NOC communications

Having a different number/email address on your AS than what's on your
domain name might solve some of these problems- it might not. Being much
more aggressive and outwardly unfriendly to people who call the number on
your AS records becomes realistic if you have distinctly declared it for
NOC communications only.

Please define "NOC communications only." Are Smurf reports considered
NOC communications. How about Spam reports, spoofing addresses, or
web pages being down? How about "I can't get through (i.e. I didn't want
to wait) to your regular number so I called this one."

Fact of the matter is every piece of contact information I have listed
in ARIN's database or on a public web page has ended up on a junk
mailing/calling list. The contact information which I only give
out directly to other NOCs has NEVER been abused.

Perhaps we should ask GTE Superpages, UUNET telemarketing, and Bull's Eye
Target E-mail why do they use these particular set of contacts for
their marketing efforts?

I disagree with your point that NOC-to-NOC communications should ever be
forwarded to a general number, even with adequate training.

Is there a Turing test for contact information? There are organizations
with extremely good communication operations which provide even better
service than calling your favorite NOC engineer directly. Unfortunately
they are rare, and as you pointed out, tend to only last as long as
the next re-organization plan.

My point exactly - we all have proof that the current system doesn't work
very well.

If it doesn't affect the share price, it seems like the management of most
major ISPs could care less. This is, was, and always will be a management
problem. We can come up with all the clever technical ideas to try to
address reasons management gives for not doing something. But until
some clever analysist decides this is an issue that can affect earnings,
e.g. the Y2000 issue, not much is going to happen.

We already have a central authority that collects two perfectly good points
of information about each AS in North America (supposedly.)

Yeah, right.

   Dear Sprint, Vab is gone. Since you have not updated your contact
   information in a prompt fashion, your AS numbers will be withdrawn
   at Midnight. Have a nice day.

As far as most provider's are concerned there is no penalty for having
out of date or bogus contact information. They view it as just one more
added cost, and something that only benefits their competitors and not
themselves. That is until they read about themselves on the front-page
of the New York Times. Then the managers start yelling at the engineers
"Why didn't you tell us it was a problem."

Well, I think I've flogged this dead horse enough this time. Maybe
we can have this discussion again in another six months.

The contact information which I only give out directly to other NOCs has
NEVER been abused.

Here is the key to this problem. How can you publish contact information
in such a way that it only goes to other NOCs. And conversely, how can you
ensure that you have access to the contact information of all other NOCs.
I suspect that there may be a way for the IP registries (ARIN, RIPE and
APNIC) to facilitate this with some kind of replicated database in which
change notifications only go out to entities listed in the database. That
way every NOC could maintain their own complete copy of a global NOC
contacts database and the only need for queries would be to process update
notifications and do the occasional resync with the master copy.

Yeah, right.

   Dear Sprint, Vab is gone. Since you have not updated your contact
   information in a prompt fashion, your AS numbers will be withdrawn
   at Midnight. Have a nice day.

This *WILL* be happening in the near future. Not maintaining up to date
contact info is tantamount to aiding and abetting DoS attacks. It won't be
long now before there is some government scrutiny of operational practices
which are related to finding and fixing failures fast.

That is until they read about themselves on the front-page
of the New York Times. Then the managers start yelling at the engineers
"Why didn't you tell us it was a problem."

Smart engineers are proactive and warn their managers of the dangers of
not following prudent operational practices.

Maybe we can have this discussion again in another six months.

Please do. I know that your regular rehashing of these issues has had a
positive impact on a lot of providers.

How about a major oversimplification of a fix. Closed mailing list. One
primary contact for each company is designated and allowed to join the list.
Every 2 weeks (maybe a month?) an email is autogenerated that must be ACK'd
or that companies NOC entry is considered stale. The person on the mailing
list is responsible for ensuring contact info is updated.

Participants in the list would be able to send a request to the list for
current info on another noc...not a web page. Something more along the line
of:

I'd love to see some proof of this...

PGP signature of NOC can help you?

So would I, since I've been agitating for it since ARIN came into
existance. I even posted a proposal here a couple of months back that met
with some derision and lots of reasons why it can't happen (and one in
which my opinion carried no weight since I didn't have a membership).

Maybe if ARIN can do it, InterNIC can, too. Then again...if InterNIC
continues in their current fashion, maybe it'll hurt them in the coming
registration wars...

Spammers: more disgusting than roaches.

Dean Robb
PC-EASY computer services
(757) 495-EASY [3279]