Re: internet in the box

If you have the luxury of running copper, you have some options. In my experience, its often difficult to do so without paying the house's labor at a convention center. This may necessitate a distributed solution with just several individual cradlepoint routers dropped throughout the coverage are

Re: internet routing table in a vrf

I've done this on multiple vendor platforms, including full routes, and haven't had any issues. Resource consumption varies on vendor and implementation, but I've observed that its not as punitive as I thought it would be due to various optimizations. Granted, in most of my cases, it was in a VRF

Re: Ok: this is a targetted attack

An SPF record will probably only add value if the receiving mail server for the nanog list uses them to restrict allowed senders for the domain. On Mon, Feb 11, 2013 at 2:51 PM, Rob McEwen wrote: > On 2/11/2013 4:39 PM, Sean Lazar wrote: > > Jay, you need to have SPF records for your domain. Th

Re: Level3 worldwide emergency upgrade?

Given the issue was announced a week ago, I'm surprised they didn't provide some sort of emergency notification prior to the upgrade. However, I certainly understand their immediate desire to deploy this update. I don't think it's bad as the BGP one from not too long ago in that exploit code is n

Re: List of Comcast speeds in Chicago, IL (North side near I-94: Addisson/Irving Park/ area)

The folks in the forums at dslreports.com are generally on top of this like a hawk and are probably a better resource than here. For what its worth, Comcast often provides temporary speed enhancements for the first so many bytes in x seconds, ("powerboost"), which can often throw off short flash-b

Re: Ethernet Service at 150 S. Market Street, SJ

For typical console access/OOB use cases only or a lot more data? If the former, I can't see any reason to mess with anything more than a telemetry-rate plan SIM card in a 3g/4g console server. Chances are, if you can get cell phone coverage to your cage, it will work fine. They're also very che

Re: Multicast over GRE between Linux server and Cisco Router

>From my experience, it seems most Linux multicast development has stalled significantly in recent years. None the less, look for something called "smcroute". You should be able to use this to manually peg up a route and generate the join. Also take a look at the output of netstat -n -g to see t

Re: Zero-Touch Deployment Remote Office solution?

I handle this a different way. I'm not saying it's the easiest solution, but its very scalable to many thousands of endpoints. I take a small router and I set the "WAN" side to DHCP. I use client-intiated L2TP tunnels w/ ipsec protection to build a tunnel to the head end. The beauty of this is:

Re: Device specifically made for high capacity GRE tunnels for dozens of sites

mx80 (or similar) or ASR. The MX would probably be my preference for just pushing huge amounts of GRE packets and scales nicely in a single box solution. On Fri, Jan 18, 2013 at 11:21 AM, Christopher Morrow < morrowc.li...@gmail.com> wrote: > On Fri, Jan 18, 2013 at 12:51 PM, A. Pishdadi wrote

Re: Netflow Nfsen Server Hardware

I agree here with Christopher; A SSD to handle the high IOPS requirements of real time data logging; combined with a scheduled transfer which can "move" the stored data in a linear large block copy operation to ordinary spindles, would be a cost effective hybrid solution. This of course is assumin

Re: EQUINIX

My experience has been that the monthly rack rental fee will be a comparative bargain to basic power and a couple in-building cross connects, which will often more than double the cost. When shopping for any provider, make sure you price out all the options you need in addition to the rack space i

Re: really facebook?

Very common. Most Verizon Wireless data traffic on modern phones is backhauled to one or more mobile IP home agents based in a few cities. You'll typically see similar geolocation difficulties on their network for IPv4 too. They have another one in Texas, and another one in a different location I

Re: Cogent outage?

No visible issues in the DC area. On Thu, Dec 6, 2012 at 10:17 AM, Evan Moore wrote: > I may have seen this as well. I touch Cogent in Boston. > > Seems to be returning as of 1717 GMT. > > ERM > > Evan R Moore > Network Engineer > Sovernet Communications > > > -Original Message- > From

Re: OpenBGPd problems relating to misuse of RESERVED bits in BGP Attribute Flags field

If you hear anything more, I'd be interesting in knowing about it. I had a an upstream going up and down last night; reportedly their BGP process was core dumping due to a BGP attribute issue. I never found out what vendor it was though. Paul On Thu, Nov 29, 2012 at 12:33 PM, Michael Sinatra <

Re: MPLS acceptable latency?

Your provider is likely backhauling the circuits opposite directions to PE routers in a different geographic local than the sites. It's time to have a discussion with your sales engineer about the physical pathing of your circuits and PE router locations. When I know I have latency critical circu

Re: qwest.net dropping packets... wife would like someone to pick them up please...

For some more information, this previous document and presentation make good resources: Document: http://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N47_Sun.pdf There's also a presentation here: http://www.nanog.org/meetings/nanog45/presentations/Interpret_traceroutes.wmv

Re: AT&T Microcell Contact

I wonder why they filter by IPs anyways? The only reason I can guess is geolocation to ensure they have a frequency license in a given geographic area. However my experience has been that other providers use a GPS for this (and unfortunately, require a GPS lock to operate). Great for a house wit

Re: Cisco 7206 IOS for PPPoE Termination

For this application, you may wish to consider the service provider images. The latest 15.x(S) image works, as it is the derivative of what was formerly the service-provider oriented 12.2(SRx) images. However, it's unlikely to drop steady state CPU, but it may contain some optimizations for concu

Re: Verizon IPv6 LTE

"Please don't hack or ddos it :-) " Unfortunately, while you do get an ipv6 address, mobile terminated data doesn't work, so you don't have to worry about this. It is firewalled by Verizon. I actually tried to set up a VPN on a LTE data card using the ipv6 address since the IPV4 one is behind ca

Re: Redundant Routes, BGP with MPLS provider

Options 1) Ask the provider if they have any traffic engineering communities available. Many of the large ones offer some. 2) Use BGP MED to influence the output path (works in most cases). 3) If that fails, use as-path pre-pending to influence the output path from the provider towards you. GRE

Re: Bandwidth spikes due to Microsoft release of windows 8 on MSDN

Considering I can't get the download links to work, nor the generate product key button to process without an error code we may either be at Microsoft limits, or not there yet. On Wed, Aug 15, 2012 at 12:02 PM, Mark Gauvin wrote: > Or R2 service pack 3 > > Sent from my iPhone > > On 2012-08-15,

Re: Wanted: Asia bandwidth test files

If you can, I suggest finding other well connected hosts and using IPERF in UDP mode for your testing. Separating TCP long-fat pipe and slow start issues from true packet delivery/loss rates at a given bitrate are beneficial. Use Linux as most iperf windows builds are based on cygwin and have iss

Re: Cisco 7200 PCI Limitations

While I agree it may not be suitable for transit GigE purposes, it is certainly acceptable for many WAN aggregation scenarios and CPE scenarios well in excess of T1 speeds. There are still many out there in DS3, Fast-E, subrate ethernet subscriber, ATM, (DSL/L2TP/PPPOE), DMVPN, and other similar s

Re: [c-nsp] NTP Servers

Many folks have more than just windows desktop PCs syncing their time. If your application requires sub-5 second accuracy, (such as end of a banking day), then Windows NTP is unsuitable for the purpose. If your only objective is to sync the times on a bunch of user laptops so they can get Kerbeos

Re: technical contact at ATT Wireless

tions with corporate address range overlap. -Paul On Thu, Jun 28, 2012 at 1:40 PM, Christopher Morrow wrote: > On Thu, Jun 28, 2012 at 3:35 PM, PC wrote: > > > Why they don't use public IP space belonging to them for DNS servers, I > do > > not know. > > they hav

Re: technical contact at ATT Wireless

I wish you the best of luck. While you're at it, I've been also trying to complain about them using RFC1918 (172.16.) address space for the DNS servers they assign to their datacard subscribers. Causes all sorts of problems with people trying to VPN in as the same IP range is used by me. Why the

Re: Cisco Smartnet for 6509E Line Cards

I'd say hardware replacement is only a small benefit of smartnet, or I would have found it more economical to just stock spares a long time ago. You also received technical support in addition to software updates. In fact, IMHO, the greatest benefit is the access to Cisco development resources fo

Re: CBT Nuggets streaming account

You can rent CCIE-topology racks for $1.50/hr. Even though that's overkill for CCNP, you probably don't need that many hours. It sure beats dealing with buying then selling the stuff on ebay. On Mon, Jun 11, 2012 at 4:01 PM, Jonathan Rogers wrote: > I would say part of the argument is old-fashi

Re: Comcast Service for Non-Cap Bandwidth

ot likely to work. On Tue, May 29, 2012 at 7:41 PM, Nabil Sharma wrote: > > PC: > I also wish to know how much the Comcast "Paid Peering" service costs, and > if this is an option that can get us the delivery we require. > Could you please help me to understand why it i

Re: Comcast Service for Non-Cap Bandwidth

Hi Nabil, DSCP tagging on inter-domain internet traffic is not expected to work (I wouldn't expect this to work at any ISP, quite frankly, absent some very special arrangements). >From reading the article in the link below, it sounds like they are using DSCP to ensure when a user has maxed their

Re: Comcast Service for Non-Cap Bandwidth

While I still don't agree it's fair, that arrangement seems limited to the viewing of the Xfinity TV application via XBOX for subscribers who have both an internet and cable TV package via Comcast and not XBOX in general. None the less, the cap is 250gb at the moment, and only applies to residenti

Re: Current IPv6 state of US Mobile Phone Carriers

IPV6 is present, to my knowledge, on all devices on the Verizon IPV6 LTE network. I noticed its using it to communicate to Google for many of it's services when I ran a netstat. I believe they mandated support for it from any certified device. Unfortunately, it's still firewalled. On Tue, May

Re: Cogent for ISP bandwidth

While there may be other grounds for telling them not to call you, the do not call list is not one of them as it does not apply to business to business solicitations. "The national Do-Not-Call list protects home voice or personal wireless phone numbers only. While you may be able to register a bus

Re: Verizon 1xRTT/EVDO for OOB

Call a business sales rep and ask for "telemetry" or "Machine to Machine" data plans. On Fri, May 4, 2012 at 10:53 AM, Christopher J. Pilkington wrote: > Is anyone using Verizon 1xRTT/EVDO ("3G") for OOB work? I'm trying to > sort out how exactly to order a compatible service from them. > Unfor

Re: mulcast assignments

And I've seen plenty of gear without SSM support: Some of the larger offenders: Juniper Clusters. Cisco ASA Some Linksys managed switches (no IGMP snooping support for it). I really wouldn't think it'd be that hard to implement SSM if the equipment had functional ASM support, but that's a story f

Re: VPN over satellite

Most satellite modems offer built in TCP acceleration options heavily optimized for VSAT use and an encryption option (proprietary to their hardware only) which is probably your best bet. You can then use traditional encryption to your satellite provider (or take Ethernet handoff at the satellite

Re: Securing OOB

My preferred OOB solution is cellular where possible. (Many companies make such a dedicated product, or roll your own). Most cellular providers can provide a private APN with private IP addresses delivered back to you via a VPN tunnel. In many cases, telemetry (IE: 50Mb or less per month) data p

Re: Most energy efficient (home) setup

It exists. Google for "unRAID" It uses something like Raid4 for Parity data, but stores entire files on single spindles. It's designed for home media server type environments. This way, when you watch a video, only the drive you are using needs to power up. It also lets you add/remove mismatch

Re: IPv6 support via Charter | Ideas on BGP Tunnel via HE

He.net tunnels are also good to have because depending on your provider, there's still many with incomplete views of the ipv6 routing table and he might have a path. This is a more prevalent issue with ipv6 than v4 at the moment. On Apr 11, 2012 2:03 PM, "Anurag Bhatia" wrote: > Hi Seth > > > I

Re: DNS noise

It could be a DNS amplification attack, with the source IP forged. They may be hoping you "reply" to the forged source with a response greater than the cost of them sending the query. Of course you'd have to actually be running a poorly configured DNS server on that IP for this to work... On Fr

Re: SORBS?!

That's probably a better idea. I moved "into" a /24 ip block that was SWIPed to me that they reported was "dynamic cable/DSL users" (no spam history, mind you). Didn't matter, I couldn't send e-mail. When trying to get it delisted I had a TTL on the zone that was "incompatible" with their standa

Re: filtering /48 is going to be necessary

I think ARIN issues /48s for Provider independent space as the minimum allocation size, so I'm guessing we shouldn't filter below that. At least, that's what's in their current policies. On Fri, Mar 9, 2012 at 7:50 AM, Bernhard Schmidt wrote: > Jeff Wheeler wrote: > > Hello Jeff, > > > On Fri,

Re: [c-nsp] ASR opinions..

cover all your basis. On Thu, Mar 8, 2012 at 11:38 AM, Christian 'wiwi' Wittenhorst < w...@progon.net> wrote: > On 2012-03-08 18:25, PC wrote: > >> The low end ASRs are poor boxes for full BGP table internet edge >> applications. They have many other great appl

Re: [c-nsp] ASR opinions..

The low end ASRs are poor boxes for full BGP table internet edge applications. They have many other great applications, but the reason they are bad here is simply route limits in the FIB. The asr1001 only supports 512,000 IPV4 routes in the FIB at any given point in time, and 128,000 IPV6 routes.

Re: WW: Colo Vending Machine

Back in college we had a fund raiser as a club where we laid out a bunch of computer parts and a sledgehammer. We charged by the swing. It was Office Space style fun. It's profitability far exceeded our expectations. On Tue, Feb 21, 2012 at 5:07 PM, Robert Hajime Lanning wrote: >

Re: US DOJ victim letter

I received one on an IP block that were SWIPed to me. Has anyone written a regular expression which matches the rogue dns server IP ranges in question? - 85.255.112.0 through 85.255.127.255; - 67.210.0.0 through 67.210.15.255; - 93.188.160.0 through 93.188.167.255; - 77.67.83.0 throug

Re: non-congested comcast peers?

Some datapoints based on ~500mb constant UDP telemetry data feed (total) spread across many different comcast endpoints. All Cogent -> Comcast. Even though there's heavy forward error correction provisioned to accommodate 5-10% packet loss, it's hardly used. In fact, packet delivery is incredibl

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

Curious, What was the outcome of this? In any case, I'm hoping the major Tier-1s do the right thing and filter the rogue annoucements, while allowing the OP's. Hopefully after enough pressure and dysfunction, they will give it up. On Tue, Jan 31, 2012 at 6:15 PM, David Conrad wrote: > > I hope

Re: Hijacked Network Ranges

Many/most transit providers filter prefixes longer than /24, so the effectiveness may be minimal. At the very least I'd advertise /24s yourself because if the forger is geographically further away, some local sites may still work. Better than nothing. On Tue, Jan 31, 2012 at 11:19 AM, Grant Ri

Re: Console Server Recommendation

Love the boxes. Absolutely despise the ~50 mhz processor they put in them that takes 10 seconds to negotiate SSH. On Mon, Jan 30, 2012 at 9:26 AM, -Hammer- wrote: > Avocent Cyclades ACS. Enterprise class. > > http://www.avocent.com/**Products/Category/Serial_**Appliances.aspx

Re: LX sfp minimum range

In some enterprise applications, SX is "good enough" for the distances at hand, and SX optics are cheap... On Thu, Jan 26, 2012 at 3:33 PM, Pierre-Yves Maunier wrote: > 2012/1/26 George Bonser > > > > > SX can actually be a little more versatile. LX works only over single > > mode fiber. SX is

Re: juniper mx80 vs cisco asr 1000

the new ones > ONLY have timing. > > …Skeeve > > > On Sat, Jan 21, 2012 at 3:50 AM, PC wrote: > >> While the ASR1002 does offer more services, I generally disagree with some >> parts of this comparison. >> >> Juniper has some very aggressive pricing on

Re: juniper mx80 vs cisco asr 1000

While the ASR1002 does offer more services, I generally disagree with some parts of this comparison. Juniper has some very aggressive pricing on mx80 bundles license-locked to 5gb, which are cheaper and blow the performance specifications of the equivalent low end ASR1002 out of the water for inte

Re: US DOJ victim letter

Knowing it's JS, I looked at the source, and here's the "rogue" ranges: var IP_RANGES = [ [[85, 255, 112, 0], [85, 255, 127, 255]], [[67, 210, 0, 0], [67, 210, 15, 255]], [[93, 188, 160, 0], [93, 188, 167, 255]], [[77, 67, 83, 0], [77, 67, 83, 255]], [[213, 109, 64, 0], [213, 1

Re: juniper mx80 vs cisco asr 1000

Which specific models are you looking at? Both contain a large product range. On Thu, Jan 19, 2012 at 1:10 PM, jon Heise wrote: > Does anyone have any experience with these two routers, we're looking to > buy one of them but i have little experience dealing with cisco routers and > zero experie

Re: How are you doing DHCPv6 ?

The good news is that doubling your IP address allocation requirements for v6 is far better than doubling v4... On Tue, Jan 17, 2012 at 4:37 PM, Daniel Roesen wrote: > On Tue, Jan 17, 2012 at 06:19:28PM -0500, Randy Carpenter wrote: > > > You might want to give this a read: > > > > > > > http://

Re: Well Lookie Here, Barracuda Networks tries to get me to fall into their trap again...

This particular product is often used by the SMB types. This changes things a bit. While I disagree with paying for signature updates you didn't use (It's a service, and I don't care about their fixed costs, I went into it knowing I'd have a license for the signatures as they were expired), I do

Re: BGP noob needs monitoring advice

Depending on the nature of your redundant connections, your traffic engineering/bgp settings, and the visibility of the routing through the lost provider to the internet route servers mentioned, you may/may not be able to easily monitor this. Some failures are harder to find than others. Suggesti

Re: Verizon 3G/4G Mobile Internet Sales Contact?

>From my experience: IPV4 Static IPs nor private IP service are currently available on the 4g service (I asked). Even the routable IPV6 Static IPs can not receive remote traffic (at least they failed to get ESP traffic when I tried to build a VPN with them because the ipv4 address provided was ca

Re: Posting for network engineers and operators...

The SNR on craigslist goes both ways, for both the applicant and the employer. There are also lots of terrible job ads, and a large tendency for employers to not list their identity. Sure, some are just recruiters hiding their client's identity, but the mandatory identifying fields aren't there l

Re: ASA log viewer

I guess this depends on how aggressive the TCP reconnection algorithm is vs. the packet loss of UDP... On the other hand, does ASA support "buffering" of syslog messages while TCP is down? I believe on some IOS platforms, with the right syslog options, it has the capability of queuing and deliver

Re: Bandwidth Upgrade

Yes, lot's of missing pieces here. It depends on your tolerance for delayed and dropped packets during periods of high usage, connection media type, speeds we're talking about, who your users are, and the applications you must support. Generally if your graphs says 75% peak usage, you should have

Re: Cell-based OOB management devices

Second this. Custom APN to AT&T with ipsec lan2lan VPN built to the provider. Works great for this. Once you get rid of the vpn need, you can use any cheap console server. I've seen solutions ranging from little opengear boxes (which are great to ship to a remote site to help a tech set somethin

Re: IPv6 beta support for Android phones

Is there any way this beta can be used in conjunction with other t-mobile data products (such as pre or post paid SIMs used in data cards/USB dongles)? On Sun, Nov 6, 2011 at 9:32 AM, Tom Hill wrote: > On Fri, 2011-11-04 at 15:04 -0700, Cameron Byrne wrote: > > FYI. > > > > T-Mobile USA now has

Re: Performance Issues - PTR Records

What happens if the ISP never defines a name server with their RIR for their provider-independent address space? Does ARIN point to somewhere which supplies NXDOMAIN? Just a thought -- I don't have a clue. It is entirely possible they have it pointed to their non-existent or broken DNS. Given c

Re: Colocation providers and ACL requests

Why not put the ACL on your ingress side at your switch or router? I would typically not expect a colo provider to provide this service unless I'm paying extra for it. The smaller they are, the more likely they are to do so to keep you happy, but I certainly wouldn't be asking this request unless

Re: DPI deployment use case

I've seen these used for two purposes over the years: 1) Repressive nation states. 2) ISPs/Universities who want to "shape" their bandwidth to prevent certain traffic types from consuming everything. 3) Integrated with enhanced caching solutions to serve content locally and save bandwidth (Web c

Re: events

I've tried quite a few solutions. And the solution that works for engineers who know linux and text parsing, is often ill-suited to many operations folks. I have to admit, Splunk is nice and I prefer it, but the price it outrageous. If I'm logging from 500 routers/switches, I can likely get away

Re: Sprint 3G/4G PPTP VPN connectivity

I can't comment on your device or any interop issues, but I used l2tp ipsec with this carrier without issue, if that might be an option. On Mon, Sep 26, 2011 at 9:36 AM, Drew Weaver wrote: > Has anyone been able to pull any magic off that allows PPTP connectivity > over sprint's 3G/4G wireless

Re: Question on 95th percentile and Over-usage transit pricing

fic flood to the SP core to get the bill down is not economically nor politically beneficial to anyone involved in that person's scenario anymore. The business conditions can throw a wrench into things though... a huge one. On Thu, Sep 22, 2011 at 12:27 AM, Patrick W. Gilmore wrote: >

Re: Question on 95th percentile and Over-usage transit pricing

An optimal solution would be a tiered system where the adjusted price only applies to traffic units over the price tier threshold and not retroactively to all traffic units. On Wed, Sep 21, 2011 at 11:01 PM, Brandon Galbraith < brandon.galbra...@gmail.com> wrote: > On Wed, Sep 21, 2011 at 5:06 PM

Re: Internet mauled by bears

ice or BLM land, or other private property leases without facilities. On Tue, Sep 20, 2011 at 11:25 PM, PC wrote: > On the other hand, I've been told that during a power outage cattle can > sometimes "smell" that the electricity is gone... all their noses start > sniffing afte

Re: Internet mauled by bears

On the other hand, I've been told that during a power outage cattle can sometimes "smell" that the electricity is gone... all their noses start sniffing after one in the pasture starts... and make a run for it... Probably is an old wives tale... Yeah, Sheep or Goat proof fence? Good luck. Here t

Re: lots of latency on qwest to google?

wrote: > > > --- paul4...@gmail.com wrote: > From: PC > > You can traceroute from all their POPS here if you'd like: > > https://kai02.centurylink.com/PtapRpts/Public/BackboneReport.aspx > - > > > > Hmmm, it see

Re: lots of latency on qwest to google?

You can traceroute from all their POPS here if you'd like: https://kai02.centurylink.com/PtapRpts/Public/BackboneReport.aspx Having said that, that IP has similar horrible latency from my non-qwest connection. Additionally, google does not resolve to that IP for me, which is expected. It does l

Re: Internet mauled by bears

Worth a read: http://blog.level3.com/2011/08/04/the-10-most-bizarre-and-annoying-causes-of-fiber-cuts/ On Mon, Sep 19, 2011 at 11:41 AM, Jason LeBlanc wrote: > We have had fiber shot with what apparently was apparently a handgun in > down town Miami. Interesting that is fairly common. > > > On

Re: IPv6 side of www.charter.com has been down since Friday, September 16 5:12 am Central

Works fine here. # wget -6 www.charter.com --2011-09-19 10:24:37-- http://www.charter.com/ Resolving www.charter.com... 2607:f428:3:1:80:80:80:1 Connecting to www.charter.com|2607:f428:3:1:80:80:80:1|:80... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html]

Re: IPv6 version of www.qwest.com/www.centurylink.com has been down for 10 days

The Qwest one died roughly around the time of their merger/migration to Centurylink web sites. I did bring up the issue with them as a customer, and it seems the response was to disable publicly-facing IPV6 services (and associated records) for the time being, as you observed. Not that I agr

Re: East Coast Earthquake 8-23-2011

Based on a sampling of thousands of cable modems, dsl, and cellular sites in the DC area: With a 10 second keepalive/30 second holdtime, I only saw, maybe, 2-3 sites disappear per thousand based on an endpoint in Ashburn, VA. I do see some delay cellular side, but it looks to be solely congestion

Re: What do you do when your Home ISP is down?

$big_national_ISP? Well, most problems I see are major and not just routing to one other ISP. My solution? Pull out the smartphone and tether if I really need to get on the web. Otherwise I sleep it off or do something else. I only call if it's hours/days in duration, or likely isolated to my

Re: AT&T -> Qwest ... Localpref issue?

ure). > At our other pops with more than 1 transits, we like to utilize both as > much as possible. > > Contract is up in December ... can’t wait until it’s gone. > > > > On 8/6/11 11:57 PM, "PC" wrote: > > Qwest uses 80 for peers; 100 for customers. As I'

Re: AT&T -> Qwest ... Localpref issue?

Qwest uses 80 for peers; 100 for customers. As I'm sure Qwest had AT&T as a peer prior to today (and you tagged as a customer), it probably should have been 80 since the beginning. What was the local pref to AT&T before? Maybe they found a misconfiguration on a router. If your only objective is

Re: FTTH CPE landscape

There continue to be many legitimate reasons why a consumer might not want NAT on their connection. I wouldn't' consider IPSEC the primary one, as even having one side under NAT is generally not an issue in most cases if it's the initiator (further skewing your netflow statistics to even less than

Re: FTTH CPE landscape

IPSEC Not so common. At least it's easy enough for them to be the initiator, in most cases, and IPSEC NAT-T works great. Much more common application would include PC gamers, xbox live, remote desktop, slingbox, windows home server, and torrents. Granted, some of these support UPNP (if

Re: SORBS contact

Last time I went through this... first it was they didn't like my RDNS, so I added "Static" to it. Then it was my ISP didn't SWIP the record properly, they fixed this. Then after that they said my DNS TTL was too low. The final straw was the DNS TTL, we used it for failover to accommodate a redu

Re: OOB

If you can make a phone call, it generally works acceptable enough for a basic SSH session. Lock the session at 1xrtt (if using CDMA) if you still have problems (slow) and it will use what amounts to a voice channel. In the USA, Verizon 4g LTE also offers some better in-building penetration simpl

Re: Comcast Bussiness Class and GRE Tunnels

I have GRE tunnels and l2tp tunnels over those comcast boxes. l2tp is less hassle because it handles NAT, but you can do GRE instead -- just make sure you assign yourself a public static IP. First, go into the gateway and make sure all firewalls are disabled (it has a web GUI). Second, if it's t

Re: USA DSL/T1 Service ?

I don't think what you are after will be as feasible as it sounds like you're used to in Europe. In the US, there are _many_ different telephone companies each servicing a certain area, and they each have different policies and procedures on whether they will offer wholesale DSL in a given market.

Re: high performance open source DHCP solution?

If you're just fighting IOPS, another compromise might be using a ramdisk, and then committing that data to storage every x seconds. Yes, you might be breaking the RFC, but depending on what it's used for, you could probably commit every 3-5 seconds without much penalty and limit your data loss po

Re: Enterprise Internet - Question

Perhaps you have Canadian branches feeding off the same connection and they will have the reverse problem with geo-location? On Fri, Jul 15, 2011 at 6:29 AM, Jeff Cartier < jeff.cart...@pernod-ricard.com> wrote: > Thanks for the comments everyone. They are much appreciated. > In regards to cha

Re: ipv6 address family with vrf

Mike, Support came in a later 12.4T train release, although you're probably best going to 15.0M at this point. You need advanced IP services,Advanced enterprise services or SP services. Consult cisco.com/go/fn. Both VRF and VRF-lite IPV6 support are under the same feature, but I forget what it'

Re: [pfSense Support] Strange TCP connection behavior 2.0 RC2 (+3)

I have found most/all modern 3g networks can achieve optimal download speed within their latency limitations (<200ms domestic end-to-end is normal for most today) when combined with a modern operating system that does automatic TCP receive window adjustments based on per-flow characteristics. I ne

Re: BGP Design question.

ven the FW supports presenting itself as a "single" entity. On Wed, Jun 22, 2011 at 7:07 PM, Bret Palsson wrote: > > > On Wed, Jun 22, 2011 at 5:33 PM, PC wrote: > >> Who makes the firewall? >> >> > Juniper SSG. We use NSRP and replicate all the RTOs. We h

Re: BGP Design question.

Who makes the firewall? To make this work and be "hitless", your firewall vendor must support stateful replication of routing protocol data (including OSPF). For example, Cisco didn't support this in their ASA product until version 8.4 of code. Otherwise, a failover requires OSPF to re-converge