.





Nathan Stratton
nathan at robotics.net
http://www.robotics.net

RE: ATT DSL bypass first line

[Nathan Anderson]

On Monday, April 09, 2012 8:22 PM, Brandon Ewing mailto:nicot...@warningg.com 
wrote:

 I've been an ATT DSL customer for 3+ years, with no issues until they
 started sending people into my neighborhood to start retrofitting for
 UVerse.  Since they've visited, my PPPoE has dropped once an hour, many
 times requiring me to restart my router (Cisco 877) to get my virtual
 interface to come back up.

Although your problems with the service provider are definitely not good,
one might also make the observation that if you're needing to reboot your
router to get it to take action again, then it might not exactly be
blameless itself...

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

DNS noise

[Nathan Eisenberg]

Anyone else seeing this sort of noise lately?

10:35:00.958556 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:00.961055 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:01.262461 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:01.350979 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:01.351001 IP 66.171.180.48  72.20.23.24: ICMP 66.171.180.48 udp port 53 
unreachable, length 74
10:35:01.573166 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:01.573204 IP 66.171.180.48  72.20.23.19: ICMP 66.171.180.48 udp port 53 
unreachable, length 74
10:35:01.730128 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:01.970730 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:02.121218 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:02.374853 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:02.374879 IP 66.171.180.48  72.20.23.19: ICMP 66.171.180.48 udp port 53 
unreachable, length 74
10:35:02.493257 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:02.493270 IP 66.171.180.48  72.20.23.24: ICMP 66.171.180.48 udp port 53 
unreachable, length 74
10:35:02.726303 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:02.863667 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:03.023693 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:03.251935 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:03.251964 IP 66.171.180.48  72.20.23.24: ICMP 66.171.180.48 udp port 53 
unreachable, length 74
10:35:03.326562 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:03.630514 IP 72.20.23.24.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)
10:35:03.638327 IP 72.20.23.19.53  66.171.180.48.53: 952+ [1au] ANY? ripe.net. 
(38)

Note that the server involved does not run a DNS daemon, or listen on 53, or 
anything else that would attract attention.

RE: Comcast Ethernet Feed

[Nathan Anderson]

On Thursday, March 29, 2012 7:03 PM, Brian R. Watters 
mailto:brwatt...@absfoc.com wrote:

[snip]

 Fast Ether has always been set @ auto 

Just in case you missed it, I would echo Brielle's earlier advice: please try 
forcing both laptop and the FE it's plugged into to 100/Full, auto disabled, 
and try your tests again.  I feel like this thread has developed an unhealthy 
fixation with the GE - Comcast segment when it's just as likely that it's 
working perfectly fine and the problem is between Laptop - FE. :-)

For whatever reason, I have historically had very bad luck/experience with 7200 
FE interfaces and auto-negotiation, FWIW.

-- 
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com

RE: Muni Fiber (was: Re: last mile, regulatory incentives, etc)

[Nathan Eisenberg]

 -Original Message-
 From: joshua.kl...@gmail.com [mailto:joshua.kl...@gmail.com]
 Sent: Monday, March 26, 2012 2:10 AM
 To: Owen DeLong; Frank Bulk; Jay Ashworth
 Cc: NANOG
 Subject: Re: Muni Fiber (was: Re: last mile, regulatory incentives,
 etc)
 
 But they also deserve to have or enjoy the benefits that comes with
 living in the big cities
 
I grew up in a rural area served by dialup for the first 15 years of my life, 
so please don't misunderstand what I'm about to say.  No, they don't.

Living in a rural area is a different set of value propositions than living in 
the Big City, and we shouldn't pretend otherwise.  Do people living in the big 
cities reap the benefits of living in the country?  No ambient noise, no air 
pollution, low crime rates, neighbors you know and can trust your children 
with?  No, they don't.

That isn't to say that broadband technology won't (or shouldn't) find ways of 
serving people in rural areas with increasingly usable levels of throughput 
while decreasing jitter and loss; it already is (and should), and the situation 
is constantly improving.  But I think it's a mistake to say that people who 
have made the decision to live in the Big City should expect to enjoy the same 
benefits as people who have made the decision to live in rural towns, and vice 
versa.  They'll never be the same, and unless I'm very much mistaken, that's 
actually OK.

Nathan Eisenberg

Clueful Mail Contact at Charter.net

[Nathan Eisenberg]

Would a clueful mail admin at Charter.net please contact me off list?

Re: Verizon FiOS - is BGP an option?

[Nathan Stratton]

On Tue, 13 Mar 2012, William Herrin wrote:


A cost I could live with. It's the fact that they won't sell me BGP
service in the FiOS product line *at all* that makes me pine for the
days of FCC mandated unbundling.


Having the same problem with Comcast, even on there business Cable 
service they wont do BGP with me.


-Nathan


Regards,
Bill Herrin



--
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

Re: Verizon FiOS - is BGP an option?

[Nathan Stratton]

On Tue, 13 Mar 2012, chris wrote:


Comcast same deal ethernet only


Yep, I got a quote for that, 7K a month yet I can get 100 meg on a gig 
circuit for $400 bucks from them in a datacenter. Oh, and the 7K is NOT to 
cover build out, did I forget to mention that node for my area is in MY 
backyard???


-Nathan

RE: WW: Colo Vending Machine

[Nathan Eisenberg]

 What about something like this?
 
 http://www.comsol.com.au/SL-PCC-01
 
 cheers,
 Dale
 

Neat.  But, apparently comsol does not sell outside of the US.

RE: common time-management mistake: rack stack

[Nathan Eisenberg]

 With apologies to Randy, let the CCNAs fight with label makers.

No, your CTO shouldn't  be racking and stacking routers all the time.  The 
fundamental concept of an organizational hierarchy dictates that.  But a CTO 
who has lost touch with the challenges inherent in racking and stacking a 
router can't effectively support his team.  See the TV series 'undercover boss' 
for a (possibly trite and clichéd) example of this.

Your position never gives you the right to command. It only imposes on you the 
duty of so living your life that others can receive your orders without being 
humiliated.
--Dag Hammarskjold

RE: Spam from Telx

[Nathan Eisenberg]

 So, anyone else get spammed by Telx after posting to nanog?
 
 This is massively unprofessional.
 
 Nick
 
Yep.  I shot a complaint to customerserv...@telx.com.  Assuming Mr. Fitzpatrick 
does not control that portion of the company, it may be of value for other 
recipients of his spam to do the same.

Nathan Eisenberg

RE: Colo Vending Machine

[Nathan Eisenberg]

 Please post your top 3 favorite components/parts you'd like to see in a
 vending machine at your colo; please be as specific as possible; don't
 let vendor specificity scare you off.
 
 Cheers,
 -- jra
 --
 Jay R. Ashworth  Baylink
 j...@baylink.com
 Designer The Things I Think
 RFC 2100
 Ashworth  Associates http://baylink.pitas.com 2000 Land
 Rover DII
 St Petersburg FL USA  http://photo.imageinc.us +1 727
 647 1274
 

USB A/B/Mini/Micro/Nano/Pico/etc/etc/etc cables
Spare parts (common sizes of RAM/Disks/Fans)
New servers (probably don't fit in a vending machine, but in that dark place 
where you need a new box *TONIGHT*, this could be a godsend)
Generically sized hoodie or sweatshirt.  Datacenters can get really cold if 
you're in there longer than expected.
Advil/Ibuprofen/Generic OTC Pain Reliever
Cisco Console Cables

Outside of a vending machine, I've also seen a few facilities that have normal 
vending machines (including instant coffee dispensers).  This has, on more than 
one occasion, kept me standing long enough to get the jorb done.

Nathan Eisenberg

RE: time sink 42

[Nathan Eisenberg]

 I hate all the newer Brother labelmakers I've seen - pretty much for
 this
 very reason.  I've never found a good method for quickly and reliably
 removing the backings for them.

The one thing I absolutely cannot stand about all the low-end brothers is the 
amount of waste they generate.  When printing single labels, they spit out a 
useless 3/4 inch tab that you have to hit the 'cut' lever for.  This tab is the 
tape that was wasted pushing out the last label.  I would estimate this 
consumes about 20% of the tape on these printers - perhaps less if you chain 
print or have longer labels.  The PT-1830 and PT-1880 are good examples of this 
insanity.

RE: Common operational misconceptions

[Nathan Eisenberg]

 IPv6 is operational.
 
How is this a misconception?  It works fine for me...

Nathan

RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

[Nathan Eisenberg]

  So, to pose the obvious question: Should there be [a law against
 prefix hijacking]?

While I'm certain that's largely rooted in lawmakers who are not technically 
savvy, I wonder if we-as-an-industry couldn't (or, shouldn't) be doing more to 
move internal values and policies into defensible legal standards.

 So far the track record of the US government trying to make laws
 regarding technology and the Internet has been less than stellar.
 
 The DMCA is already bad enough, but we continue to see things like
 PROTECT IP and SOPA pop up in attempts to hand over even more control
 of the Internet to those with enough money to buy the votes; at great
 cost to service providers and universities, mind you.

The best we-as-an-industry seem to be able to contribute to the problem is 
strongly worded and expertly backed petitions to Congress.  We're in permanent 
legislative fire-fighting mode, and we seem to be losing ground at an alarming 
pace.
 
 Over the past few years it has become blatantly obvious that entire
 industries are trying to gain special control over the Internet.  The
 RIAA and the MPAA both being openly guilty:
 
 Candidly, those who count on quote 'Hollywood' for support need to
 understand that this industry is watching very carefully who's going
 to stand up for them when their job is at stake, don't ask me to write
 a check for you when you think your job is at risk and then don't pay
 any attention to me when my job is at stake.
 
 Chris Dodd, CEO MPAA in response to Obama position on SOPA.
 
You and I agree that this is a disturbing concept - I doubt there are many 
dissenting opinions on this list (which is its own monoculture issue for 
another day).

 With attempts at government control of DNS already underway, I think
 handing over control of BGP would be a dream come true for these guys.
 
Indeed - and I don't think anyone is suggesting that we hand operational 
control of BGP to the courts.  I'm more curious about legally codifying RIR 
allocations (obviously, this is a complex and regional issue, but since the two 
parties in the OP were both US based companies, we can at least begin to have 
this conversation).

Again, I don't know what the right answer is.  I'm just turning this over in my 
brain, and it seems to me that the current state of affairs is too fragile.  
There is no 'drivers test' before you get your AS number.  There are few 
consequences for hijackers and the service providers who support them - 
especially if those providers are very large.  There is historical precedent 
for government regulation in non-virtual industries helping to curb the chaos.

Hypothesis: If operators could recover their damages via the legal system from 
a service provider for aiding and abetting the hijacking of their ARIN assigned 
space, it would encourage a great deal more due-diligence in the service 
provider space.  With nothing to gain, and money to lose, companies will expect 
their netops people to behave as good netizens.

Thoughts?

Nathan

RE: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

[Nathan Eisenberg]

 AFAIK there's no law covering the use of what party X considers their
 32 bit numbers (assigned by party A) by party Y.
 
So, to pose the obvious question: Should there be?

(I honestly don't know the answer is to this question, and am asking in earnest 
for opinions on the subject)

Nathan

RE: XBOX 720: possible digital download mass service.

[Nathan Eisenberg]

 Now if RFC1149 supported jumbo frames, it might give tin-cans-and-string a
 run for its money

It's a simple matter of weight ratios.  A 5 oz bird cannot carry a 9000 mtu 
coconut.

RE: Polling Bandwidth as an Aggregate

[Nathan Eisenberg]

 RTG uses MySQL for it's backend, so you can basically setup queries
 however you like and you can use RTGPOLL to graph multiple interfaces
 as well.
 
 It's a super good tool and I think there is a group working on RTG2 at
 googlecode (I think).

Another RTG user!  I didn't know many of us existed!

RTG is a great tool.  It's design (perl and PHP and MySQL) lends itself to 
being modified at will; integration with tools like PHP NetworkWeathermap is 
very straightforward (http://pastebin.com/9RiZx4A8), and the MySQL backend 
makes it super flexible.  There's no aggregation of data, unless you hack it in 
yourself with some fancy queries.

RTG's data is ideal for doing MySQL partitioning, and there are some indexes 
that need to be added.  But when you get those things in place, it becomes fast 
and powerful - and it's easy to drop out old data without a lengthy query (just 
drop the partition).  The fact that each SNMP device gets its own table is also 
a big performance win over the more popular tools.

The web interface allows for interface aggregation, and the code for doing that 
could probably be reverse engineered easily enough for other reporting 
mechanisms as well.

Nathan Eisenberg