We utilize Flow Spec throughout our network today and it works well … Juniper MX however everywhere….
> On Nov 5, 2016, at 8:00 PM, Mike Hammett <[email protected]> wrote: > > Flow spec would be nice, but not enough supports it yet. Until that happens, > all we really have are bad options. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > From: "Paul Stewart" <[email protected] <mailto:[email protected]>> > To: [email protected] <mailto:[email protected]> > Sent: Saturday, November 5, 2016 6:55:08 PM > Subject: Re: [AFMUG] Switch packet loss during high bandwidth > > IDS’s are fairly trivial to overwhelm when a significant attack hits them… > especially DDOS type traffic… so essentially they get toppled over > effectively completing the DDOS or other type of malformed attack. > > > > On Nov 5, 2016, at 7:31 PM, Mike Hammett <[email protected] > <mailto:[email protected]>> wrote: > > I'm not sure I get the first paragraph. The box specifically becomes targeted > or the network in general? > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > From: "Paul Stewart" <[email protected] <mailto:[email protected]>> > To: [email protected] <mailto:[email protected]> > Sent: Saturday, November 5, 2016 6:29:02 PM > Subject: Re: [AFMUG] Switch packet loss during high bandwidth > > I would never put an IDS at the network edge - DDOS mitigation I don’t like > to see them inline … both of them become targets at what they are supposed to > be protecting :) > > The only reason I can see for putting a switch at the edge is cost savings … > and if costs are tight then I can understand putting two routers behind it to > increase some amount of redundancy > > As for other comments around x-connects … completely agree - they add up in a > significant hurry … and if anyone the list deals with Equinix, you also have > the hassles of bills that are never correct - new x-connects billed at full > retail rate and then fight with them every month to get the x-connects back > to contracted rate…. > > > On Nov 5, 2016, at 6:15 PM, Mike Hammett <[email protected] > <mailto:[email protected]>> wrote: > > Another reason is that it's then easier to drop other devices in-line. Other > devices may be a DDoS mitigation appliance (or service), an IPS, etc. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > From: "Paul Stewart" <[email protected] <mailto:[email protected]>> > To: [email protected] <mailto:[email protected]> > Sent: Saturday, November 5, 2016 5:04:41 PM > Subject: Re: [AFMUG] Switch packet loss during high bandwidth > > Thanks Mike…. appreciate the explanation … sometimes it’s good to ask > questions and get different viewpoints :) > > Paul > > On Nov 5, 2016, at 5:51 PM, Mike Hammett <[email protected] > <mailto:[email protected]>> wrote: > > Cost, yes. At $350/month for a cross connect, you choose your cross connect > orders wisely. > > A router is more likely to need maintenance than a switch. Moving frames is > pretty easy any may not need much for firmware updates. Routers on the other > hand do lots of things and with that many things comes the increased > likelihood of need for a firmware update. Dual routers means you don't have > to drop your customers to perform said maintenance. You're also more likely > to be doing ACLs and QOS on routers, which likely reduces performance from > line rate, especially during DDoS type events. having some extra fire power > is handy. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > From: "Paul Stewart" <[email protected] <mailto:[email protected]>> > To: [email protected] <mailto:[email protected]> > Sent: Saturday, November 5, 2016 10:21:15 AM > Subject: Re: [AFMUG] Switch packet loss during high bandwidth > > So you expect the router to die? why not two x-connects to the provider back > to two switches? Cost? > > On Nov 5, 2016, at 10:56 AM, Mike Hammett <[email protected] > <mailto:[email protected]>> wrote: > > I have a switch so I can get a /29 from the provider and have multiple PE > routers on a single cross connect. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > From: "Paul Stewart" <[email protected] <mailto:[email protected]>> > To: [email protected] <mailto:[email protected]> > Sent: Saturday, November 5, 2016 9:10:42 AM > Subject: Re: [AFMUG] Switch packet loss during high bandwidth > > Yeah good point… first question that comes to mind is why upstream provider > connection is connected to a switch … why not go from router to provider and > then router to the switch keeping all “downstream” traffic in the switch > > > On Nov 5, 2016, at 9:14 AM, Josh Reynolds <[email protected] > <mailto:[email protected]>> wrote: > > With the limited information you've given, I'd put money on microbursts. > For all your traffic higher than 1Gbps, that data has to get buffered on > egress ports of devices. Eventually, traffic will get dropped to make room > for new traffic. This is far worse in places where you may also have 100Mbps > ports. > "doesn't seem to be affecting the wan side of my router which connects to > peers through the same switch" this was the kicker to me, combined with the > "~2Gbps" line. > > On Nov 5, 2016 3:12 AM, "TJ Trout" <[email protected] <mailto:[email protected]>> > wrote: > I have a 10G switch that is switching everything of mine at my NOC, including > peers, router wan, router lan, uplink to tower, etc > > During peak traffic periods ~2gbps I'm seeing 1% packet loss and throughput > will drop to 0 for just a second and resume normal for a few minutes before > dropping back to zero for just a second. doesn't seem to be affecting the wan > side of my router which connects to peers through the same switch. Doesn't > happen during the day with low periods of traffic. > > I've enabled / disabled STP, Flow control. > > I believe I've isolated it to not be a single port, possibly have a bad > switch but that seems hard to believe... > > Ideas?
