[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[4]: ILUG on leb.net
Evgeny writes:
>> Netvision's bandwidth to the IIX set aside, - do you have *one* point
>> that will help us improve the IIX? One will do - no need for a "lot".
>> We are always happy and willing to learn. You sound as if you are
>> well informed.
>
>I didn't say "_I_ know a lot that IIX stuff has to learn". If you consider
>hiring me as a consultant, we can discuss this possibility via private emails.
Noted.
>As to the facts: compiling facts in a statistically reliable way (in respect
>to
>the present discussion) might be quite time-consuming task, and my free time
>is
>quite limited. Not to mention an access to IIX routers' admin data may be
>needed
>- which I evidently don't have. I express here my own feeling towards the
>quality of the IIX services - being merely a _user_ of the latters.
This is perfectly legitimate. After all, it's there for the users,
isn't it.
>And from
>this my very own experience, the reliability of IIX connections is not very
>good
>- it's not that rarely an .il domain is more difficult to reach (from Israel!)
>than an US site.
Okay, let's address this one. The next time this happens to you, please
check and see which ISP hosts this .il site. If it is any ISP except
Netvision - please let me know about it. If it *is* NV - then, well,
see the explanation in my previous posting. Also, see below.
>As well, I've seen not once and not twice traceroutes between
>two .il domains going through US routers - while both sites' ISPs were
>connected to IIX.
This is a *routing* issue. Please note that routing, by definition,
is not a simple thing. For example, I'm sure you know that having
a domain name ending with .il does not at all say that the site is
in Israel, and/or does not at all say that it is *connected* via an
Israeli provider.
Having said that, let's assume you meant Israeli-ISP connected hosts.
If you do see two such hosts, each connected to a different ISP(!!),
and whose mutual packets go via the US - then, what you see is
either an IIX outage (20 minutes total, all scheduled, in the past
4 months), *or* a routing foul-up (or a deliberate decision) of one
of the two ISPs.
I can go on and explain the workings of the IIX, but it would be best
to stop here (it's a Linux mailing list after all). The bottom line
is: Apart of the contention on Netvision's line to the IIX, we know
of no performance problems and/or outages on the IIX. Most of the time,
the IIX itself is about 10% busy, and most of the lines are far from
being saturated (except for - OK, you know).
>But _you_ - you definitely have the facts needed to persuade me in the good
>quality of IIX. I'd like to see reliable comparison between quality of
>national
>network interconnectivity of Israel and XXX (= US or any West Europe country).
>If you can prove that both are more or less the same, I agree to beg your (or
>anyone else's) pardon.
I will not try to prove, or even suggest, something like that.
"National Network Interconnectivity" is a big issue, far larger than
that of one exchange point. Mind you, the largest USA exchange points
(MAE-East, Chicago NAP etc.) have bottlenecks and headaches of their own.
Of course the *size* differs, big time, so any comparison would be absurd.
Again, I will not go here into a detailed analysis of what makes
a good network infrastructure. However, two things are worth mentioning:
Money, and customer awareness. Money - the Israeli customer wants
to pay nothing, and in return get everything. Networking infrastructure
costs money. (By "customer", I mean all - both the end user and the ISPs).
And customer awareness - if a certain ISP does not maintain enough
bandwidth to places where its customers want to go ( == connect),
these customers should make their opinion known to the provider.
>Otherwise, you may want to talk to network specialists
>from XXX - they probably have the valuable ideas you're looking for.
Thanks. We do that, quite a lot in fact. Actually, there is considerable
appreciation towards the IIX in professional circles, in Europe and
the USA.
>This, BTW, I'd like to understand. I've seen statements here and there that
>disabling ICMP completely is a Wrong Thing. But why? (Not on routers, which is
>quite clear, but end-point sites).
ICMPs have many flavors (subtypes). Some of them are required for the
well being of TCP/IP. Complete blockage of ICMP can have bad effects
(for example, not being able to adapt MTU, missing "network/host
unreachable" responses, and so forth).
That said, many of us block ICMP at various points, because of ICMP
based attacks. Oh well :-)
>How can one know? Aquanet-IIX.iix.net.il indeed responds, but where is the
>garantee that the second interface is up or the physical media between it and
>Aquanet's router is OK (which can be, of course, both IIX's and Aquanet's
>fault)?
No guarantee. Traceroute has no guarantee - it's a best effort thing.
Note, however, the naming convention I use for the IIX lines: Aquanet-IIX.iix
is the Aquanet side of the connection, while IIX-Aquanet.iix is the IIX side.
So the fact that you received a reply from Aquanet.iix.net.il, *guarantees*
that the reply comes from the Aquanet router that is connected to the IIX.
This may help you identify problems.
Sincerely,
Doron Shikmoni