We are at a stage where we need an all-out uplink vendor to fuel our business endeavor. The bells and whistles we need are:
1. 1 Gbps link with complete block of UDP/ICMP protocol
2. BGP session with our AS
3. Ability to blackhole (no route to host) by /32 prefix
4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory, we're open for suggestions
If you feel your company measures up or is a cut above the rest, please get in touch with us to discuss the specific details.
One question:
1. Not knowing anything about your business, is there a specific reason that you want "a complete block of UDP/ICMP protocol"? That can be problematic with IPv4, and downright foolish with IPv6.
perhaps we are walking around w/ incomplete notions of what
constitutes a "complete block of UDP/ICMP protocol"...
for me, literally,this makes no sense whatsoever. ratcheting back
on my literal filter (be liberal in what you accept) I beleive
what he is asking for is a contigious block of IP addresses
for use in his network. am also making the inference that he is
only looking for IPv4 (no route to host by /32 prefix).
so the only remaining, burning question is - what size block?
a /33? a /31? maybe a /28? or a /22? a /19?
(the /33 is right out... filtering on /32 would block both hosts!)
I think its quite reasonable to expect a contigious block of addresses,
regardless of address family. Not at all "downright foolish".
It is rare to see someone -not- get a contigious block.
1. 1 Gbps link with complete block of UDP/ICMP protocol
One question:
1. Not knowing anything about your business, is there a specific reason
that you want "a complete block of UDP/ICMP protocol"? That can be
problematic with IPv4, and downright foolish with IPv6.
perhaps we are walking around w/ incomplete notions of what
constitutes a "complete block of UDP/ICMP protocol"...
My notion of the original statement was that the OP was looking for a provider that would block all UDP and ICMP, as in firewalls and packet filters. I also made the possibly-incorrect assumption that if the OP has an ASN from which to announce prefixes, it would also be reasonable to expect that they already have at least one prefix to announce.
From that angle, 'problematic' and 'downright foolish' is not such a far
We are at a stage where we need an all-out uplink vendor to fuel our
business endeavor. The bells and whistles we need are:
1. 1 Gbps link with complete block of UDP/ICMP protocol
2. BGP session with our AS
you have an asn?
3. Ability to blackhole (no route to host) by /32 prefix
4. Presence in Equinix SV1 or SV5 (San Jose) DC's - this is not mandatory,
we're open for suggestions
If you feel your company measures up or is a cut above the rest, please
get in touch with us to discuss the specific details.
Note: I am not a vendor.
One question:
1. Not knowing anything about your business, is there a specific reason that
you want "a complete block of UDP/ICMP protocol"? That can be problematic
with IPv4, and downright foolish with IPv6.
maybe he's upset that his current EU provider is in Sannyvale not Sunnyvale?
inetnum: 109.206.160.0 - 109.206.191.255
netname: SERVEREL
descr: Serverel Corp.
country: EU
org: ORG-SC64-RIPE
admin-c: SN2485-RIPE
tech-c: SN2485-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: SERVEREL-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: SERVEREL-MNT
mnt-domains: SERVEREL-MNT
source: RIPE # Filtered
organisation: ORG-SC64-RIPE
org-name: Serverel Corp
org-type: OTHER
address: 970 Corte Madera ave, Sannyvale, CA, US
phone: +18772467863
abuse-mailbox: abuse@serverel.com
admin-c: AN495-RIPE
ripe.. you may want to clean up some data here Also, that small
townhouse, it surprises me that someone was able to get a gig pipe
into it... especially with a /19 assigned. Odd, why is RIPE supplying
space to what seems like clearly a ARIN region endpoint?
Impletec Traffic Laboratory was established with the aim to develop and
provide high-load solutions for Network Engineering, CDN, DDoS
Protection and other high-level network services. At the highest
possible standards, with minimum hassle and lowest expense to you - our
valued customer.
I know of a half dozen "DDoS Protection ISP's" that block all UDP
and ICMP. It also fits with his desire to have a blackhole community
by the /32 with his upstream. I don't know if this sort of filter all
ICMP behavior is more a symtom of the providers or their customer bases,
but regardless of the source it makes most of the sites behind these
services very slow and/or unreachable from some locations.
I'm not sure posting "I'm a DDoS magnet" on NANOG will get a lot of
people jumping up to offer service, or good rates!
wait, they are a dos mitigation service provider and they can't handle
udp/icmp traffic?
so ... really: "We do dos mitigation for tcp services, we outsource
the udp/icmp to someone else" ?
Well, I dunno; I concur with jms: I assumed he meant "where the provider
drops all incoming UDP and ICMP traffic addressed towards my IP space on
the floor".
" *Censorship* is the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient to the general body of people as determined by a government, media outlet, or other controlling body."
The key aspect that makes something censorship is that you can't easily get around the block by the "controlling body". Obviously, if you do it yourself or ask someone to do it for you (e.g. ask your upstream to filter) it's not censorship. If it's done by someone else, you have no say in the matter and no (easy and/or legal) opportunity to avoid the filtering, then it's censorship.
If Comcast or AT&T decided to filter/block requested data from reaching their customers (e.g. access to .xxx sites, access to torrents), we would all agree that this was censorship.
think parents suppression of "communication [] considered
objectionable, harmful, sensitive or inconvenient" wrt
their children. the key is "controlling body"... be it
ISP, Government, CorporateIT, your mom, or the school board.
It might even be -YOU- (you do have control, right?)