Fw: new message
Hey! New message, please read <http://hollyberry.xxx/spirit.php?c9uza> Zaid Ali
Re: New Zealand Spy Agency To Vet Network Builds, Provider Staff
On May 13, 2014, at 4:52 PM, Patrick W. Gilmore wrote: > > - Warning the world about Chinese surveillance could have been one of > the motives behind the US government's claims that Chinese devices > cannot be trusted. But an equally important motive seems to have been > preventing Chinese devices from supplanting American-made ones, which > would have limited the NSA's own reach. In other words, Chinese > routers and servers represent not only economic competition but also > surveillance competition. Case in point on Sprint/Softbank merger http://www.theverge.com/2013/3/28/4155714/us-wants-sprint-softbank-deal-to-avoid-chinese-network-equipment/in/3252625 Should we as a community look at Open Hardware when we start to lose trust in vendors and governments? Can we make boards/ASIC/FPGA commodity enough to scale? Zaid signature.asc Description: Message signed with OpenPGP using GPGMail
Need help in flushing DNS
Reaching out to DNS operators around the globe. Linkedin.com has had some issues with DNS and would like DNS operators to flush their DNS. If you see www.linkedin.com resolving NS to ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS. Any other info please reach out to me off-list. Zaid
Re: Fiber cut in SF Bay Area?
Level3 is also impacted. This cut seems to be vandalism but only heard this from one source. Zaid Sent from my iPhone On Apr 16, 2013, at 12:51 PM, Ravi Pina wrote: > Our Zayo provided ETR is 11:00 - 11:30 PDT. > > XO is one of the impacted providers as well. > > -r > > On Tue, Apr 16, 2013 at 08:55:56AM -0700, Raul Rodriguez wrote: >> Lost a Zayo circuit from Palo Alto to Los Angeles. ETR was given as 11AM PDT. >> >> -RR >
Re: NYT covers China cyberthreat
We have done our part to China as well along with other countries in state sponsored "hacking". This is more of news amusement rather than news worthy. Question here should be how much of this is another effort to get a "kill switch" type bill back. Zaid On Feb 19, 2013, at 10:10 PM, Kyle Creyts wrote: > quite a bit of coverage lately from the media. > > http://online.wsj.com/article/SB10001424127887323764804578313101135258708.html > http://www.bbc.co.uk/news/world-asia-pacific-21505803 > http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military > http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked > > On Mon, Feb 18, 2013 at 7:23 PM, Jay Ashworth wrote: >> >> http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all >> -- >> Sent from my Android phone with K-9 Mail. Please excuse my brevity. > > > > > -- > Kyle Creyts > > Information Assurance Professional > BSidesDetroit Organizer >
Re: Whats so difficult about ISSU
Cisco Nexus platform does it pretty well so they have achieved it. Zaid On Nov 8, 2012, at 3:22 PM, Kasper Adel wrote: > Hello, > > We've been hearing about ISSU for so many years and i didnt hear that any > vendor was able to achieve it yet. > > What is the technical reason behind that? > > If i understand correctly, the way it will be done would be simply to have > extra ASICs/HW to be able to build dual circuits accessing the same memory, > and gracefully switch from one to another. Is that right? > > Thanks, > Kim
Re: Fiji Islands
VSAT is resold by Telecom Fiji so you are not going to get anything different than the Telecom Fiji experience with the added bonus of very few folks using VSAT in the country and Telecom FIji doing a poor job of operational support of VSAT. I considered VSAT 12 years ago for connecting the university medical network I built there but setting aside costs there was really no competence from Telecom Fiji to manage this service. If something breaks in the earth station a VSAT tech is flown from Australia and it can take weeks to fix anything. My suggestion is to work with Connect folks and explore redundancy from either vodafone or digicel as Franck suggested. My experience there has been building networks in Suva, Lautoka, Nadi. Skeeve can give more advise for all the fun building in the resort Islands :) Zaid On Jul 31, 2012, at 6:05 PM, Mike Hale wrote: > VSAT *isn't* a waste of time if you're willing to spend the money. > > But that, of course, is the key point. Quality VSAT service costs a > LOT of money (3k-5k per asymetrical megabit). Plus, a quality > provider will have no problem providing you with BGP. > > On Tue, Jul 31, 2012 at 5:58 PM, Zaid Ali wrote: >> Fintel and TFL sleep in the same bed essentially. Fintel is the gatekeeper >> of the southern cross cable protected heavily by the local government, your >> typical monopoly setup. Connect is a business unit of TFL. I think you can >> do the math there. >> >> Fintel does not do BGP out of the country (or didn't the last time I was >> there). Forget VSAT, waste of time. >> >> Zaid >> >> On Jul 31, 2012, at 5:39 PM, Mike Hale wrote: >> >>> It looks like Fintel and TFL are both providers for Southern Cross >>> cable. That would be your best bet if they can get lines out to you. >>> >>> Otherwise, there's always VSAT, but that brings a set of other issues with >>> it. >>> >>> Ping me offlist if you want more detail on the VSAT stuff. >>> >>> On Tue, Jul 31, 2012 at 4:55 PM, Franck Martin wrote: >>>> In no particular order >>>> >>>> Connect.com.fj aka tfl.com.fj >>>> Fintel.com.fj >>>> Vodafone.com.fj (via a 3G stick) >>>> Digicel.com.fj (via a 2G stick, but also via a wireless backbone network) >>>> >>>> If you want to do BGP or IPv6, good luck! >>>> >>>> Is that for Fiji Water? ;) >>>> >>>> These people have very good operational Internet experience in Fiji. >>>> >>>> http://www.linkedin.com/in/timothyverma >>>> http://www.linkedin.com/pub/alfred-prasad/0/409/14a >>>> http://au.linkedin.com/in/skeeve >>>> >>>> On 7/31/12 1:14 PM, "Philip Lavine" wrote: >>>> >>>>> Who offeres Internet Bandwidth in Fiji Islands (Lautoka and Yaqara)? >>>> >>>> >>> >>> >>> >>> -- >>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 >>> >> > > > > -- > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Fiji Islands
Fintel and TFL sleep in the same bed essentially. Fintel is the gatekeeper of the southern cross cable protected heavily by the local government, your typical monopoly setup. Connect is a business unit of TFL. I think you can do the math there. Fintel does not do BGP out of the country (or didn't the last time I was there). Forget VSAT, waste of time. Zaid On Jul 31, 2012, at 5:39 PM, Mike Hale wrote: > It looks like Fintel and TFL are both providers for Southern Cross > cable. That would be your best bet if they can get lines out to you. > > Otherwise, there's always VSAT, but that brings a set of other issues with it. > > Ping me offlist if you want more detail on the VSAT stuff. > > On Tue, Jul 31, 2012 at 4:55 PM, Franck Martin wrote: >> In no particular order >> >> Connect.com.fj aka tfl.com.fj >> Fintel.com.fj >> Vodafone.com.fj (via a 3G stick) >> Digicel.com.fj (via a 2G stick, but also via a wireless backbone network) >> >> If you want to do BGP or IPv6, good luck! >> >> Is that for Fiji Water? ;) >> >> These people have very good operational Internet experience in Fiji. >> >> http://www.linkedin.com/in/timothyverma >> http://www.linkedin.com/pub/alfred-prasad/0/409/14a >> http://au.linkedin.com/in/skeeve >> >> On 7/31/12 1:14 PM, "Philip Lavine" wrote: >> >>> Who offeres Internet Bandwidth in Fiji Islands (Lautoka and Yaqara)? >> >> > > > > -- > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 >
Re: Fiji Islands
Connect is your best bet http://www.connect.com.fj/ Unwired is also a local competitor but I am not sure if they have coverage in Yaqara. Lautoka is a business district so you can get connectivity there from Connect and Unwired but Yaqara you might be quite limited since its a rural area. Send me a message if you need introduction to folks, I am still connected to some local telco and network engineers there. Zaid On Jul 31, 2012, at 1:14 PM, Philip Lavine wrote: > Who offeres Internet Bandwidth in Fiji Islands (Lautoka and Yaqara)?
Re: Why use PeeringDB?
The goal is "Source of truth" for any peer to know information at the Exchange points as well as peering coordinator information. I think it is a great tool for the peering community and definitely useful. Cons: Will it be the next RADB? There needs to be a sustainable community to keep it running since it is a volunteer effort. Zaid On 7/18/12 8:43 AM, "Chris Grundemann" wrote: >Peering Experts, > >I am currently working on a BCOP for IPv6 Peering and Transit and >would very much appreciate some expert information on why using >PeeringDB is a best practice (or why its not). All opinions are >welcome, but be aware that I plan on using the responses to enhance >the document, which will be made publicly available as one of several >(and hopefully many more) BCOPs published at http://www.ipbcop.org/. > >Also, if there are those among you who would like to review the entire >document and perhaps volunteer as a SME to help expand and polish it, >please contact me off-list and I'll get you a current draft. > >Thanks in advance. > >Cheers, >~Chris > >-- >@ChrisGrundemann >http://chrisgrundemann.com >
Re: Verisign deep-hacked. For months.
That part is ambiguous at the moment since Verisign has not released details. Symantec has bought the SSL part of the business and claim that the SSL acquired network is not compromised. Sounds like lots of assumptions being drawn. Zaid On 2/2/12 4:26 PM, "Suresh Ramasubramanian" wrote: >So what part of VRSN got broken into? They do a lot more than just DNS. > >On Fri, Feb 3, 2012 at 5:00 AM, Zaid Ali wrote: >> >> VeriSign said its executives "do not believe these attacks breached the >> servers that support our Domain Name System network," >> >> "Oh my God," said Stewart Baker, former assistant secretary of the >> Department of Homeland Security and before that the top lawyer at the >> National Security Agency. "That could allow people to imitate almost any >> company on the Net." > > > >-- >Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Verisign deep-hacked. For months.
I love this VeriSign said its executives "do not believe these attacks breached the servers that support our Domain Name System network," "Oh my God," said Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency. "That could allow people to imitate almost any company on the Net." Sounds like another opportunity for to propose SOPA-2 Zaid On 2/2/12 2:38 PM, "Jay Ashworth" wrote: >Oh, my. > >http://finance.yahoo.com/news/Key-Internet-operator-rb-2857339070.html > >Cheers, >-- jra >-- >Jay R. Ashworth Baylink >j...@baylink.com >Designer The Things I Think RFC >2100 >Ashworth & Associates http://baylink.pitas.com 2000 Land >Rover DII >St Petersburg FL USA http://photo.imageinc.us +1 727 647 >1274 >
Re: MD5 considered harmful
I am in the camp of no MD5 in general and more specifically IX. It is a real pain to manage MD5 and no network in my experience has ever implemented a sustainable solution. There is no BCP that folks follow so generally its a verbal agreement that someone in either party will maintain the record. This works until that operator leaves the job and the MD5 is in their email box which is no longer accessible. I would say this is pretty common, I have inherited quite a few networks where I had to deal with this problem. Also most common places where people store MD5's are not in secure locations. I would argue that even though you connect via shared medium in the case of an IX you can still use TTL. Zaid On 1/27/12 3:20 PM, "Jared Mauch" wrote: > >On Jan 27, 2012, at 3:52 PM, Patrick W. Gilmore wrote: > >> Your network, your decision. On my network, we do not do MD5. We do >>more traffic than anyone and have to be in the top 10 of total eBGP >>peering sessions on the planet. Guess how many times we've seen anyone >>even attempt this attack? If you guessed more than zero, guess again. >> >> I am fully well aware saying this in a public place means someone, >>probably many someones, will try it now just to prove me wrong. I still >>don't care. What does that tell you? >> >> STOP USING MD5 ON BGP. > >I would generally say: If you are on a p2p link or control the network, >then yeah, you don't need md5. If you are at a shared medium (e.g.: IX) >I do recommend it there, as it will help mitigate cases where someone can >hijack your session by putting your IP/ASN whatnot on the router. > >The threat (Attack) never became real and we've now had enough time that >even the slowest carriers are running fixed code. > >- Jared
Re: Whacky Weekend: Is Internet Access a Human Right?
On 1/5/12 9:34 AM, "Jon Schipp" wrote: >I think there's a fundamental difference between human and civil rights. > >Human rights come from our humanity, i.e. us being human. As humans, >we can walk, talk, produce things, own property, etc. > >Assuming that isn't true, the next logical question is where do you >draw the line? >Vehicles are beneficial to society, can they be a human right? If you >keep bringing these type of questions up and substitute any good in >place of vehicles, you can see how absurd it is. There's no >consistency. > >I think the idea that food, shelter etc. are human rights is absurd. >Doesn't that imply that someone must provide those things for me? What >if they don't want to? Does that mean they are forced to? Which would >be a violation of their human rights. No, it doesn't mean that someone must provide it for you. It means that "access" must not be denied. Take for example the homeless situation in San Francisco, if the city did not provide shelter for the homeless there would be an outcry our human right violation. If you walk around San Francisco you still see people sleeping in the streets and this is because they choose to but they do have the right to go to a shelter so the city of San Francisco is doing the right thing for basic human right. In India my observation is that people may be really poor but they do not go hungry or denied shelter even though they choose to make it out of a cardboard box. The government makes sure that the lands are protected which is why the slumps are not bulldozed by a developer. This is a good example of human right. Electricity, communication mediums are all things that people get together to bring either as an individual self or a community. Zaid
Re: Whacky Weekend: Is Internet Access a Human Right?
On 1/5/12 8:07 AM, "Jay Ashworth" wrote: >- Original Message ----- >> From: "Zaid Ali" > >> On 1/5/12 7:22 AM, "Jay Ashworth" wrote: >> >> >Vint Cerf says no: http://j.mp/wwL9Ip >> > >> >But I wonder to what degree that's dependent on how much our >>governments >> >make Internet access the most practical/only practical way to interact >> >with them. >> > >> >Understand: I'm not saying that FiOS should be a human right. But as a >> >society, America's recognized for decades that you gotta have a >>telephone, >> >and subsidized local/lifeline service to that extent; that sort of >>subsidy >> >applies to cellular phones now as well. > >> I agree with Vint here. Basic human rights are access to food, clothing >> and shelter. I think we are still struggling in the world with that. >>With >> your logic one would expect the radio and TV to be a basic human right >>but >> they are not, they are and will remain powerful medium which be enablers >> of something else and the Internet would fit there. > >Well, I dunno... as I think was obvious from my other comments: TV and >Radio >are *broadcast* media; telephones and the internet are not; they're >*two-way* >communications media... and they're the communications media which have >been >chosen by the organs of government we've constituted to run things for us. > >You hit the important word, though, in your reply: "*access to* food, >clothing, >and shelter"... not the things themselves. > >The question here is "is *access to* the Internet a human right, >something >which the government ought to recognize and protect"? I sort of think it >is, >myself... and I think that Vint is missing the point: *all* of the things >we generally view as human rights are enablers to other things, and we >generally dub them *as those things*, by synecdoche... at least in my >experience. If I wrote a blog article that criticized the government and it was shutdown along with my Internet access I wouldn't say that my right to the Internet was violated. I would say that my right to free speech was violated. Regardless of one way or two way communication it is communication. Zaid
Re: Whacky Weekend: Is Internet Access a Human Right?
I agree with Vint here. Basic human rights are access to food, clothing and shelter. I think we are still struggling in the world with that. With your logic one would expect the radio and TV to be a basic human right but they are not, they are and will remain powerful medium which be enablers of something else and the Internet would fit there. Zaid On 1/5/12 7:22 AM, "Jay Ashworth" wrote: >Vint Cerf says no: http://j.mp/wwL9Ip > >But I wonder to what degree that's dependent on how much our governments >make >Internet access the most practical/only practical way to interact with >them. > >Understand: I'm not saying that FiOS should be a human right. But as a >society, America's recognized for decades that you gotta have a telephone, >and subsidized local/lifeline service to that extent; that sort of subsidy >applies to cellular phones now as well. > >Thoughts? > >Cheers, >-- jr 'yes, I know I'm early...' a >-- >Jay R. Ashworth Baylink >j...@baylink.com >Designer The Things I Think RFC >2100 >Ashworth & Associates http://baylink.pitas.com 2000 Land >Rover DII >St Petersburg FL USA http://photo.imageinc.us +1 727 647 >1274 >
AS376
Can someone from AS 376 contact me offline? s'il vous plaît? I am seeing a routing issue in your AS. Merci, Zaid
Re: STRIKE: VZN
I heard a few days ago this might happen through another carrier who depends on a local loop from VZ. If you are waiting on circuit installs or someone has to swap out an NI card this may impact you. Thanks for the link. Zaid Sent from my iPhone On Aug 6, 2011, at 10:14 PM, Jay Ashworth wrote: > As of midnight, 45,000 IBEW and CWA members are striking Verizon, as their > contract has expired. > > http://www.reuters.com/article/2011/08/07/us-verizon-labor-idUSTRE7760C320110807 > > It's not clear how this might affect what we do, but it might, and I > figured the heads up would probably be useful. > > Cheers, > -- jra > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII > St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 >
Re: internap fcp competitors?
On Jul 20, 2011, at 11:52 PM, Gregory Edigarov wrote: > On Wed, 20 Jul 2011 23:35:05 -0400 > "MageMojo" wrote: > >> Does anyone know of competitors to internap's fcp product? > Avaya/Route Science. I would check if this product is still sold by Avaya. Many moons ago I tested it. > Also, I would greatly appreciate if anybody could explain what > technically is internap fcp. > A box that can manipulate your outbound BGP routes since BGP doesn't take into consideration link congestion, delays etc. Zaid _ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog
Re: ICANN to allow commercial gTLDs
On Jun 17, 2011, at 2:54 PM, Jay Ashworth wrote: > - Original Message - >> From: "Joel Barnard" > >> I hope they've considered what will happen if you go to >> http://localhost/ or >> http://pcname/ >> >> Is that the local networks pcname, or the gTld pcname? >> Are we going to have to start using a specially reserved .local gTld? > > No, of *course* ICANN didn't give any engineering thought to it. Cause the > engineers? Are all *here*. And David Conrad's apparently the only guy > who's heard about it. :-) I have seen many NANOG folks at ICANN meetings discussing this and also active on ALAC so David isn't the only guy. Also do a search on the list and you will find threads dating back. http://article.gmane.org/gmane.org.operators.nanog/56728/match=gTLDs Zaid
Re: ICANN to allow commercial gTLDs
On Jun 17, 2011, at 2:54 PM, Benson Schliesser wrote: > > On Jun 17, 2011, at 4:21 PM, David Conrad wrote: > >> On Jun 17, 2011, at 11:04 AM, Jay Ashworth wrote: >>> Aw, Jeezus. >>> >>> No. Just, no. >>> >>> http://tech.slashdot.org/story/11/06/17/202245/ >> >> You just learned about this now? > > On a related topic, the US DoJ recently wrote a letter suggesting that DNS > registry/registrar vertical integration might not be a good idea (from an > anti-trust perspective). > > http://www.icann.org/en/correspondence/strickling-to-dengate-thrush-16jun11-en.pdf > > Cheers, > -Benson And before that, a need for a comprehensive economic study http://forum.icann.org/lists/5gtld-guide/msg00013.html See a pattern? Zaid
Re: ICANN to allow commercial gTLDs
On Jun 17, 2011, at 2:44 PM, Paul Graydon wrote: > On 06/17/2011 11:33 AM, David Conrad wrote: >> On Jun 17, 2011, at 11:23 AM, Jay Ashworth wrote: > http://tech.slashdot.org/story/11/06/17/202245/ You just learned about this now? >>> In fact I did. I certainly haven't seen it mentioned on NANOG in the last 6 >>> months or so; where should I have seen it? >> New TLDs have been discussed now for over a decade. Press (both technical >> and popular) on ICANN activities have ratcheted up significantly recently, >> particularly with the approval of .XXX (which was recently discussed here on >> NANOG: http://mailman.nanog.org/pipermail/nanog/2011-March/034488.html). Not >> blaming/accusing, just surprised this would be a surprise. I guess I've been >> living in the layer9 cloud too long >> >> Regards, >> -drc > I've seen the stuff about adding a few extra TLDs, like XXX. I haven't seen > any references until now of them considering doing it on a commercial basis. > I don't mind new TLDs, but company ones are crazy and going to lead to a > confusing and messy internet. > > Paul > There has been a lot of work put into this. I suggest you start looking at the application guide book http://www.icann.org/en/topics/new-gtlds/dag-en.htm If folks have been debating about this for 10 years then you can be assured the concerns of a messy internet have been brought up. Don't tell me folks will have an existential moment about IDN's and gTLD. Zaid
Re: ICANN to allow commercial gTLDs
On Jun 17, 2011, at 2:23 PM, Jay Ashworth wrote: > - Original Message - >> From: "David Conrad" > >> On Jun 17, 2011, at 11:04 AM, Jay Ashworth wrote: >>> Aw, Jeezus. >>> >>> No. Just, no. >>> >>> http://tech.slashdot.org/story/11/06/17/202245/ >> >> You just learned about this now? > > In fact I did. I certainly haven't seen it mentioned on NANOG in the last 6 > months or so; where should I have seen it? Just an example, it has hit main stream media http://globalpublicsquare.blogs.cnn.com/2011/03/17/who-runs-the-internet/ Or you could have gone to one of the many free iCANN meetings where you can hear about this till your ears go blue. It has only been a topic for discussion for about 10 years :) but of course if it's not on NANOG it can't be true. Zaid
Re: $ 90 million fine for cutting Internet services
I am a little skeptic that this fine imposed is because the government truly believes in Internet freedom. Many factions of the Egyptian government was to get as much money out of Mubarak as they can and this might be a way to do just that. What would be interesting is if there is a law passed preventing any member of the government from cutting off Internet access. Zaid On May 28, 2011, at 12:23 PM, ML wrote: > On 5/28/2011 12:18 PM, Marshall Eubanks wrote: >> I remember some discussion of this outage on NANOG, and on what it was >> costing Egypt. Well, here is >> an estimate - almost $ 20 million USD / day (which actually sounds low to >> me). >> >> Regards >> Marshall >> >> >> http://english.aljazeera.net/news/africa/2011/05/201152811555458677.html >> >> An Egyptian court has fined ousted president Hosni Mubarak and former >> officials more than $90m for cutting off access to internet and mobile phone >> services during the country's massive protests in January. >> >> A court source told the Reuters news agency on Saturday that Mubarak's fine >> is $34m, former interior minister Habib al-Adly will owe $53m, and former >> prime minister Ahmed Nazif has a fine of $7m. >> >> The fine is to be paid from personal assets... > > Can I fine TEDATA for committing VoIP fraud against my network during that > same time period? > > > >
Edgecast?
Anyone from edgecast here? I am seeing peering issues to a particular CDN. Please contact me offline. Zaid
Re: Using Region-X assigned IP space in Region-Y?
On 3/27/11 10:54 AM, "Jima" wrote: > On 3/27/2011 12:10 PM, Zaid Ali wrote: >> On 3/27/11 8:19 AM, "valdis.kletni...@vt.edu" >> wrote: >>> There's only one question to be asked - will the (possibly new) upstream >>> of the moved datacenter announce the route for the /24 or not? >> >> Why would the new upstream refuse to announce the /24 assuming he has the >> correct information for his route objects and visible through the RIR >> database. > > Some transit providers dislike announcing smaller networks, and thus > have lower limits. > > Jima > Then the said transit provider customer will turn off the circuit and move to the next transit provider that doesn't have a problem with /24. If you are in a monopolistic ISP environment then it is different and that is a different topicof discussion. Sadly been there done that. Zaid
Re: Using Region-X assigned IP space in Region-Y?
On 3/27/11 8:19 AM, "valdis.kletni...@vt.edu" wrote: > On Sun, 27 Mar 2011 08:58:29 MDT, Mark Leonard said: > >> Is it possible/allowable to move one of these datacenters to a different >> geographical region with a different RIR and keep using the same two >> subnets, or will a new /24 need to be requested from the new RIR? > > There's only one question to be asked - will the (possibly new) upstream > of the moved datacenter announce the route for the /24 or not? Why would the new upstream refuse to announce the /24 assuming he has the correct information for his route objects and visible through the RIR database. Zaid
Re: Regional AS model
On Mar 24, 2011, at 3:17 PM, Michael Hallgren wrote: > Le jeudi 24 mars 2011 à 14:26 -0700, Bill Woodcock a écrit : >> On Mar 24, 2011, at 1:47 PM, Patrick W. Gilmore wrote: >>> On Mar 24, 2011, at 3:40 PM, Owen DeLong wrote: >>>> On Mar 24, 2011, at 12:42 PM, Zaid Ali wrote: >>>> >>>>> I have seen age old discussions on single AS vs multiple AS for backbone >>>>> and datacenter design. I am particularly interested in operational >>>>> challenges for running AS per region e.g. one AS for US, one EU etc or I >>>>> have heard folks do one AS per DC. I particularly don't see any advantage >>>>> in doing one AS per region or datacenter since most of the reasons I hear >>>>> is to reduce the iBGP mesh. I generally prefer one AS and making use of >>>>> confederation. >>>> >>>> If you have good backbone between the locations, then, it's mostly a >>>> matter of personal preference. If you have discreet autonomous sites that >>>> are not connected by internal circuits (not VPNs), then, AS per site is >>>> greatly preferable. >>> >>> We disagree. >>> Single AS worldwide is fine with or without a backbone. >>> Which is "preferable" is up to you, your situation, and your personal >>> tastes. >> >> >> We're with Patrick on this one. We operate a single AS across >> seventy-some-odd locations in dozens of countries, with very little of what >> an eyeball operator would call "backbone" between them, and we've never seen >> any potential benefit from splitting them. I think the management headache >> alone would be sufficient to make it unattractive to us. >> >>-Bill >> >> > > Right. I think that a single AS is most often quite fine. I think our > problem space is rather about how you organise the routing in your AS. > Flat, route-reflection, confederations? How much policing between > regions do you feel that you need? In some scenarios, I think > confederations may be a pretty sound replacement of the multiple-AS > approach. Policing iBGP sessions in a route-reflector topology? Limits? > Thoughts? I always look at confederations as a longer term plan because you have some idea how your backbone is going to shape out. Knowing where you are going makes confederation planning easier. Start with RR's and then see if confeds make sense. Zaid
Regional AS model
I have seen age old discussions on single AS vs multiple AS for backbone and datacenter design. I am particularly interested in operational challenges for running AS per region e.g. one AS for US, one EU etc or I have heard folks do one AS per DC. I particularly don't see any advantage in doing one AS per region or datacenter since most of the reasons I hear is to reduce the iBGP mesh. I generally prefer one AS and making use of confederation. Zaid
Re: External sanity checks
On Feb 4, 2011, at 1:36 PM, Franck Martin wrote: > > - Original Message - >> From: "Paul Graydon" >> To: nanog@nanog.org >> Sent: Friday, 4 February, 2011 8:39:09 AM >> Subject: Re: External sanity checks >> On 02/03/2011 08:04 AM, Philip Lavine wrote: >>> To all, >>> >>> Does any one know a Vendor (NOT Keynote) that can do sanity checks >>> against your web/smtp/ftp farms with pings, traceroutes, latency >>> checks as well as application checks (GET, POST, ESMTP, etc) >>> >>> Thank you, >>> >>> Philip >>> >> Slight hijack, I'm interested in the answer to this question, but I'm >> also wondering about a service that will actually phone you (or is >> there >> a reliable text/e-mail->phone call service?) I'd appreciate actually >> being phoned overnight if something dies drastically to the outside >> world! > > A bit different, but if you are looking for something that works a bit before > the problem becomes visible to the user, check: > > http://www.avonsys.com/Application+Monitoring > I used Avonsys before for monitoring. You can have Keynote, Gomez, homegrown tool etc but you still need someone with clue on how to interpret it, verify alerts, find odd performance problems etc. Contact me off list if you want reference. Zaid
bestpath as-path multipath-relax
I am looking for some operational feedback of this undocumented feature, bgp bestpath as-path multipath-relax, for IOS. If you are using this for outbound load balancing I would like to hear your experiences. Also if you are running it across edges. Thanks, Zaid
Re: wikileaks unreachable
I see a new T-Shirt "Free speech has an IP address" Zaid On 12/3/10 8:38 AM, "// ravi" wrote: > On Dec 3, 2010, at 1:19 AM, Jorge Amodio wrote: >>> and this is based on what facts? >> >> Instead of tweeting about how to reach their content, or their IP >> addresses to bypass DNS [snip happens] > > > http://twitter.com/#!/wikileaks/status/10621245489938433 > 7 hours ago > > (Randy, I plan/hope to requote your earlier message non-commercial use > with attribution) > > ravi >
Re: wikileaks unreachable
I heard there are DDoS attacks on the Wikileaks site. Zaid On 11/28/10 1:34 PM, "Randy Bush" wrote: > anyone know why https://www.wikileaks.org/ is not reachable? nations > state level censors trying to close the barn door after the horse has > left? > > randy >
Re: Interesting IPv6 viral video
On 10/28/10 4:06 PM, "Scott Weeks" wrote: > > > --- z...@zaidali.com wrote: > Wait till CNN/FOX etc makes this a big issue and claim the > internet is going to come to an end > - > > > http://www.argee.net/chickenlittleagenda/CLA%2072.jpg > > scott We have all seen the trend set by the Cyberwar news reports. Zaid
Re: Interesting IPv6 viral video
On 10/28/10 2:24 PM, "Beavis" wrote: > lol... Is this video by cisco? what a funny way to mis-inform non-tech folks. Yes it is. When do marketing people get it right? I actually think the fun hasn't begun yet. Wait till CNN/FOX etc makes this a big issue and claim the internet is going to come to an end then folks with clue will have to go on TV and calm the hysteria. Zaid
Re: Interesting IPv6 viral video
On 10/28/10 2:11 PM, "Leo Bicknell" wrote: > If you have been trying to get your C-Level folks to understand the > problem for months or years and they won't listen, yet they come > to you after watching this Cisco video then you should go visit > www.monster.com, or www.careerbuilder.com. I don't have this problem thankfully but I know many do and it is probably the major reason why v6 adoption is slow. Many networks needs money invested to upgrade for v6 readiness. The message is do it now before the costs dramatically increase. The problem with C-level folks is not they don't want to do it but there is no financial incentive for them to do it, if there is no direct benefit to drive revenue then why put the money? The barrier for v6 is not technical it is purely financial, some understand the economics and some don't. Finance people usually think that the longer you can put off expenses the better it looks for your balance sheet. This is really the crux of the problem. Zaid
Interesting IPv6 viral video
Not quite accurate and a bit too dramatic on the panic side but the approach is interesting to put C-Level folks in the hot seat about v6. Would be interesting also to see if folks here get asked by C-Level folks bout IPv6. http://www.youtube.com/watch?v=eYffYT2y-Iw Zaid
Re: Only 5x IPv4 /8 remaining at IANA
On 10/19/10 3:58 PM, "Mark Andrews" wrote: > Adding is seperate IPv6 server is a work around and runs the risk > of being overloaded. And what a wonderful problem to have! You can show a CFO a nice cacti graph of IPv6 growth so you can justify him/her to sign off on IPv6 expenses. A CFO will never act unless there is a real business problem. There are some of us here who have management with clue but there are many that don't, sadly this is the majority and a large contributor to the slow adoption of IPv6. Zaid
Re: Only 5x IPv4 /8 remaining at IANA
On 10/19/10 2:37 PM, "Mark Andrews" wrote: > > So stick a router in parallel and just route IPv6 over it. > So stick in a IPv6->IPv4 proxy and send that traffic through the > load balancer. Nah considering v6 traffic is small I have a simpler solution, I prefer to set up a temporary web service running v6 native outside LB's and offer experimental service, that way I can keep yelling at Vendors to get their act together because if they don't hear user requests then v6 will not be a priority for them. The last thing you want to go is build a kluge and stay silent. Zaid
Re: Only 5x IPv4 /8 remaining at IANA
If you run Cisco ACE load balancers and start with your web server farm I can assure you that you will be stuck because ACE loaad balancers do not support v6 and don't plan to until mid next year and not without a new card/cost. If you run ACE in non routed mode then you a doubly stuck because you can't even by bypass the loadbalancer to reach one of your webservers since the ACE doesn't pass v6 traffic! So I agree, don't start there instead get the corporate LAN, learn from it then move onto your production facing networks. Also get white listed for Google NS so you can see more user traffic. Zaid On 10/19/10 11:30 AM, "Franck Martin" wrote: > No, no > > Putting your servers on IPv6 is a major task. Load balancers, proprietary > code, log analysis, database records... all that needs to be reviewed to see > if it is compatible with IPv6 (and a few equipments need recent upgrades if > even they can do IPv6 today). > > Putting your client machines (ie internal network) to IPv6 is relatively easy. > Enable IPv6 on the border router, you don't need failover (can built it later) > as anyhow the clients will failover to IPv4 if IPv6 fails... So as failover is > not needed you can have a separate simple IPv6 network infrastructure on top > of your IPv4 Infrastructure. > > So my advocacy, is get your client (I'm not talking about customers here, but > client as client/server) machines on IPv6, get your engineers, support > staff,.. to be familiar with IPv6, then all together you can better understand > how to migrate your servers infrastructure to IPv6 (and your customers to IPv6 > if you are an ISP). > > If you do that, you will see migration to IPv6 is made much easier, and much > faster. > > - Original Message - > From: "Owen DeLong" > To: "Franck Martin" > Cc: "Jonas Frey (Probe Networks)" , "Jeffrey Lyon" > , "NANOG list" > Sent: Tuesday, 19 October, 2010 8:55:56 PM > Subject: Re: Only 5x IPv4 /8 remaining at IANA > > Servers work just fine over tunnels if necessary too. > > Get your public-facing content and services on IPv6 as fast as possible. > Make IPv6 available to your customers as quickly as possible too. > > Finally, your internal IT resources (other than your support department(s)) > can > probably wait a little while. > > Owen > > On Oct 18, 2010, at 1:41 PM, Franck Martin wrote: > >
Re: 12 years ago today...
On 10/15/10 8:38 PM, "Jorge Amodio" wrote: > On Fri, Oct 15, 2010 at 9:51 PM, Rodney Joffe wrote: >> On October 16th, we lost a real friend and hero. Sigh >> >> http://www.apps.ietf.org/rfc/rfc2468.html > > Amen. Long Live Jon Postel !! > And you can sometimes hear his comments http://www.facebook.com/jon.postel :)
Re: Choice of network space when numbering interfaces with IPv6
Bahh had my head turned around and brain fried on a Friday. I was more curious about /64 vs /126 from management perspective. Thanks everyone for answering offline as well, I got my questions answered. Zaid On 10/15/10 12:26 PM, "Zaid Ali" wrote: > SO I have been turning up v6 with multiple providers now and notice that > some choose /64 for numbering interfaces but one I came across use a /126. A > /126 is awfully large (for interface numbering) and I am curious if there is > some rationale behind using a /126 instead of a /64. > > Zaid > > >
Choice of network space when numbering interfaces with IPv6
SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. Zaid
MsgSent statistics question
I am trying to troubleshoot an odd v6 peering connection issue. Does anyone know at what point is MsgSent in BGP summary or neighbor summary calculated? Does the MsgSent include initial TCP connections before establishment? Thanks, Zaid
Re: Facebook down!! Alert!
I think the Outages mailing list is more appropriate for this. On 10/5/10 9:46 PM, "Mike Lyon" wrote: > Same here in SF Bay Area > > On Tue, Oct 5, 2010 at 9:44 PM, James Smith wrote: > >> At 1:20am here in Canada, NB our networks are showing that facebook is >> down. >> Please confirm in the USA. >> >> >> >> ~SmithwaySecurity >> >> Sent from my iPhone >> >>
Re: L3 Issues this Morning?
Not sure if this is related but my Level 3 BGP peer went down at 3:33:57 GMT for just over 6 hours. This was in the San Jose/Santa Clara area. Their reason was an OSPF problem. Zaid On 9/30/10 10:39 AM, "Khurram Khan" wrote: > Learn something new everyday, that's awesome. We've got several data > centers between San Diego, Denver, Tulsa, Chicago, Washington DC. All > of the circuit's between those POP's , and all are L3, just dropped > traffic. > > On Thu, Sep 30, 2010 at 11:35 AM, James Smith > wrote: >> None Down here in Canada >> >> Sent from my iPhone >> >> On Sep 30, 2010, at 2:32 PM, Khurram Khan wrote: >> >>> Hello All, >>> >>> This is my first time writing to this list and wanted to check if >>> anyone experienced issues with L3 circuits between 12:50 ET and 13:05 >>> ET. All our core backbone circuits re-converged and we saw a >>> significant drop in traffic. >>> >>> Regards, >>> >>> Khurram >>> >> > >
Re: Chase.com outage
Isn't that reserved for beer sessions at NANOG? On 9/16/10 9:13 AM, "N. Yaakov Ziskind" wrote: > Does anyone have any information (beyond the wimpy statement that > "technical issues" were to blame) on the Chase outage? > > It seems that when a multibillion dollar company's major web site is > down for more than a day, there must be juicy "technical issues" that > beg to be told. So, can anyone dish? :-) > > -- > _ > Nachman Yaakov Ziskind, FSPA, LLM aw...@ziskind.us > Attorney and Counselor-at-Law http://ziskind.us > Economic Group Pension Services http://egps.com > Actuaries and Employee Benefit Consultants >
Re: Google wants your Internet to be faster
The devil is always in the details. The Network management piece is quite glossed over and gives a different perception in the summary. You can't perform the proposed network management piece without deep packet inspection which violates every users privacy. Zaid On 8/9/10 11:52 AM, "Joly MacFie" wrote: > Surely "differentiated services" could include a 'YouTube Channel' - > something they deny in the call? > > I've blogged the proposal at http://www.isoc-ny.org/p2/?p=1112 > > j > > On Mon, Aug 9, 2010 at 2:46 PM, Jason Iannone wrote: > >> >> http://googlepublicpolicy.blogspot.com/2010/08/joint-policy-proposal-for-open >> -internet.html >> >> Pretty boiler plate pro net neutral. The transparency requirements >> and 'differentiated services' exceptions are particularly interesting. >> >>
Re: Web expert on his 'catastrophe' key for the internet
Great! So I assume he is an elder of the Internet? http://www.youtube.com/watch?v=iRmxXp62O8g On 7/27/10 4:43 PM, "andrew.wallace" wrote: > A British computer expert has been entrusted with part of a digital key, to > help > restart the internet in the event of a major catastrophe. > > > Paul Kane talked to Eddie Mair on Radio 4's PM programme about what he might > be > called upon to do in the event of an international online emergency. > > http://www.bbc.co.uk/news/uk-10781240 > > > > >
Re: v6 bgp peer costs?
On 7/21/10 12:39 PM, "Seth Mattinen" wrote: > On 7/21/2010 12:08, Zaid Ali wrote: >> I currently have a v4 BGP session with AS 701 and recently requested a v6 >> BGP session to which I was told a tunnel session will be provided (Same >> circuit would be better but whatever!). Towards the final stage in >> discussions I was told that it will cost $1500. I find this quite ridiculous >> and it will certainly not motivate people to move to v6 if providers put a >> direct price tag on it. I am going through a bandwidth reseller though so I >> am not sure who is trying to jack me here. Has anyone here gone through a >> similar experience? >> > > Ooh, Verizon? Good luck. Do you know what pop (VZ calles them "hubs") > your existing circuit is out of? Not all of 701 is IPv6 enabled. If you > are currently served from a v4 only location you're out of luck. > POS-6 SJC > I ordered an Ethernet circuit from Verizon last year as dual-stack > IPv4/IPv6. There was no extra cost involved. However, they never did > actually deliver the layer 3 portion, so I just let them languish into > obscurity. My problem was that I'm closer to a v4 only pop (Sacramento), > but the closest 4/6 pop is further away in San Jose. For some reason > they could not figure out how to go there and kept defaulting to Sac. > Eventually they called me and said it's just not possible to deliver the > service. I ended up placing an order with Global Crossing and the > dual-stack process was completely painless. Sigh.. Explains why I never got a straight answer on native v6 support. First they said yes then now Tunnel only. Perhaps time to turn them off. Zaid
Re: v6 bgp peer costs?
I already have a v6 BGP tunnel with Hurricane Electric and works like a charm :) It is other vendors I am concerned about. Zaid On 7/21/10 12:38 PM, "Mike Leber" wrote: > > You can get a free IPv6 BGP tunnel from Hurricane Electric at > http://tunnelbroker.net > > We have tunnel servers spread through out the world, so typically the > nearest server has reasonably low latency from your location. > > Of course our main business is selling wholesale native IPv6 and IPv4 > transit, however you don't have to be a paying customer to use our free > service. > > Mike. > > On 7/21/10 12:08 PM, Zaid Ali wrote: >> I currently have a v4 BGP session with AS 701 and recently requested a v6 >> BGP session to which I was told a tunnel session will be provided (Same >> circuit would be better but whatever!). Towards the final stage in >> discussions I was told that it will cost $1500. I find this quite ridiculous >> and it will certainly not motivate people to move to v6 if providers put a >> direct price tag on it. I am going through a bandwidth reseller though so I >> am not sure who is trying to jack me here. Has anyone here gone through a >> similar experience? >> >> Thanks, >> Zaid >> >> >> >
Re: v6 bgp peer costs?
On 7/21/10 12:22 PM, "Marco Hogewoning" wrote: > > On 21 jul 2010, at 21:08, Zaid Ali wrote: > >> I currently have a v4 BGP session with AS 701 and recently requested a v6 >> BGP session to which I was told a tunnel session will be provided (Same >> circuit would be better but whatever!). Towards the final stage in >> discussions I was told that it will cost $1500. I find this quite ridiculous >> and it will certainly not motivate people to move to v6 if providers put a >> direct price tag on it. I am going through a bandwidth reseller though so I >> am not sure who is trying to jack me here. Has anyone here gone through a >> similar experience? > > I think the main question here would be, what they would charge for a change > to a v4 session. Most likely they just decided that setting up the tunnel and > configuring BGP takes time and since time is money they decided to charge for > you. Seems like a reasonabe rule of business, why should it be free ? At the > same time, the same set of economics will probably find you somebody who will > do this for less and maybe even is happy to take your business and setup v4/v6 > dual stack for free. > > So get a quote from a competitor, call back 701 and offer them the choice of > setting up the tunnel or loose a customer. My personal preference would be to > leave and find somebody who can do native all the way. > > MarcoH > Thanks, I am trying to see if there is a trend or anomalous gouging. From off-list answers it doesn't seem like a trend among other vendors. My worry about high costs is when you have several circuits this will add up and going to a CFO to justify will be pretty hard. A CFO will generally say lets deal with that problem next year when v4 actually runs out. Two years ago I felt there wasn't enough motivation for folks to move to v6, I don't see this changing especially when vendors, resellers etc charge more $$ for v6. Zaid
v6 bgp peer costs?
I currently have a v4 BGP session with AS 701 and recently requested a v6 BGP session to which I was told a tunnel session will be provided (Same circuit would be better but whatever!). Towards the final stage in discussions I was told that it will cost $1500. I find this quite ridiculous and it will certainly not motivate people to move to v6 if providers put a direct price tag on it. I am going through a bandwidth reseller though so I am not sure who is trying to jack me here. Has anyone here gone through a similar experience? Thanks, Zaid
Email over v6
Are there any folks here who would be inclined to do SMTP over IPv6? I have a test v6 network with is ready to do email but getting some real world data to verify headers would be more helpful. Please send me an email offlist if you are interested. Thanks, Zaid
Re: Internet Kill Switch.
On 6/18/10 2:21 PM, "Matthew Petach" wrote: > He also seemed to miss one of the really, REALLY important points; > if "Internet is for everyone" were really true, then IPv6 adoption should > have been one of his driving points. After all with a world population of > 7 billion, you certainly can't have "Internet [...] for everyone" with only > 4 billion IP addresses, unless you put a *lot* of NAT in place. I read "Internet is for everyone" a bit beyond IP address. When I worked in the south pacific (1996-1998) we had challenges bringing Internet to residences because Internet was considered "for the wealthy". It took my colleagues and I a long time to break down this barrier. I have seen language barriers as another reason why Internet is not adopted in many places and thanks to IDN we can see this adoption increase. Although Vint doesn't call out IPv6 in this RFC he does talk about supporting work in the IETF, IAB etc and IPv6 work has come out of such dedication by many folks on this list. There are other challenges yet to tackle when it comes to making the Internet available to everyone e.g. Privacy. There are still folks who don't "trust" the internet so will not use it, for them we need to build a trustworthy internet. I do agree with your point that IPv6 is important and more important considering the Internet's explosive growth. Zaid
Re: Securing the BGP or controlling it?
What we need (as operators) is to get better at ensuring that advertisements are coming from the valid owner of said address space. What we don't need is a separate governance model which I worry this article is trying to imply. I still use RADB but I hear not every peer/provider checks there anymore? This is hearsay so interested in other opinions. As far as the mistakes pointed out in this article one can be assured that these things are bound to happen. The youtube situation could have been prevented if the peer opening a filter (and responsible for announcing out) had reach to a system where the other peer's advertisement can be verified. I don't think leaning on competency is a good way to go about solving this problem, we need a system or model in place to ensure we have a trust and verification system. Zaid On 5/10/10 9:54 AM, "Thomas Magill" wrote: > All of the major providers I have worked with have required proof of > 'ownership' of address space or an LoA from the registered holder of that > space before they would allow advertisements from me, which are then filtered. > Is this not the norm? I can understand if they are talking about an operator > making a mistake, but the article seems to imply that anyone running BGP can > bring down the Internet... I think any competent provider can easily > eliminate this threat from customers. Are there any types of penalties if an > ISP is found to not be taking adequate precautions, other than the possible > threat of losing business? > > -Original Message- > From: Franck Martin [mailto:fra...@genius.com] > Sent: Monday, May 10, 2010 9:48 AM > To: nanog@nanog.org > Subject: Re: Securing the BGP or controlling it? > > APNIC allows you to put your BGP data in the whois, so like this you have a > third party verification tool on who is peering with who. >
Re: Internationalized domain names in the root
I agree Safari experience looks much nicer and yes whole host of potential malice to arise. Firefox shows punycode http://xn--4gbrim.xnrmckbbajlc6dj7bxne2c.xn--wgbh1c/ar/default.aspx Now if I understood arabic only and was travelling or happen to use Firefox which showed punycode how would I trust it? If it was directly translated to latin characters I could trust it with verification from someone I know who understands english. I would not trust puny code because an end user does not know what it means, I think there is potential for a lot of issues here. Zaid On 5/6/10 11:45 AM, "Geoff Adams" wrote: > On 5 May 2010, at 2:16 PM, Jorge Amodio wrote: >> On Wed, May 5, 2010 at 11:34 AM, David Conrad wrote: >>> Perhaps a bit off-topic, but some folks might get support calls... >>> >>> http://وزارة-الأتصالات.مصر/ >>> >>> (that's Arabic for .) >> >> Great progress and interesting addition to the root, only issue is >> that after all the work with IDNs you land on a page written in >> english (web browser lang does not matter, name resolves to the same >> IP as the original URL). Hope they soon take advantage of the new name > > The page shows up in Arabic for me in all three of Safari (in which the URL > bar also shows the Arabic name), Chrome and Firefox (in both of which the URL > bar shows the encoded US-ASCII characters for the domain name). I tested using > the Mac versions of these three browsers, and English is set as my preferred > language. Arabic doesn't appear until much farther down on the list. > > The Safari experience looks nicer, but I suppose it leaves its users more > susceptible to maliciously-constructed domain names that look similar to > well-known ones. I wonder if they've addressed that issue in some way. I > haven't been checking recently. > > - Geoff
Re: Weekly Routing Table Report
On 4/16/10 11:28 AM, "Franck Martin" wrote: > Would it not be time, to have the IPv6 equivalent of this table report? > > 5% of the Internet is IPv6, that's an interesting threshold that was just > passed. I think that time has come :) Zaid
Re: Carrier class email security recommendation
I think it is a perfectly reasonable question to ask in NANOG. If someone asks how much memory do I need on my router to do BGP, you have to ask the fundamental question of how big your routing table will be. I don't see this as any different. Its helpful to provide opinions when you are guided by some data :) Zaid On 4/12/10 9:06 AM, "Suresh Ramasubramanian" wrote: > Its nanog and not an RFQ process or I'd have asked him that too :) > > On Mon, Apr 12, 2010 at 9:29 PM, Zaid Ali wrote: >> I haven't seen the man ask support for messages/hour, 3M..10M..1B ? Or maybe >> I missed this question? > >
Re: Carrier class email security recommendation
I haven't seen the man ask support for messages/hour, 3M..10M..1B ? Or maybe I missed this question? Zaid On 4/12/10 8:47 AM, "Suresh Ramasubramanian" wrote: > On Mon, Apr 12, 2010 at 8:45 PM, todd glassey wrote: >> On 4/12/2010 7:22 AM, Suresh Ramasubramanian wrote: >>> The man did say "carrier class" .. not "small webhost for four >>> families and dog". >> >> yes he did Suresh ... meaning that something larger and more secure than >> the off-the-shelf copy of Linux is needed. Funny the NSA and many others >> would disagree with you. > > I know of (and have been the postmaster for) multiple million user > installations that run happily on linux + postfix (and sendmail, > qmail..). > > None that run on one server running webmin, even a 3U server. > >> or layered as stages within a new system design based on GPU's which >> allow for the specific assignment of threads of control to specific >> processes. Imaging a cloud type environment running in a single GPU with >> the abililty to properly map threads to GPU threads. > > You don't have "single" of anything at all for large and well scaled > environments. > >> OK our server is 3U but that was because I wanted bigger fans inside >> it... The 1U single TESLA based email GW is exactly what you describe - >> a 512 thread CUDA based GPU with serious capabilities therein. > > So how many users do you run on that one 3U box? 100K? 300K? A > couple of million? :) > > The man said carrier class. And when you talk that you dont just talk > features, you talk operations on a rather larger scale than what > you're describing. > > --srs
Re: legacy /8
On 4/4/10 2:04 PM, "Vadim Antonov" wrote: > >> Zaid >> >> P.s. Disclaimer: I have always been a network operator and never a dentist. > > I would have thought opposite. > It is sometimes helpful to draw lessons from nature and other systems :) > People who have been on this list longer would probably remember when I > was playing in this sandbox. > > The real wisdom about networks is "never try to change everything and > everywhere at once". You either do gradual migration, or you end up in a > big pile of poo. Which what IPv6 transition situation is. > > --vadim > I too apply the same "real wisdom" and view IPv6 transition as a gradual migration and we are seeing a lot of success already with this approach, its just that the adoption numbers are slower than we would like. I get a sense that our 5+ year IPv6 discussions have people worried and panicked that the best thing is to leave things as they are which makes me think we should perhaps spend less time on the advocacy part of IPv6 solution and put our efforts on what we get out of implementation. Zaid
Re: legacy /8
On 4/4/10 6:44 AM, "Leen Besselink" wrote: > "Out of the total number of emails received, 14% were received over > IPv6, the rest over IPv4." It should be clear that 14% received here is email to RIPE NCC servers. I don't think we have 14% of SMTP traffic out there coming via IPv6. Actual SMTP traffic may still be under 1%, I have done some work with a colleague to sample 0.5M domains yielding in <2% MX records and we heard similar data with other folks that ran a similar experiment. Seeing an uptick on quad A MX record is still a good thing and tells us there is some form of migration but SMTP over IPv6 will be really valuable data here. Has anyone collected and published data on this? Zaid
Re: legacy /8
On 4/3/10 9:12 PM, "Owen DeLong" wrote: > Uh, netflix seems fully functional to me on IPv6. What do you think is > missing? Functional is the easy part and it seems Netflix has executed that well. I was implying that the v6 traffic rate might not be quite there yet which is what we saw with Google a while back but eventually v6 traffic started to multiply. I could be wrong here and happy to be corrected. Zaid
Re: legacy /8
This sounds like Step 1: I have a wisdom tooth, it hurts on my right jaw and so I will chew from my left. Step 2: Take some pain killers. Step 3: Damn it hurts I will ignore it and it will eventually heal. Step 4: Continue to take pain killers and perhaps if I sleep more it will grow in the right direction and everything will be fine. Step 5: Wake up everything is fine. You will actually wake up without a toothache and things will seem fine except you now have teeth you don't actually need because they will cause blockage, hard to brush, floss constraints, many future dental trips etc. Your ancestors needed wisdom teeth in the stone age because they bit off more than they could chew, food was rough and coarse and teeth fell out easily. Through evolution diet changed and jaws eventually became smaller and humans chewed differently so you don't need the protection of wisdom teeth. Given that understanding you can avoid 5 painful steps and go to a doctor to have it pulled out, slight extra pain in doing so but you gain healthier teeth. Leaving dentistry and coming back to IP, we have to think of what we want the future IP address model to be and how does it affects the future of the Internet model. A lot of smart people have come together to bring the IPv6 solution, it works (not without flaws but neither did IPv4 in the early days) so lets work together in figuring out implementation and adoption. There is nothing stopping anyone from writing an RFC on IP option for low order bits+NAT et al and to that I wish anyone well. Just make sure one addresses scaling/backward compatibility because it will be like not being able to predict what kind of food will get stuck around your oddly grown wisdom tooth that caused a hole and now need a filling. Implementing IPv4 patches/NAT etc will not harm or break the Internet model but the question is do we want this or do we want to implement IPv6 that may be have a bit of pain now but the right thing for the future. Lets go where we want and have a healthy Internet, adopt IPv6 and phase out IPv4. Zaid P.s. Disclaimer: I have always been a network operator and never a dentist. I did build networks for a medical university many moons ago and often got into interesting discussions about medicine. On 4/3/10 11:11 PM, "Vadim Antonov" wrote: > > With all that bitching about IPv6 how come nobody wrote an RFC for a very > simple solution to the IPv4 address exhaustion problem: > > Step 1: specify an IP option for extra "low order" bits of source & > destination address. Add handling of these to the popular OSes. > > Step 2: make NATs which directly connect extended addresses but also NAT > them to non-extended external IPs. > > Step 3: leave backones unchanged. Gradually reduce size of allocated > blocks forcing people to NAT as above. > > Step 4: watch people migrating their apps to extended addresses to avoid > dealing with NAT bogosity and resulting tech support calls & costs. > > Step 5: remove NATs. > > --vadim > >
Re: legacy /8
They are not glowing because applications are simply not moving to IPv6. Google has two popular applications on IPv6, Netflix is on it way there but what are other application companies doing about it? A popular application like e-mail is so far behind [ref: http://eng.genius.com/blog/2009/09/14/email-on-ipv6/] and I still encounter registrar's providing DNS service not supporting Quad A's. I feel talking to network operators is preaching to the choir, the challenge is helping content providers think about moving to IPv6. I think we will only see success once we are able to successfully work with content providers but they are quite busy now building real technology like the "Cloud" Zaid On 4/3/10 2:22 PM, "Frank Bulk" wrote: > If "every significant router on the market" supported IPv6 five years ago, > why aren't transit links glowing with IPv6 connectivity? If it's not the > hardware, than I'm guessing it's something else, like people or processes? > > Frank > > -Original Message- > From: Michael Dillon [mailto:wavetos...@googlemail.com] > Sent: Saturday, April 03, 2010 1:07 PM > To: Larry Sheldon > Cc: nanog@nanog.org > Subject: Re: legacy /8 > >> Not often you hear something that has changed just about every aspect of >> life and enabled things that could not be imagined at its outset called >> a failure > > Sounds like you are describing the Roman Empire. It failed and that's why > we now have an EU in its place. > > Things change. Time to move on. > > IPv4 has run out of addresses and we are nowhere near finished GROWING > THE NETWORK. IPv6 was created to solve just this problem, and 10 years > ago folks started deploying it in order to be ready. By 5 years ago, every > significant router on the market supported IPv6. Now that we actually need > IPv6 in order to continue network growth, most ISPs are in the fortunate > position that their network hardware already supports it well enough, so > the investment required is minimized. > > --Michael Dillon > >
Re: Gmail Down?
Seems like the contact portion only. Gmail is temporarily unable to access your Contacts. You may experience issues while this persists. Zaid On Sep 24, 2009, at 8:08 AM, Chris Gotstein wrote: Anyone else seeing Google's Gmail down right now? Seems to have been down since 10am CST. We are connected through Chicago. downforeveryoneorjustme.com is also reporting it's down. -- Chris Gotstein, Sr Network Engineer, UP Logon/Computer Connection UP http://uplogon.com | +1 906 774 4847 | ch...@uplogon.com
Re: Repeated Blacklisting / IP reputation
I think costs of maintaining an abuse helpdesk is a big factor here. I don't see many ISP's putting money and resources into an abuse helpdesk and this is because it is low cost to obtain a Netblock so why should one employ and build expertise on managing it. If you go to SpamHaus you will see a major ISP and their netblocks listed and associated with known spammers. What is this ISP doing about this? Nothing! My guess is that they look at their bottom $$ and look at Spamming customer A and say "crap we will be spending $$$ on this customer just to get them off SpamHaus so just leave it, we are afterall in the bandwidth business". If ARIN were to say to this major ISP that they wont allocate more addresses to them until they adhere to an AUP then maybe the game will change but the bigger question here is should ARIN get into this kind of policy. Zaid On Sep 15, 2009, at 1:31 PM, Christopher Morrow wrote: On Tue, Sep 15, 2009 at 4:23 PM, wrote: On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said: Anyone that intentionally uses address space in a manner that they know will cause it to become contaminated should be denied on any further address space requests. You *do* realize that the people you're directing that paragraph at are able to say with a totally straight face: "We're doing nothing wrong and we have *no* idea why we end up in so many local block lists"? Also, you can very well disable new allocations to Spammer-Bob, did you also know his friend Sue is asking now for space? Sue is very nice, she even has cookies... oh damn after we allocated to her we found out she's spamming :( Spammers have a lot of variables to change in this equation, RIR's dont always have the ability to see all of the variables, nor correlate all of the changes they see :( -Chris
Re: Multi-homed clients and BGP timers
>From experience I found that you need to keep all the timers in sync with all >your peers. Something like this for every peer in your bgp config. neighbor xxx.xx.xx.x timers 30 60 Make sure that this is communicated to your peer as well so that their timer setting are reflected the same. Zaid - Original Message - From: "Steve Bertrand" To: "nanog list" Sent: Friday, May 22, 2009 3:45:20 PM GMT -08:00 US/Canada Pacific Subject: Multi-homed clients and BGP timers Hi all, I've got numerous single-site 100Mb fibre clients who have backup SDSL links to my PoP. The two services terminate on separate distribution/access routers. The CPE that peers to my fibre router sets a community, and my end sets the pref to 150 based on it. The CPE also sets a higher pref for prefixes from the fibre router. The SDSL router to CPE leaves the default preference in place. Both of my PE gear sends default-originate to the CPE. There is (generally) no traffic that should ever be on the SDSL link while the fibre is up. Both of the PE routers then advertise the learnt client route up into the core: *>i208.70.107.128/28 172.16.104.22 0150 0 64762 i * i 172.16.104.23 0100 0 64762 i My problem is the noticeable delay for switchover when the fibre happens to go down (God forbid). I would like to know if BGP timer adjustment is the way to adjust this, or if there is a better/different way. It's fair to say that the fibre doesn't 'flap'. Based on operational experience, if there is a problem with the fibre network, it's down for the count. While I'm at it, I've got another couple of questions: - whatever technique you might recommend to reduce the convergence throughout the network, can the same principles be applied to iBGP as well? - if I need to down core2, what is the quickest and easiest way to ensure that all gear connected to the cores will *quickly* switch to preferring core1? Steve
partial routes for AS701 and AS3365
Anyone here doing partial routes with AS701 and AS3356? If so can you tell me how many routes you are receiving? Thanks, Zaid
Re: Yahoo and their mail filters..
I think a major reason why recipients click the 'Spam' button is because often times its not obvious how to identify the opt out link in the email. You can perhaps put the opt out link on the top of the email so that the user clicks that instead of the 'Spam' button. There is also the issue of weather the user trusts the opt out link, I have been in discussions where data shows that most users don't generally trust it. On the subject of feedback loop I think that if you sign up to receive FBL emails then you must do something about it. I think its useless to sign up for FBL's and not take any action because ESP's monitor FBL rate so if they feel that you are not taking action then you can expect to see your emails go to a junk folder or be subjected to greylisting. Zaid - Original Message - From: "Peter Beckman" To: "Suresh Ramasubramanian" Cc: nanog@nanog.org Sent: Wednesday, February 25, 2009 12:28:46 PM GMT -08:00 US/Canada Pacific Subject: Re: Yahoo and their mail filters.. On Wed, 25 Feb 2009, Suresh Ramasubramanian wrote: > On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman wrote: >> Why the hell can't AOL integrate the standard listserv commands integrated >> into many subscription emails into a friggin' button in their email >> client, right next to "Spam" (or even in place of it) that says >> "Unsubscribe?" > > Because a lot of spammers would prefer that people simply unsub from > their lists rather than they get blocked? > > And because unsub urls could lead to a lot of nastiness if theres a > truly malicious spammer? > > And because .. [lots of other reasons] > > On Wed, Feb 25, 2009 at 10:38 PM, Peter Beckman ALSO wrote: >> I realize it could be used badly if globalized, but if AOL got off their >> duff and vetted some of the higher volume truly honest subscription >> emailers and allowed their emails to activate the Spam->Unsub button, it >> might save everyone some headaches. As I said (but you clipped), the suggestion could (and would likely) be abused if turned on globally, but if AOL vetted some of the more popular subscription mailings where people were clicking spam rather than unsubscribe for trusted sources, it could work. > There are a few (sender driven) initiatives to move towards a trusted > unsubscribe, but .. I think in order for an Unsubscribe button to be implemented by Gmail, Yahoo, AOL, etc, there would have to be some sort of internally reviewed list of trusted senders for which each company had a mail admin contact for (technical implementation not applicable for this discussion). Working together to communicate openly about subscription email with trusted parties would help (in theory) to reduce the effects of clueless end users who lazily click "Spam" and cause headaches for both senders and receivers of legitimate subscription email. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: do I need to maintain with RADB?
Most of all my providers use a route registry and if they don't I would question it. I am all for a route registry but can we adopt one or one of X registries which I think is what is happening. For my ease of management I would like to use one and also pay (and budget) for one since its the same information (or should be). Zaid - Original Message - From: "Heather Schiller" To: "Zaid Ali" Cc: "Jon Lewis" , "NANOG list" Sent: Thursday, February 19, 2009 3:21:13 PM GMT -08:00 US/Canada Pacific Subject: Re: do I need to maintain with RADB? No. Use of a routing registry is not required.. ARIN's, RADB's or otherwise. You might want to check out this presentation: http://nanog.org/meetings/nanog44/abstracts.php?pt=ODg4Jm5hbm9nNDQ=&nm=nanog44 This is an entirely different statement from "Your globally unique IP's should to be allocated to you in an RIR's database before someone routes them for you" For example 207.76.0.0/14 is allocated to us, you can see it in ARIN's whois, but it is not registered in ARIN's IRRD, or any other. As further proof - note that people publicly route resources that aren't registered in a "routing registry database" or even registered to them by an RIR at all: http://www.cidr-report.org/as2.0/#Bogons I'm not saying this is a good thing.. I would like to see the system drastically improved and secured.. I'm just pointing out how things actually work today. Check w/ your provider, but in most cases you will find that they don't use a route registry. --Heather Heather SchillerVerizon Business Customer Security1.800.900.0241 IP Address Managementhel...@verizonbusiness.com = Jon Lewis wrote: > On Thu, 19 Feb 2009, Zaid Ali wrote: > >> Hi, need some advise here. Do I still need to maintain my objects (and >> pay) RADB? I use ARIN as source and all my route objects can be >> verified with a whois. > > If your objects are all maintained via another routing registry (ARIN's, > altdb, etc.) and you don't care to maintain objects with radb.ra.net, > then you do not need to pay RADB maintenance fees. > > -- > Jon Lewis | I route > Senior Network Engineer | therefore you are > Atlantic Net| > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ > >
Re: do I need to maintain with RADB?
Yes but I wanted to get a feel from the community and I get a notification message from RADB to pay up I wanted to get a feel from providers. I am happy to take my question off the list :) Zaid - Original Message - From: "Bruce Robertson" To: "Zaid Ali" Cc: "NANOG list" Sent: Thursday, February 19, 2009 2:19:42 PM GMT -08:00 US/Canada Pacific Subject: Re: do I need to maintain with RADB? But I pay for all that already, so it seems that using ARIN is a no-brainer. Zaid Ali wrote: It's not entirely free since you have to pay an AS maintenance fee and if you are assigned a netblock directly then you pay maintenance on that also. I would rather maintain everything in one place rather than paying an extra $495 to RADB if my BGP peers can source it from ARIN. Zaid - Original Message - From: "Bruce Robertson" To: "NANOG list" Sent: Thursday, February 19, 2009 2:07:31 PM GMT -08:00 US/Canada Pacific Subject: Re: do I need to maintain with RADB? Is the ARIN registry free, then? Jon Lewis wrote: On Thu, 19 Feb 2009, Zaid Ali wrote: Hi, need some advise here. Do I still need to maintain my objects (and pay) RADB? I use ARIN as source and all my route objects can be verified with a whois. If your objects are all maintained via another routing registry (ARIN's, altdb, etc.) and you don't care to maintain objects with radb.ra.net, then you do not need to pay RADB maintenance fees. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: do I need to maintain with RADB?
It's not entirely free since you have to pay an AS maintenance fee and if you are assigned a netblock directly then you pay maintenance on that also. I would rather maintain everything in one place rather than paying an extra $495 to RADB if my BGP peers can source it from ARIN. Zaid - Original Message - From: "Bruce Robertson" To: "NANOG list" Sent: Thursday, February 19, 2009 2:07:31 PM GMT -08:00 US/Canada Pacific Subject: Re: do I need to maintain with RADB? Is the ARIN registry free, then? Jon Lewis wrote: > On Thu, 19 Feb 2009, Zaid Ali wrote: > >> Hi, need some advise here. Do I still need to maintain my objects >> (and pay) RADB? I use ARIN as source and all my route objects can be >> verified with a whois. > > If your objects are all maintained via another routing registry > (ARIN's, altdb, etc.) and you don't care to maintain objects with > radb.ra.net, then you do not need to pay RADB maintenance fees. > > -- > Jon Lewis | I route > Senior Network Engineer | therefore you are > Atlantic Net| > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ > > > > >
do I need to maintain with RADB?
Hi, need some advise here. Do I still need to maintain my objects (and pay) RADB? I use ARIN as source and all my route objects can be verified with a whois. Thanks, Zaid
Re: IPv6 Confusion
>You are arguing that ISPs should make changes >without any obvious mechanism to guarantee some return on the >investment necessary to pay for those changes. Nail on the head and the 800 pound gorilla in the room. Japan gave tax incentives which helped their ISP's to move to IPv6. Find a lazy lobbyist who can educate a senator to say that there will be no more tubes left on the internet and slide a tax incentive into the next stimulus package :) Zaid - Original Message - From: "David Conrad" To: "Mark Andrews" Cc: "NANOG list" Sent: Tuesday, February 17, 2009 8:18:33 PM GMT -08:00 US/Canada Pacific Subject: Re: IPv6 Confusion On Feb 17, 2009, at 3:55 PM, Mark Andrews wrote: > In otherwords ISP's need to enter the 21st century. Yeah, those stupid, lazy, ISPs. I'm sure they're just sitting around every day, kicking back, eating Bon Bons(tm), and thinking of all the new and interesting ways they can burn the vast tracts of ill-gotten profits they're obviously rolling in. Reality check: change in large scale production networks is hard and expensive. There needs to be a business case to justify making substantive changes. You are arguing that ISPs should make changes without any obvious mechanism to guarantee some return on the investment necessary to pay for those changes. This is a waste of time. In general, NAT is paid for by the end user, not the network provider. Migrating to IPv6 on the other hand is paid for entirely by the network provider. Guess which is easier to make a business case for? Note that I'm not saying I like the current state of affairs, rather I'm suggesting that jumping up and down demanding ISPs change because you think they're stuck in the last century is unlikely to get you very far. You want a concrete suggestion? Make configuring DDNS on BIND _vastly_ simpler, scalable to tens or hundreds of thousands of clients, and manageable by your average NOC staff. Regards, -drc
unsolicited name transfers from Godaddy
I have been receiving a high number of unsolicited domain transfer requests from Godaddy and have also written to Godaddy support about unsolicited domain transfer requests. Since I am not a Godaddy customer I got a standard talk to the hand. I have colleagues confirming that some similar chatter is also happening in the ICANN space with respect to Godaddy. Are folks here experiencing this also? Thanks, Zaid
Re: Private use of non-RFC1918 IP space
Yes we all go to NANOG meetings and talk about these solutions but the change has to come from within. its not just a technical solution. There has to be motivation and incentive for people to make this change. Zaid - Original Message - From: "Paul Timmins" To: "Zaid Ali" Cc: "Roger Marquis" , nanog@nanog.org Sent: Tuesday, February 3, 2009 10:22:16 AM GMT -08:00 US/Canada Pacific Subject: Re: Private use of non-RFC1918 IP space Zaid Ali wrote: > I don't consider IPv6 a popularity contest. It's about the motivation and the > willingness to. Technical issues can be resolved if you and people around you > are motivated to do so. I think there are some hard facts that need to be > addressed when it comes to IPv6. Facts like > > 1. How do we migrate to a IPv6 stack on all servers and I am talking about > the >thousands of servers that exist on peoples network that run SaaS, > Financial/Banking systems. > Just upgrade your load balancer (or request a feature from your load balancer company) to map an external IPv6 address to a pool of IPv4 servers. Problem solved. > 2. How do we make old applications speak IPv6? There are some old back-end > systems >that run core functions for many businesses out there that don't really > have any >upgrade path and I don't think people are thinking about this. > Continue to run IPv4 internally for this application. There's no logical reason that IPv4 can't continue to coexist for decades. Heck, people still run IPX, right? -Paul
Re: Private use of non-RFC1918 IP space
I don't consider IPv6 a popularity contest. It's about the motivation and the willingness to. Technical issues can be resolved if you and people around you are motivated to do so. I think there are some hard facts that need to be addressed when it comes to IPv6. Facts like 1. How do we migrate to a IPv6 stack on all servers and I am talking about the thousands of servers that exist on peoples network that run SaaS, Financial/Banking systems. 2. How do we make old applications speak IPv6? There are some old back-end systems that run core functions for many businesses out there that don't really have any upgrade path and I don't think people are thinking about this. >From a network perspective IPv6 adoption is just about doing it and executing >with your fellow AS neighbors. The elephant in the room is the applications >that ride on your network. Zaid - Original Message - From: "Roger Marquis" To: nanog@nanog.org Sent: Tuesday, February 3, 2009 9:39:33 AM GMT -08:00 US/Canada Pacific Subject: Re: Private use of non-RFC1918 IP space Stephen Sprunk wrote: > Patrick W. Gilmore wrote: >> Except the RIRs won't give you another /48 when you have only used one >> trillion IP addresses. > > Are you sure? According to ARIN staff, current implementation of policy > is that all requests are approved since there are no defined criteria > that would allow them to deny any. So far, nobody's shown interest in > plugging that hole in the policy because it'd be a major step forward if > IPv6 were popular enough for anyone to bother wasting it... Catch 22? From my experience IPv6 is unlikely to become popular until it fully supports NAT. Much as network providers love the thought of owning all of your address space, and ARIN of billing for it, and RFCs like 4864 of providing rhetorical but technically flawed arguments against it, the lack of NAT only pushes adoption of IPv6 further into the future. Roger Marquis
recommendation for SIP integration
Hi, I am looking for a solution where I can tie a US number to a SIP solution. Has anyone had experience with this and if so can you make some recommendations? Zaid
Re: Christmas spam from RESERVED IANA adressblock ?
If you want to file a spam complaint I suggest you do a whois for 76.74.250.247. This is the external facing mail server that sent you the email. Most applications these days are built in layers so a web layer forwards the email to an email server, if the application is not designed to suppress the HELO from the web layer then you will see internal email routing information. As for the network side most networks filter out BOGONS so you would not get RFC1918 into your network. Zaid -Original Message- From: macbroadcast [mailto:m...@let.de] Sent: Wednesday, December 24, 2008 6:48 AM To: NANOG list Subject: Christmas spam from RESERVED IANA adressblock ? hello ladys and getlepersons just out of curiosity i looked a bit closer into this spammail header, because this company is really annoying and abusing a lot of internet citizens. Anfang der weitergeleiteten E-Mail: > Von: maill...@ualadys.com > Datum: 24. Dezember 2008 12:30:18 MEZ > An: m...@let.de > Betreff: E-Mail For You @ ualadys.com > Return-Path: > Received: from mx2.mail.vrmd.de ([10.0.1.21]) by vm42.mail.vrmd.de > (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA; Wed, 24 Dec > 2008 12:30:25 +0100 > Received: from mx2.iispp.com ([76.74.250.247]) by mx2.mail.vrmd.de > with esmtp (Exim 4.69) (envelope-from ) id > 1LFRwW-00011o-DY for m...@let.de; Wed, 24 Dec 2008 12:30:25 +0100 > Received: from web1.iispp.com (w1 [172.16.21.244]) by mx2.iispp.com > (Postfix) with ESMTP id B71CF3504DB for ; Wed, 24 Dec > 2008 11:30:18 + (UTC) > Received: by web1.iispp.com (Postfix, from userid 33) id A5C7917A405C; > Wed, 24 Dec 2008 06:30:18 -0500 (EST) "Whois" wurde gestartet . OrgName:Internet Assigned Numbers Authority OrgID: IANA Address:4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country:US NetRange: 172.16.0.0 - 172.31.255.255 CIDR: 172.16.0.0/12 NetName:IANA-BBLK-RESERVED NetHandle: NET-172-16-0-0-1 Parent: NET-172-0-0-0-0 NetType:IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IANA.ORG Comment:This block is reserved for special purposes. Comment:Please see RFC 1918 for additional information. Comment:http://www.arin.net/reference/rfc/rfc1918.txt RegDate:1994-03-15 Updated:2007-11-27 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: ab...@iana.org OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: ab...@iana.org # ARIN WHOIS database, last updated 2008-12-23 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. so how is this possible ? merry christmas anyway Marc > X-Sieve: CMU Sieve 2.2 > Envelope-To: m...@let.de > Delivery-Date: Wed, 24 Dec 2008 12:30:25 +0100 > X-Id-From: 1000 > X-Id-To: 238141 > X-Mail-Id: 203714382 > Mime-Version: 1.0 > Content-Type: text/html > Message-Id: <20081224113018.a5c7917a4...@web1.iispp.com> > X-Spam-Suspicion: No > X-Purgate: Clean X-purgate-ID: > 150741::081224123024-0FFB86C0-283E8BDE/0-0/0-1 X-purgate-Ad: For more > information about eXpurgate please visit http://www.expurgate.net/ > > > > > marc, You have new mail > This is to notify you that you have received an E-Mail from > > View Photos > DetailsIrina O #1000 > Subject: Destiny has linked us... > > Date: 24 December 2008 > > To read the message go here: > > PLEASE, DO NOT REPLY TO THIS E-MAIL - FOLLOW THE LINK > > http://www.ualadys.com/view_mail.rpx?hash=a71d2600f032ece232a391296f5f > 071e&mid=203714382&uid=238141 > > Thank you, > ualadys.com Support Team > > Favorites ualadys.com > > 24x7 Call center > > United States > +1 (315) 849-5814 > > United Kigdom > +44 (315) 849-5814 > > Skype support : ualadys > > > > For any question in english > about this site please call: > +1 (212) 226-8900 > Mon-Fri 9:00-16:00 (EST)
Re: XO Outage
I am seeing it on my end also: traceroute: Warning: www.cnn.com has multiple addresses; using 157.166.224.25 traceroute to www.cnn.com (157.166.224.25), 64 hops max, 40 byte packets 1 hq-rtr1.genius.local (64.244.66.1) 0.891 ms 0.429 ms 0.449 ms 2 ip65-46-253-157.z253-46-65.customer.algx.net (65.46.253.157) 1.856 ms 2.860 ms 1.881 ms 3 p3-0-0.mar2.fremont-ca.us.xo.net (207.88.80.181) 16.922 ms 2.041 ms 2.013 ms 4 p4-3-0.rar2.sanjose-ca.us.xo.net (65.106.5.161) 2.637 ms 2.192 ms 2.823 ms 5 p6-0-0.rar1.la-ca.us.xo.net (65.106.0.17) 10.308 ms 10.258 ms 10.386 ms 6 207.88.13.22.ptr.us.xo.net (207.88.13.22) 10.931 ms 10.535 ms 10.037 ms 7 *^C Justin Sharp wrote: We are seeing some issues w/ XO/Savvis peering.. Trace from XO to Savvis IP space (64.75.10.151) Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. scrubbed 0.0% 60.6 0.5 0.4 0.6 0.1 2. ip65-44-114-97.z114-44-65.customer.algx.net 0.0% 61.3 1.3 1.2 1.4 0.1 3. ??? Trace from Savvis to XO IP space (65.44.114.97) 1. scrubbed 0.0%380.4 0.4 0.3 0.5 0.1 2. 64.41.199.129 0.0%371.0 24.0 0.6 330.2 80.4 3. hr1-ge-7-47.santaclarasc5.savvis.net 0.0%370.7 1.4 0.6 27.3 4.4 4. er1-te-1-0-0.sanjose3equinix.savvis.net 0.0%370.7 5.2 0.6 140.3 23.2 5. cr1-tenge-0-7-5-0.sanfrancisco.savvis.net 2.7%372.9 4.0 2.6 16.6 2.5 6. cr2-pos-0-0-3-3.dallas.savvis.net 0.0%37 42.6 43.1 42.3 51.4 1.4 7. dpr1-ge-4-0-0.dallasequinix.savvis.net 0.0%37 43.1 44.8 42.9 76.9 6.7 8. er1-te-2-1.dallasequinix.savvis.net 0.0%37 43.3 49.2 42.8 233.6 31.6 9. 208.175.175.90 0.0%37 43.0 42.8 42.6 43.6 0.2 10. 65.106.1.102 75.0%37 43.5 46.5 43.4 62.9 6.3 11. 65.106.1.101 0.0%37 43.4 47.8 43.2 112.3 12.5 12. 65.106.0.41 0.0%37 57.5 65.1 57.1 177.3 21.0 13. 65.106.1.73 0.0%37 57.4 66.5 57.1 162.1 24.2 14. ??? Trying to call into XO and they aren't even taking calls, they mention something about network issues in Spokane. Any ideas as to what is going on/ETA to fix? --Justin
Re: ICANN opens up Pandora's Box of new TLDs
I hear from my friend's attending ICANN in Paris that there are tons of business folks who want to scoop up a gTLD. I haven't heard of anything that will be structured so looks like it will be a blood bath. Zaid On Jun 26, 2008, at 1:34 PM, Ken Simpson wrote: Two years ago I posed the question here about the need for TLDs (http://www.mcabee.org/lists/nanog/May-06/msg00110.html). I summerizsed that companies IP (Intellectual Property) guidelines would never allow domain.org to exist if they owned domain.com (ibm.org vrs ibm.com).I felt that TLDs really represented a monetary harvesting scheme as every new TLD forced companies to "pay for yet another domain name" (slowly milking businesses). At that time several knowledgeable folks commented that TLDs were necessary in the beginning due to the need to distribute queries. Now it seems, ICANN has decided to add a new paradigm :-) How will a TLD like .ibm be handled now, and how is this different than what I proposed in 2006? How will ICANN be allocating these? An auction format? It will be a blood bath otherwise.. And for abuse and spam, this is a nightmare.
XO contact
Can someone from XO who handles this neighbor 65.46.253.157 help me out with a BGP session going down? This is the second time within a week where a misconfiguration of an ACL on XO end is bringing down my BGP session with you and its frustrating to go through the normal tech support chain. Zaid