Mod this up! It would be a tremendous over-reach by the judicial to make it such that unrelated parties to the action would have to take action that would cost time and money to support a third party judgement.
Voting it down let's everyone think that hey, Congress is looking out for us. They will get it attached to an Omnibus bill at some point later this year or next and get it passed with nobody looking because you can't stop funding the government....Just look at CISA back in December.
The article misses important information like which OK Go video this was. (Hopefully "This Too Shall Pass") given how Rube Goldberg this is... https://www.youtube.com/watch?...
From Wikipedia: The origins of the Internet date back to research commissioned by the United States government in the 1960s to build robust, fault-tolerant communication via computer networks.
The entire idea was to have a decentralized network that couldn't be controlled by one entity and could continue to operate after removal of multiple nodes. At best the US has some control over DNS however you don't need a name to have an Internet site and its probably more preferable NOT to and just access it by IP address directly.
While I certainly am not on the side of terrorists, all that has happened is an arms race to TRY and control the Internet. This is impossible and will be replaced with lower tech solutions while making the everyday use of the Internet less private and secure for ordinary users (which is what most governments want but that's another conversation).
True, unlimited data is a myth but there are a lot of things that could be done to help this. By consolidating everything online the carriers have ensured they are in a position to make it as scarce a resource as possible to drive value. By introducing the option to cache content offline through intelligent AI and taking advantage of off-peak times we could make better use of the limited resources. I would have no problem 'DVR'ing my Netflix and YouTube content so that I can save my bandwidth for data that is truly real-time which would average out the usage of networks today. Just like electricity, there is a huge amount of unused capacity during offpeak hours that we could put to good use with the ever declining price of storage.
This only applies if you are using a proxied service instead of a routed or tunneled service where you can't route around the proxy scrubbers. Most carrier DDOS service offerings allow you to route the traffic either through BGP steering or GRE tunneling such that your traffic must pass through the Cloud DDOS scrubbing center because the 'real' ip is routed that way.
If this works like uRPF is implemented in a default free zone this will only help for spoofed traffic which with today's botnets means absolutely nothing as the traffic is from legitimate hosts/addresses. To prevent something like this you would need a system that could collect from all of the major backbone providers that would try to recognize the pattern based on destination addresses (and likely entire subnets) and then distribute filtering back at the ingress nodes while the attack persists. On large networks we often implemented triggered blackhole routers to do something similar but not exactly the same.
I can't see this problem being solved with anything less than analytics and a multi-provider way to block the ingress traffic to the destination. Even then the hosts that have been "botted" will still be effectively denied from using said service and hope that you don't get a lot of false positives. Today's routers while very powerful are basically quick cut-through switching devices and are not meant to do deep inspection. Scaling protection at the destination is expensive and more of a blunt weapon than a scalpel to prune it out and even moving it out to the "cloud" means a lot of expense which for better or worse leads more towards and end like we had after 9/11 of implementing the TSA because of terrorists. It adds expense and leads to potentially less privacy due to the inspection required.
The fact that ISP's are taking the holier than thou stance of how they will stop building out and "creating jobs" sickens me. The Telecom industry didn't create the prosperous interconnected world that we live in today, innovators and content creators did. Without content and the interconnected devices we have today, there is no need for the infrastructure.
We have a government that continues to protect old business models because they have been bought to the detriment of we the consumers. The ISP's today are "passively throttling" competing content providers by refusing to participate in the network model that got us to where we are today because they want to milk additional revenue that they frankly are not entitled to. If the ISP's require additional revenue to build out their network so that they can deliver what their customers request from the Internet at large then they need to pass that cost on to the consumers. The idea of requesting or initiating party pays is well established in telecommunications but now ISP's want to disregard the fact that without their customers requesting the data, it would not be sent. The idea of the Internet is that anyone can connect and offer up content without having to become a 3rd Tier ISP themselves just to connect to every network. Many of them partner or create CDN's to make their services better and reduce the impact on ISP's.
There may be 100's of thousands of jobs at ISP's but there are many times more that have been created by Internet enabled innovators and content creators. Those are who are "too big to fail". We should not be trying to protect an oligopolist broadband market and the relatively small number of jobs it represents when 100x as many jobs are possible if we keep the Internet free and open.
Correct, once the packets are transmitted to you, its too late to apply QoS. The only thing you can control is your outbound requests which as it happens has a directly (although not linear) relationship to the amount of traffic sent back to you. This article outlines it brilliantly and is a must read for anyone using QoS on most consumer grade equipment:
That said, classification of traffic is a much more challenging problem than QoS is and is what really needs to be addressed. This comes from a "Network Guy" on a 4/1Mbps DSL connection who works from home and has to compete with his kids playing XBOX and streaming Netflix so I play with this a lot. At this point in time, it seems like Palo Alto has the best classification engine out there and that with their QoS polcies may be the best solution around but I haven't had a chance to play with it.
Agreed. I read GOP and immediately thought the worst but what I found was a well thought out article that actually acknowledges the problems and lays out some very interesting reforms that could actually make the system better.
No company in business today wants you to own anything. They want to own it and give you a limited license to use it. Boxee is the latest to jump on the" I need to have a monthly income stream beyond one time selling hardware" so lets do it by not storing stuff locally but in our cloud where we can charge for it. I was very excited to read about this new box as I was looking for a DVR solution for just regular OTA content that I occasionally want to watch without having to have a monthly fee or a computer based solution. I just moved into the country and I got pissed off while reading about how I need to sign up for 2 years to get Satellite service and at the end I STILL dont own the equipment but they are leasing it to me. This is is for a combination of two reasons, 1) theft of service (having it in multiple locations at once) and 2) To stop the secondary market where people can have contractless service.
Additionally as others have mentioned, not everyone has these huge pipes to the Internet...for $70 a month I get a 2M down / 512k up DSL connection where I had a $40 15M down / 5M up connection in the city...
I believe even though this is not necessarily out of state travel, we have been granted Freedom of Movement through the Privileges and Immunities Clause of the Constitution through Supreme Court rulings. Outside of that, I have a hard time believing that due process wouldn't be required as several times in the article it was mentioned that warrents were requested.
Agreed. Even with SLAAC to get an IP, you wouldn't be able to tell where the device was. Additionally, the waste of putting the electronics in every bulb would be ridiculous.
I'll second Juniper, if not for commit confirmed but rollback 1...they have some really nice switches these days with the EX series. This comes from someone who supports both Cisco and Juniper but the adage that "nobody was ever fired for picking Cisco" is true enough as well. I don't think you would go wrong with either.
This is not about the content of the network, this is about capacity and symmetry. Barely anything is incoming from Comcast to Level 3: Everything comes from Level 3 into Comcast. Therefore, just as Akamai did, Level 3 need to pay for the data used over Comcast pipes.
While Comcast is a large provider, what they do is different from what someone like the large backbone providers which have peering arrangements. Because Comcast (like all Broadband providers) has a MUCH larger amount of endpoints than your typical WAN/Backbone provider it is always going to have more data being pushed to it than it sends. That will never change and it is their business model but they now want to be treated like they are a transit provider when really they are just a data sink. Comcast wants to say its just because of the vast discrepancy of traffic but content delivery is always going to use a lot of bandwidth and to get around "net neutrality" by just claiming its not the content but the amount of traffic is just a lousy excuse to disguise the true reason.
Yes, there will be Carrier Grade NAT (CGN) used for the time to be. You will primarily see if in Mobile Wireless networks for handsets that don't require a full Internet connection but other ISP's will eventually be forced to do the same. That said, CGN is required so that we can do Dual Stack (where you have both an IPv4 and IPv6 address). This is the most commonly accepted transition technique and really the best available. It works by using the DNS system to determine if the name you are trying to resolve has a AAA or AAAA (referred to as a Quad A) record. The IP stacks of today are set to prefer Quad A over AAA records so if a site has a IPv6 address (or Quad A record) you will hit the site using your IPv6 connection. CGN is a IPv4 technology and not a IPv4 to IPv6 Gateway. CGN just allows us to do a massive amount of NAT44 that most of our current NAT devices can't handle.
Really there is nothing to see here that hasn't been said over and over again on every "World ending IPv4 shortage" article on Slashdot. Yes, the threat is real. Does it really matter to many people outside of Service Providers, not really because almost everyone else is doing NAT44 today anyone in one form or another. As usual, what should be taken from this is that if you are a Network Engineer responsible for managing a network, you should be taking the time to take inventory of your IPv4 space and making plans for implementing Dual stack in the near future.
I don't know enough about your environment but hopefully you know that that isn't a possibility across Layer 3 devices (and when I say VLAN's, I assume that you are talking about an IP segment and not just a VLAN number). That said the "ip dhcp helper" or DHCP relay I think is what you are looking for. This way you can have 1 DHCP server serving numerous VLAN's or L3 IP segments. If you have more specific questions feel free to reach out to me.
Carl Fugate carl@iprouteradmin.com BLOG: www.iprouteradmin.com Router Lab: www.onlinerouterlab.com
As someone else pointed out, there are numerous reasons out there that there is a lot of PUBLIC IP space that will not be reachable from the Inernet. Business to Business (B2B) where multiple companies networks need to talk to each other is the perfect example of this. B2B is becoming much more relevant in the days of outsourcing services and for service providers. Additionally there is a lot of infrastructure that is out there that uses Public IP space that will not respond to scans because they have been hardened not to do so. As someone pointed out, blocking ICMP THROUGH a router or firewall is a no-no, but blocking it destined to the device is just fine and is actually good practice. Now I totally agree where companies that were assigned a/8 and assigned every device a Public IP whether it needed it or not needs to be read the riot act and return it.
START RANT ^^ Those who just spout move to IPv6 have no clue. The world is not ready for IPv6 and my money is that we will not end up with mainstream adoption (and I mean every new consumer device and piece of software that comes out is IPv6 aware) for at least another decade. There is way too much to do and companies have just over the last few years really started networking everything. Nobody wants to go back and learn a brand new protocol for which you basically need to throw away 80% of what you thought you know. Finally, IPv6 only truly solves one problem that we have in IP networking today and that is the number of available addresses. We know for a fact in Ethernet that your not going to have several million devices in the same broadcast domain (VLAN) (and yes, I know some of IPv6 uses multicast) so we are going to be orders of magnitude more wasteful than we can possibly be with IPv4. The only way around it is to subnet which past a/80 you lose the ability to do autoconfiguration which basically renders IPv6 useless.
There is no requirement that MAC addresses be globally unique as they only need to be unique within the Layer 2 domain (as the odds that two devices over a long period of time are going to find their way into the same L2 domain). Many vendors out there reuse MAC addresses after the life of the device has passed into oblivion. For example, I once ran across a MAC address conflict between an old 3COM 10BT ethernet interface with a newer 100BT ethernet interface (and not because they were reassigned)
Nextel is not getting a trade for trade deal out of this. The FCC valued Nextel's spectrum around $1.8B and the new block around $5B (which is funny since that is the amount that Verizon suggested they would open the BIDDING at). Nextel has to put up the cash for the difference.
Verizon Wireless doesn't like this because they want to buy the spectrum but they have no chance because the FCC is only giving Nextel the option to buy it. Nextel IS getting the better end of the stick here in the fact that they don't have to pay MARKET value for the spectrum, but they are giving up PRIME spectrum for it.
I don't work for either, I work for another competitor.
Slashdot Mirror
Mod this up! It would be a tremendous over-reach by the judicial to make it such that unrelated parties to the action would have to take action that would cost time and money to support a third party judgement.
And you can chew up your entire month's pittance of bandwidth 30 seconds after the start of the month...
Mod this up...
Voting it down let's everyone think that hey, Congress is looking out for us. They will get it attached to an Omnibus bill at some point later this year or next and get it passed with nobody looking because you can't stop funding the government....Just look at CISA back in December.
The article misses important information like which OK Go video this was. (Hopefully "This Too Shall Pass") given how Rube Goldberg this is...
https://www.youtube.com/watch?...
From Wikipedia:
The origins of the Internet date back to research commissioned by the United States government in the 1960s to build robust, fault-tolerant communication via computer networks.
The entire idea was to have a decentralized network that couldn't be controlled by one entity and could continue to operate after removal of multiple nodes. At best the US has some control over DNS however you don't need a name to have an Internet site and its probably more preferable NOT to and just access it by IP address directly.
While I certainly am not on the side of terrorists, all that has happened is an arms race to TRY and control the Internet. This is impossible and will be replaced with lower tech solutions while making the everyday use of the Internet less private and secure for ordinary users (which is what most governments want but that's another conversation).
True, unlimited data is a myth but there are a lot of things that could be done to help this. By consolidating everything online the carriers have ensured they are in a position to make it as scarce a resource as possible to drive value. By introducing the option to cache content offline through intelligent AI and taking advantage of off-peak times we could make better use of the limited resources. I would have no problem 'DVR'ing my Netflix and YouTube content so that I can save my bandwidth for data that is truly real-time which would average out the usage of networks today. Just like electricity, there is a huge amount of unused capacity during offpeak hours that we could put to good use with the ever declining price of storage.
This only applies if you are using a proxied service instead of a routed or tunneled service where you can't route around the proxy scrubbers. Most carrier DDOS service offerings allow you to route the traffic either through BGP steering or GRE tunneling such that your traffic must pass through the Cloud DDOS scrubbing center because the 'real' ip is routed that way.
Next they will say Chocolate isn't healthy for you either...so I'll have to stop drinking Chocolate beer.
If this works like uRPF is implemented in a default free zone this will only help for spoofed traffic which with today's botnets means absolutely nothing as the traffic is from legitimate hosts/addresses. To prevent something like this you would need a system that could collect from all of the major backbone providers that would try to recognize the pattern based on destination addresses (and likely entire subnets) and then distribute filtering back at the ingress nodes while the attack persists. On large networks we often implemented triggered blackhole routers to do something similar but not exactly the same.
I can't see this problem being solved with anything less than analytics and a multi-provider way to block the ingress traffic to the destination. Even then the hosts that have been "botted" will still be effectively denied from using said service and hope that you don't get a lot of false positives. Today's routers while very powerful are basically quick cut-through switching devices and are not meant to do deep inspection. Scaling protection at the destination is expensive and more of a blunt weapon than a scalpel to prune it out and even moving it out to the "cloud" means a lot of expense which for better or worse leads more towards and end like we had after 9/11 of implementing the TSA because of terrorists. It adds expense and leads to potentially less privacy due to the inspection required.
I think this is more generally known as Unicast Reverse Path Forwarding (uRPF).
The fact that ISP's are taking the holier than thou stance of how they will stop building out and "creating jobs" sickens me. The Telecom industry didn't create the prosperous interconnected world that we live in today, innovators and content creators did. Without content and the interconnected devices we have today, there is no need for the infrastructure.
We have a government that continues to protect old business models because they have been bought to the detriment of we the consumers. The ISP's today are "passively throttling" competing content providers by refusing to participate in the network model that got us to where we are today because they want to milk additional revenue that they frankly are not entitled to. If the ISP's require additional revenue to build out their network so that they can deliver what their customers request from the Internet at large then they need to pass that cost on to the consumers. The idea of requesting or initiating party pays is well established in telecommunications but now ISP's want to disregard the fact that without their customers requesting the data, it would not be sent. The idea of the Internet is that anyone can connect and offer up content without having to become a 3rd Tier ISP themselves just to connect to every network. Many of them partner or create CDN's to make their services better and reduce the impact on ISP's.
There may be 100's of thousands of jobs at ISP's but there are many times more that have been created by Internet enabled innovators and content creators. Those are who are "too big to fail". We should not be trying to protect an oligopolist broadband market and the relatively small number of jobs it represents when 100x as many jobs are possible if we keep the Internet free and open.
Correct, once the packets are transmitted to you, its too late to apply QoS. The only thing you can control is your outbound requests which as it happens has a directly (although not linear) relationship to the amount of traffic sent back to you. This article outlines it brilliantly and is a must read for anyone using QoS on most consumer grade equipment:
http://www.linksysinfo.org/ind...
That said, classification of traffic is a much more challenging problem than QoS is and is what really needs to be addressed. This comes from a "Network Guy" on a 4/1Mbps DSL connection who works from home and has to compete with his kids playing XBOX and streaming Netflix so I play with this a lot. At this point in time, it seems like Palo Alto has the best classification engine out there and that with their QoS polcies may be the best solution around but I haven't had a chance to play with it.
(FWIW I too run Tomato Shibby on an Asus N66U)
Agreed. I read GOP and immediately thought the worst but what I found was a well thought out article that actually acknowledges the problems and lays out some very interesting reforms that could actually make the system better.
No company in business today wants you to own anything. They want to own it and give you a limited license to use it. Boxee is the latest to jump on the" I need to have a monthly income stream beyond one time selling hardware" so lets do it by not storing stuff locally but in our cloud where we can charge for it. I was very excited to read about this new box as I was looking for a DVR solution for just regular OTA content that I occasionally want to watch without having to have a monthly fee or a computer based solution. I just moved into the country and I got pissed off while reading about how I need to sign up for 2 years to get Satellite service and at the end I STILL dont own the equipment but they are leasing it to me. This is is for a combination of two reasons, 1) theft of service (having it in multiple locations at once) and 2) To stop the secondary market where people can have contractless service.
Additionally as others have mentioned, not everyone has these huge pipes to the Internet...for $70 a month I get a 2M down / 512k up DSL connection where I had a $40 15M down / 5M up connection in the city...
I believe even though this is not necessarily out of state travel, we have been granted Freedom of Movement through the Privileges and Immunities Clause of the Constitution through Supreme Court rulings. Outside of that, I have a hard time believing that due process wouldn't be required as several times in the article it was mentioned that warrents were requested.
Agreed. Even with SLAAC to get an IP, you wouldn't be able to tell where the device was. Additionally, the waste of putting the electronics in every bulb would be ridiculous.
I'll second Juniper, if not for commit confirmed but rollback 1...they have some really nice switches these days with the EX series. This comes from someone who supports both Cisco and Juniper but the adage that "nobody was ever fired for picking Cisco" is true enough as well. I don't think you would go wrong with either.
This is not about the content of the network, this is about capacity and symmetry. Barely anything is incoming from Comcast to Level 3: Everything comes from Level 3 into Comcast. Therefore, just as Akamai did, Level 3 need to pay for the data used over Comcast pipes.
While Comcast is a large provider, what they do is different from what someone like the large backbone providers which have peering arrangements. Because Comcast (like all Broadband providers) has a MUCH larger amount of endpoints than your typical WAN/Backbone provider it is always going to have more data being pushed to it than it sends. That will never change and it is their business model but they now want to be treated like they are a transit provider when really they are just a data sink. Comcast wants to say its just because of the vast discrepancy of traffic but content delivery is always going to use a lot of bandwidth and to get around "net neutrality" by just claiming its not the content but the amount of traffic is just a lousy excuse to disguise the true reason.
Yes, there will be Carrier Grade NAT (CGN) used for the time to be. You will primarily see if in Mobile Wireless networks for handsets that don't require a full Internet connection but other ISP's will eventually be forced to do the same. That said, CGN is required so that we can do Dual Stack (where you have both an IPv4 and IPv6 address). This is the most commonly accepted transition technique and really the best available. It works by using the DNS system to determine if the name you are trying to resolve has a AAA or AAAA (referred to as a Quad A) record. The IP stacks of today are set to prefer Quad A over AAA records so if a site has a IPv6 address (or Quad A record) you will hit the site using your IPv6 connection. CGN is a IPv4 technology and not a IPv4 to IPv6 Gateway. CGN just allows us to do a massive amount of NAT44 that most of our current NAT devices can't handle.
Really there is nothing to see here that hasn't been said over and over again on every "World ending IPv4 shortage" article on Slashdot. Yes, the threat is real. Does it really matter to many people outside of Service Providers, not really because almost everyone else is doing NAT44 today anyone in one form or another. As usual, what should be taken from this is that if you are a Network Engineer responsible for managing a network, you should be taking the time to take inventory of your IPv4 space and making plans for implementing Dual stack in the near future.
I don't know enough about your environment but hopefully you know that that isn't a possibility across Layer 3 devices (and when I say VLAN's, I assume that you are talking about an IP segment and not just a VLAN number). That said the "ip dhcp helper" or DHCP relay I think is what you are looking for. This way you can have 1 DHCP server serving numerous VLAN's or L3 IP segments. If you have more specific questions feel free to reach out to me.
Carl Fugate
carl@iprouteradmin.com
BLOG: www.iprouteradmin.com
Router Lab: www.onlinerouterlab.com
As someone else pointed out, there are numerous reasons out there that there is a lot of PUBLIC IP space that will not be reachable from the Inernet. Business to Business (B2B) where multiple companies networks need to talk to each other is the perfect example of this. B2B is becoming much more relevant in the days of outsourcing services and for service providers. Additionally there is a lot of infrastructure that is out there that uses Public IP space that will not respond to scans because they have been hardened not to do so. As someone pointed out, blocking ICMP THROUGH a router or firewall is a no-no, but blocking it destined to the device is just fine and is actually good practice. Now I totally agree where companies that were assigned a /8 and assigned every device a Public IP whether it needed it or not needs to be read the riot act and return it.
START RANT ^^ /80 you lose the ability to do autoconfiguration which basically renders IPv6 useless.
Those who just spout move to IPv6 have no clue. The world is not ready for IPv6 and my money is that we will not end up with mainstream adoption (and I mean every new consumer device and piece of software that comes out is IPv6 aware) for at least another decade. There is way too much to do and companies have just over the last few years really started networking everything.
Nobody wants to go back and learn a brand new protocol for which you basically need to throw away 80% of what you thought you know. Finally, IPv6 only truly solves one problem that we have in IP networking today and that is the number of available addresses. We know for a fact in Ethernet that your not going to have several million devices in the same broadcast domain (VLAN) (and yes, I know some of IPv6 uses multicast) so we are going to be orders of magnitude more wasteful than we can possibly be with IPv4. The only way around it is to subnet which past a
END RANT ^^
There is no requirement that MAC addresses be globally unique as they only need to be unique within the Layer 2 domain (as the odds that two devices over a long period of time are going to find their way into the same L2 domain). Many vendors out there reuse MAC addresses after the life of the device has passed into oblivion. For example, I once ran across a MAC address conflict between an old 3COM 10BT ethernet interface with a newer 100BT ethernet interface (and not because they were reassigned)
Actually, all it really proves is that Slashdotters tend to watch the movie before they read the book...
Nextel is not getting a trade for trade deal out of this. The FCC valued Nextel's spectrum around $1.8B and the new block around $5B (which is funny since that is the amount that Verizon suggested they would open the BIDDING at). Nextel has to put up the cash for the difference.
Verizon Wireless doesn't like this because they want to buy the spectrum but they have no chance because the FCC is only giving Nextel the option to buy it. Nextel IS getting the better end of the stick here in the fact that they don't have to pay MARKET value for the spectrum, but they are giving up PRIME spectrum for it.
I don't work for either, I work for another competitor.