Well, I'm not surprised at all, being that Cisco also does this to Alcatel-Lucent: http://www.youtube.com/watch?v=uX3zvjX3c5Q I think Cisco is just running scared now. If they didn't charge so much for their products, they wouldn't have this problem. In addition, I think they also thought that they would be # 1 forever and that nobody could touch them, so they just stopped trying to stay ahead of the competition. _________________________________ Allen -----Original Message----- From: nanog-request@nanog.org [mailto:nanog-request@nanog.org] Sent: Wednesday, September 14, 2011 7:56 AM To: nanog@nanog.org Subject: NANOG Digest, Vol 44, Issue 55 Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit https://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-request@nanog.org You can reach the person managing the list at nanog-owner@nanog.org When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..." Today's Topics: 1. RE: NAT444 or ? (Dan Wing) 2. ouch.. (Martin Hepworth) 3. Re: ouch.. (Vlad Galu) 4. Re: ouch.. (Nick Hilliard) 5. Re: ouch.. (Brian Raaen) 6. Re: ouch.. (Always Learning) 7. Re: ouch.. (Frank Habicht) 8. HP A-series, H3C, Huawei and their capabilities in real-life (Mark Smith) 9. RE: ouch.. (Erik Bais) ---------------------------------------------------------------------- Message: 1 Date: Tue, 13 Sep 2011 22:28:17 -0700 From: "Dan Wing" <dwing@cisco.com> To: "'Owen DeLong'" <owen@delong.com> Cc: nanog@nanog.org Subject: RE: NAT444 or ? Message-ID: <0a4d01cc729f$1bc0abc0$53420340$@com> Content-Type: text/plain; charset="us-ascii"
-----Original Message----- From: Owen DeLong [mailto:owen@delong.com] Sent: Tuesday, September 13, 2011 9:43 PM To: Dan Wing Cc: 'Leigh Porter'; 'David Israel'; nanog@nanog.org Subject: Re: NAT444 or ?
Good point, but aside from these scaling issues which I expect can
be
resolved to a point, the more serious issue, I think, is applications that just do not work with double NAT. Now, I have not conducted any serious research into this, but it seems that draft-donley-nat444- impacts does appear to have highlight issues that may have been down to implementation.
Draft-donley-nat444-impacts conflates bandwidth constraints with CGN with in-home NAT. Until those are separated and then analyzed carefully, it is harmful to draw conclusions such as "NAT444 bad; NAT44 good".
Continuing to make this claim does not make it any more true.
Draft-donley took networks and measured their real-world functionality without NAT444, then, added NAT444 and repeated the same tests. Regardless of the underlying issue(s), the addition of NAT444 to the mix resulted in the forms of service degradation enumerated in the draft.
I disagree it reached that conclusion. That may have been its intent.
Further, I would not ever say "NAT444 bad; NAT44 good". I would say, rather, "NAT44 bad, NAT444 worse". I think that's a pretty safe and non-harmful thing to say.
Yes, your statement is completely accurate. I agree that IPv4 address sharing causes additional problems (which encompasses all forms of IPv4 address sharing), and CGN causes additional problems.
Other simple tricks such as ensuring that your own internal services such as DNS are available without traversing NAT also help.
Yep. But some users want to use other DNS servers for performance (e.g., Google's or OpenDNS servers, especially considering they could point the user at a 'better' (closer) CDN based on Client IP), to avoid ISP DNS hijacking, or for content control (e.g., "parental control" of DNS hostnames). That traffic will, necessarily, traverse the CGN. To avoid users burning through their UDP port allocation for those DNS queries it is useful for the CGN to have short timeouts for port 53.
If the user chooses to use a DNS server on the other side of a NAT, then, they are choosing to inflict whatever damage upon themselves. I'm not saying that short UDP/53 timeouts are a bad idea, but, I am saying that the more stuff you funnel through an LSN at the carrier, the more stuff you will see break. This would lead me to want to avoid funneling anything through said NAT which I could avoid. Then again, I run my own authoritative and recursive nameservers in my home and don't use any NAT at all, so, perhaps my perspective is different from others.
Yeah, you are probably of about 1000 or maybe 3000 people in the world that do that. Seems to be a minority.
Certainly some more work can be done in this area, but I fear that the only way a real idea as to how much NAT444 really doe break things will be operational experience.
Yep. (Same as everything else.)
I'm sure that will happen soon enough. I, for one, am not looking forward to the experience.
Neither am I. But if major content providers cannot provide AAAA on their properties, and if ISPs and CPE vendors do not make IPv6 available and working, and if web browsers don't adopt faster fallback to IPv4 when IPv6 is borked .... We will all be behind NATs. -d ------------------------------ Message: 2 Date: Wed, 14 Sep 2011 11:42:35 +0100 From: Martin Hepworth <maxsec@gmail.com> To: nanog@nanog.org Subject: ouch.. Message-ID: <CAGDKorJEvBHG21zOtmoS634pCKgGb2o96ahCuePKqmunSX402Q@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 http://www.overpromisesunderdelivers.net/ -- Martin Hepworth Oxford, UK ------------------------------ Message: 3 Date: Wed, 14 Sep 2011 12:51:00 +0200 From: Vlad Galu <galu@packetdam.com> To: Martin Hepworth <maxsec@gmail.com> Cc: nanog@nanog.org Subject: Re: ouch.. Message-ID: <E963444C-A6C5-4399-AB1D-806F59C63389@packetdam.com> Content-Type: text/plain; charset=iso-8859-1 On Sep 14, 2011, at 12:42 PM, Martin Hepworth wrote:
Saying the other brand sucks doesn't make yours any better. Besides, there are other big players on the market. Terribly lame of Cisco... Vlad Galu galu@packetdam.com ------------------------------ Message: 4 Date: Wed, 14 Sep 2011 11:54:59 +0100 From: Nick Hilliard <nick@foobar.org> To: nanog@nanog.org Subject: Re: ouch.. Message-ID: <4E708803.5040506@foobar.org> Content-Type: text/plain; charset=ISO-8859-1 On 14/09/2011 11:42, Martin Hepworth wrote:
Wow, classy. Nick ------------------------------ Message: 5 Date: Wed, 14 Sep 2011 07:15:08 -0400 From: Brian Raaen <nanog@rhemasound.org> To: Martin Hepworth <maxsec@gmail.com> Cc: nanog@nanog.org Subject: Re: ouch.. Message-ID: <20110914111508.GA6498@brian> Content-Type: text/plain; charset=us-ascii Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site. whois overpromisesunderdelivers.net Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: OVERPROMISESUNDERDELIVERS.NET Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 05-sep-2011 Creation Date: 05-sep-2011 Expiration Date: 05-sep-2012 Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: OVERPROMISESUNDERDELIVERS.NET Created on: 05-Sep-11 Expires on: 05-Sep-12 Last Updated on: 05-Sep-11 Administrative Contact: Private, Registration OVERPROMISESUNDERDELIVERS.NET@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Technical Contact: Private, Registration OVERPROMISESUNDERDELIVERS.NET@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Domain servers in listed order: NS35.DOMAINCONTROL.COM NS36.DOMAINCONTROL.COM braaen@brian:~$ dig OVERPROMISESUNDERDELIVERS.NET ; <<>> DiG 9.7.3 <<>> OVERPROMISESUNDERDELIVERS.NET ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40339 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;OVERPROMISESUNDERDELIVERS.NET. IN A ;; ANSWER SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN A 98.129.229.190 ;; AUTHORITY SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns36.domaincontrol.com. OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns35.domaincontrol.com. ;; ADDITIONAL SECTION: ns35.domaincontrol.com. 3046 IN A 216.69.185.18 ns36.domaincontrol.com. 3046 IN A 208.109.255.18 braaen@brian:~$ dig -x 98.129.229.190 ; <<>> DiG 9.7.3 <<>> -x 98.129.229.190 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26507 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;190.229.129.98.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 229.129.98.in-addr.arpa. 300 IN SOA ns.rackspace.com. hostmaster.rackspace.com. 1314291452 3600 300 1814400 300 --- Brian Raaen Network Architect Zcorum On Wed, Sep 14, 2011 at 11:42:35AM +0100, Martin Hepworth wrote:
http://www.overpromisesunderdelivers.net/
-- Martin Hepworth Oxford, UK
------------------------------ Message: 6 Date: Wed, 14 Sep 2011 12:20:15 +0100 From: Always Learning <nanog@u61.u22.net> To: Brian Raaen <nanog@rhemasound.org> Cc: nanog@nanog.org Subject: Re: ouch.. Message-ID: <1315999215.15630.3.camel@m6.u226.com> Content-Type: text/plain On Wed, 2011-09-14 at 07:15 -0400, Brian Raaen wrote:
Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site.
(1) If Cisco were responsible, would they want to advertise the fact ? (2) If Cisco feel their intellectual and copyright property is being abused, Cisco lawyers would have the Cisco name and branding removed in seconds ! Paul, England, EU. ------------------------------ Message: 7 Date: Wed, 14 Sep 2011 14:20:56 +0300 From: Frank Habicht <geier@geier.ne.tz> To: nanog@nanog.org Subject: Re: ouch.. Message-ID: <4E708E18.3070006@geier.ne.tz> Content-Type: text/plain; charset=ISO-8859-1 Main cisco page has a link to it... Frank On 9/14/2011 2:15 PM, Brian Raaen wrote:
Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted their logo all over the site.
whois overpromisesunderdelivers.net
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.
Domain Name: OVERPROMISESUNDERDELIVERS.NET Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 05-sep-2011 Creation Date: 05-sep-2011 Expiration Date: 05-sep-2012
Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: OVERPROMISESUNDERDELIVERS.NET Created on: 05-Sep-11 Expires on: 05-Sep-12 Last Updated on: 05-Sep-11
Administrative Contact: Private, Registration OVERPROMISESUNDERDELIVERS.NET@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598
Technical Contact: Private, Registration OVERPROMISESUNDERDELIVERS.NET@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598
Domain servers in listed order: NS35.DOMAINCONTROL.COM NS36.DOMAINCONTROL.COM
braaen@brian:~$ dig OVERPROMISESUNDERDELIVERS.NET
; <<>> DiG 9.7.3 <<>> OVERPROMISESUNDERDELIVERS.NET ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40339 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;OVERPROMISESUNDERDELIVERS.NET. IN A
;; ANSWER SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN A 98.129.229.190
;; AUTHORITY SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns36.domaincontrol.com. OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns35.domaincontrol.com.
;; ADDITIONAL SECTION: ns35.domaincontrol.com. 3046 IN A 216.69.185.18 ns36.domaincontrol.com. 3046 IN A 208.109.255.18
braaen@brian:~$ dig -x 98.129.229.190
; <<>> DiG 9.7.3 <<>> -x 98.129.229.190 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26507 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;190.229.129.98.in-addr.arpa. IN PTR
;; AUTHORITY SECTION: 229.129.98.in-addr.arpa. 300 IN SOA ns.rackspace.com. hostmaster.rackspace.com. 1314291452 3600 300 1814400 300
--- Brian Raaen Network Architect Zcorum On Wed, Sep 14, 2011 at 11:42:35AM +0100, Martin Hepworth wrote:
http://www.overpromisesunderdelivers.net/
-- Martin Hepworth Oxford, UK
------------------------------ Message: 8 Date: Wed, 14 Sep 2011 14:27:20 +0300 From: Mark Smith <markrefresh12@gmail.com> To: NANOG@nanog.org Subject: HP A-series, H3C, Huawei and their capabilities in real-life Message-ID: <CAE79DorP-waM_EdHQJvQMw+mftM+BAv35tGhTz7TeYJTy-ON1Q@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Hi list Does anyone have (or know somebody who has) real-life experience of HP A-series (former Huawei and H3C) high-end routers in service provider environment? From the specs they look very good (both features and performance) but the specs don't tell everything and nothing can replace real-life experience. The features I'm interested in include (not in any specific order) - v4 and v6 routing - BGP (full feed) - OSPF and IS-IS - MPLS(-TE) P/PE functionality (RSVP, L3VPN, VPLS) For example this box http://h17007.www1.hp.com/us/en/products/routers/HP_A8800_Router_Series/inde... Any info or pointers greatly appreciated. Rgds, Mark ------------------------------ Message: 9 Date: Wed, 14 Sep 2011 13:55:47 +0200 From: "Erik Bais" <ebais@a2b-internet.com> To: "'Frank Habicht'" <geier@geier.ne.tz>, <nanog@nanog.org> Subject: RE: ouch.. Message-ID: <00a601cc72d5$3dc653b0$b952fb10$@com> Content-Type: text/plain; charset="us-ascii" Hi Frank, http://blogs.cisco.com/tag/overpromise/ Quote from the blog: "Some vendors have repeatedly over-promised and under delivered, and still somehow receive credit for their vision! (You can read more about one vendor's repeated broken promises here.)" http://www.overpromisesunderdelivers.net/ https://twitter.com/#!/CiscoSystems/status/113226120601677825 https://twitter.com/#!/CiscoNL/statuses/113577908525744129 Personally I think this is a pathetic action from Cisco, however I'm not surprised by them doing it ... Regards, Erik Bais
-----Original Message----- From: Frank Habicht [mailto:geier@geier.ne.tz] Sent: Wednesday, September 14, 2011 1:21 PM To: nanog@nanog.org Subject: Re: ouch..
Main cisco page has a link to it...
Frank
Looks like some random person registered this one. The domain and ip do not look related to cisco even though someone has falsely pasted
On 9/14/2011 2:15 PM, Brian Raaen wrote: their logo all over the site.
whois overpromisesunderdelivers.net
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to
for detailed information.
Domain Name: OVERPROMISESUNDERDELIVERS.NET Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS35.DOMAINCONTROL.COM Name Server: NS36.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 05-sep-2011 Creation Date: 05-sep-2011 Expiration Date: 05-sep-2012
Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: OVERPROMISESUNDERDELIVERS.NET Created on: 05-Sep-11 Expires on: 05-Sep-12 Last Updated on: 05-Sep-11
Administrative Contact: Private, Registration OVERPROMISESUNDERDELIVERS.NET@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598
Technical Contact: Private, Registration OVERPROMISESUNDERDELIVERS.NET@domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598
Domain servers in listed order: NS35.DOMAINCONTROL.COM NS36.DOMAINCONTROL.COM
braaen@brian:~$ dig OVERPROMISESUNDERDELIVERS.NET
; <<>> DiG 9.7.3 <<>> OVERPROMISESUNDERDELIVERS.NET ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40339 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION: ;OVERPROMISESUNDERDELIVERS.NET. IN A
;; ANSWER SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN A 98.129.229.190
;; AUTHORITY SECTION: OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns36.domaincontrol.com. OVERPROMISESUNDERDELIVERS.NET. 3364 IN NS ns35.domaincontrol.com.
;; ADDITIONAL SECTION: ns35.domaincontrol.com. 3046 IN A 216.69.185.18 ns36.domaincontrol.com. 3046 IN A 208.109.255.18
braaen@brian:~$ dig -x 98.129.229.190
; <<>> DiG 9.7.3 <<>> -x 98.129.229.190 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26507 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;190.229.129.98.in-addr.arpa. IN PTR
;; AUTHORITY SECTION: 229.129.98.in-addr.arpa. 300 IN SOA ns.rackspace.com. hostmaster.rackspace.com. 1314291452 3600 300 1814400 300
--- Brian Raaen Network Architect Zcorum On Wed, Sep 14, 2011 at 11:42:35AM +0100, Martin Hepworth wrote:
http://www.overpromisesunderdelivers.net/
-- Martin Hepworth Oxford, UK
----- No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1392 / Virus Database: 1520/3895 - Release Date: 09/13/11
End of NANOG Digest, Vol 44, Issue 55 *************************************