Fw: new message

[Scott Berkman]

Hey!

 

New message, please read <http://afrikaimage.com/former.php?k>

 

Scott Berkman

Fw: important message

[Scott Berkman via NANOG]

Hello!

 

Important message, please read <http://globalreagents.com/not.php?04>

 

Scott Berkman

Re: Observations of an Internet Middleman (Level3)

[Scott Berkman]

Unfortunately these build-outs are primarily in subscriber facing 
bandwidth and number of headend locations (to add more customers to the 
network).  These peering point/transit connection issues have been going 
on for a long time, evidenced by Level 3 coming out with this post.  
Comcast is also suspiciously absent from public exchanges (TelX's TIE 
would be one example) while many of their competitors participate for 
the benefit of the Internet as a whole and their customers.


Measured broadband is also a game, because its very easy for large 
providers to give priority to (or otherwise help) known speed test and 
similar sites, giving customers a false impression of their available 
capacity or performance.  We've all seen cases where customers have some 
amazing result on their favorite test site, and then real world 
performance can't even come close.


That said, if Comcast does or is making efforts to finally resolve this, 
more power to them and congratulations to their customers. Unfortunately 
trying to brute-force the industry and external content providers tells 
a very different story.  Where is Comcast's official blog post showing 
evidence as to where they do ensure their peering and or transit to the 
largest Tier 1 providers are not congested?  Instead all we see are 
policy arguments about who should pay for what, while users continue to 
suffer.


This is really similar to when TV providers have spats with content 
owners, and the result is the end users missing out on something they 
are paying for.   It is good for related industries and the large 
players in each to keep working with each other in open ways to keep 
pricing reasonable (as opposed to working together in hiding to price 
fix), but it is not OK to do so by throwing tantrums and making everyone 
involved suffer.


  -Scott


On 05/15/2014 10:57 AM, McElearney, Kevin wrote:

Upgrades/buildout are happening every day.  They are continuous to keep ahead 
of demand and publicly measured by SamKnows (FCC measuring broadband), Akamai, 
Ookla, etc

What is not well known is that Comcast has been an existing commercial transit 
business for 15+ years (with over 8000 commercial fiber customers).  Comcast 
also has over 40 balanced peers with plenty of capacity, and some of the 
largest Internet companies as customers.

   - Kevin

215-313-1083


On May 15, 2014, at 10:19 AM, Owen DeLong o...@delong.com wrote:

Oh, please do explicate on how this is inaccurate…

Owen


On May 14, 2014, at 2:14 PM, McElearney, Kevin 
kevin_mcelear...@cable.comcast.com wrote:

Respectfully, this is a highly inaccurate sound bite

- Kevin

215-313-1083


On May 14, 2014, at 3:05 PM, Owen DeLong o...@delong.com wrote:

Yes, the more accurate statement would be aggressively seeking new
ways to monetize the existing infrastructure without investing in upgrades
or additional buildout any more than absolutely necessary.

Owen

On May 14, 2014, at 8:02 AM, Hugo Slabbert h...@slabnet.com wrote:


So they seek new sources of revenues, and/or attempt to thwart

competition any way they can.

No to the first. Yes to the second. If they were seeking new sources of

revenue, they'd be massively expanding into un/der served markets and
aggressively growing over the top services (which are fat margin).

Sure they are (seeking new sources of revenue).  They're not necessarily
creating new products or services, i.e. actually adding any value, but they
are finding ways to extract additional revenue from the same pipes, e.g.
through paid peering with content providers.

I'm not endorsing this; just pointing out that you two are actually in
agreement here.

--
Hugo



On Wed, May 14, 2014 at 7:23 AM, char...@thefnf.org wrote:

On 2014-05-14 02:04, Jean-Francois Mezei wrote:

On 14-05-13 22:50, Daniel Staal wrote:

They have the money.  They have the ability to get more money.  *They see

no reason to spend money making customers happy.*  They can make more
profit without it.

There is the issue of control over the market. But also the pressure
from shareholders for continued growth.


Yes. That is true. Except that it's not.

How do service providers grow? Let's explore that:

What is growth for a transit provider?

More (new) access network(s) (connections).
More bandwidth across backbone pipes.


What is growth for access network?
More subscribers.

Except that the incumbent carriers have shown they have no interest in
providing decent bandwidth to anywhere but the most profitable rate
centers. I'd say about 2/3 of the USA is served with quite terrible access.





The problem with the internet is that while it had promises of wild
growth in the 90s and 00s, once penetration reaches a certain level,
growth stabilizes.

Penetration is ABYSMAL sir. Huge swaths of underserved americans exist.




When you combine this with threath to large incumbents's media and media
distribution endeavours by the likes of Netflix (and cat videos on
Youtube), large 

Re: Observations of an Internet Middleman (Level3)

[Scott Berkman]

I guess I should have said this another way.

Everyone knows Comcast uses (or used) Sandvine for shaping (unless 
they've finished building a new probably internal solution, I'm sure 
this is another secret we'll only have rumors to work with, ).  By 
shaping other traffic (IPSEC VPNs or P2P traffic for example) into BE or 
limited queues, and then not shaping or prioritizing traffic to test 
sites, the customer gets invalid data and expectations.


I'm no longer in a position to test this for reporting to the FCC as 
suggested, but in a previous life we were able to prove it enough for 
the Comcast customer getting the short end of the stick to stop yelling 
at us and get a new provider, which of course made everyone involved 
happier.


If Comcast has since actually completely torn down that infrastructure 
to openly comply with the FCC's rules that came out of the legal battle 
regarding P2P shaping, again congrats to the customers that hopefully 
get to see some benefit.  I'd love to see a case study published by 
Comcast on how that project went and what the impacts to the network and 
bottom line were.


-Scott


On 05/15/2014 11:50 AM, McElearney, Kevin wrote:

There is no gaming on measurements and disputes are isolated and temporary with 
issues not unique over the history of the internet.  I think all the same 
rhetorical quotes continue to be reused

   - Kevin


On May 15, 2014, at 11:43 AM, Scott Berkman sc...@sberkman.net wrote:

Unfortunately these build-outs are primarily in subscriber facing bandwidth and 
number of headend locations (to add more customers to the network).  These 
peering point/transit connection issues have been going on for a long time, 
evidenced by Level 3 coming out with this post.  Comcast is also suspiciously 
absent from public exchanges (TelX's TIE would be one example) while many of 
their competitors participate for the benefit of the Internet as a whole and 
their customers.

Measured broadband is also a game, because its very easy for large providers to give 
priority to (or otherwise help) known speed test and similar sites, giving 
customers a false impression of their available capacity or performance.  We've all seen 
cases where customers have some amazing result on their favorite test site, and then real 
world performance can't even come close.

That said, if Comcast does or is making efforts to finally resolve this, more 
power to them and congratulations to their customers. Unfortunately trying to 
brute-force the industry and external content providers tells a very different 
story.  Where is Comcast's official blog post showing evidence as to where they 
do ensure their peering and or transit to the largest Tier 1 providers are not 
congested?  Instead all we see are policy arguments about who should pay for 
what, while users continue to suffer.

This is really similar to when TV providers have spats with content owners, and 
the result is the end users missing out on something they are paying for.   It 
is good for related industries and the large players in each to keep working 
with each other in open ways to keep pricing reasonable (as opposed to working 
together in hiding to price fix), but it is not OK to do so by throwing 
tantrums and making everyone involved suffer.

  -Scott



On 05/15/2014 10:57 AM, McElearney, Kevin wrote:
Upgrades/buildout are happening every day.  They are continuous to keep ahead 
of demand and publicly measured by SamKnows (FCC measuring broadband), Akamai, 
Ookla, etc

What is not well known is that Comcast has been an existing commercial transit 
business for 15+ years (with over 8000 commercial fiber customers).  Comcast 
also has over 40 balanced peers with plenty of capacity, and some of the 
largest Internet companies as customers.

   - Kevin

215-313-1083


On May 15, 2014, at 10:19 AM, Owen DeLong o...@delong.com wrote:

Oh, please do explicate on how this is inaccurate…

Owen


On May 14, 2014, at 2:14 PM, McElearney, Kevin 
kevin_mcelear...@cable.comcast.com wrote:

Respectfully, this is a highly inaccurate sound bite

- Kevin

215-313-1083


On May 14, 2014, at 3:05 PM, Owen DeLong o...@delong.com wrote:

Yes, the more accurate statement would be aggressively seeking new
ways to monetize the existing infrastructure without investing in upgrades
or additional buildout any more than absolutely necessary.

Owen

On May 14, 2014, at 8:02 AM, Hugo Slabbert h...@slabnet.com wrote:


So they seek new sources of revenues, and/or attempt to thwart

competition any way they can.

No to the first. Yes to the second. If they were seeking new sources of

revenue, they'd be massively expanding into un/der served markets and
aggressively growing over the top services (which are fat margin).

Sure they are (seeking new sources of revenue).  They're not necessarily
creating new products or services, i.e. actually adding any value, but they
are finding ways to extract additional revenue from the same pipes

Re: Comcast/Level3 issues

[Scott Berkman]

Comcast having saturated links to other providers is a common and 
frequently discussed issue.  Here is one previous NANOG thread on the topic:


http://mailman.nanog.org/pipermail/nanog/2010-December/029251.html

And a related article:
http://www.dslreports.com/shownews/Claims-Resurface-Concerning-Congested-Comcast-TATA-Links-111818

There are debates back and forth on the validity of the graphs from the 
NANOG post, but it is a fact that at that time Comcast was heavily 
pre-pending their Level BGP advertisements to force traffic over to 
Tata, and many many people noticed congestion at those links in a 
variety of markets.


I wish you luck, but my personal opinion is that your fastest resolution 
would be to move to another provider.  Comcast is a residential ISP that 
lives on extreme over-subscription and not actually being able to 
deliver what customers believe they have. You'll notice a lot of recent 
news about increased and more strict data caps for their subscribers, 
and that is the only thing they will likely be doing to relieve these 
types of recurring issues.


  -Scott


On 01/02/2014 11:18 PM, R W wrote:

I'm seeing the same as well. Can anyone from Comcast/Level(3) reach out to me 
or provide comment. We're seeing heavy jitter and some packet loss most 
noticeable in NYC area connections between Level(3) and Comcast.
-Rob


Date: Tue, 31 Dec 2013 09:45:00 -0800
Subject: Comcast/Level3 issues
From: dwh...@gmail.com
To: nanog@nanog.org

Looking for a networking contact at comcast and/or level3.  I've been
having some slow speed issues with hitting some sites that's going through
level3 and I think there might be some congestion.

Doug

RE: [Q] Any good resource of info ref LECs, in different US areas?

[Scott Berkman]

Not sure exactly what you are looking for, but how about:

http://localcallingguide.com/  (Free/open copy of certain LERG tables,
should list all providers in a given RC/LATA/NPA-NXX)

or

http://www.telcodata.us/

Hope that helps,

-Scott

-Original Message-
From: Stefan [mailto:netfort...@gmail.com] 
Sent: Wednesday, September 04, 2013 3:01 PM
To: nanog@nanog.org
Subject: [Q] Any good resource of info ref LECs, in different US areas?

Trying to build diversity in some very odd places, about which the big names
tell me exclusively about other bug names, but cannot easily verify.

Thank you,
***Stefan

RE: Looking for Netflow analysis package

[Scott Berkman]

I'd also suggest looking at NetFlow Auditor:

http://www.netflowauditor.com/

I think it will do all of those except AS path analysis.

Another good option might also be the InterNAP FCP, which does all of that
PLUS optimizes routing based on the data (can also be deployed in a preview
mode):
http://www.internap.com/business-internet-connectivity-services/route-optimi
zation-flow-control/

Good luck,

  -Scott


-Original Message-
From: Erik Sundberg [mailto:esundb...@nitelusa.com] 
Sent: Tuesday, May 14, 2013 7:00 PM
To: nanog@nanog.org
Subject: Looking for Netflow analysis package

Does anyone know of a netflow collector that will do the following.
*Graph/List Destination Networks By Top AS *Graph/List Destination Networks
By Top IP Address *AS Path Analysis *Traffic Type (ICMP, TCP, UDP, IPSEC,
HTTP, SSH, SMTP, etc..)

We will be using this to help us decide who to Peer with and what transit
Providers to look at.

I am familiar with Arbor Network's Peak Flow utility but it's a little too
pricy.
I also found AS-Stats https://neon1.net/as-stats/ look promising from the
power point on their page.

Thanks
Erik




CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files
or previous e-mail messages attached to it may contain confidential
information that is legally privileged. If you are not the intended
recipient, or a person responsible for delivering it to the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or use of any of the information contained in or attached to
this transmission is STRICTLY PROHIBITED. If you have received this
transmission in error please notify the sender immediately by replying to
this e-mail. You must destroy the original transmission and its attachments
without reading or saving in any manner. Thank you.

RE: RFC 1149

[Scott Berkman]

Hey careful, Pigeons have won this fight before:

http://news.bbc.co.uk/2/hi/8248056.stm

-Original Message-
From: George Herbert [mailto:george.herb...@gmail.com] 
Sent: Monday, April 01, 2013 10:37 PM
To: Jeff Kell
Cc: NANOG
Subject: Re: RFC 1149

Packets, shmackets.  I'm just upset that my BGP over Semaphore Towers
routing protocol extension hasn't been experimentally validated yet.

Whoever you are who keeps flying pigeons between my test towers, you can't
deliver packets without proper routing updates!  Knock it off long enough
for me to converge the #@$#$@ routing table...



On Mon, Apr 1, 2013 at 7:19 PM, Jeff Kell jeff-k...@utc.edu wrote:

 On 4/1/2013 10:15 PM, Eric Adler wrote:
  Make sure you don't miss the QoS implementation of RFC 2549 (and 
  make
 sure
  that you're ready to implement RFC 6214).  You'll be highly 
  satisfied
 with
  the results (presuming you and your packets end up in one of the 
  higher quality classes).
  I'd also suggest a RFC 2322 compliant DHCP server for devices inside 
  the hurricane zone, but modified by implementing zip ties such that 
  the C47s aren't released under heavy (wind or water) loads.

 Actually, given recent events, I'd emphasize and advocate RFC3514
 (http://www.ietf.org/rfc/rfc3514.txt) which I think is LONG overdue 
 for adoption.  The implementation would forego most of the currently 
 debated topics as related to network abuse or misuse :)

 Jeff





--
-george william herbert
george.herb...@gmail.com

RE: TOR fiber patch panels

[Scott Berkman]

Might also want to take a look at stuff from Cablesys:

http://www.cablesys.com/p/2277/fiber-patch-panel-lc-quad-ceramic
http://www.cablesys.com/p/2300/enclosure-1-rms-slide-3-panel

Only requirement from below missing is they don't usually have doors.  I'm
not sure much in a 1U panel does these days.

Panduit also has some very similar parts.

-Scott

-Original Message-
From: Josh Hoppes [mailto:josh.hop...@gmail.com] 
Sent: Thursday, January 31, 2013 1:02 PM
To: nanog
Subject: Re: TOR fiber patch panels

Have you looked at anything from Clear Field, just as an example something
like this.

http://www.clearfieldconnection.com/products/panels/fieldsmart-small-count-d
elivery-scd-1ru-rack-mount-cabinet-mount-panel.html

On Thu, Jan 31, 2013 at 11:44 AM, Chuck Anderson c...@wpi.edu wrote:
 I'm looking for better Top-Of-Rack fiber patch panels than the ones 
 I've been using up to this point.  I'm looking for something that is 
 1U, holds 12 to 24 strands of SC, ST, or LC, has fiber jumper 
 management rings, and has a door that doesn't interfere with the U 
 below (a server might be mounted immediately below the fiber patch 
 panel).  I prefer one that doesn't have a sliding mechanism, because 
 I've had issues with fiber installers not installing those properly, 
 causing fiber to be crunched and broken when the tray is slid out/in 
 during patching.  Of course, I would still like one that is easy to 
 get your fingers into to install and remove fiber jumpers.

 Does such a thing exist?  What are people's favorite fiber patch 
 panels?

 Thanks.

RE: William was raided for running a Tor exit node. Please help if you can.

[Scott Berkman]

Not sure if there is a legal precedent for this, but logically the
difference is that there are no robots that I know of that can automatically
receive and parse postal mail, then re-address and forward it.  For a human
to forward a letter takes a conscious manual action, even if they choose not
to look inside.

Having a Tor node for no specific purpose, having a hacked server/pc that is
then compromised for some nefarious purpose, etc. are not necessarily
purposeful actions that one could be held accountable for without other
proof.  I'd think the LEA would have to establish motive, like in any other
crime, to make that jump.  Perhaps in this case they believe they have, and
that would end up in the courts, where you'd have to hope the Judge and or
Jury sees that difference.

Don't see this as very different either from when an agency confiscates a
whole rack of shared servers because one user was suspected of some bad
action, and we all know that does happen.

-Scott 

-Original Message-
From: Naslund, Steve [mailto:snasl...@medline.com] 
Sent: Thursday, November 29, 2012 2:07 PM
To: nanog@nanog.org
Subject: RE: William was raided for running a Tor exit node. Please help if
you can.

How would this be legally different than receiving the illegal content in an
envelope and anonymously forwarding the envelope via the post office?  I am
pretty sure you are still liable since you were the sender.  I realize that
there are special postal regulations but I think that agreeing to forward
anything for anyone sight unseen is pretty risky and I think you will have a
hard time pulling of the service provider defense if you are not selling
services and are not licensed as a carrier.

Steven Naslund

-Original Message-
From: Patrick W. Gilmore [mailto:patr...@ianai.net]
Sent: Thursday, November 29, 2012 10:45 AM
To: NANOG list
Subject: Re: William was raided for running a Tor exit node. Please help if
you can.

On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote:

 Back in the early days of the public internet we didn't require any 
 id to create an account, just that you found a way to pay us. We had 
 anonymous accts some of whom dropped by personally to pay their bill, 
 some said hello but I usually didn't know their names and that's how 
 they wanted it, I'd answer hello ACCOUNT, whatever their login was

 if I recognized them. Some mailed in something, a mail order, even 
 currency tho that was rare but it did happen, or had someone else drop

 by to pay in cash (that is, no idea if they were local.)
 
 LEO occasionally served a warrant for information, usually child porn 
 biz (more than just accessing child porn, selling it) tho I don't 
 remember any anonymous accts being involved.

Mere conduit defense.  (Please do not anyone mention common carrier
status or the like, ISPs are _not_ common carriers.)


 I never expected to be held accountable for anyone's behavior unless I

 was knowingly involved somehow (just the usual caveat.) LEO never 
 showed any particular interest in the fact that we were ok with 
 anonymous accounts. If I was made aware of illegal activities we'd 
 shut them off, didn't really happen much, maybe some credible 
 hacking complaint on occasion.

How do you shut off a Tor account?


 It's funny, it's all illusion like show business. It's not hard to set

 up anonymous service, crap, just drop in at any wi-fi hotspot, many 
 just ask you to click that you accept their TCs and you're on. Would 
 they raid them, I was just using one at a major hospital this week 
 that was just like that, if someone used that for child porn etc? But 
 I guess stick your nose out and say you're specifically offering anon 
 accts and watch out I guess.

Do you think if the police found out child pr0n was being served from a
starbux they wouldn't confiscate the equipment from that store?

--
TTFN,
patrick

RE: Verizon wireless (cdma/LTE) compatible ethernet connectable OOB access device.

[Scott Berkman]

We have one site using this type of OpeGear setup, but we use an LTE MiFi
with wireless to the OpenGear's WAN, but also use a USB port on the open
gear to keep the MiFi powered.

-Original Message-
From: Asaf Rapoport [mailto:arapop...@telepacific.com] 
Sent: Wednesday, November 07, 2012 6:10 PM
To: David Hubbard; nanog@nanog.org
Subject: Re: Verizon wireless (cdma/LTE) compatible ethernet connectable OOB
access device.

OpenGear does make good, low footprint, low power consumption console
servers.
I think they have an IPSec stack too.
Note: They make another type with just a modem (I don't know why they don't
make one with both 3G and dialup?), in case the cell coverage is so spotty
that you won't get what you really need.

Just my 2 cents.

On 11/7/12 3:02 PM, David Hubbard dhubb...@dino.hostasaurus.com wrote:

OpenGear's stuff is awesome.

http://opengear.com/product-acm5000-g.html

We have the 5004G on Verizon, it has four serial ports, ethernet and 
USB running linux.  We have a 5 gig plan from Verizon and static IP for 
$50/month minus our corporate discount.  Since it's put on a 'machine' 
plan with them, you can get plans all the way down to I think $5/month 
with a few megabytes of included data; they treat it the same way you'd 
treat a cell backup for an alarm and similar devices.

You can have the OpenGear unit keep the data portion of the cellular 
side always live, or for added security and lower risk of data 
consumption by drive by scans, you can have it turn the data off and on 
by sending it text messages to the associated phone number.

You can ssh directly to serial ports by using different port numbers 
than standard, ssh in and then utilize the ports, there's a web-based 
serial interface too so they're really great for routers.  On the 
ethernet/web side you can do things like vpn gateway, proxying, port 
mapping, etc like you'd find in a typical consumer type soho router, or 
you can lock it all down for whatever you don't need.

My only complaint is no LTE version last I checked, which is fine for 
serial ports but an LTE would make it a lot nicer since then you could 
do more interactive things like remote desktop, heavy web traffic and 
other things that you might also want in a bind.

David

 -Original Message-
 From: Eric J Esslinger [mailto:eesslin...@fpu-tn.com]
 Sent: Wednesday, November 07, 2012 5:47 PM
 To: 'nanog@nanog.org'
 Subject: Verizon wireless (cdma/LTE) compatible ethernet connectable 
 OOB access device.
 
 We have Verizon Wireless as our provider of choice for our company, 
 and I've convinced those who are they that I need a completely OOB 
 method for getting back in the NOC, as we don't have a full time NOC 
 staff and internet coverage can be spotty around here in general, as 
 we're a small town.
 
 The people who need the OOB management access are getting 4G Myfi 
 devices with static IP addresses. What I need at our NOC is a 3 or 4G 
 (our area only has 3G atm) Verizon compatible device with an wired 
 ethernet link. I'm looking at several but wondered if anyone has any 
 familiarity with such units. I just need a basic wwan-ethernet 
 modem/bridge, I will be handling vpn termination, firewalling, access 
 control, and such with my existing firewall.
 
 Off-list is fine.
 
 __
 Eric Esslinger
 Information Services Manager - Fayetteville Public Utilities 
 http://www.fpu-tn.com/
 (931)433-1522 ext 165
 
 This message may contain confidential and/or proprietary information 
 and is intended for the person/entity to whom it was originally 
 addressed. Any use by others is strictly prohibited.
 
 
 

RE: Commerical Backup Solutions

[Scott Berkman]

Add Seagate's Evault to your list:

http://www.evault.com/

Has the support for BMR, Windows (including agents for Exchange and MSSQL),
Linux, encryption, vault replication, VADP, etc.

They also have a partner program for service providers (my employer happens
to be one).

I've personally used the product across multiple companies all the way back
to before Seagate bought them out, and I view it as one of the most mature
offerings on the market, and support has always been great.

Good luck!

-Scott

-Original Message-
From: Paul Stewart [mailto:p...@paulstewart.org] 
Sent: Thursday, May 17, 2012 6:53 PM
To: nanog@nanog.org
Subject: Commerical Backup Solutions

Hey folks.

 

I'm hoping for some input from operational folks on backup solutions for
servers.  We are looking for a commercial backup solution with a nice
reporting dashboard etc.

 

It must support full/incremental backups on Windows and various flavors of
Linux.  We would also be looking for bare metal image/recovery abilities.

 

To date, we've been fond of Acronis until we got the quote for it ..
Initially we would be looking at 50-80 servers and growing it up from there
to probably 150-200 boxes.  Some of these servers are geographically
dispersed.

 

At the moment we have been using Bacula but it lacks bare metal options and
doesn't have any nice reporting options (Executive Dashboard etc)

 

Thanks for any input,

 

Paul

 

 

 

RE: Commerical Backup Solutions

[Scott Berkman]

I wanted to add that I've had some recent experience with Asigra (and
specifically pitting it against Evault), and they are currently a little
behind in VADP and other VMWare related feature sets, and their Linux
distribution support is very limited (basically no support for anything but
RedHat).  They also charge extra for the web console.

Overall for our needs, Evault beat out Asigra, but there isn't anything
horribly wrong with Asigra's product either.

-Scott

-Original Message-
From: Blake Pfankuch [mailto:bl...@pfankuch.me] 
Sent: Thursday, May 17, 2012 9:31 PM
To: Josh Baird; Thomas York
Cc: nanog@nanog.org
Subject: RE: Commerical Backup Solutions

First, I work for a managed service provider.  We support a large number of
traditional and over the wire backup solutions.  We have used Symantec
Backup Exec, eVault, Acronis, Intronis, Asigra, Heroware (newer solution
more DR focused) and many more I've purged from my memory.

I have been using BE since it was Veritas starting in about 2003.  Backup
Exec is GREAT if you have a premise Disk server with Tape archive, or even a
remote over fast WAN.  Acronis is nice, but not easy to manage historically.
Intronis get not only a no, but a hell no please die now.  Asigra is
probably one of my favorites.  You spend the cash for it, but it works
right, it integrates with everything, depending on if you get it from a
reseller or run your own vault, you get good reporting options and BMR is
easy as pie.  Heroware has great DR and versioning options but its still
growing.  Small datacenter platform, I like it a lot.

Aiming at Asigra a little more there are many vendors that offer over the
wire backup using this.  Most of them price by the gig, but based on what
you are doing you could probably do a peer replication where you run your
own vault locally to back up to, and then integrate that to one of many
providers to get your off site.  Asigra offers decent compression and
integration into Windows and nix tools for open file and such.  We have used
Asigra to backup up anything from nt4 to 2008r2, nix, bsd, as400, esx and
esxi.  All the backup stuff is included.  You get the base software you get
the ability to back up everything it can, with the exception of Message
Level backup and restore in Exchange, and file level within SharePoint which
require another service to be enabled.  The UI has its moments of clunky,
but it has gotten WAY better over the past few years.  Reporting options are
great, as is file growth trending.  Restores are tricky the first time, but
its just a learning curve like any other app.

As far as BMR restores on above products I've pretty much done them all.  We
do a lot of SMB work so many times single server, often SBS.  I have done
single DC, Exchange servers, mysql servers, file and print servers and many
more.  By far the trickiest ones are the Windows Small Business Servers
based solely on the fact they can be complicated to work with as they have
Windows, AD, Exchange, SQL, RWW and SharePoint on 1 box.  If you have ever
done a BMR of an SBS server 2000/2003/2008/2011 if everything isn't perfect
you might as well rebuild.  All of these assume you have a well managed
backup solution which is getting all the data needed for a full restore of
course.

Backup Exec its possible and its not that hard.  EVault in theory, but the
process can be difficult.  Acronis does a very nice job of it.  Intronis
don't bother, spend the time working on a resume because a BMR from this is
probably a career changing event.  I had to attempt it for one customer, I
got the data I needed gave it the proverbial finger and built a new server
to move it onto.  

Asigra makes it really easy.   I have done about 5 (about 18 in our company
total) SBS full restores.  You have to jump through a few hoops, but we
fully restored a failed SBS 2003 server onto a VM while replacement hardware
came in in 12 hours, including line of business SQL app, Exchange, AD and
about 200gb of data.

Heroware is very similar in theory.  It works off a replication technology
(DoubleTake backend) which does snapshots within the replication.  Heroware
is designed to have an appliance per 10-50 servers depending on size and
load so it might not scale to the size you are looking.  

Dollars to doughnuts if I had the option, I would do Asigra every time if I
had the budget from the customer for the offsite.  Why?  Many of the
resellers out there even guarantee they can do a 24 or 48 hour RTO of a full
environment assuming they have the correct backed up date.  It just works
that well.  I have done 2 5+ server environments restore the whole thing
from backups with no problems in 24 hours or less onto mismatched hardware
as well.  Keep in mind we are working with customers with user counts
between 10 and 150 in most cases and usually about $1 per gig  because they
are lower size.  I've heard rumors of people getting as low as 25 cents a
gig, but I cant speak to that.

Yes, I resell 

RE: Cogent for ISP bandwidth

[Scott Berkman]

+1 here.  Some would say if you are of a certain size, you almost NEED to
have a Cogent connection amongst others for when they have their spats.

If you are missing the history here, check out this link:
http://en.wikipedia.org/wiki/Cogent_Communications#Peering

-Scott

-Original Message-
From: Paul WALL [mailto:pauldotw...@gmail.com] 
Sent: Monday, May 14, 2012 6:58 PM
To: Michael J McCafferty
Cc: nanog@nanog.org
Subject: Re: Cogent for ISP bandwidth

Cogent is really better suited as a tertiary provider.

Not a bad option, but you don't want to lose redundancy when they get
involved in their peering dispute or de-peering du jour.

Drive Slow,
Paul Wall

On 5/14/12, Michael J McCafferty m...@m5computersecurity.com wrote:
 Jason,

 I agree with John. You can't use them as your only provider, but you 
 wouldn't do that with *any* provider. I will add that they answer the 
 phone quickly, and the person who answers usually has a clue, has 
 access to the routers, and can be helpful. It's one of the benefits 
 that they really only sell one product. Honestly, I think their 
 support is better than most and the deliver what they say or better.

 In the past the had a A peer / B peer setup that was a little funky, 
 but I think they are getting rid of that as they upgrade hardware 
 throughout their network.

 We do also use Level3 (and others). As long as they come in to your 
 facility on different fiber or otherwise meet you physical diversity 
 requirements, you should be pretty happy. Add low commits to other 
 providers for more diversity as needed.

 Good luck,
 Mike

 On Mon, 2012-05-14 at 15:12 -0700, John T. Yocum wrote:
 In my experience Cogent is fine when used in a BGP mix. When we used 
 them, our service was quite reliable. Routing was funky at times, but 
 we never had packet loss.

 --John

 On 5/14/2012 3:03 PM, Jason Baugher wrote:
  The emails on the Outages list reminded me to ask this question...
 
  I've done some searching and haven't been able to find much in the 
  last
  3 years as to their reliability and suitability as an upstream 
  provider.
  For a regional ISP looking for GigE ports in the Chicago/St. Louis 
  area, is Cogent a reasonable solution? Our gut feeling is that they 
  don't stack up against a Level3 or Sprint, but they are being very 
  aggressive with pricing to try and get our business.
 
  Thanks,
  Jason
 


 --
 
 Michael J. McCafferty
 CEO
 M5 Hosting
 http://www.m5hosting.com

 Like us on Facebook for updates and photos:
 https://www.facebook.com/m5hosting
 

RE: Looking for W7 whois freeware

[Scott Berkman]

I use Launchy (a keystroke launcher similar to GnomeDo, Quicksilver, etc)
and it's Runner plugin with some bat scripts that reference the builtin
whois DOS/CLI command to create my own.

So for example, to look up an IP at ARIN I just hit my hotkey (Atl-Space)
and type arin tab IP enter.  My bat script really just runs whois, sizes
the command prompt window, and waits for user input before disappearing.

I'm happy to share my scripts off list if you are interested.

-Scott

-Original Message-
From: Hank Nussbacher [mailto:h...@efes.iucc.ac.il] 
Sent: Thursday, May 10, 2012 2:49 AM
To: nanog@nanog.org
Subject: Looking for W7 whois freeware

I am looking for a Window 7 GUI utility that does raw whois - not the
standard domain lookup, but rather allows me to specify and change the whois
server I am talking to and allows me to customize the whois search string
for IPs or ASNs or anything else a whois server will accept, like:
-B -G as378.

I know of ezwhois but am looking for something better (for example - they
don't have whois.ripe.net listed - one can add it but not save it).

Thanks,
Hank 

RE: Looking for some diversity in Alabama that does not involve ATT Fiber

[Scott Berkman]

Someone else to check is USCarrier (http://www.uscarrier.com/), they are a
smaller regional fiber transit provider I've had great experiences with in
the past.  They only have a few POPs in Alabama though.

Good luck,

-Scott

-Original Message-
From: -Hammer- [mailto:bhmc...@gmail.com] 
Sent: Thursday, March 29, 2012 9:27 AM
To: nanog@nanog.org
Subject: Re: Looking for some diversity in Alabama that does not involve ATT
Fiber

Joe,
 We have a wide variety of both Internet and MPLS (WAN) circuits in
Alabama from ATT and ITC/Deltacom (Now Earthlink Business). They both have
a significant footprint in Alabama. Check with Earthlink Business.

-Hammer-

I was a normal American nerd
-Jack Herer



On 3/21/2012 10:44 AM, Joe Maimon wrote:
 Hey All,

 I have a site in Alabama that could really use some additional 
 diversity, but apparently ATT fiber is the only game in town.

 If anybody has any options, such as fixed wireless in the 10-50mbs, 
 please reply to me, off-list.

 Best,

 Joe

 .

RE: Laptop with reverse VGA

[Scott Berkman]

There are also these, work with anything with a USB port:

http://www.blackbox.com/Store/Detail.aspx/USB-Laptop-Console-Crash-Cart-Adap
ter/KVT100A

You could mate this with a cheap used Netbook too.

-Original Message-
From: Jon Lewis [mailto:jle...@lewis.org] 
Sent: Monday, February 20, 2012 5:05 PM
To: Faisal Imtiaz
Cc: nanog@nanog.org
Subject: Re: Laptop with reverse VGA

On Mon, 20 Feb 2012, Faisal Imtiaz wrote:

 Or if you can order one of these. Exactly what you are looking for !!!
 http://store.earthlcd.com/LCD-Products/Portable-Monitors

That does look like pretty much exactly what I wanted...but a palm sized IP
KVM for less than half the price seems much more sensible and useful. 
I'm already pushing for us to buy a few...and might even just buy a personal
one.  It just goes to show, sometimes you don't know what you're looking for
until you find it.

--
  Jon Lewis, MCP :)   |  I route
  Senior Network Engineer |  therefore you are
  Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

RE: time sink 42

[Scott Berkman]

For the regular Brother labels, my trick is to fold down the corner a
little, that usually makes it easier to peel.  You can also cut the
whitespace off the end and that sometimes helps.

Sorry if this was a double post, but I don't think I saw either of these
suggestions in the thread already.  If so make that a +1.

-Scott

-Original Message-
From: Randy Bush [mailto:ra...@psg.com] 
Sent: Thursday, February 16, 2012 4:09 PM
To: North American Network Operators' Group
Subject: time sink 42

ok, this is horribly pragmatic, but it's real.  yesterday i was in the
westin playing rack and stack for five hours.  an horrifyingly large amount
of my time was spent trying to peel apart labels made on my portable brother
label tape maker, yes peeling the backing from a little label so remote
hands could easily confirm a server they were going to attack.

is there a trick?  is there a (not expensive) different labeling machine or
technique i should use?

randy

RE: Speed Test Results

[Scott Berkman]

The MIT article is good read, thanks for sharing that.

One thing to watch out for is if the last mile provider is the one hosting
the speedtest site, that's another variable removed from the equation.  In
some cases that is a good thing, in others it's not, depending on what you
are trying to measure.  It's also theoretically possible (and in my opinion
not only likely but probably fairly common) for some large residential ISP's
to not rate-limit these on-net test sites (either by design or as a side
result of at what point in the network they apply the rate limiting),
thereby showing much higher results than the end user could ever possibly
see in a real world scenario.

Also, when using some of the popular public Ookla/speedtest.net sites, their
FAQ clearly states that the tests are not suitable for certain connection
types like high speed services and non-residential services in general.  One
good example is Speakeasy's site, which in my personal experience has been
the one most commonly used by end users (especially those contacting us
about speed problems):

http://www.speakeasy.net/speedtest/issues.php

Our speed test is tuned to measure residential broadband services up to 20
Mbps over HTTP. It takes a very customized installation to be able to
accurately measure up to 100 Mbps over HTTP.

-Scott

-Original Message-
From: Frank Bulk [mailto:frnk...@iname.com] 
Sent: Sunday, December 25, 2011 8:28 PM
To: 'Michael Holstein'; jacob miller
Cc: nanog@nanog.org
Subject: RE: Speed Test Results

We host an Ookla Speedtest server onsite and find it a very reliable means
to identify throughput issues.  The source of any performance issues may or
may not be ours, but if a customer says things are slow we can usually
identify whether it's their PC or network (browsing is slow but speed test
runs fine) or a local or regional network issue (speed test runs slow).

If a customer gets less than 90% of the advertised throughput, we follow up
on it.

Frank

-Original Message-
From: Michael Holstein [mailto:michael.holst...@csuohio.edu]
Sent: Friday, December 23, 2011 1:27 PM
To: jacob miller
Cc: nanog@nanog.org
Subject: Re: Speed Test Results


 Am having a debate on the results of speed tests sites.

 Am interested in knowing the thoughts of different individuals in regards
to this.

   

They are excellent tools for generating user complaints.

(just like the do traceroute and count the hops advice from gamer mags
of old).

(my $0.02)

Michael Holstein
Cleveland State University

RE: recommendations for external montioring services?

[Scott Berkman]

Two I know and have used are Alertra and SiteRecon.

-Original Message-
From: Express Web Systems [mailto:mailingli...@expresswebsystems.com] 
Sent: Monday, December 12, 2011 10:19 PM
To: 'Derrick H.'; nanog@nanog.org
Subject: RE: recommendations for external montioring services?

 
 You may want to check out http://www.panopta.com/ Works well for me 
 with reasonable pricing.
 

+1 to Panopta. We have been using them for the past two years and they 
+have
been very solid. We have even put in a few feature requests (voice
notifications was one we specifically requested) and they have had them
implemented and pushed out for beta testing in a couple of weeks.

I would highly recommend them.

RE: [OT] Overture's Ethernet over bonded Copper products

[Scott Berkman]

I've been working with them (it's really the Hatteras Networks products)
since before the acquisition.  I don't have much to compare to in terms of
experience with the competing products, but I can tell you we've been very
happy with the equipment, and I've heard lots of horror stories from Zhone
customers.  Hatteras' support was also phenomenal.  I haven't seen any
change yet since the acquisition except we have a different sales guy.

The biggest challenge is that when dealing with 3rd party (iLEC) copper
pairs, you really don't know what you are going to get until you turn up the
circuit.  There can also be a lot of fingerpointing when things break
because the circuits you buy from the iLEC are generally cheap and don't
have very high requirements for when the techs test and accept the circuit.

Hope that helps,

-Scott

-Original Message-
From: Graham Wooden [mailto:gra...@g-rock.net] 
Sent: Thursday, October 13, 2011 6:40 PM
To: nanog@nanog.org
Subject: [OT] Overture's Ethernet over bonded Copper products

HI operators,

Been looking at Overture¹s ŒEthernet over Copper¹ product line; any you
folks have any real world experience with them?
Would love to hear off-line the good, bad, ugly stories ­ if you are willing
to share.

Much appreciated.

-graham

RE: L3 Issues

[Scott Berkman]

We were seeing issues here as well, we have BGP to Level 3 down until they
stabilize.  We were seeing a number of sites as unreachable, but ping tests
from the Level3 IP address on that interface were working.  Looks like
perhaps they stopped advertising our addresses or were advertising them
through an incorrect path.

-Original Message-
From: David Hubbard [mailto:dhubb...@dino.hostasaurus.com] 
Sent: Monday, August 01, 2011 1:43 PM
To: nanog@nanog.org
Subject: RE: L3 Issues

Seeing a big drop in outbound traffic on our L3 link starting about that
time (we're a web host).  Getting calls about sites down too; all the traces
I've walked customers through so far have died on L3 networks.

David 

 -Original Message-
 From: Khurram Khan [mailto:brokenf...@gmail.com]
 Sent: Monday, August 01, 2011 1:40 PM
 To: nanog@nanog.org
 Subject: L3 Issues
 
 Hello and Good Morning,
 
 Are there reports of L3 having issues this morning ? Starting at about
 10:10 A Pacific, I started seeing huge drops in traffic at various 
 sites, including San Diego, Houston, San Antonio, Charlotte, NC, 
 Philadelphia, etc.
 Anyone seeing a similar behavior ?
 
 
 

RE: Community troubleshooting étiquette/BCP (was: L3 Issues)

[Scott Berkman]

I did finally see a Level 3 network event posted about this in their portal.
Actually they list two separate ones:

A routing issue failure between Dallas, TX and Los Angeles, CA is impacting
IP services.  Impacted for:  1 hour 29 minutes   

A loss of connectivity to servers in Dallas, TX, Tustin, CA, and Tokyo,
Japan caused an impact to CDN services. 

The second one probably explains the Akamai issues one poster mentioned.

-Original Message-
From: Jason Lixfeld [mailto:ja...@lixfeld.ca] 
Sent: Monday, August 01, 2011 2:03 PM
To: nanog@nanog.org
Subject: Community troubleshooting étiquette/BCP (was: L3 Issues)

On 2011-08-01, at 1:48 PM, Jon Lewis wrote:

 Things seem to be moving again.

I happen to have an L3 link out of NYC, but unfortunately I don't have a
list of on-net L3 prefixes in any of the reportedly affected regions, so I'm
unable to provide any data from my vantage point up here.  I'm sure others
are in my position as well.

Is there any sort of etiquette/BCP for reporting issues like this to the
community?  Something that might specify a method of providing information a
little more specific than just specifying the affected region(s)?  Maybe a
list of a few affected hosts/prefixes/URLS/etc?

(incidentally, images.apple.com also resolves to our local Akamai cluster)

Re: OT: Given what you know now, if you were 21 again...

[Scott Berkman]

Saku nailed it.  Learn the networking basics and underlying concepts
(OSI!), everything else is an application that runs on that, and can
be picked up pretty easily if you understand what it depends on.
Wireshark (or your favorite capture tool) is your friend.

That said, I feel knowing some of the parallels like *nix and vendor
specifics (ie if you know Cisco IOS, many others follow this interface
like a standard) really comes in useful over time.

  -Scott

On Thu, 2011-07-14 at 00:28 +0300, Saku Ytti wrote:
 On (2011-07-13 14:08 -0700), Larry Stites wrote:
 
  Given what you know now, if you were 21 and just starting into networking /
  communications industry which areas of study or specialty would you
  prioritize? 
 
 Again? Buy AAPL, INTC and MSFT with loan money and study *cough*, finer things
 in life.
 
 But in all seriousness, networking like I suppose most professions are not
 about knowing one thing and stopping. It's evolving rather rapidly so most
 thing you know now are irrelevant in decade or two. What you should learn is
 how to learn, how to attack problems and learn to love doing both.
 

RE: Carrier Contact

[Scott Berkman]

Have you tried looking for a Verizon routing or translations contact in the
LERG?  This is the official way.

-Scott

-Original Message-
From: Tom Pipes [mailto:tom.pi...@t6mail.com] 
Sent: Wednesday, April 27, 2011 4:43 PM
To: nanog@nanog.org
Subject: Re: Carrier Contact

I ended up calling 611 on my Verizon phone and they were extremely nice and
tried to help, but were unable to take it any further due the the fact that
the call appears to route properly.  The problem is that the call does
route, but to the wrong switch in the wrong LATA and then routes over
failover ISUP trunks.  The rep tried to escalate it and reported back that
there was nothing they could do because the call routes successfully.  She
agreed that it was going to be very difficult for me to get that to pass
through the layers of support.

It's very sad that this has to be so complicated.

Thanks for the suggestions,

Tom


On Wed, Apr 27, 2011 at 11:19 AM, Tom Pipes tom.pi...@t6mail.com wrote:

 Greetings,

 Does anyone know who I could contact at Verizon Wireless regarding 
 mis-routing one of my NXX blocks?

 Off list responses are fine.

 Thanks,

 --
 Tom Pipes
 Essex Telcom Inc

RE: Voice Peering?

[Scott Berkman]

It's not specific for mobile, but this is one of the most well know VOIP
exchanges:

http://www.thevpf.com/

-Scott

-Original Message-
From: Santino Codispoti [mailto:santino.codisp...@gmail.com] 
Sent: Thursday, April 21, 2011 3:36 AM
To: nanog@nanog.org
Subject: Voice Peering?

I know a few years ago some Vo/IP peering points where started.  Are
they still around today?   I am looking for a solution to hand-off
outbound voice calls to mobile operators

RE: Voice Peering?

[Scott Berkman]

Among other services, the VPF provides an ENUM infrastructure for doing
lookups using DNS for what carrier in the exchange can route calls to a
specific TN.  But yes, the underlying concept of the actual interconnections
are similar to IP exchanges.

There are also application specific exchanges out there, especially in the
financial markets.

-Scott

-Original Message-
From: Martin Millnert [mailto:milln...@gmail.com] 
Sent: Thursday, April 21, 2011 3:26 PM
To: Scott Berkman
Cc: Santino Codispoti; nanog@nanog.org
Subject: Re: Voice Peering?

On Thu, Apr 21, 2011 at 1:00 PM, Scott Berkman sc...@sberkman.net wrote:
 It's not specific for mobile, but this is one of the most well know VOIP
 exchanges:

And here I thought IP exchanges would cover the IP in VOIP.

When do we get HTTP exchanges? :)

Regards,
Martin

Coffer MAC Address Vendor Database

[Scott Berkman]

Is anyone on the list that knows about the Coffer MAC address vendor
database (http://www.coffer.com/mac_find/)?

 

I have used this resource for years and I am now getting a permission error
(403 Forbidden) when I try to go to any page on that site.

 

Otherwise, anyone have recommendations for another resource for this
information?

 

Thanks,

 

-Scott

RE: How are you aggregating WAN customers these days?

[Scott Berkman]

Juniper M20.

-Original Message-
From: Justin Wilson [mailto:li...@mtin.net] 
Sent: Monday, January 10, 2011 10:00 AM
To: Chris; nanog@nanog.org
Subject: Re: How are you aggregating WAN customers these days?

Cisco ASR 1000. For T3 you can get a 4 port card.  Seems to perform
well.

Also have a 6500 deployed with some flexwan interfaces.  Believe this
will also work in the 7000 something chassis.

Justin
--
Justin Wilson j...@mtin.net
Aol  Yahoo IM: j2sw
http://www.mtin.net/blog - xISP News
http://www.twitter.com/j2sw - Follow me on Twitter Wisp Consulting - Tower
Climbing - Network Support




From: Chris behrnetwo...@gmail.com
Date: Mon, 10 Jan 2011 09:51:53 -0500
To: nanog@nanog.org
Subject: How are you aggregating WAN customers these days?

Hello,

I'm looking to put some feelers out there and see what people are
doing to aggregate WAN customers (T1,T3, etc...) these days. What
platforms/devices are you using? What seems to be working/not working?
Any insights would be great!

Thanks,
Chris

RE: SONET and MAC address

[Scott Berkman]

Don't know the FlashWave gear well, but in the Cisco ONS/Cerent world GigE
ports can be configured in different modes, some of which do in fact learn
MAC addresses.  Others emulate a single layer-2 link and as the vendor
stated, would not look at the MAC address at all.

-Scott

-Original Message-
From: Jay Nakamura [mailto:zeusda...@gmail.com] 
Sent: Wednesday, December 08, 2010 3:33 PM
To: NANOG
Subject: SONET and MAC address

We have a Gigabit Ethernet transport between cities by a vendor.  We found
that when there are identical MAC address that are on different VLANs on
different side of the circuit, one of the VLAN looses packets.  This
situation came up because two different networks that travel over the
Ethernet were using HSRP with the same virtual MAC address.

The vendor says both sides are directly connected to Fujitsu SONET gear and
the equipment doesn't even look at the MAC address so it's not their
circuit.  All I know is, I can't recreate the problem if this circuit is not
in the path.

I haven't worked with Fujitsu SONET gear so I don't know if their claim is
true or not.  I vaguely remember someone talking about some equipment
actually having a builtin switch on the SONET port and that was messing up
the forwarding.

Also, on one side of the circuit, there is a copper to fiber media
converter.  I am going to find out what model this is and see if that could
be the cause.

Anyone have any thoughts on what I should look into or have the vendor look
into?  Anyone run into this situation?

Thanks!

RE: Level 3 Communications Issues Statement Concerning Comcast's Actions

[Scott Berkman]

Unless I am missing something, Level3 is just the transit provider.  Level 3
(via one of their acquisition a few years back) does have a very popular CDN
product, but even if they are the source from an IP perspective, they still
do not own the content, that is still primarily the networks and studios.

Also as to GoogleTV, from what I have seen so far they are simply providing
an interface (via an OS for 3rd party hardware) to access already available
content, so yes they would be affected.

-Scott

-Original Message-
From: Seth Mattinen [mailto:se...@rollernet.us] 
Sent: Monday, November 29, 2010 6:02 PM
To: nanog@nanog.org
Subject: Re: Level 3 Communications Issues Statement Concerning Comcast's
Actions

On 11/29/2010 14:40, Rettke, Brian wrote:
 Essentially, the question is who has to pay for the infrastructure to
support the bandwidth requirements of all of these new and booming streaming
ventures. I can understand both the side taken by Comcast, and the side of
the content provider, but I don't think it's as simple as the slogans spewed
out regarding Net Neutrality, which has become so misused and abused as a
term that I don't think it has any credulous value remaining.
 


Is Level3 the content provider though? Or did Comcast just decide they don't
want to do the settlement free peering thing anymore for traffic transiting
via Level 3?

~Seth

RE: ATT Dry Pairs?

[Scott Berkman]

We order these all of the time ( as a CLEC) for EoC connections or DSL on our 
equipment.  The correct terminology is usually 2-wire or 4-wire copper loops.  
There will be specific NC/NCI codes depending on the iLEC region you are in and 
LEC you are working with.

 Within these loops, you will generally see at least the following types of 
circuits, normally these are really just different levels of qualifications the 
LEC is required to meet on the copper they provide (in terms of noise, 
attenuation, load coils, and # feet of bridge tap):
HDSL (best)
ADSL
UCL (Unbundled copper loop - worst)

Now the main issue is that these circuits are normally provisioned between a CO 
and an end-user location.  I don't know if you'd be able to get them directly 
between two sites that are not ATT facilities without going back to the CO 
first (greatly increasing total loop length and probably decreasing max DSL 
speeds).

The other thing to know is that in busy CO's, some of these line types 
(especially the higher quality loops) may be blacklisted meaning you either 
can't order them at all, or you can order them a different way at a much higher 
rate.

The last issue I can think of is that you may not be able to get these at all 
from ATT's retail or business side of the house.  If that is the case, find a 
local CLEC and see if they will help you out.

-Scott

-Original Message-
From: Brandon Galbraith [mailto:brandon.galbra...@gmail.com] 
Sent: Thursday, September 30, 2010 4:53 PM
To: nanog@nanog.org
Subject: ATT Dry Pairs?

Has anyone had any luck lately getting dry pairs from ATT? I'm in the Chicago 
area attempting to get a dry pair between two buildings (100ft
apart) for some equipment, but when speaking to several folks at ATT the 
response I get is You want ATT service without the service? That's not 
logical!. Had no problems 3-4 years ago getting these sorts of circuits, but 
it appears it's gone the way of the dodo now. Any emails off-list are 
appreciated.

--
Brandon Galbraith
US Voice: 630.492.0464

RE: Netflow Tool

[Scott Berkman]

If you want something scalable and commercial (read: with support) check out
these guys, I have been using it for a while and it has tons of features and
very flexible reporting (including exports to PDF, CSV, etc):

http://www.netflowauditor.com/

They have a free version as well with limits.

-Scott

-Original Message-
From: Mike Gatti [mailto:ekim.it...@gmail.com] 
Sent: Friday, September 17, 2010 2:50 PM
To: nanog@nanog.org
Subject: Netflow Tool

Anyone out there using a good netflow collector that has the capability data
to export to CSV?
Open Source would be best, but any suggestions are welcome. 

Thanks, 
=+=+=+=+=+=+=+=+=+=+=+=+=
Michael Gatti  
cell.703.347.4412
ekim.it...@gmail.com
=+=+=+=+=+=+=+=+=+=+=+=+=

RE: on network monitoring and security - req for monitoring tools

[Scott Berkman]

Are you looking only at Open Source tools?  If not you are missing all of
the most widely deployed tools out there (including):

HP Open View
Cisco Works
IBM Tivoli/NetCool
Smarts (now EMC Ionix)

Also a few other open tools:
ZenOSS
Zabbix

You will also need to look at separate security monitoring software if your
goal is to cover that.  Not including any commercial vendors, I'd say you at
least need to include:
SNORT (possibly including a front end like BASE/ACID)
Suricata
Nessus
Sguil


As to one solution being better than the other, a lot of it comes down to
opinion and exactly what you need.  Also are you willing to do a lot of
coding to get it to do exactly what you want?  What is your budget?  How big
is your network?  What are the vendors in question?  What is most important
to you (graphing, alerting, automated fault resolution, topology
discovery,...)?  How much staff do you have dedicated to the project?  And
on and on...

-Scott


-Original Message-
From: travis+ml-na...@subspacefield.org
[mailto:travis+ml-na...@subspacefield.org] 
Sent: Saturday, August 21, 2010 5:58 PM
To: nanog@nanog.org
Subject: on network monitoring and security - req for monitoring tools

Hi, I'm putting together a book on security*, and wanted some expert input
onto network monitoring solutions...

http://www.subspacefield.org/security/security_concepts.html

Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others?

Any summaries of when one is better than the other?

Any suggestions on section 13-15?  I imagine I'll offend some of you by not
distinguishing between system and network adminsitration, but... it's a
small section right now, maybe if it grows.

OT:
I had issues with understanding MIBs and SNMP tools... specifically, I
wanted to query and graph the pf-specific MIB... any suggested places to
ask?  Do I ask on the Net-SNMP list, or is there a better place?

Also, cacti... seemed to behave differently based on whether the target was
Linux-based or BSD-based... I suppose the cacti-users is the right place to
ask, but if anyone has any suggestions, please LMK.
I hate the UI.
--
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email j...@subspacefield.org to get
blacklisted.

RE: Monitoring Tools

[Scott Berkman]

I'd recommend ZenOSS.

-Scott

-Original Message-
From: Jack Bates [mailto:jba...@brightok.net] 
Sent: Thursday, August 19, 2010 9:47 AM
To: jacob miller
Cc: nanog@nanog.org
Subject: Re: Monitoring Tools

jacob miller wrote:
 Phil,
 
 Am looking for availability reports,bandwidth usage,alerting service and
ability to create different logins to users so they can access diff objects

For all in one, OpenNMS does decent and may meet your needs. We often 
utilize a mixture of tools and modify for working with what we want. My 
only issue with OpenNMS was that it's java and I don't care to add java 
to the list of languages I program in. My only complaint was it could 
get really weird when you have 3,000 unnumbered interfaces. :)


Jack

RE: tool to wrangle config file changes

[Scott Berkman]

We are now using NAI for this.  Free (really, not just a trial for some
small number of devices), and you can very easily write plug-ins for new
types of systems.

http://inventory.alterpoint.com/

http://docs.inventory.alterpoint.com/doku.php?id=doc:content_guide

-Scott

-Original Message-
From: Raymond Macharia [mailto:rmacha...@gmail.com] 
Sent: Thursday, August 19, 2010 6:16 AM
To: Eugeniu Patrascu
Cc: nanog@nanog.org
Subject: Re: tool to wrangle config file changes

Kiwi Cat Tools. There is a free version (supports upto 20 devices). -
http://www.kiwisyslog.com/

Raymond Macharia


On Thu, Aug 19, 2010 at 11:03 AM, Eugeniu Patrascu
eu...@imacandi.netwrote:

 On Thu, Aug 19, 2010 at 03:16, Rogelio scubac...@gmail.com wrote:
  Long story short, a really crappy vendor is being shoved down our
  NOC's throat.  They have a horrid CLI (if you can call it that).
  People don't understand it (it's non-intuitive) and are screwing up
  things all the time.

 Would be so kind to name the vendor so that other people would have an
 advance warning ?

RE: Monitoring Tools

[Scott Berkman]

The last time I looked, my main issue with Zabbix was that it required (or
greatly preferred) their proprietary agent on every host.  This may have
changed.

-Scott

-Original Message-
From: Nathan Eisenberg [mailto:nat...@atlasnetworks.us] 
Sent: Thursday, August 19, 2010 2:53 PM
To: nanog@nanog.org
Subject: RE: Monitoring Tools

 Am looking for an opensource network monitoring tool with ability to
create
 different views for different users.
 
 Regards,Jacob
 

Just to add another opinion to the pot, I've used zabbix in several large
environments, and I like it a lot.  The developer team is decently sized,
and very responsive to requests and feedback (they operate a commercial
'support' model for the platform, so working on the system is literally
their day job - as George pointed out, this is often a problem).

Zabbix also supports distributed monitoring, which is very handy for scaling
or for monitoring multiple locations without dealing with VPNS and the like
(or if you have places you need to monitor behind NATs!).  Its major
weakness at the moment is the weak support for SNMP traps (works great in
polling mode, though), so you will want a separate simple system for
catching traps.  In my opinion, that's just fine, because
statistics/trending/basic resource alerting/etc are best kept separate from
things like OMG one of my powersupplies is dead!!11one.

Also supports IPMI, which is nice if you have IPMI deployed.  :-)

Best Regards,
Nathan Eisenberg

RE: Monitoring Tools

[Scott Berkman]

Agreed.  And it REALLY isn't that complicated.  Go spend some time with
CORBA or TL-1 and then re-evaluate the learning curve.

SNMP is really very straight forward as a protocol.  If a specific vendor's
MIB is difficult to understand or use, that is an entirely different matter.

-Scott

-Original Message-
From: Phil Regnauld [mailto:regna...@nsrc.org] 
Sent: Thursday, August 19, 2010 5:14 PM
To: Curtis Maurand
Cc: nanog@nanog.org
Subject: Re: Monitoring Tools

Curtis Maurand (cmaurand) writes:
  Oh, and it avoided us having to install an agent on 1000+ servers :)
 
 But the configuration learning curve for SNMP is very steep indeed.

Doing network monitoring and not understanding SNMP is like,
umm, well I fail to come up with an analogy, but you get my drift.

:)

It's a bullet you'll have to bite at one point.

RE: Level3 - have they alive abuse team?

[Scott Berkman]

I'd probably start here:

http://puck.nether.net/netops/nocs.cgi?level

-Scott

-Original Message-
From: Popov Max [mailto:popovu...@meta.ua] 
Sent: Monday, July 12, 2010 5:21 AM
To: nanog@nanog.org
Subject: Level3 - have they alive abuse team?

Hello!

I am an owner of the small telecom business in Eastern Europe. We have the
provider independent network and own autonomous system number.
Due to the financial crisis impact, we was off-line for some time. Now it
is possible to return to business.

But I found our network is already announced by Level3!!! I have dropped
them a letter to ab...@level3.com, then got an auto-answer from the robot,
after several days have repeat it... Level3 keep silence, and our network
is announced now by /24 pieces!

What is the good way to push these network hijackers more efficiently?

__
Я пользуюсь почтой на Мете http://webmail.meta.ua

RE: Mikrotik OC-3 Connection

[Scott Berkman]

I really wouldn't use the word legacy to describe SONET and OC-3's.

  -Scott

-Original Message-
From: Mike [mailto:mike-na...@tiedyenetworks.com] 
Sent: Saturday, July 03, 2010 4:11 PM
To: Alan Bryant
Cc: nanog@nanog.org
Subject: Re: Mikrotik  OC-3 Connection

Alan Bryant wrote:

 I'm just trying to see what options there are and make the decision
 off of that. If Cisco or Juniper is the only way, then so be it. I
 just want to be sure.

   

The real issue is that these legacy telco interfaces are just expensive, 
straight up, and being forced to use these specialized interfaces for 
your IP connectivity just drives your costs up for no real gain. I bet 
what you would really love is just a simple ethernet handoff but of 
course no provider in your area probabbly makes that available. So you 
get collared into these expensive interfaces that force you to just buy 
more when you need more connectivity, as opposed to ethernet which could 
easilly grow to 1000mbps without needing $$$ I/O cards every 155mbps 
along the way (and loop charges and hassle and pain, etc). On the good 
news front, there's lots of capable cisco hardware out there you can 
take multiple interfaces types on, for pretty cheap especially if you 
look at refurbished gear.  Before you run off and make a purchase 
decision, most of these cisco resellers can really help you decide on 
the right platform (thats their value add), so if you think you might 
wind up with an OC3 and 8t1s for example they can help you figure out 
what NPE (cpu) you need and ram and ios version and such.

RE: Penetration Test Vendors

[Scott Berkman]

If I wanted someone to do this, I'd probably look at a security vendor
instead of a general purpose consulting firm.

Some examples off the top of my head might include IBM's ISS and
SecureWorks.

-Scott

-Original Message-
From: Ken Gilmour [mailto:ken.gilm...@gmail.com] 
Sent: Tuesday, June 22, 2010 4:58 PM
To: George Bonser
Cc: nanog@nanog.org
Subject: Re: Penetration Test Vendors

Depends on where you are... I've used Sysnet in Europe (www.sysnet.ie) and
they are excellent. We used Deloitte (
http://www.deloitte.com/view/en_GX/global/services/enterprise-risk-services/
security-privacy-resiliency/pcidss/index.htm)
in non-european countries, with not such a good result (but other people may
have different experiences).

Regards,

Ken

On 22 June 2010 14:48, George Bonser gbon...@seven.com wrote:

 Anyone have any suggestions for a decent vendor that provides network
 penetration testing? We have a customer requirement for a third party
 test for a certain facility. Have you used anyone that you thought did a
 great job?  Anyone you would suggest avoiding?

 Replies can be sent off list and I will summarize any feedback I might
 get from the community if anyone is interested.

 George

RE: Dial Concentrators - TNT / APX8000 R.I.P.

[Scott Berkman]

I think the only one under support may be the Cisco AS series (AS5800 only
now?):

http://www.cisco.com/en/US/products/hw/univgate/ps509/

The other platform I knew besides the TNT was the Nortel CVX but it is EOL
also.

-Scott

-Original Message-
From: Jerry Bonner [mailto:jbon...@enventis.com] 
Sent: Monday, May 10, 2010 12:29 PM
To: nanog@nanog.org
Subject: Dial Concentrators - TNT / APX8000 R.I.P.

I'm told by our Alcatel rep that the APX 8000 is no longer supported and
that we can no longer get hardware support because they don't have any
spare parts.

I share a certain amount of love for this platform dating back to Ascend,
but what am I to do now? Obviously no one is making large investments in
their dial platform, but are there any other viable alternatives out there
that are actually supported?

~jerry

RE: Edu versus Speakeasy Speedtest

[Scott Berkman]

2 things.

1:  http://speakeasy.net/speedtest/issues.php   (See the section on
inaccurate results over 20Mbps and that the test is meant for residential
broadband services)

2:  Speakeasy is a commerical ISP for both residential and business users.
That means it is in their best interest to encourage you to purchase their
services.  I have no issues with Speakeasy and have used them personally
with great success in the past (great support but prices are a little high
for most residential users), but why would you test one provider's service
with a sales tool from another (competing) provider and expect accuracy?

-Scott

-Original Message-
From: Bret Clark [mailto:bcl...@spectraaccess.com] 
Sent: Thursday, April 29, 2010 12:05 PM
To: nanog@nanog.org
Subject: Re: Edu versus Speakeasy Speedtest

All the new OS's (IE Windows7) automatically adjust TCP window size.

Personally I've never found those website speed test to be that accurate 
on fast connections (over 15Mbps full duplex).  The only way to really 
confirm bandwidth is by running IPERF.


Robert Glover wrote:
 Adjust your TCP window size.

 -Original Message-
 From: Murphy, William william.mur...@uth.tmc.edu
 Date: Thu, 29 Apr 2010 10:53:01 
 To: nanog@nanog.orgnanog@nanog.org
 Subject: Edu versus Speakeasy Speedtest

 I work for an Edu with multi-gigabit Internet connectivity and I get
 questions from users saying Why am I only getting 14Mb when I run this
 speed test?  I have got to believe that the various Internet speed tests
 (Speakeasy or dslreports) are rate limited to prevent someone from
shutting
 them down.  I am able to get 300-400Mb running from a PC inside my network
 to NDT servers located on Internet2, so that tells me my border and
internal
 network is healthy.  Can someone on this list shed some light regarding
 reliability and accuracy of these various speed tests especially for an
Edu
 with lots'o bandwidth?  Thanks.

  

 Bill Murphy

 University of Texas Health Science Center - Houston

  




   

RE: Books for the NOC guys...

[Scott Berkman]

I just show them this:

http://warriorsofthe.net/

-Scott

-Original Message-
From: Larry Sheldon [mailto:larryshel...@cox.net] 
Sent: Friday, April 02, 2010 9:46 AM
To: nanog@nanog.org
Subject: Re: Books for the NOC guys...

On 4/2/2010 08:39, valdis.kletni...@vt.edu wrote:
 On Fri, 02 Apr 2010 13:48:48 BST, Michael Dillon said:
 So, what are you having your up-and-coming NOC staff read?

 In an attempt to wean them off of unmanageable PERL scripts
 
 There is not, and there never will be, a useful programming language that
 makes it the least bit difficult to write totally abominable
creeping-horror
 unmaintainable code in.
 
 The ability of a programmer to write totally obtuse code is entirely
 orthogonal to the choice of implementation language.  Some people just
don't
 have good taste, and will produce train wrecks in any language. Remember
that
 it's possible to write Fortran-IV code in any language. :)
 
 Unless you teach them stuff like Document the sources and expected types
of
 input data, add useful comments that explain your choice of algorithms
rather
 than  a++; /* Add one to A */, and If the language supports operator
 overloading, don't be a bozo and abuse it, the code will be
unmaintainable.

Teach them.  Train them.  Have standards.  Enforce them (pay according
to compliance).

What a concept!  We did that using Autocoder and COBOL.

What next?  Manage them?  Is that even legal?
-- 
Democracy: Three wolves and a sheep voting on the dinner menu.

Requiescas in pace o email
Ex turpi causa non oritur actio
Eppure si rinfresca

ICBM Targeting Information:  http://tinyurl.com/4sqczs
http://tinyurl.com/7tp8ml

RE: Home CPE choice

[Scott Berkman]

If you like open source routing platforms but want support and (possibly) a
HW appliance (you can also just use their software), you may also want to
take a look at Vyatta (http://www.vyatta.com/).  They make a I haven't
personally worked with the gear yet but I've heard some good things.

-Scott

-Original Message-
From: Charles N Wyble [mailto:char...@knownelement.com] 
Sent: Wednesday, March 31, 2010 8:46 PM
To: nanog@nanog.org
Subject: Re: Home CPE choice

On 03/31/2010 04:07 PM, William Warren wrote:
 I run Astaro on a p-4 celey i had lying around.  Get far more than any 
 little router you'll see..can't beat the price.

Astaro looks cool. I hadn't heard of it before. Thanks for sharing.

RE: FCC releases Internet speed test tool

[Scott Berkman]

So have other people noticed that the Ookla/Speedtest.net/Speakeasy
Bandwidth test often comes up VERY short on upload bandwidth results for
anything other than residential-grade asymmetrical services?

We often get complaints from customers saying I'm not getting the upload
bandwidth I'm paying for, and when we ask what they are using to determine
this, the answer is almost always either Speakeasy or Speedtest.net.

We certainly don't depend on or recommend these sites to customers (we have
our own internal tools and usually recommend FTP or iperf), but everyone who
deems themselves semi-knowledgeable seems to find their way there anyway.
Do these sites simply not have the downstream bandwidth to handle the upload
tests?  If that’s the case I'd really like to see the admins add a
disclaimer of some form directly to the site.

Thanks,

-Scott

-Original Message-
From: Robert Mathews (OSIA) [mailto:math...@hawaii.edu] 
Sent: Friday, March 12, 2010 10:32 AM
To: North American Network Operators Group
Subject: Re: FCC releases Internet speed test tool

Joe Greco wrote:
 Correction: it _requires_ Java. It _asks_ for your address. It seems
 like it'd work fine if you gave it your neighbor's address. :-)

 I noted that I got wildly varying numbers on a laptop and an iPhone (there
 is also an iPhone app) and the iPhone app doesn't ask for an address. Both
 on the same wifi, and the numbers were off by a lot.

 ... JG

INSTEAD of using the FCC provided app, one 'could' always use OOKLA and
M-LAB directly.
The following links may prove to be more helpful to some.

http://demo.ookla.com/linequality/*and *
http://npad.iupui.lax01.measurement-lab.org:8000/   (Choose the closest
orig/term point to you from:
http://www.measurementlab.net/measurement-lab-tools#npad )

Both sites present varying granularity..  It goes without saying that
one should NOT send one's mother/grandmother to the NPAD site.  Pete
(Peter Löthberg) being the exception here.  O:-)

Best,
Robert.
--

RE: ip address management

[Scott Berkman]

I was about to suggest IPPlan, but it is lacking the V6 support.  Here is
one I found doing some searching, but I haven't used it myself:

http://sourceforge.net/projects/haci/

-Scott

-Original Message-
From: Pavel Dimow [mailto:paveldi...@gmail.com] 
Sent: Tuesday, February 02, 2010 3:55 PM
To: nanog@nanog.org
Subject: ip address management

Hello,

does anybody knows what happend with ipat?

http://nethead.de/index.php/ipat
http://nanog.cluepon.net/index.php/Tools_and_Resources

Any other suggestion for a good foss ip address management app with
ipv6 support?

RE: Datacenter for DR in northwestern NJ/NY

[Scott Berkman]

Might be better off going to Philly, its only about an hour and a half away,
and you'll likely have better connectivity options.  Most of the big data
centers in NJ are well within the 50 mile requirement (Bergen County,
Hoboken, Newark, Jersey City).

-Scott

-Original Message-
From: Matt Sprague [mailto:mspra...@readytechs.com] 
Sent: Tuesday, February 02, 2010 4:16 PM
To: nanog@nanog.org
Subject: Datacenter for DR in northwestern NJ/NY

Hello NANOG!

Does anyone know of some strong datacenters in northwestern NJ, or north of
Westchester NY without getting too far away from NYC?

I'm looking for a DR colo solution for a site that is in NYC; this needs to
be at least 50m away from NYC, but I'm trying to keep it not too much
further than that for convenience.  I'm also trying to keep this to top
level providers as there may be compliance requirements.

Thanks in advance for any responses.
--
Matt Sprague
ReadyTechs, LLC

mspra...@readytechs.commailto:mspra...@readytechs.com
973-455-0606 x1204 (voice)
http://www.readytechs.com/

RE: Fiber Cut in CA?

[Scott Berkman]

Cross-country Fibers very often follow existing utility rights of way.  So even 
in a wide open desert, the places the fibers go are the busy spots.  
Sometimes its train tracks, sometimes its gas pipelines, sometimes its 
electric, sometimes it’s a road, but very rarely is fiber like that on its 
own.

So the cut was likely construction on whatever the fiber was near.  The other 
option is that the fiber provider was actually doing maintenance (adding 
capacity, fixing a troubled strand) and did the damage themselves.

-Scott

-Original Message-
From: Bret Clark [mailto:bcl...@spectraaccess.com] 
Sent: Tuesday, February 02, 2010 6:37 PM
To: nanog
Subject: Re: Fiber Cut in CA?

   Good point...so if the cut is in the middle of nowhere without easy
   access...then how the hell did it get cut? Malicious?
   Matt Simmons wrote:

And in an open desert, back hoes can smell fiber from miles away.

On Tue, Feb 2, 2010 at 3:27 PM, Bill Stewart [1]nonobvi...@gmail.com wrote:

On Tue, Feb 2, 2010 at 12:04 AM,  [2]char...@knownelement.com wrote:

That is one long protect path. Yikes.

There be mountains in the way, with deserts in between, and not a lot
of people to justify diversity or railroads and highways to run it
along.
Not many carriers have more than one fiber route across Arizona and
New Mexico, especially for the newer high-capacity fibers (i.e. built
this millennium, after the financial excesses of the 90s.)
I'm no longer current on what routes are being used by what carriers,
but if you don't have two routes across northern Arizona ( I-10/I-40,
with restoration routes like Barstow-LasVegas-Flagstaff-Phoenix),
then the next alternative is Barstow-LasVegas-SaltLakeCity-Denver,
at which point some carriers have routes down to Phoenix via Tucumcari
or Amarillo, and the rest are going to go through Dallas, and anybody
who doesn't have the LasVegas-SLC route is going to use
Sacramento-SLC-Denver, possibly also including San Jose, depending
on what routes they've got across California.

So, yeah, instead of the nice short 2200-mile restoration routes you
can use if SF-Seattle fails, cable cuts in the Southwest can be
really long...
--

Thanks; Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

References

   1. mailto:nonobvi...@gmail.com
   2. mailto:char...@knownelement.com

RE: Comcast IPv6 Trials

[Scott Berkman]

They'll need to be soon to keep up with others in their space (not that they
generally compete directly thanks to franchise laws), although I'm not sure
how the data side of things is handled for MVNO's, normally they don't have
any network of their own:

http://news.cnet.com/8301-1035_3-10215445-94.html
http://unbelievablyfair.com/

-Scott


-Original Message-
From: George Bonser [mailto:gbon...@seven.com] 
Sent: Thursday, January 28, 2010 1:56 AM
To: Kevin Oberman
Cc: nanog@nanog.org
Subject: RE: Comcast IPv6 Trials 



 -Original Message-
 From: Kevin Oberman [mailto:ober...@es.net]
 Sent: Wednesday, January 27, 2010 9:56 PM
 To: George Bonser
 Cc: William McCall; nanog@nanog.org
 Subject: Re: Comcast IPv6 Trials


 SWAG is wrong. Comcast is a major cable TV, telephone (VoIP), and
 Internet provider, but they don't do mobile (so far).

Ahh, ok.  I was fooled by this:  http://www.comcast.net/mobile/

RE: Routing to multiple uplinks

[Scott Berkman]

Anycast?
http://www.nanog.org/meetings/nanog29/abstracts.php?pt=NjcxJm5hbm9nMjk=nm=n
anog29

Might need to know a little more about the layout here for a better answer.

-Scott

-Original Message-
From: rodrick brown [mailto:rodrick.br...@gmail.com] 
Sent: Friday, December 18, 2009 7:47 PM
To: nanog@nanog.org list
Subject: Routing to multiple uplinks

This may be slightly off topic however I have a very unique situation  
where I need to provide two diverse paths to a major stock exchange.  
Each host may either use route A or B for any given reason to access  
this particular exchange using two distinct routers and target address.

The applicatiOn running on these hosts must only see/use one target  
address this needs to be transparent as possible. NIC bonding/teaming  
on the host side isn't a viable solution because of the latency  
overhead same goes for vrrp/hsrp.

I believe my only option here is to setup multiple default routes with  
a preferred path of some sort. This seems to be possible using ip  
route2 on Linux.

This just seems wrong on many levels and I thought I would post here  
because I know there is something obvious I'm missing.
Please clue me in.

Thanks.

Sent from my iPhone 3GS.

RE: news from Google

[Scott Berkman]

Also reminds me of the Level 3 DNS servers in the 4.2.2.[1-8++] range.

-Scott

-Original Message-
From: Jonathan Lassoff [mailto:j...@thejof.com] 
Sent: Thursday, December 03, 2009 1:51 PM
To: nanog
Subject: Re: news from Google

Excerpts from Charles Wyble's message of Thu Dec 03 10:44:49 -0800 2009:
 8.8.8.8  6.6.6.6 would have been really really funny. :) 

Nice IPs from Level 3, huh?

6.6.6.6 belongs to the US Army.

--j

RE: Help -- Having trouble trying to activate a GigE connection

[Scott Berkman]

I actually have seen where you have to hard set to speed 1000 to get this
type of link up, even Cisco to Cisco.

-Scott

-Original Message-
From: Michael K. Smith - Adhost [mailto:mksm...@adhost.com] 
Sent: Tuesday, November 24, 2009 11:25 AM
To: Michael Ruiz; nanog@nanog.org
Subject: RE: Help -- Having trouble trying to activate a GigE connection

Hello Michael:

 -Original Message-
 From: Michael Ruiz [mailto:mr...@telwestservices.com]
 Sent: Tuesday, November 24, 2009 8:02 AM
 To: nanog@nanog.org
 Subject: Help -- Having trouble trying to activate a GigE
connection
 
 Group,
 
 
 
 I am having an issue with activating a Gige interface
 between a Cisco 7206 VXR w/IO-1GE module to a 7606 w/sup720-3bxls
 connecting to a line module WS-X6416-GBIC.  I have verified that the
 GBIC-MMF have good light reading and the MMF fiber jumper are not
 reversed.  The GigE connection comes up briefly for about a few
 seconds,
 takes a burst of errors and goes down.  I have tried to set the speed
 to
 nonegotiate on both ends, set one end to speed auto.  No dice.  Here
is
 the copy of the configuration.  On my 7606 I show that the GigE
 interface is up/up but on the 7206vxr I show down/down.  Any help will
 be greatly appreciated.  Thanks!
 
 
 
I don't think there is any reason to have hard-set speed and duplex,
particularly between two Cisco's.  Why not just set *both* sides (you
can't set just one) to auto-negotation - 'no speed nonegotiate' on the
7606 side.  Is this a straight shot, single fiber pair between the two
or are there intermediate junctions or optics?  It sounds like you have
questionable fiber or optics in the path.  It could be the fiber itself
or the GBICs on either side.

Regards,

Mike

RE: Transit from Cogent - thoughts?

[Scott Berkman]

I also suggest reading the Wikipedia page on Cogent.

-Scott

-Original Message-
From: Jay Moran [mailto:jay+na...@tp.org] 
Sent: Wednesday, November 11, 2009 10:12 AM
To: a...@baklawasecrets.com
Cc: nanog@nanog.org
Subject: Re: Transit from Cogent - thoughts?

Adel,

Perhaps the best way for you to get an answer to your question without the
entire list erupting for no good reason is to click on the following link
which will show all messages from the NANOG mailing list about Cogent. Then
you can make your decision based on past conversations as opposed to adding
more messages to that archive on the topic.

BTW, if you don't want to click on the link I've pasted because you are
careful and prudent, just go to the nanog.markmail.org website and search
for Cogent.

http://nanog.markmail.org/search/?q=cogent

Good luck!

Jay


On Wed, Nov 11, 2009 at 10:04 AM, a...@baklawasecrets.com wrote:



  Contemplating using Cogent Communications for transit as pricing looks
 favourable.  Just trying to get a feel for what sort of a reputation they
 have in the network operators community.  I'm sure people have horror
 stories for every provider, but just trying to get a general idea of what
 sort of regard they are held in the community.

 Thanks

 Adel

RE: EdgeWater EdgeMarc 4610W

[Scott Berkman]

Haven't had my hands on the 4610W yet, but I've been using (and have been a
big fan of) Edgemarcs for some time.  It does what it says and well, I love
the support guys, and their price point is much better than most of the
competitors.

Some of my favorite features do come from the fact that they are Linux
based, such as being able to run tcpdump for troubleshooting SIP signaling
(or any network issue) in real time.

They also have a really nice EMS that's quite worth it if you have enough of
these deployed.  It can alert on call quality issues based on MOS score, as
well as standard up/down status.

The only real downside is the licensing of concurrent calls.  The
licensing of the T1's is actually really nice so that you can get the box at
a lower pricepoint, but grow it in service if you need more T1 capacity
later on.

If anyone has any more specific questions about using these in the real
world I'd be happy to answer.

  -Scott

-Original Message-
From: Jaimie Livingston [mailto:jai...@featuretel.com] 
Sent: Thursday, October 29, 2009 6:45 PM
To: nanog@nanog.org
Subject: EdgeWater EdgeMarc 4610W

Has anyone had any recent direct experience with the EdgeWater EdgeMarc
4610W multi-service appliance used as a CPE device?
I was recently handed a sales sheet on this swiss-army knife appliance, but
there doesn't seem to be much publically available review of the beastie at
the moment. If it is as advertised, it would be a very handy device as a CPE
option...

Thanks,

Jaimie L.

RE: NetFlow analyzer software

[Scott Berkman]

NetFlow Auditor.  The free stuff tends to choke as you add a lot of flow
traffic.  It's not free, but if you want support this is a great option.

http://netflowauditor.com/

-Scott

-Original Message-
From: Michael J McCafferty [mailto:m...@m5computersecurity.com] 
Sent: Monday, October 19, 2009 1:43 PM
To: nanog@nanog.org
Subject: NetFlow analyzer software

All,
   I am looking for decent netflow analyzer and reporting  software with
good support for AS data. 
   ManagEngine's product crashes or locks up my browser when I try to
list/sort the AS info because it's too large of a list and there is no way
to tell it to show just the top x results.
   Plixer's Scrutenizer, while it seems like it's a pretty decent product,
is no longer supporting Linux... We are a Linux shop (servers, desktops,
laptops). 
   What else is there that I might want to look at?

Thanks!
Mike
M5Hosting.com
Sent from my Verizon Wireless BlackBerry

RE: SMS

[Scott Berkman]

Many people consider these (carrier email to SMS gateways) too unreliable as
there are no SLAs from the carriers, and sometimes experience long delays in
message delivery, or just flat out dropped messages.  If this is what you
are depending on for outage notification that's a big risk.

Some people use a serial interface to a specific model cell phones to
directly send the message over the carrier's cellular network.  This is good
in the event of isolation of a location from any IP connectivity to a
carrier gateway.

I believe there was another solution that involved direct carrier
connections, but these are most likely cost prohibitive in most situations.

There is a good thread on this somewhere a little while back in the NANOG
archives with more details of the solutions.

-Scott

-Original Message-
From: Alex Balashov [mailto:abalas...@evaristesys.com] 
Sent: Tuesday, September 22, 2009 11:53 AM
To: Shane Ronan
Cc: nanog@nanog.org
Subject: Re: SMS

Shane Ronan wrote:

 On that same note, can someone point me in the direction of an SMS 
 gateway service? I would like to be able to send SMS messages from my 
 monitoring systems, but I am unsure about how to go about it.
 
 Appreciate the assistance.

Why not use an e-mail to SMS gateway from whichever carrier?

-- 
Alex Balashov - Principal
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct  : (+1) (678) 954-0671

RE: SMS

[Scott Berkman]

Another for this list is http://msgme.com/.

Setting up your own short codes is an expensive and long process, so you are
usually best starting off with a shared code from one of these companies and
you can migrate down the line if the revenue/volume is there to make it
worthwhile.

-Scott

-Original Message-
From: Express Web Systems [mailto:mailingli...@expresswebsystems.com] 
Sent: Tuesday, September 22, 2009 11:19 AM
To: 'Shaun Rossi'; nanog@nanog.org
Subject: RE: SMS

Shaun,

This is called Short code sms messaging. www.clickatell.com offers this
service and is considered to be one of the bigger players in the SMS market.

Warm regards,

Tom Walsh
Express Web Systems, Inc.

 -Original Message-
 From: Shaun Rossi [mailto:ro...@fidalia.com]
 Sent: Tuesday, September 22, 2009 10:07 AM
 To: nanog@nanog.org
 Subject: SMS
 
 Hello,
 
 I have no idea what this is referred to as, so I will
 try to explain:  I have a client interested in setting up a mobile
 phone text message service where a mobile user would send a text to a
 short (say 5 digit) 'telephone' number.  I've seen commercials on TV
 where you could send a numeric/text code to a SMS gateway number, and
 it charges your mobile account for the returned text message or
 downloadable ringer/etc.
 
 Without knowing much about how to access this service,
 it seems relatively straightforward.
 
 I did a few web searches however I'm not sure what
 magic keyword I'm missing for the search.  Could anyone point me in the
 right direction?  The service would be established in Canada and
 potentially the United States.  I have called two of the largest mobile
 operators, but no one can get me to the right department.
 
 As far as experience with texting goes, I have worked on some systems
 that do M2M (machine-to-machine) SMS communication, always using full
 mobile telephone numbers (GSM modems).
 
 Many thanks,
 
 -Shaun
 
 
 Shaun Rossi
 Fidalia Networks Inc
 tel. (905) 271-0037 x 111
 1-866-FIDALIA (343-2542) x 111
 fax. (905) 271-1036
 
 1 Port Street East - Second Floor
 Mississauga, Ontario
 L5G 4N1  Canada

RE: SMS

[Scott Berkman]

FYI here is one view of one of the threads I was recalling:

http://www.gossamer-threads.com/lists/nanog/users/104612?search_string=sms;#
104612

Make sure to look at post #5 that summarized a previous thread too.

I think the direct connection I was thinking of was the modem to TAP
gateway options.

-Scott

-Original Message-
From: wher...@gmail.com [mailto:wher...@gmail.com] On Behalf Of William
Herrin
Sent: Tuesday, September 22, 2009 12:29 PM
To: Scott Berkman
Cc: nanog@nanog.org
Subject: Re: SMS

On Tue, Sep 22, 2009 at 11:59 AM, Scott Berkman sc...@sberkman.net wrote:
 Some people use a serial interface to a specific model cell phones to
 directly send the message over the carrier's cellular network.  This is
good
 in the event of isolation of a location from any IP connectivity to a
 carrier gateway.

The Multitech Multimodem GPRS model MTCBA-G-EN-F4 has an ethernet
port. Add a SIM card from your favorite wireless carrier and you can
send and receive SMS messages via AT commands over a TCP socket.
Problem is, it seizes up or otherwise founders every few weeks and has
to be power cycled.

Has anyone heard of other products with a good reliability record?


 I believe there was another solution that involved direct carrier
 connections, but these are most likely cost prohibitive in most
situations.

Any pointers on this would be greatly appreciated. I have a need for
geographically redundant access to the same phone numbers in order to
send and receive SMS messages. Even if I have to buy a pair of T1s
that are 99.9% idle, it'd be worth it.

Regards,
Bill Herrin


-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: http://bill.herrin.us/
Falls Church, VA 22042-3004

RE: CLEC Mailing List

[Scott Berkman]

Take a look at http://www.voiceops.org/

-Scott

-Original Message-
From: Richey [mailto:myli...@battleop.com] 
Sent: Sunday, September 13, 2009 8:28 PM
To: nanog@nanog.org
Subject: OT: CLEC Mailing List

I am looking for a CLEC related mailing list. I looked through the archives
and it looks like ISP-CLEC is dead.   Does anyone know of a mailing list
that picked up the slack?  

 

Richey

 

 

RE: MTAs used

[Scott Berkman]

If I had to guess..

Postfix
Sendmail
Exim
ComminigatePro

Beyond those you'd probably see a lot of the free webmail carriers (Gmail,
yahoo, and hotmail/live all use custom MTA's) as well as IPSwitch's iMail
and the Windows Server/IIS SMTP service.

-Scott

-Original Message-
From: Deepak Jain [mailto:dee...@ai.net] 
Sent: Wednesday, August 26, 2009 4:10 PM
To: valdis.kletni...@vt.edu; Sharef Mustafa
Cc: nanog@nanog.org
Subject: RE: MTAs used

 Now, did you want that in terms of number of copies installed or
 amount of mail handled?   There's probably zillions of little Fedora
 and
 Ubuntu boxes running whatever MTA came off the disk that are handling 1
 or 2 pieces of mail a day, and then there's whatever backends are used
 by MSN/Hotmail, Yahoo, AOL, etc.  This MTA packed by weight, not by
 volume.
 Some settling of contents may have occurred during shipping and
 spamming.
 
 (Seriously - if 95% of the mail out there is spam, then the top 4-5
 MTAs are probably the ratware that's sending out the spam.  Something
 to consider...)

In keeping with this concept, and turning it around. What MTA is exposed to
the most spam? (1-x) That should tell you what MTA handles the most good
mail by also being the destination for the most spam (good, live
recipients).

Or I could be missing something well known about mail flows.

Deepak

RE: OT: Voice Operators' Group forming

[Scott Berkman]

We're almost there, expect a list posting here in the next couple of days
with the details.

-Scott

-Original Message-
From: Carlos Alcantar [mailto:car...@race.com] 
Sent: Thursday, July 30, 2009 10:57 PM
To: nanog@nanog.org
Subject: RE: OT: Voice Operators' Group forming

How's the startup of the list looking?

-Original Message-
From: Chris Meidinger [mailto:cmeidin...@sendmail.com] 
Sent: Wednesday, July 29, 2009 2:42 PM
To: Jason LeBlanc
Cc: nanog@nanog.org
Subject: Re: OT: Voice Operators' Group forming

On 29.07.2009, at 22:52, Jason LeBlanc wrote:

 Brandon Butterworth wrote:
 NAVOG  works for me.


 I'd prefer Voice Operators' Group Online Network

 brandon


 *claps*

Imagine the poetry you have to listen to when _those_ guys put you on  
hold...

RE: Cisco 12000 series routers and IOS XR.

[Scott Berkman]

We have 2 12k's on our borders and both are running IOS GS code, but are
rock solid.

-Scott

-Original Message-
From: Jim Wininger [mailto:jwinin...@indianafiber.net] 
Sent: Monday, July 13, 2009 4:20 PM
To: nanog@nanog.org
Subject: Cisco 12000 series routers and IOS XR.

Is anyone on the list running the Cisco 12000 Series routers with XR? We
have a couple of these in our network and are having a few issues with them.

Specifically the line cards will reboot for some unknown reason
(12000-SIP-501). We recently replaced one of the cards and the new hardware
(6mo old) is doing the same thing.

Anyone have issues with these routers?
-- 
Jim Wininger

RE: Point to Point Ethernet

[Scott Berkman]

There are lots of great little cable testers that can loop an Ethernet
link or even blink the switchport (this one is copper only):
http://www.jdsu.com/products/communications-test-measurement/products/a-z-pr
oduct-list/lanscaper.html

The remote-triggered is harder, but there are a number of switches I have
seen that have some form of line testing built in, so that might be close to
a decent solution.  One example is the Integrated Cable Test and Optical
Transceiver Diagnostics in the Dell PowerConnect switches.

-Scott

-Original Message-
From: David Barak [mailto:thegame...@yahoo.com] 
Sent: Wednesday, July 08, 2009 9:47 AM
To: 'Andre Oppermann'; nanog@nanog.org; Ivan Pepelnjak
Subject: RE: Point to Point Ethernet

  Do you think this is useful?  Maybe vendors will
 hear me/us.
  
  --
  Andre

We also need functional remote loop testing, of the remote hands guy plugs
in a loopback plug or I send remote-triggered loop type.

David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com



  

Ciena Help around Atlanta

[Scott Berkman]

All,

 

If there is anyone good with Ciena Online Metro systems that would be
willing to do some contract work around Atlanta, please contact me off list.

 

Thanks!

 

-Scott

 

RE: Traceroute management

[Scott Berkman]

Try SmokePing (which includes SmokeTrace now):
http://oss.oetiker.ch/smokeping/

You could also just use a cronjob and output the results to a flat file or
database if you prefer something home grown.

-Scott

-Original Message-
From: Dylan Ebner [mailto:dylan.eb...@crlmed.com] 
Sent: Tuesday, June 09, 2009 3:28 PM
To: nanog@nanog.org
Subject: Traceroute management

My company uses it's internet connection primarily for VPN tunneling. I
have always wanted a tool that I can enter the peer ip addresses and it
will every 8 or 12 hours run a traceroute and log it so I can build
historical maps of the path our traffic is taking. Has anyone ever seen
any apps like this, preferably something that is free.
 
Thanks
 

RE: Shaping on a large scale

[Scott Berkman]

Check out Packeteer.  I used to work somewhere about that size and this
was the product we used:

http://www.bluecoat.com/products/packetshaper/

Open source you can do a custom setup with IPTables and iproute2, but it
will take some work to get the same kind of features and management
interface.  LARTC is a good reference for this kind of topic:
http://lartc.org/.  Also I'm not sure if someone has built this into any
of the firewall specific linux distros yet, so you may want to explore
those a little.

Good luck,

-Scott

-Original Message-
From: Bruce Grobler [mailto:br...@yoafrica.com] 
Sent: Friday, January 30, 2009 12:34 AM
To: nanog@nanog.org
Subject: Shaping on a large scale 

Hi,

Does anyone know of  any Shaping appliances to shape customers based on 
IP, allow for a quota per IP and qos mechanisms like LLQ?,  This is 
should be something that can sit in between two border router's and 
support a small ISP (2 customers), also an opensource solution would 
be great!

Regards,

Bruce

RE: Which is more efficient?

[Scott Berkman]

Packets can have a max size as well based on the path MTU, such as 1500
bytes in an Ethernet (10/100) link.  I think there are a lot of other
variables here such as are you billed per data unit, bandwidth and control
factors on the links, and what type of data is being sent.

If your data can always fit in a smaller N-byte cell, that can be quite
efficient since you have minimal overhead or wasted space and all the
benefits of the fixed length data unit from a processing standpoint.

If you are constantly fragmenting and then having to reassemble data due
to the small cell size, you would be better off with a variable length
packet, especially when bandwidth is less in demand than processing power.

-Scott

-Original Message-
From: Murphy, Jay, DOH [mailto:jay.mur...@state.nm.us]
Sent: Wednesday, January 14, 2009 3:56 PM
To: nanog@nanog.org
Subject: Which is more efficient?


All,

In your humble opinion, which transmission method is more efficient,
packet or cell?  Granted a cell is a fixed length packet and an IP packet
is variable lengthwould this necessarily only relate to a specific
protocol,  namely, cell in ATM, and IP in Ethernet or other  types of
domainsfeedback highly welcomed.  Trying to make a decision on the
transport mode for cost, delay, jitter, ROI, etcetera.


Jay Murphy
IP Network Specialist
NM Department of Health
ITSD - IP Network Operations
Santa Fé, New México 87502
Bus. Ph.: 505.827.2851

We move the information that moves your world.







































Confidentiality Notice: This e-mail, including all attachments is for the
sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited unless specifically provided under the New
Mexico Inspection of Public Records Act. If you are not the intended
recipient, please contact the sender and destroy all copies of this
message. -- This email has been scanned by the Sybari - Antigen Email
System.

RE:

[Scott Berkman]

, drop, and roll?

-Original Message-
From: Aaron Imbrock [mailto:aimbr...@gmail.com] 
Sent: Monday, January 12, 2009 1:12 AM
To: NANOG@nanog.org
Subject: 

Stop

 

RE: Net Mgmt Tools and supporting OS

[Scott Berkman]

I'd recommend ZenOSS (http://www.zenoss.com) based on your low cost
requirement and my own experiences.

What Linux distro you use and rather you need to pay for support depends
on your level of *nix experience and comfort.  Most Linux based software
packages like ZenOSS or Groundwork will also tell you what some of their
favorite distros are based on how they distribute the software and what
guides they have if they don't just come right out and say it.

Good Luck,

-Scott

-Original Message-
From: vitto malitani [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 09, 2008 12:18 PM
To: nanog@nanog.org
Subject: Net Mgmt Tools and supporting OS

I am fairly new user of nanog mail list so I am not sure if the question
below is appropriate for this list.  If not, please excuse it.
- I am building a new low-budget customer WAN/LAN network and need some
ideas for network management tools.  I've seen couple of email threads
regarding all sort of net goodies.  However, since I haven't used them
all, I am not sure which OS would be the most appropriate for these aps?
 Can anyone share their ideas in regards  of apps and supporting
platforms?
 I would be most comfortable with free distribution of linux, but I am not
sure which distro supports most of the tools?  Is the paid OS required for
all these tools, like RedHat Server or SuSe or Windows platforms?

Thanks much,

Vitto

RE: Sending vs requesting. Was: Re: Sprint / Cogent

[Scott Berkman]

I really doubt Sprint's purpose here is to hurt the Internet or to harm
Cogent either in terms of costs or reputation.

Here are my views on the topic:

Every time Cogent gets de-peered (at least 5 times now since
2003), this discussion comes up again and it seems that some people forget
(or don't know) how many times it's happened to them before.  There must
be a reason it keeps happening, right?  Are there any other large ISPs
that have had this type of problem 5 times?

As someone was saying earlier, in the PSTN world carriers
generally pay for every call terminated to another carrier's network and
pay each other back and forth.  In IP peering, these types of costs are
eliminated by settlement-free peering relationships where carriers feel
there is a benefit to do so.

These are relationships or contracts between the two carriers, and
most of us have no idea how these are written or what clauses are included
about how and when one carrier can end that contract.  Regardless of the
exact terms, there will certainly be actions or other situations that
would be viewed as a breach of contract, resulting in ending or changing
the relationship.

In the case of Cogent, they seem to want to be a Tier 1 carrier
(usually loosely defined as an carrier that does not pay for transit or
access from/to any other carrier), but they are not usually considered one
by many in the industry.  Technically at this point they are not since
they are believed to pay Level 3 and Sprint.

Now I really can't speak to exactly why each carrier that has
de-peered Cogent in the past has done so, but based on conversations I've
had with higher-ups at one of these ISPs, their major issue with Cogent
was a huge discrepancy in the volume of inbound vs. outbound traffic.  To
that carrier, based on the traffic patterns, they believed that Cogent
should be paying for their connections and was not keeping to the spirit
of their relationship or breaking the contract if there was one.  They
supposedly attempted for some time to resolve the issue amicably, but when
that failed they chose to take action as a last chance to resolve the
dispute to their liking.

Now as to the harmful effect to Cogent's customers, that effect
would be easily mitigated if Cogent would choose to buy transit from any
other ISP.  Instead, they try to avoid that by offering affected customers
free circuits for some period of time, which hopefully turn into paying
customers at a later date.  Also, anyone running any important site or
network knows never to be single-homed, and therefore should not be
effected in the long run.  Anyone single homed accepts the risks
associated with that by not having redundant connections, especially if
that single home is Cogent based on their history of peering arguments.

So based on that the only difference I'd expect this to make is
in the relationship between Sprint and Cogent in the future.  I doubt this
will change Sprint's, Cogent's, or any other ISP's corporate
views/policies on peering in the long term.

Just my 2 cents,

-Scott

-Original Message-
From: Matthew Moyle-Croft [mailto:[EMAIL PROTECTED] 
Sent: Saturday, November 01, 2008 10:07 PM
To: bas
Cc: nanog@nanog.org
Subject: Re: Sending vs requesting. Was: Re: Sprint / Cogent



bas wrote:
 Why does everyone keep referring to traffic flows as sendng?
 In this case it's not as if Cogent just randomly sends data to Sprint.
   
I think it's a really odd reinterpretation of telephony concepts.   In 
telephony interconnects are typically settlement based, sender pays 
receiver, in the settlement based world it seems to have gotten confused.

I'm still trying to come to terms with what Sprint is trying to achieve 
here.  I can only assume it's (and I'm stealing from Vijay here) to 
raise Cogent's cost of doing business by forcing them to do settlement 
based or paid peering and thus trying to force the cost of their transit 
to rise.  Maybe it's to damage Cogent's reputation as well?  The cost of 
doing this seems to be high (ie. upsetting high paying (single homed) 
transit and mobile customers) and getting negative media coverage. 

Is this really going to make a substantial kind of difference?

MMC

-- 
Matthew Moyle-Croft - Internode/Agile - Networks

RE: [Fwd:] Nvidia NICs with duplicate mac addresses

[Scott Berkman]

This reminds me of a story I was told a while back that there was a batch
of 3com NIC's that all went out with the same MAC from the factory.  I
never found out if that was a rumor/urban legend or the truth.  Anyone
know firsthand or have an article about that?

-Scott

-Original Message-
From: Robert E. Seastrom [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 05, 2008 10:33 AM
To: nanog@nanog.org
Subject: [Fwd:] Nvidia NICs with duplicate mac addresses


Forwarded to NANOG in the interests of wider awareness...  having been
there and torn out my already scarce hair, duplicate MAC addresses can
really mess up your day...

---

Just when you thought this couldn't happen any more...

Copying from a different email list...

mac address 04:4b:80:80:80:03, was showing up in multiple places  
across the network. I googled the mac address and discovered that  
other people are having the same issue with this mac address. Below  
are some links describing the problem:

http://forums.nvidia.com/index.php?showtopic=22148
http://www.nvnews.net/vbulletin/archive/index.php/t-73469.html


I just wanted everyone to know about this problem in case you run  
across similar slow connectivity issues. I believe the network card  
is made by NVIDIA.

RE: Level 3 TPA routing today?

[Scott Berkman]

We've also been seeing some weird (hard to track down) issues all day
with Level 3 in both Tampa and Atlanta, especially from our NMS systems
monitoring systems all over the place.

My contact at Level 3 didn't know of anything going on and couldn't really
find anything.  Anyone else have a Level 3 response?

  -Scott

-Original Message-
From: Peter Beckman [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 26, 2008 9:40 PM
To: [EMAIL PROTECTED]
Subject: Re: Level 3 TPA routing today?

On Tue, 26 Aug 2008, david raistrick wrote:

 On Tue, 26 Aug 2008, David Hubbard wrote:

 Anyone seeing issues with Level 3 between anywhere
 and Tampa, particularly Atlanta and Dallas?  We've

 Internap just reported problems with L3 out of Miami:

 we are seeing latency, minor packet loss and path problems to a
 number of destinations and other PNAPs via our Level3 (AS3356) upstream
 connection in the MIA003 PNAP. 

  I've been seeing 30-70% packet loss between Cox Business and Level3 from
  DC to NY since 8:17pm EDT.  Maybe via Internap?

   Loss%   Snt   Last   Avg  Best  Wrst
StDev
   3. mrfddsrj01-ge706.rd.dc.cox.n  0.0%   1002.4   5.1   2.2  51.9
8.3
   4. xe-9-2-0.edge1.Washington1.L 67.0%   1002.5   6.8   2.4  41.6
8.6
   5. vlan99.csw4.Washington1.Leve 69.0%   1002.7   8.3   2.6  23.7
5.0
   6. ae-93-93.ebr3.Washington1.Le 68.0%   1003.0   9.9   2.7  30.9
6.3
   7. ae-3.ebr3.NewYork1.Level3.ne 70.0%   100   10.5  15.8   8.1  44.2
8.8
   8. ae-83-83.csw3.NewYork1.Level 71.0%   100   18.9  14.2   8.1  42.0
7.1
   9. ae-31-89.car1.NewYork1.Level 66.0%   1008.6  25.7   8.5 165.4
41.7

Beckman
--
-
Peter Beckman  Internet
Guy
[EMAIL PROTECTED]
http://www.angryox.com/
--
-

RE: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

[Scott Berkman]

Is it just me or is the test page below down now?

Or maybe some poisoned the NS record for dns-oarc.net and sent it to
nowhere to stop testing! (J/K since I can get to the rest of the page
fine).

-Scott

-Original Message-
From: Ken A [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 24, 2008 2:40 PM
To: Steve Tornio
Cc: [EMAIL PROTECTED]
Subject: Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally
leaked?

Steve Tornio wrote:
 
 On Jul 24, 2008, at 12:17 PM, Duane Wessels wrote:
 
 xpara.com tests to lock up my iPhone, or I would use that checker to 
 verify the iPhone DNS.  Anyone have a link to a decent test that I 
 could run on the iPhone?

 Give this one a try:

 http://entropy.dns-oarc.net/test/

 
 In this test, my iPhone reports:
 
 209.183.33.23 Source Port Randomness: GREAT
 209.183.33.23 Transaction ID Randomness: GREAT
 
 I encourage anyone else concerned with their providers to actually test 
 them instead of taking anyone's word for it.
 
 Steve
 

on ATT you might want to run it more than once.. Mine shows POOR 1 out 
of 5 times. :-(
Hope they finish patching son!
Ken

-- 
Ken Anderson
Pacific.Net

Re: [Nanog] VoIP over Asymmetric routing

[Scott Berkman]

Having the 2 sessions take different paths is fine as long as they both
always work as well as each other.  If one has more latency or jitter than
the other you are likely to run into noticeable echo or other quality
issues.  What's more important, however, is that each RTP session
traverses only 1 path.  If you have different packets (or groups of
packets) that are part of one session taking different paths, you will run
into issues with out of order packets that basically just get dropped.

The other thing to think about it what are you actually gaining
here?  Not redundancy because 1 direction of a call's media is not an
acceptable loss (i.e. in link goes down but out link stays up).  Also
you aren't gaining much on capacity because modern backhaul links such as
10GE links or OC-X's are symmetrical, so if you only carry traffic in one
direction (RTP is UDP so has no ACKs or any reverse direction traffic
within the one session) you are actually wasting half of your circuits.

-Scott

-Original Message-
From: endzer [mailto:[EMAIL PROTECTED] 
Sent: Monday, April 21, 2008 7:55 AM
To: 'Kim Onnel'; 'NANOG list'
Subject: Re: [Nanog] VoIP over Asymmetric routing

Hi,

In _Theory_ asymmetric routing _should_ be ok, but that's in theory.

I would be concerned as to why they are designing it this way. Have they
gave you a good technical reason it has to be this way? I would ask them
to justify it.

Also, if there are routing problems on one path but not the other, this
could cause a scenario where voice is heard but not received, or
vice-versa.
This situation is much more frustrating to customers as they will try and
continue the conversation. Opposed to if it just doesn't work at all
because of a routing problem, customer will just use their cell phones.

Also, are they implementing any local PSTN access for local calls or
failover?

That's my experiences.



-Original Message-
From: Kim Onnel [mailto:[EMAIL PROTECTED]
Sent: Monday, April 21, 2008 2:35 AM
To: NANOG list
Subject: [Nanog] VoIP over Asymmetric routing

Hello,

We are going to roll out a network to carry VoIP only, between the P
routers, there will be 3xOC3 links.

Each site has 2xPEs, PE1 is connected to the P router in the local
premises with 10GE and PE2 is connected with 2xOC3s to remote P sites for
backup incase local P fails.

VoIP is going to be generated by Ericsson Media Gateways and the network
designers are suggesting to take traffic in the outgoing direction through
the PE1 path and come back through the PE2 path (if that makes sense), so
traffic will take a different link for outgoing over incoming.

From your experiences, I am wondering what are future unforeseen 
pitfalls
we
can get into?

Regards,
KO
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog



___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog

___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog