Because tech blogs and twitter have EXPLODED on the subject, I thought I would add my useless two cents. For those who haven't heard, comcast is having a dispute with level 3 over whether level 3 should pay them to add more links into their comcast network.
Here are the facts.
1. Formerly Akamai (CDN - Content Delivery Network) was the primary deliverer of netflix streaming video.
2. Akamai was/is a customer of comcast and paid them for the bandwidth they used.
3. Level 3 was a carrier network that had a free agreement with comcast to trade a "relatively" equal (2:1) amount of traffic between their networks.
4. Level 3 has gotten into the CDN market.
5. Akamai lost the netflix account to limelight and Level 3, two separate CDNs
6. Level 3 communications != L3 communications
7. Level 3 expects the netflix streaming will increase the amount of traffic traveling onto comcast's network to increase to a 5:1 ratio (2.9 terabits/s increase)
8. Level 3 does not think it should have to pay, comcast does
I see this ultimatly as two businesses bickering over money, the usual, but I see two arguments, for and against.
Against Comcast:
I pay you (comcast) a lot of money to provide me 12Mb/s of whatever (legal) internet content I desire to upload or download. It is your end of the bargain to have enough bandwidth to other parts of the internet to provide that in a reliable fashion. You should be taking the money I pay you to make sure ALL your links to outside carriers will not be saturated if you expect I will desire content from that part of the internet. This has nothing to do with netflix, if comcast did not have enough bandwidth to support it's customers streaming from youtube, CNN, or something else, it should be comcast that needs to add bandwidth to let more content onto it's network, as comcast is the requester. The reason I choose to continue to pay comcast and not your competitor, is that I believe you have less over-saturation and can provide the content I want.
As a network engineer, if my end users need more bandwidth into my network from a specific entree point, isn't it my responsibility to increase that bandwidth?
Against Level 3:
You made an agreement with comcast to allow 2:1 bandwidth ingress/egress from that point of your network. By adding 2.9 Terabits/s of bandwidth, you have rendered the previous contract void and need to re-negotiate. Comcast does not wish to renew the contract without raising the price. Either pay up or find a different carrier/backbone network you can connect to which will make it's own connection with comcast.
Honestly, I don't see which is a better argument, possibly Comcast's. I really don't see that this has anything to do with "net neutrality" as Level 3 was claiming though.
Friday, December 3, 2010
Wednesday, November 10, 2010
World Politics
Wolfgang Schäuble, German finance minister, referred to the latest actions by the Fed as "clueless" and followed up, "It doesn't add up when the Americans accuse the Chinese of currency manipulation and then artificially lower the value of the dollar...I have great doubts about whether it makes sense to pump unlimited amounts of money into the markets. There is no shortage of liquidity in the U.S. economy. I can't see the economic argument for this move."
Dilma Rousseff, Brazil's president-elect: "The last time there was a competitive devaluation of currencies it ended up where it did, in the second World War."
Personally a little uncomfortable with where our leadership is taking us, with Obama continuing to ignore (or often worse) our long time allies (Isreal, France, Germany, UK), unfathomable debt, and the Fed pursuing very shortsighted solutions, I think this world could be a very different place in the next few years.
(although my caveat is that I am not an economist, political scientist, or have any advanced education specifically relating to these issues, so take it with a grain of salt)
Dilma Rousseff, Brazil's president-elect: "The last time there was a competitive devaluation of currencies it ended up where it did, in the second World War."
Personally a little uncomfortable with where our leadership is taking us, with Obama continuing to ignore (or often worse) our long time allies (Isreal, France, Germany, UK), unfathomable debt, and the Fed pursuing very shortsighted solutions, I think this world could be a very different place in the next few years.
(although my caveat is that I am not an economist, political scientist, or have any advanced education specifically relating to these issues, so take it with a grain of salt)
Friday, October 15, 2010
ASA access lists
Ok, so I changed the size of a network on one of my DMZ's. So I remove all the ACL entries and re-paste them with the new subnet mask. Now I can't get to my DNS server (which is in a different DMZ).
Ok, look through my ACLs, make sure the DNS lines are still there, pasted correctly etc. Everything looks ok, so I run packet tracer and it ends with: blocked by access-list .... implicit deny.
Now, my only grudge about packet tracer is that it doesn't list WHICH ACL blocked it, but I'm pretty sure it should only be hitting the one. I try adding a ip any any on the end of the ACL... Still blocked. I try adding an permit ip any DNSIP to line 1 of the acl... Still blocked. Starting to want to pull my hair out, I know it should be hitting this ACL and I have to correct entries!
(Now this dmz is also my wireless network, so I'm doing some troubleshooting on the WLCs and laptops etc. to be sure but I can't imagine it is anything other than that ACL I just changed on the firewall. It had worked after changing the subnet mask on both the interface and nat pool...
So finally, I just sit back and decide to stop doing pipes and look at the entire show run. I crawl through my entire ASA config line by line until at the bottom I notice, the ACL for that dmz isn't applied.... Apparently when you remove all lines of the ACL it removes it from the interface (and fails closed to an implicit deny). So I re-add the ACL to the Interface and Magically everything is working again!
So - when you remove all lines of an ACL - the ASA also removes the
access-group dmzACL in interface DMZ
command from your running config as well.
Lesson learned!
Ok, look through my ACLs, make sure the DNS lines are still there, pasted correctly etc. Everything looks ok, so I run packet tracer and it ends with: blocked by access-list .... implicit deny.
Now, my only grudge about packet tracer is that it doesn't list WHICH ACL blocked it, but I'm pretty sure it should only be hitting the one. I try adding a ip any any on the end of the ACL... Still blocked. I try adding an permit ip any DNSIP to line 1 of the acl... Still blocked. Starting to want to pull my hair out, I know it should be hitting this ACL and I have to correct entries!
(Now this dmz is also my wireless network, so I'm doing some troubleshooting on the WLCs and laptops etc. to be sure but I can't imagine it is anything other than that ACL I just changed on the firewall. It had worked after changing the subnet mask on both the interface and nat pool...
So finally, I just sit back and decide to stop doing pipes and look at the entire show run. I crawl through my entire ASA config line by line until at the bottom I notice, the ACL for that dmz isn't applied.... Apparently when you remove all lines of the ACL it removes it from the interface (and fails closed to an implicit deny). So I re-add the ACL to the Interface and Magically everything is working again!
So - when you remove all lines of an ACL - the ASA also removes the
access-group dmzACL in interface DMZ
command from your running config as well.
Lesson learned!
Thursday, October 14, 2010
ASA 8.3
The new 8.3 ASA code has made some MAJOR configuration changes, particularly concerning natting. Take a peak at http://www.petenetlive.com/KB/Article/0000247.htm
and of course the migration guide: http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html to start seeing what all is changing.
Is there a reason Cisco now has us permit incoming traffic to the inside address rather than the public IP? No more Nat0??? I feel like I am going to need to learn natting all over again.
and of course the migration guide: http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html to start seeing what all is changing.
Is there a reason Cisco now has us permit incoming traffic to the inside address rather than the public IP? No more Nat0??? I feel like I am going to need to learn natting all over again.
Friday, October 1, 2010
I love marketing
"Able to transmit the DNA sequence of 56,000 people in a second" - Way to use an analogy that I have no idea how big that is. I suppose DNA sequences are fairly large, but it would just be a text file of info... I suppose I really just have no idea what size this is and whether that is truly fast or just pretty fast.
"Able to move the entire printed library of congress in a second" ... ok, so is that in txt files, pdfs, e-pubs. This one is a little better but once again, it sounds like a good bit but I have no idea how many books that actually is, how many gigs or terabytes you are moving.
322 Terabyte performance - Awww, now there is something I recognize, but of course they aren't going to mention any specifics beyond their biggest number! What exactly is that a measure of? How are you defining "performance"?
Aw well, I suppose if I was a sales guy I might not be able to do much better, it is why marketers should always have a tech with them.
"Able to move the entire printed library of congress in a second" ... ok, so is that in txt files, pdfs, e-pubs. This one is a little better but once again, it sounds like a good bit but I have no idea how many books that actually is, how many gigs or terabytes you are moving.
322 Terabyte performance - Awww, now there is something I recognize, but of course they aren't going to mention any specifics beyond their biggest number! What exactly is that a measure of? How are you defining "performance"?
Aw well, I suppose if I was a sales guy I might not be able to do much better, it is why marketers should always have a tech with them.
Subscribe to:
Posts (Atom)
