[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[4]: ILUG on leb.net



On 05-Nov-98 Doron Shikmoni wrote:

>  Evgeny writes:
>  
> >And from
> >this my very own experience, the reliability of IIX connections is not very
> >good
> >- it's not that rarely an .il domain is more difficult to reach (from
> >Israel!)
> >than an US site.
>  
>  Okay, let's address this one. The next time this happens to you, please
>  check and see which ISP hosts this .il site. If it is any ISP except
>  Netvision - please let me know about it. If it *is* NV - then, well,
>  see the explanation in my previous posting. Also, see below.

Well, probably majority of such cases were indeed related to NV.

> >As well, I've seen not once and not twice traceroutes between
> >two .il domains going through US routers - while both sites' ISPs were
                                                    ^^^^^^^^^^^^^^^^^^^^^
> >connected to IIX.
   ^^^^^^^^^^^^^^^^

>  This is a *routing* issue. Please note that routing, by definition,
>  is not a simple thing. For example, I'm sure you know that having
>  a domain name ending with .il does not at all say that the site is
>  in Israel, and/or does not at all say that it is *connected* via an
>  Israeli provider.
>  
>  Having said that, let's assume you meant Israeli-ISP connected hosts.

I explicitly said that (see above).

>  If you do see two such hosts, each connected to a different ISP(!!),
>  and whose mutual packets go via the US - then, what you see is
>  either an IIX outage (20 minutes total, all scheduled, in the past
>  4 months), *or* a routing foul-up (or a deliberate decision) of one
>  of the two ISPs.

Maybe I'm so unlucky to be caught in the maintanance windows, but I do remember
route between two IIX members (not NV!) passing through US while each of them
separately traceroute'd to a third one (it was NV :)) through IIX. If you're
interested, I'll send you the concrete IP's.

> >But _you_ - you definitely have the facts needed to persuade me in the good
> >quality of IIX. I'd like to see reliable comparison between quality of
> >national
> >network interconnectivity of Israel and XXX (= US or any West Europe
> >country).
> >If you can prove that both are more or less the same, I agree to beg your
> >(or
> >anyone else's) pardon.
>  
>  I will not try to prove, or even suggest, something like that.
>  "National Network Interconnectivity" is a big issue, far larger than
>  that of one exchange point. Mind you, the largest USA exchange points
>  (MAE-East, Chicago NAP etc.) have bottlenecks and headaches of their own.
>  Of course the *size* differs, big time, so any comparison would be absurd.
>  
>  Again, I will not go here into a detailed analysis of what makes
>  a good network infrastructure. However, two things are worth mentioning:
>  Money, and customer awareness. Money - the Israeli customer wants
>  to pay nothing, and in return get everything. Networking infrastructure
>  costs money. (By "customer", I mean all - both the end user and the ISPs).
>  And customer awareness - if a certain ISP does not maintain enough
>  bandwidth to places where its customers want to go ( == connect),
>  these customers should make their opinion known to the provider.

Not sure. Since you charge the money from ISPs, they (and not their customers)
should be interested in IIX, and thus, willing to pay for your service. Also,
IMO, nation-wide generalizations like "Israeli customer wants to pay nothing"
don't worth a serious discussion.
BTW, I didn't know that (according to what Eli said) IIX relies on volunteers'
job. In fact, it's not seen from the ISOC web pages (what about the US
exchange points you mentioned above - are they completely non-profit, too?).

Apropo, you wanted me to suggest something to enhance IIX - here it comes: I
strongly believe that a structure of national importance like IIX should NOT
rely upon volunteers. Make providers really interested in it. For example, set
up a centralized mirror of popular software repositories: for linuxists: main
distributions/sunsite/tsx-11/...; tucows/winfiles/simtel/... for M$ users;
CPAN/CTAN/... for everyone; etc. This _will_ interest ISPs since their
customers will use the fast local mirror instead of spending expensive bandwidth
abroad. Also, this'll stop the senseless war between Machba and NV - Machba
reps state that NV's (and others') customers spend much of the ILAN-IIX line by
downloading from Machba's mirrors while NV can probably say same about their
IIX line and Machba users accessing tucows.netvision, for example.
Furthemore, just think about it: this site will be visited, more or
less regularly, practically by ALL Israeli Internet users. Given that nowadays,
great majority of FTP downloads are done by Web browsers, it's quite trivial to
make the browsers load an advertisement upon entering each directory. Do you
think there would be a company NOT willing to pay for ads put on _such_ a
server?


> >This, BTW, I'd like to understand. I've seen statements here and there that
> >disabling ICMP completely is a Wrong Thing. But why? (Not on routers, which
> >is
> >quite clear, but end-point sites).
>  
>  ICMPs have many flavors (subtypes). Some of them are required for the
>  well being of TCP/IP. Complete blockage of ICMP can have bad effects
>  (for example, not being able to adapt MTU, missing "network/host
>  unreachable" responses, and so forth).

Thanks for the clarification. Strange, but I noticed no connectivity decrease
to plasma-gate after the firewall rules had been set up - according to the logs.
  
Regards,

Evgeny

   ____________________________________________________________
  / Evgeny Stambulchik  <fnevgeny@plasma-gate.weizmann.ac.il>  \
 /  Plasma Laboratory, Weizmann Institute of Science, Israel \  \
 |  Phone : (972)8-934-3610  == | == FAX   : (972)8-934-3491 |  |
 |  URL   :    http://plasma-gate.weizmann.ac.il/~fnevgeny/  |  |
 |  Finger for PGP key >=====================================+  |
 |______________________________________________________________|