Hello MICE Persons- The SC has discussed recent requests for protection of port statistics, and we have decided to adapt the method that Netnod in Sweden tackles this issue. At any time, any IX member may choose to make their port anonymous in the graphs and logs. Because the ports are currently labeled, we will allow allow members, upon request, to move to another port at the time that they remove the identity from their port. This will allow any network that does not wish its statistics to be public to be satisfied, while allowing the members to see have access to statistics, in this, a cooperative exchange without dedicated staff. Any members who wish to have their port anonymized, please contact me and I will make sure that it is done. Also, a reminder: port statistics of other members are NOT for sharing outside of your own company without permission from the other involved networks. If anyone has any questions, please feel free to post. Reid -- Reid Fishler Director Hurricane Electric +1-510-580-4178 ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Tue, 2013-12-10 at 21:05 -0500, Reid Fishler wrote:
Because the ports are currently labeled, we will allow allow members, upon request, to move to another port at the time that they remove the identity from their port.
You're saying that Akamai can move to another port and we won't put a name on that port's graph? Wouldn't it be really obvious that the unlabeled graph that's just started sending/receiving traffic is the one network (Akamai) that just disappeared from the set of labeled graphs? Plus, until there's another network that opts out, it's still obvious which port is Akamai. And if that network isn't of a similar size, even then it still be obvious. I don't see any reason to move (or unlabel) anything. If you want to grant these requests, just stop showing Akamai's port's graph to the guest user in Cacti and remove it from the weathermap. Access to the Cacti admin interface should be along the same lines as access to manage the actual MICE switches: it's privileged and comes with discretion requirements. Not every member has access to the switches' management interface(s) nor Cacti admin today. I have neither, for example. -- Richard ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Please take a look at http://www.netnod.se/ix/statistics, to see how they do it. This is what we are planning to model off of. Reid On Tue, Dec 10, 2013 at 9:16 PM, Richard Laager <rlaager@wiktel.com> wrote:
On Tue, 2013-12-10 at 21:05 -0500, Reid Fishler wrote:
Because the ports are currently labeled, we will allow allow members, upon request, to move to another port at the time that they remove the identity from their port.
You're saying that Akamai can move to another port and we won't put a name on that port's graph? Wouldn't it be really obvious that the unlabeled graph that's just started sending/receiving traffic is the one network (Akamai) that just disappeared from the set of labeled graphs?
Plus, until there's another network that opts out, it's still obvious which port is Akamai. And if that network isn't of a similar size, even then it still be obvious.
I don't see any reason to move (or unlabel) anything. If you want to grant these requests, just stop showing Akamai's port's graph to the guest user in Cacti and remove it from the weathermap.
Access to the Cacti admin interface should be along the same lines as access to manage the actual MICE switches: it's privileged and comes with discretion requirements. Not every member has access to the switches' management interface(s) nor Cacti admin today. I have neither, for example.
-- Richard
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- Reid Fishler Director Hurricane Electric +1-510-580-4178 ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Tue, 2013-12-10 at 21:21 -0500, Reid Fishler wrote:
Please take a look at http://www.netnod.se/ix/statistics, to see how they do it. This is what we are planning to model off of.
They are graphing the anonymous ports. So MICE would have exactly the problems I noted. So this doesn't solve anything. -- Richard ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Dec 10, 2013, at 9:25 PM, Richard Laager <rlaager@WIKTEL.COM> wrote:
On Tue, 2013-12-10 at 21:21 -0500, Reid Fishler wrote:
Please take a look at http://www.netnod.se/ix/statistics, to see how they do it. This is what we are planning to model off of.
They are graphing the anonymous ports. So MICE would have exactly the problems I noted. So this doesn't solve anything.
I agree, it would be sort of a joke actually as it would be completely obvious when we went down and back up. This will also prevent other large sources of traffic from joining the exchange. We're happy to work to see if we can help with whatever the objective is and to come up with a solution if its possible, but we would like our ports opted out ASAP. Best, -M< ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Dec 10, 2013 8:34 PM, "Hannigan, Martin" <marty@akamai.com> wrote:
On Dec 10, 2013, at 9:25 PM, Richard Laager <rlaager@WIKTEL.COM> wrote:
On Tue, 2013-12-10 at 21:21 -0500, Reid Fishler wrote:
Please take a look at http://www.netnod.se/ix/statistics, to see how they do it. This is what we are planning to model off of.
They are graphing the anonymous ports. So MICE would have exactly the problems I noted. So this doesn't solve anything.
I agree, it would be sort of a joke actually as it would be completely
obvious when we went down and back up.
This will also prevent other large sources of traffic from joining the
exchange. We're happy to work to see if we can help with whatever the objective is and to come up with a solution if its possible, but we would like our ports opted out ASAP. MICE is required by contract to provide mrtg graphing to Akamai. MICE is also managed by the members of the exchange. If the managers of the ix can't access the graphs we can't provide them if requested. Marty, could you be specific in your request and make a suggestion? Jay ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Dec 10, 2013, at 10:06 PM, Jay Hanke <jayhanke@MANKATONETWORKS.NET<mailto:jayhanke@MANKATONETWORKS.NET>> wrote: On Dec 10, 2013 8:34 PM, "Hannigan, Martin" <marty@akamai.com<mailto:marty@akamai.com>> wrote:
On Dec 10, 2013, at 9:25 PM, Richard Laager <rlaager@WIKTEL.COM<mailto:rlaager@WIKTEL.COM>> wrote:
On Tue, 2013-12-10 at 21:21 -0500, Reid Fishler wrote:
Please take a look at http://www.netnod.se/ix/statistics, to see how they do it. This is what we are planning to model off of.
They are graphing the anonymous ports. So MICE would have exactly the problems I noted. So this doesn't solve anything.
I agree, it would be sort of a joke actually as it would be completely obvious when we went down and back up.
This will also prevent other large sources of traffic from joining the exchange. We're happy to work to see if we can help with whatever the objective is and to come up with a solution if its possible, but we would like our ports opted out ASAP.
MICE is required by contract to provide mrtg graphing to Akamai. MICE is also managed by the members of the exchange. If the managers of the ix can't access the graphs we can't provide them if requested. Marty, could you be specific in your request and make a suggestion? Jay, Right on with the agreement. It does say that we may ask for MRTG graph data related to ports statistics. It also says we expect confidentiality. Our port data is confidential. The MICE Board signed this agreement with us. If we take our port down to the wider audience like we have gracefully requested, we're happy to discuss what the objective is and how we may be helpful. I'll be honest, I doubt that the outcome is "sure, display our data to anyone with a login", but it is likely to be reasonable and inline with North American IXP norms. NETNOD is in Norway and Mice is in North America. NETNOD is also orders of magnitude larger than MICE. That's not the solution. Best, -M< ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Right on with the agreement. It does say that we may ask for MRTG graph data related to ports statistics. It also says we expect confidentiality. Our port data is confidential. The MICE Board signed this agreement with us. If we take our port down to the wider audience like we have gracefully requested, we're happy to discuss what the objective is and how we may be helpful. I'll be honest, I doubt that the outcome is "sure, display our data to anyone with a login", but it is likely to be reasonable and inline with North American IXP norms. NETNOD is in Norway and Mice is in North America. NETNOD is also orders of magnitude larger than MICE. That's not the solution.
Can you narrow down the scope better? Keep in mind we have no formally defined admins, so if you say admin you'll need to lay that out as well. Jay ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
First, let's get back into compliance and we can work together. Best, Marty On Dec 10, 2013, at 22:49, "Jay Hanke" <jayhanke@MANKATONETWORKS.NET<mailto:jayhanke@MANKATONETWORKS.NET>> wrote:
Right on with the agreement. It does say that we may ask for MRTG graph data related to ports statistics. It also says we expect confidentiality. Our port data is confidential. The MICE Board signed this agreement with us. If we take our port down to the wider audience like we have gracefully requested, we're happy to discuss what the objective is and how we may be helpful. I'll be honest, I doubt that the outcome is "sure, display our data to anyone with a login", but it is likely to be reasonable and inline with North American IXP norms. NETNOD is in Norway and Mice is in North America. NETNOD is also orders of magnitude larger than MICE. That's not the solution.
Can you narrow down the scope better? Keep in mind we have no formally defined admins, so if you say admin you'll need to lay that out as well. Jay ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Jay, Theres a lot of conflicting stuff here. Think I liked most of Richards responses to David. Let's talk live and see if we can sort this out. Work? Best, Marty On Dec 10, 2013, at 22:49, "Jay Hanke" <jayhanke@MANKATONETWORKS.NET<mailto:jayhanke@MANKATONETWORKS.NET>> wrote:
Right on with the agreement. It does say that we may ask for MRTG graph data related to ports statistics. It also says we expect confidentiality. Our port data is confidential. The MICE Board signed this agreement with us. If we take our port down to the wider audience like we have gracefully requested, we're happy to discuss what the objective is and how we may be helpful. I'll be honest, I doubt that the outcome is "sure, display our data to anyone with a login", but it is likely to be reasonable and inline with North American IXP norms. NETNOD is in Norway and Mice is in North America. NETNOD is also orders of magnitude larger than MICE. That's not the solution.
Can you narrow down the scope better? Keep in mind we have no formally defined admins, so if you say admin you'll need to lay that out as well. Jay ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Should we set up a call for later today? s On Tuesday, December 10, 2013, Hannigan, Martin wrote:
Jay,
Theres a lot of conflicting stuff here. Think I liked most of Richards responses to David.
Let's talk live and see if we can sort this out. Work?
Best,
Marty
On Dec 10, 2013, at 22:49, "Jay Hanke" <jayhanke@MANKATONETWORKS.NET<javascript:_e({}, 'cvml', 'jayhanke@MANKATONETWORKS.NET');>> wrote:
Right on with the agreement. It does say that we may ask for MRTG graph data related to ports statistics. It also says we expect confidentiality. Our port data is confidential. The MICE Board signed this agreement with us. If we take our port down to the wider audience like we have gracefully requested, we're happy to discuss what the objective is and how we may be helpful. I'll be honest, I doubt that the outcome is "sure, display our data to anyone with a login", but it is likely to be reasonable and inline with North American IXP norms. NETNOD is in Norway and Mice is in North America. NETNOD is also orders of magnitude larger than MICE. That's not the solution.
Can you narrow down the scope better? Keep in mind we have no formally defined admins, so if you say admin you'll need to lay that out as well.
Jay
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
------------------------------
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
-- *Shaun Carlson*Network Engineering Manager | Arvig ph: (218) 346-8673 | em: shaun.carlson@arvig.com ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Anytime today (11th) or Friday (13th) are fine for me if anyone wanted to have a call. I'd agree that Dave did a good job of summarizing the issues and Richard's responses are a reasonable evolution in our shared MICE journey. I'd thought about a combination of ASN/member specific passwords and leaving the graphs open to members but I'm not sure that would meet Martin's needs, especially in the nirvana of the future when his competition might also be MICE members. Obviously under a "hidden graph" scenario members couldn't troubleshoot traffic bottlenecks across MICE themselves and people would need to continue to have reasonable expectations about volunteer administrator's abilities to respond. Part of the support for the current policy came from member's experiences of being frustrated by their provider's opaqueness in situations like the last iOS upgrade, but I think everyone understands that some of Akamai's needs are a little different. One loose end: Doug - can you remove that posting (or perhaps just the graph image) from the mailing list archive? The "anonymous port" idea isn't a bad one either, but it doesn't seem as clean to me in terms of maintenance simplicity and perhaps in terms of anonymity given the current port count and comparative traffic volumes. Having said that I'll certainly work to implement whatever the group's new direction is, appreciate everyone's thoughts and support. Cheers, anthony Anthony Anderberg Sr. Systems Analyst [NUtel_email_logo_1] 320-234-5239 anthonyanderberg@nu-telecom.net<mailto:anthonyanderberg@nu-telecom.net> www.nutelecom.net From: MICE Discuss [mailto:MICE-DISCUSS@LISTS.IPHOUSE.NET] On Behalf Of Shaun Carlson Sent: Wednesday, December 11, 2013 6:13 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: Re: [MICE-DISCUSS] Port Anonymity Should we set up a call for later today? s On Tuesday, December 10, 2013, Hannigan, Martin wrote: Jay, Theres a lot of conflicting stuff here. Think I liked most of Richards responses to David. Let's talk live and see if we can sort this out. Work? Best, Marty On Dec 10, 2013, at 22:49, "Jay Hanke" <jayhanke@MANKATONETWORKS.NET<javascript:_e(%7b%7d,%20'cvml',%20'jayhanke@MANKATONETWORKS.NET');>> wrote:
Right on with the agreement. It does say that we may ask for MRTG graph data related to ports statistics. It also says we expect confidentiality. Our port data is confidential. The MICE Board signed this agreement with us. If we take our port down to the wider audience like we have gracefully requested, we're happy to discuss what the objective is and how we may be helpful. I'll be honest, I doubt that the outcome is "sure, display our data to anyone with a login", but it is likely to be reasonable and inline with North American IXP norms. NETNOD is in Norway and Mice is in North America. NETNOD is also orders of magnitude larger than MICE. That's not the solution.
Can you narrow down the scope better? Keep in mind we have no formally defined admins, so if you say admin you'll need to lay that out as well. Jay ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 -- Shaun Carlson Network Engineering Manager | Arvig ph: (218) 346-8673 | em: shaun.carlson@arvig.com<mailto:shaun.carlson@arvig.com> ________________________________ To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Dec 11, 2013, at 1:59 PM, Anthony Anderberg <anthonyanderberg@NU-TELECOM.NET> wrote:
One loose end: Doug - can you remove that posting (or perhaps just the graph image) from the mailing list archive?
As the list master for this I’ll check into what can be done. It may not be possible and I’d need to engage Doug at ipHouse to do something directly in the archives (which LISTSERV will probably bark about). -- Mike Horwath, reachable via drechsau@Geeks.ORG ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Dec 11, 2013, at 2:58 PM, Michael Horwath <drechsau@GEEKS.ORG> wrote:
On Dec 11, 2013, at 1:59 PM, Anthony Anderberg <anthonyanderberg@NU-TELECOM.NET> wrote:
One loose end: Doug - can you remove that posting (or perhaps just the graph image) from the mailing list archive?
As the list master for this I’ll check into what can be done.
It may not be possible and I’d need to engage Doug at ipHouse to do something directly in the archives (which LISTSERV will probably bark about).
Looks like I’ll need to work with Doug. Fingers ><ed! -- Mike Horwath, reachable via drechsau@Geeks.ORG ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Wed, Dec 11, 2013 at 02:58:12PM -0600, Michael Horwath wrote:
On Dec 11, 2013, at 1:59 PM, Anthony Anderberg <anthonyanderberg@NU-TELECOM.NET> wrote:
One loose end: Doug - can you remove that posting (or perhaps just the graph image) from the mailing list archive?
It may not be possible and I?d need to engage Doug at ipHouse to do something directly in the archives (which LISTSERV will probably bark about).
I've removed that posting (just the attachment was not possible) from the list Archives. -- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Thanks guys...!
On Dec 11, 2013, at 19:00, "Doug McIntyre" <merlyn@IPHOUSE.NET> wrote:
On Wed, Dec 11, 2013 at 02:58:12PM -0600, Michael Horwath wrote:
On Dec 11, 2013, at 1:59 PM, Anthony Anderberg <anthonyanderberg@NU-TELECOM.NET> wrote: One loose end: Doug - can you remove that posting (or perhaps just the graph image) from the mailing list archive?
It may not be possible and I?d need to engage Doug at ipHouse to do something directly in the archives (which LISTSERV will probably bark about).
I've removed that posting (just the attachment was not possible) from the list Archives.
-- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Since I haven't seen anyone argue for maintaining the status quo and it seems like we're working toward a policy that includes optional opacity of some sort I've removed the member identification colors from the Ingress graph, guest access to Akamai's graph, and also the details from their Weathermap link. As always let me know if you see anything wrong or silly. Cheers, anthony ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Appreciate the community. Thanks. Onward! First 20g LAG!
On Dec 11, 2013, at 23:44, "Anthony Anderberg" <anthonyanderberg@NU-TELECOM.NET> wrote:
Since I haven't seen anyone argue for maintaining the status quo and it seems like we're working toward a policy that includes optional opacity of some sort I've removed the member identification colors from the Ingress graph, guest access to Akamai's graph, and also the details from their Weathermap link.
As always let me know if you see anything wrong or silly.
Cheers, anthony
########################################################################
To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
On Dec 10, 2013, at 10:49 PM, Jay Hanke <jayhanke@MANKATONETWORKS.NET<mailto:jayhanke@MANKATONETWORKS.NET>> wrote:
Right on with the agreement. It does say that we may ask for MRTG graph data related to ports statistics. It also says we expect confidentiality. Our port data is confidential. The MICE Board signed this agreement with us. If we take our port down to the wider audience like we have gracefully requested, we're happy to discuss what the objective is and how we may be helpful. I'll be honest, I doubt that the outcome is "sure, display our data to anyone with a login", but it is likely to be reasonable and inline with North American IXP norms. NETNOD is in Norway and Mice is in North America. NETNOD is also orders of magnitude larger than MICE. That's not the solution.
Can you narrow down the scope better? Keep in mind we have no formally defined admins, so if you say admin you'll need to lay that out as well. Sure. And thanks for the call this morning, I appreciated it. When we define admins they should be folks with enable on the gear who have it to fix problems. There should also be a basic expectation of privacy of that data. Admins emailing. me and saying "Hey! Where's your port upgrade!" is fine, but emailing the entire list with that is probably not ok. That should apply across the organization. This would be a fairly standard interpretation of how things are done at IXP's in North America and depending upon the final language I would be pleased to support. As far as my data being "public" I'm going to disagree with the board that any member with a login != public so I'm still asking that they remove my graph until we have a better solution. I'm a former MRTG user and maker of pages to monitor things with SNMP, I'm well aware of how to make this work and I'm happy to volunteer to help manage the cacti instance if it would be helpful. There are multiple good reasons for this approach. Unfortunately, the UG meeting conflicts with my Super Bowl vacation or I would come to do a presentation for you on this. Perhaps next one. I hope this helps to clarify and move us along. And as soon as we get this resolved I'll start working to add my second 10G. :-) Best, -M< ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
participants (8)
-
Anthony Anderberg -
Doug McIntyre -
Hannigan, Martin -
Jay Hanke -
Michael Horwath -
Reid Fishler -
Richard Laager -
Shaun Carlson