Hi all, We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are: 1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS 3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details. Cheers Paul
On Thu, 12 Jan 2012, Paul Kaminsky wrote:
We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are:
1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS 3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions
If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details.
Note: I am not a vendor. One question: 1. Not knowing anything about your business, is there a specific reason that you want "a complete block of UDP/ICMP protocol"? That can be problematic with IPv4, and downright foolish with IPv6. jms
On Thu, Jan 12, 2012 at 08:01:58AM -0500, Justin M. Streiner wrote:
On Thu, 12 Jan 2012, Paul Kaminsky wrote:
We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are:
1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS 3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions
If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details.
Note: I am not a vendor.
One question: 1. Not knowing anything about your business, is there a specific reason that you want "a complete block of UDP/ICMP protocol"? That can be problematic with IPv4, and downright foolish with IPv6.
jms
perhaps we are walking around w/ incomplete notions of what constitutes a "complete block of UDP/ICMP protocol"... for me, literally,this makes no sense whatsoever. ratcheting back on my literal filter (be liberal in what you accept) I beleive what he is asking for is a contigious block of IP addresses for use in his network. am also making the inference that he is only looking for IPv4 (no route to host by /32 prefix). so the only remaining, burning question is - what size block? a /33? a /31? maybe a /28? or a /22? a /19? (the /33 is right out... filtering on /32 would block both hosts!) I think its quite reasonable to expect a contigious block of addresses, regardless of address family. Not at all "downright foolish". It is rare to see someone -not- get a contigious block. ymmv of course. /bill
On Thu, 12 Jan 2012, bmanning@vacation.karoshi.com wrote: > On Thu, Jan 12, 2012 at 08:01:58AM -0500, Justin M. Streiner wrote: >> On Thu, 12 Jan 2012, Paul Kaminsky wrote: >>> 1. 1 Gbps link with complete block of UDP/ICMP protocol >> One question: >> 1. Not knowing anything about your business, is there a specific reason >> that you want "a complete block of UDP/ICMP protocol"? That can be >> problematic with IPv4, and downright foolish with IPv6. > perhaps we are walking around w/ incomplete notions of what > constitutes a "complete block of UDP/ICMP protocol"... My notion of the original statement was that the OP was looking for a provider that would block all UDP and ICMP, as in firewalls and packet filters. I also made the possibly-incorrect assumption that if the OP has an ASN from which to announce prefixes, it would also be reasonable to expect that they already have at least one prefix to announce. >From that angle, 'problematic' and 'downright foolish' is not such a far walk ;) jms
On Thu, Jan 12, 2012 at 08:41:23AM -0500, Justin M. Streiner wrote: > On Thu, 12 Jan 2012, bmanning@vacation.karoshi.com wrote: > > >On Thu, Jan 12, 2012 at 08:01:58AM -0500, Justin M. Streiner wrote: > >>On Thu, 12 Jan 2012, Paul Kaminsky wrote: > >>>1. 1 Gbps link with complete block of UDP/ICMP protocol > >>One question: > >>1. Not knowing anything about your business, is there a specific reason > >>that you want "a complete block of UDP/ICMP protocol"? That can be > >>problematic with IPv4, and downright foolish with IPv6. > > > perhaps we are walking around w/ incomplete notions of what > > constitutes a "complete block of UDP/ICMP protocol"... > > My notion of the original statement was that the OP was looking for a > provider that would block all UDP and ICMP, as in firewalls and packet > filters. I also made the possibly-incorrect assumption that if the OP > has an ASN from which to announce prefixes, it would also be reasonable to > expect that they already have at least one prefix to announce. > > >From that angle, 'problematic' and 'downright foolish' is not such a far > walk ;) > > jms ndeed. and now i am curious.. what business plan/product/service could make money w/o ICMP or UDP access.. ??? /bill
In a message written on Thu, Jan 12, 2012 at 05:43:08PM +0000, bmanning@vacation.karoshi.com wrote:
ndeed. and now i am curious.. what business plan/product/service could make money w/o ICMP or UDP access.. ???
Turn the OP's e-mail into a URL: http://www.impletec.com/ Impletec Traffic Laboratory was established with the aim to develop and provide high-load solutions for Network Engineering, CDN, DDoS Protection and other high-level network services. At the highest possible standards, with minimum hassle and lowest expense to you - our valued customer. I know of a half dozen "DDoS Protection ISP's" that block all UDP and ICMP. It also fits with his desire to have a blackhole community by the /32 with his upstream. I don't know if this sort of filter all ICMP behavior is more a symtom of the providers or their customer bases, but regardless of the source it makes most of the sites behind these services very slow and/or unreachable from some locations. I'm not sure posting "I'm a DDoS magnet" on NANOG will get a lot of people jumping up to offer service, or good rates! :) -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On Thu, Jan 12, 2012 at 12:50 PM, Leo Bicknell <bicknell@ufp.org> wrote:
Turn the OP's e-mail into a URL: http://www.impletec.com/
Impletec Traffic Laboratory was established with the aim to develop and provide high-load solutions for Network Engineering, CDN, DDoS Protection and other high-level network services. At the highest possible standards, with minimum hassle and lowest expense to you - our valued customer.
wait, they are a dos mitigation service provider and they can't handle udp/icmp traffic? so ... really: "We do dos mitigation for tcp services, we outsource the udp/icmp to someone else" ?
QUOTE " I know of a half dozen "DDoS Protection ISP's" that block all UDP and ICMP" Isn't this Internet censorship? Ephesians 4:32 & Cheers!!! -----Original Message----- From: Leo Bicknell [mailto:bicknell@ufp.org] Sent: Thursday, January 12, 2012 9:50 AM To: NANOG Subject: Re: In search of uplink vendor In a message written on Thu, Jan 12, 2012 at 05:43:08PM +0000, bmanning@vacation.karoshi.com wrote:
ndeed. and now i am curious.. what business plan/product/service could make money w/o ICMP or UDP access.. ???
Turn the OP's e-mail into a URL: http://www.impletec.com/ Impletec Traffic Laboratory was established with the aim to develop and provide high-load solutions for Network Engineering, CDN, DDoS Protection and other high-level network services. At the highest possible standards, with minimum hassle and lowest expense to you - our valued customer. I know of a half dozen "DDoS Protection ISP's" that block all UDP and ICMP. It also fits with his desire to have a blackhole community by the /32 with his upstream. I don't know if this sort of filter all ICMP behavior is more a symtom of the providers or their customer bases, but regardless of the source it makes most of the sites behind these services very slow and/or unreachable from some locations. I'm not sure posting "I'm a DDoS magnet" on NANOG will get a lot of people jumping up to offer service, or good rates! :) -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
In a message written on Thu, Jan 12, 2012 at 11:45:58AM -0800, Network IP Dog wrote:
QUOTE " I know of a half dozen "DDoS Protection ISP's" that block all UDP and ICMP"
Isn't this Internet censorship?
It's not censorship when you pay someone to stuff a sock in your own mouth. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
On Thu, Jan 12, 2012 at 11:53:24AM -0800, Leo Bicknell wrote:
In a message written on Thu, Jan 12, 2012 at 11:45:58AM -0800, Network IP Dog wrote:
QUOTE " I know of a half dozen "DDoS Protection ISP's" that block all UDP and ICMP"
Isn't this Internet censorship?
It's not censorship when you pay someone to stuff a sock in your own mouth.
yes it is... :) when you do it yourself or pay to have t done for you. /bill
On Thu, 12 Jan 2012 11:53:24 PST, Leo Bicknell said:
In a message written on Thu, Jan 12, 2012 at 11:45:58AM -0800, Network IP Dog wrote:
Isn't this Internet censorship?
It's not censorship when you pay someone to stuff a sock in your own mouth.
Collorary: It is, however, censorship when somebody tries to shut down websites about the practice. ;)
----- Original Message -----
From: "Network IP Dog" <network.ipdog@gmail.com>
Isn't this Internet censorship?
Repeat after me: It's not censorship unless it's imposed by a government. I don't know that "per speaker" or "per topic" are required, but they're common. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On 12/01/12 12:18 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Network IP Dog"<network.ipdog@gmail.com> Isn't this Internet censorship? Repeat after me: It's not censorship unless it's imposed by a government.
The wikipedia definition seems more accurate: http://en.wikipedia.org/wiki/Censorship " *Censorship* is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient to the general body of people as determined by a government, media outlet, or other controlling body." The key aspect that makes something censorship is that you can't easily get around the block by the "controlling body". Obviously, if you do it yourself or ask someone to do it for you (e.g. ask your upstream to filter) it's not censorship. If it's done by someone else, you have no say in the matter and no (easy and/or legal) opportunity to avoid the filtering, then it's censorship. If Comcast or AT&T decided to filter/block requested data from reaching their customers (e.g. access to .xxx sites, access to torrents), we would all agree that this was censorship. jc
On Thu, Jan 12, 2012 at 01:56:38PM -0800, JC Dill wrote:
On 12/01/12 12:18 PM, Jay Ashworth wrote:
----- Original Message -----
From: "Network IP Dog"<network.ipdog@gmail.com> Isn't this Internet censorship? Repeat after me: It's not censorship unless it's imposed by a government.
The wikipedia definition seems more accurate:
http://en.wikipedia.org/wiki/Censorship
" *Censorship* is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient to the general body of people as determined by a government, media outlet, or other controlling body."
time to update the wikipedia entry then... think parents suppression of "communication [] considered objectionable, harmful, sensitive or inconvenient" wrt their children. the key is "controlling body"... be it ISP, Government, CorporateIT, your mom, or the school board. It might even be -YOU- (you do have control, right?) /bill
----- Original Message -----
From: bmanning@vacation.karoshi.com
1. 1 Gbps link with complete block of UDP/ICMP protocol
One question: 1. Not knowing anything about your business, is there a specific reason that you want "a complete block of UDP/ICMP protocol"? That can be problematic with IPv4, and downright foolish with IPv6.
perhaps we are walking around w/ incomplete notions of what constitutes a "complete block of UDP/ICMP protocol"...
for me, literally,this makes no sense whatsoever. ratcheting back on my literal filter (be liberal in what you accept) I beleive what he is asking for is a contigious block of IP addresses for use in his network. am also making the inference that he is only looking for IPv4 (no route to host by /32 prefix).
Well, I dunno; I concur with jms: I assumed he meant "where the provider drops all incoming UDP and ICMP traffic addressed towards my IP space on the floor". Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Thu, Jan 12, 2012 at 8:01 AM, Justin M. Streiner <streiner@cluebyfour.org> wrote:
On Thu, 12 Jan 2012, Paul Kaminsky wrote:
We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are:
1. 1 Gbps link with complete block of UDP/ICMP protocol 2. BGP session with our AS
you have an asn?
3. Ability to blackhole (no route to host) by /32 prefix 4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions
If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details.
Note: I am not a vendor.
One question: 1. Not knowing anything about your business, is there a specific reason that you want "a complete block of UDP/ICMP protocol"? That can be problematic with IPv4, and downright foolish with IPv6.
maybe he's upset that his current EU provider is in Sannyvale not Sunnyvale? inetnum: 109.206.160.0 - 109.206.191.255 netname: SERVEREL descr: Serverel Corp. country: EU org: ORG-SC64-RIPE admin-c: SN2485-RIPE tech-c: SN2485-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: SERVEREL-MNT mnt-lower: RIPE-NCC-END-MNT mnt-routes: SERVEREL-MNT mnt-domains: SERVEREL-MNT source: RIPE # Filtered organisation: ORG-SC64-RIPE org-name: Serverel Corp org-type: OTHER address: 970 Corte Madera ave, Sannyvale, CA, US phone: +18772467863 abuse-mailbox: abuse@serverel.com admin-c: AN495-RIPE ripe.. you may want to clean up some data here :) Also, that small townhouse, it surprises me that someone was able to get a gig pipe into it... especially with a /19 assigned. Odd, why is RIPE supplying space to what seems like clearly a ARIN region endpoint? -chris
jms
participants (9)
-
bmanning@vacation.karoshi.com
-
Christopher Morrow
-
Jay Ashworth
-
JC Dill
-
Justin M. Streiner
-
Leo Bicknell
-
Network IP Dog
-
Paul Kaminsky
-
Valdis.Kletnieks@vt.edu