RE: Default routes on BGP routers with full feeds
I have 5 providers and we get the default from all of them and full routing tables. I have seen cases where if there is no default route, the traffic didn't know where to go, even with full routes from all my providers. -Mike -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Berry Mobley Sent: Tuesday, November 04, 2014 12:47 PM To: nanog@nanog.org Subject: Default routes on BGP routers with full feeds I'm wondering how many of you who are multihomed also add default routes pointing to your providers from whom you are receiving full feeds. If so, why? If not, why not? Thanks, Berry
RE: NAT (PAT) log
In the past, when we had a Cisco 7200 doing NATing, we had a script someone wrote that would telnet into the router and do a sh ip nat trans. The file would be saved out and we could parse through it at a later time, we had the script run even 10 minutes or so I believe. If that is what you are looking for, I can try and dig up the script we had for this. -Mike -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Pavel Dimow Sent: Thursday, May 08, 2014 11:20 AM To: NANOG Subject: NAT (PAT) log Hello, as we are running out of ipv4 addresses we started to think of dual stack deployment in our network and that means we will soon need to have some NAT in place (NAT44).However I am curios to find how do you manage NAT logs? Considering the fact that we will need to use overload for pools I don't see any good solution how to track ip address leases. Any ideas?
RE: BGPMON Alert Questions
Three of ours just got jacked. I have tried to contact via email for update / fix of their end. -Mike -Original Message- From: Felix Aronsson [mailto:fe...@mrfriday.com] Sent: Wednesday, April 02, 2014 3:22 PM To: Joseph Jenkins Cc: nanog@nanog.org Subject: Re: BGPMON Alert Questions Seeing the same here for a /21. This seems to have happened before with AS4761? See http://www.bgpmon.net/hijack-by-as4761-indosat-a-quick-report/from january 2011. On Wed, Apr 2, 2014 at 8:51 PM, Joseph Jenkins j...@breathe-underwater.comwrote: So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it? Here is the alert for reference: Your prefix: 8.37.93.0/24: Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761
RE: OpenNTPProject.org
For knowledge on the list. We found that our Cisco Nexus 7000s had NTP enabled on our public facing VDCs, even when the command feature ntp was not present. I had to explicitly enter no feature ntp to prevent the NTP server service from existing on our public facing 7K interfaces. Thanks, Mike -Original Message- From: Blake Dunlap [mailto:iki...@gmail.com] Sent: Monday, February 17, 2014 11:03 AM To: nanog@nanog.org Subject: Re: OpenNTPProject.org If you're trying to actually run a ntp server setup as opposed to just trusting the world, I strongly suggest reading the documentation for the service, as most people don't deploy it correctly while they think they have. At minimum, you want a cluster of 3 - 4 servers internally, configured as peers of each other, and listening to some source of time, preferably multiple like a few on the internet from the big public pool, and if you really care about time, set up a GPS receiver or two. You can definitely go farther than the above, but that's the start to doing it right. Anything short of the above is just trusting the world at large, and you'll likely happily follow along with any time skew like that thing a few months/year ago with either tick or tock. Without the above, you don't have enough sane sources to discredit bad advisers (you need 3 for a time lock). -Blake On Mon, Feb 17, 2014 at 9:38 AM, Anthony Williams alby.willi...@verizon.com wrote: Blake: Just to make sure I've got this down, listing a device as a peer in the ntp.conf file will create a situation where both devices are saying, I know what time it is and splitting the difference? Whereas when you list a device as a server, it's using that as the authority on the correct time? Example: -- # peer192.168.1.1 iburst peer192.168.1.2 iburst # server ntp.colby.edu minpoll 6 maxpoll 10 iburst server bonehed.lcs.mit.edu minpoll 6 maxpoll 10 iburst On 2/17/2014 10:28 AM, Blake Dunlap wrote: Peer means it considers the other side an equal and they will mutually skew time together. If you have peer on for devices you don't consider your time servers, you're opening yourself up to problems. -Blake
Windstream Issues
Is everyone having Windstream issues? Our BGP sessions are down and MPLS network connectivity as of 2/8 @ 3:56 am EST. -Mike
RE: IP Address Management IPAM software for small ISP
Eric, you should look at 6connect. They have a good product for IPv4 and IPv6 address management. -Mike -Original Message- From: Eric A Louie [mailto:elo...@yahoo.com] Sent: Wednesday, December 12, 2012 8:23 PM To: nanog@nanog.org Subject: IP Address Management IPAM software for small ISP I'm looking for IPAM solutions for a small regional wireless ISP. There are 4 Tier 2 personnel and 2 NOC technicians who would be using the tool, and a small staff of engineers. They have regionalized IP addresses so blocks are local, but there are subnets that are global. don't care if it's a linux or windows solution. Need to be able to migrate from FreeIPdb (yes, I know, it's a dinosaur) We're not dealing with a lot now, but the potential for growth is pretty high. What are you using and how is it working for you? Much appreciated, Eric
RE: Verizon's New Repair Method: Plastic Garbage Bags
Maybe you can hope for a wind storm to take down the pole or someone to crash into it, then they'll surely have to fix it. -Mike -Original Message- From: Eric Wieling [mailto:ewiel...@nyigc.com] Sent: Monday, August 20, 2012 3:57 PM To: Justin M. Streiner; nanog@nanog.org Subject: RE: Verizon's New Repair Method: Plastic Garbage Bags Unfortunately, the lines are being resold by a CLEC. My understanding is the PUC/PSC doesn't take complaints from CLECs and, since the customer is customer of the CLEC, any complaints which are filed go against the CLEC, not Verizon. -Original Message- From: Justin M. Streiner [mailto:strei...@cluebyfour.org] Sent: Monday, August 20, 2012 3:41 PM To: nanog@nanog.org Subject: Re: Verizon's New Repair Method: Plastic Garbage Bags On Mon, 20 Aug 2012, Joel Esler wrote: Can we all just agree that the whole pole needs to be restrung? That's horrible! Agreed, but Verizon and whoever happens to be on that pole are pretty unlikely to do that unless pushed. The NY Public Service Commission might find the state of what's on that pole interesting, particularly with supporting documentation (trouble history, pole number/location, etc). jms On Aug 20, 2012, at 3:25 PM, Harry Hoffman hhoff...@ip-solutions.net wrote: What? That's totally legit. Look! There's even bubble wrap there for cushioning! ;-) On 08/20/2012 03:09 PM, Eric Wieling wrote: For a while we have had a customer with some lines which go down every time it rains. We put in the trouble ticket, a couple of days later Verizon says the issue is resolved...until the next time it rains. The customer sent us some pictures today of the pole outside their office. The repair appears to be wrapping some plastic bags around something up on the pole. Here is link to the pictures the customer sent us, in case anyone in the mood for a good scare. http://rock.nyigc.net/verizon/
RE: IP Management Software
+1, agree on 6connect.net. -Original Message- From: Rafael Rodriguez [mailto:packetjoc...@gmail.com] Sent: Friday, December 16, 2011 12:55 PM To: Shahab Vahabzadeh Cc: nanog@nanog.org Subject: Re: IP Management Software Check out 6connect. Sent from my iPhone On Dec 16, 2011, at 11:03, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi everybody, Can anybody share his/her experience with IP Management software's? Which I can use it managing near 100K IP Address? IPPlan is not good enough, I think its covering all my need and not fully flexible. If you have discuss this before here please share me the link. Thanks -- Regards, Shahab Vahabzadeh, IP Engineer, *nix Admin and Geek
RE: IPv6 words
We decided to go the TEXT to HEX conversion route and our main website IPv6 Address ends in 337a:2e6e:6574 -Mike -Original Message- From: Jeroen van Aart [mailto:jer...@mompl.net] Sent: Thursday, June 23, 2011 6:11 PM To: NANOG list Subject: IPv6 words I am sure it has come up a number of times, but with IPv6 you can make up fancy addresses that are (almost) complete words or phrases. Making it almost as easy to remember as the resolved name. It'd be nice in a weird geek sort of way (but totally impractical) to be able to request IPv6 blocks that have some sort of fancy name of your choice. 2001:db8:dead:beef:: dead:beef:: dead::beef As seen on http://en.wikipedia.org/wiki/Magic_number_%28programming%29 DEADBEEF Famously used on IBM systems such as the RS/6000, also used in the original Mac OS operating systems, OPENSTEP Enterprise, and the Commodore Amiga. On Sun Microsystems' Solaris, marks freed kernel memory (KMEM_FREE_PATTERN) Bonus points if your organisation's name only contains HEX characters. Greetings, Jeroen -- Earthquake Magnitude: 1.1 Date: Thursday, June 23, 2011 21:27:56 UTC Location: Southern California Latitude: 33.6613; Longitude: -116.7003 Depth: 17.10 km
RE: where are all the IPv6 tools?
We use the IPAM tool by 6connect.net, not sure if that is what you are looking for exactly? -Mike -Original Message- From: chip [mailto:chip.g...@gmail.com] Sent: Wednesday, May 25, 2011 3:40 PM To: Kyle Duren Cc: nanog@nanog.org Subject: Re: where are all the IPv6 tools? On Wed, May 25, 2011 at 3:29 PM, Kyle Duren pixitha.k...@gmail.com wrote: On Wed, May 25, 2011 at 11:54 AM, Jay Borkenhagen j...@braeburn.org wrote: Hi, I depend on a number of shell tools for manipulating IPv4 addresses, CIDR blocks, etc. like: aggis ipsort.pl grepcidr aggregate I have not yet found much in terms of similar shell utilities for IPv6. I've spoken to authors of some of these tools and they admit they have not yet produced IPv6-capable versions. (Not trying to name and shame: those tools are great, I just want more!) Do folks here know of IPv6 tools that might provide some of the functions the above tools provide for IPv4? Thanks! Jay B. I recommend IPv6gen. http://code.google.com/p/ipv6gen/ Very useful. Granted its not what you were asking for exactly From the site: ipv6gen is tool which generates list of IPv6 prefixes of given length from certain prefix according to RFC 3531. (A Flexible Method for Managing the Assignment of Bits of an IPv6 Address Block) -Kyle There's also sipcalc which has nothing to do with VOIP http://www.routemeister.net/projects/sipcalc/ --chip -- Just my $.02, your mileage may vary, batteries not included, etc
RE: Level 3 Agrees to Purchase Global Crossing
I find it amusing that the article says - The deal will combine two unprofitable companies So I guess the thinking is that two negatives make a positive? -Mike -Original Message- From: Dorn Hetzel [mailto:d...@hetzel.org] Sent: Monday, April 11, 2011 10:26 AM To: Jay Ashworth Cc: NANOG Subject: Re: Level 3 Agrees to Purchase Global Crossing On Mon, Apr 11, 2011 at 10:22 AM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: William Allen Simpson william.allen.simp...@gmail.com http://www.bloomberg.com/news/print/2011-04-11/level-3-agrees-to-acquire-global-crossing-in-deal-valued-at-1-9-billion.html The deal will combine two unprofitable companies with total revenue of $6.26 billion as of last year, and cut annualized capital spending by about $40 million, according to the statement. It will also help reduce the pressure on prices, which have declined by as much as 30 percent a year in the industry, said Donna Jaegers, an analyst at DA Davidson Co. Let me see if I have that straight. We're *admitting* in public that the result will be to make prices go up for customers? Wow... Justice is going to have a field day with that. Cheers, -- jra Well, maybe they're just admitting it will slow the rate at which prices go down :)
RE: Internet Edge Router replacement - IPv6 route table sizeconsiderations
Is anyone staying away from certain address ranges in /127s? I have seen where they say not to use the all zeros or end addresses from 1 - 127. Thoughts on this? -Mike -Original Message- From: Justin M. Streiner [mailto:strei...@cluebyfour.org] Sent: Thursday, March 10, 2011 10:36 AM To: Richard A Steenbergen Cc: nanog@nanog.org Subject: Re: Internet Edge Router replacement - IPv6 route table sizeconsiderations On Thu, 10 Mar 2011, Richard A Steenbergen wrote: On Thu, Mar 10, 2011 at 10:52:37AM -0800, George Bonser wrote: What I have done on point to points and small subnets between routers is to simply make static neighbor entries. That eliminates any neighbor table exhaustion causing the desired neighbors to become unreachable. I also do the same with neighbors at public peering points. Yes, that comes at the cost of having to reconfigure the entry if a MAC address changes, but that doesn't happen often. And this is better than just not trying to implement IPv6 stateless auto-configuration on ptp links in the first place how exactly? Don't get taken in by the people waving an RFC around without actually taking the time to do a little critical thinking on their own first, /64s and auto-configuration just don't belong on router ptp links. And btw only a handful of routers are so poorly designed that they depend on not having subnets longer than /64s when doing IPv6 lookups, and there are many other good reasons why you should just not be using those boxes in the first place. :) +1 Auto-config has its place, and I don't think core infrastructure is one of them. In our addressing plan, I've allocated /64s for each point-to-point link, but will use /127s in practice. That seemed like the best compromise between throwing /64s at everything and being prepared for the off-chance that something absolutely requires a /64. jms
RE: Cisco Nexus 5000 with 4G FC module - initialization ?
When you do a show running, do the interfaces show there at all as fc x/x? Do you have the FCOE feature enabled? -Mike -Original Message- From: Thomas Weible [mailto:thomas.wei...@flexoptix.net] Sent: Monday, January 17, 2011 11:14 AM To: nanog@nanog.org Subject: Cisco Nexus 5000 with 4G FC module - initialization ? Hi, I got some trouble to get the 8-port (4/2/1 FC module) up and running in a Nexus 5000. The module itself is shown in the inventory but when I want to have a detailed look on an interface than there is no option Fibre Channel. Is there anything else to do with this module (activation, initialization, etc. ?) Thanks Thomas
RE: Appliance Vs Software based routers
I assume the ASA's don't run natively on VMware or Xen, I assume you have to use something like GNS3. I think that would be fine for testing, but in real world production running an ASA on GNS3 under an another OS seems like a bad idea. I hope Cisco will come out with Virtual Appliances for some of their products like they did for the Nexus 1000V. -Mike -Original Message- From: Daryl G. Jurbala [mailto:da...@introspect.net] Sent: Wednesday, August 04, 2010 10:54 AM To: Xavier Beaudouin Cc: nanog Subject: Re: Appliance Vs Software based routers On Aug 4, 2010, at 9:53 AM, Xavier Beaudouin wrote: Le 4 août 2010 à 15:14, Mirko Maffioli a écrit : 2010/7/25 Laurens Vets laur...@daemon.be: Cisco PIX: no, Cisco ASA: yes. It even runs under VMware... It's however very hackish... :) Cisco ASA under VMware?? :| CiscoASA is based on x86, there is no reasons you cannot run this into VMWare or Xen... If that were the only qualification, PIX builds for the 515s would run under VMWare or XEN as well. Maybe they do, but I've never seen it.
RE: TWTC
Are you asking about TW Telecom or Time Warner Cable? We have clients in CA with TW Telecom with no issues at this time. Mike Walter Sr. Network Engineer 3z.net a PCD Company -Original Message- From: Bill Blackford [mailto:bblackf...@gmail.com] Sent: Tuesday, June 15, 2010 4:19 PM To: nanog@nanog.org Subject: TWTC Anyone on the list seeing issues with Time warner on the West coast? -- Bill Blackford Network Engineer Logged into reality and abusing my sudo privileges.
txt.att.net operators
We have been struggling to locate someone at ATT that handles the txt.att.net servers. We have clients in our data center that can no longer send emails to mobile phones via 10di...@txt.att.net. We have contacted ATT and they say there is no problem on their end. We can ping the server, but simply cannot connect to port 25. We have checked all firewalls of each client. Some ranges of IPs work and others don't. Looking for someone with a clue who can assist. Mike Walter
RE: Mail Submission Protocol
We have had very good luck with using port 587 and requiring the users to authenticate to send email from outside our network. Inside customers, we have not changed to force port 587 and authentication for email clients, but the topic has come up in discussions. This won't of course, stop spammers if they are hijacking the users local email client settings. -Mike -Original Message- From: Claudio Lapidus [mailto:clapi...@gmail.com] Sent: Wednesday, April 21, 2010 9:49 AM To: nanog@nanog.org Subject: Mail Submission Protocol Hello all, At our ISP operation, we are seeing increasing levels of traffic in our outgoing MTA's, presumably due to spammers abusing some of our subscribers' accounts. In fact, we are seeing connections from IPs outside of our network as many as ten times of that from inside IPs. Probably all of our customers are travelling abroad and sending back a lot of postcards, but just in case... ;-) So we are considering ways to further filter this traffic. We are evaluating implementation of MSA through port 587. However, we never did this and would like to know of others more knowledgeable of their experiences. The question is what best practices and stories do you guys have to share in this regard. Also please let me know if you need additional detail. thanks in advance, cl.
RE: AOL Postmaster
Have you been through http://postmaster.aol.com/? Mike -Original Message- From: Aaron Wendel [mailto:aa...@wholesaleinternet.com] Sent: Monday, June 01, 2009 12:48 PM To: nanog@nanog.org Subject: AOL Postmaster Is anyone from AOL lurking on the list that could contact me of-list? I'm having some issues with mail being rejected because AOL believes our IPs are dynamic. Aaron
RE: McColo and SPAM
We have not seen any decrease. In the last 24 hours we have seen 3.5 million messages blocked. -Mike -Original Message- From: Revolver Onslaught [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2008 2:14 PM To: nanog Subject: McColo and SPAM Hello, Since McColo closed, we noticed the spam was far more intensive than before. However, it seems the amount of spam is similar than than before. Do you feel the same ? Many thanks, RO
RE: Verizon/UU.net/Alternet Routing issue
Yes, we saw the same thing and all seems to be better now. Was on hold and hung up. Mike Walter, MCP Systems Administrator 3z.net a PCD Company http://www.3z.net When Success is the Only Solution think 3z.net -Original Message- From: Peter Beckman [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2008 4:48 PM To: nanog@nanog.org Subject: Verizon/UU.net/Alternet Routing issue At about 4:24pm EDT, I lost connectivity from Verizon to destinations in New York, Seattle and others. Came back up (4:46pm) while composing this email. Anyone else notice? Major problem or minor routing issue? Packets Pings HostLoss% Snt Last Avg Best Wrst StDev 1. localrouter 67.6% 3950.6 1.6 0.5 18.8 2.3 2. 10.1.41.150.0% 3955.7 5.1 1.8 306.0 17.4 3. P4-2.LCR-02.WASHDC.verizon-g 0.0% 3957.4 2.7 1.2 19.0 2.5 4. 130.81.29.218 0.0% 3956.0 3.8 1.8 40.9 4.2 5. 152.63.39.177 0.0% 3958.6 6.8 3.9 71.3 4.4 152.63.36.213 6. 152.63.69.11371.6% 395 120.7 44.0 31.2 186.7 30.3 7. POS7-0-0.GW4.IND6.ALTER.NET 30.7% 395 1179. 133.3 121.3 1179. 79.5 8. 152.63.67.25093.9% 395 121.5 125.4 121.0 186.2 13.0 9. POS6-0-0.GW4.IND6.ALTER.NET 53.0% 395 318.9 217.7 206.8 722.0 43.3 10. 152.63.67.25096.2% 395 211.1 211.1 209.0 215.7 1.8 11. POS6-0-0.GW4.IND6.ALTER.NET 67.0% 395 422.1 305.9 294.9 692.1 37.5 12. 152.63.67.25097.5% 394 295.1 298.0 295.1 303.6 2.5 13. POS6-0-0.GW4.IND6.ALTER.NET 73.5% 394 523.9 391.5 382.1 523.9 17.7 14. 152.63.67.25098.7% 392 388.5 386.6 381.9 389.5 3.1 15. POS6-0-0.GW4.IND6.ALTER.NET 82.6% 392 632.9 481.2 468.6 632.9 22.2 16. 152.63.67.25099.2% 388 472.7 472.2 470.2 473.6 1.8 17. POS6-0-0.GW4.IND6.ALTER.NET 85.8% 388 737.0 573.3 559.4 737.0 27.8 18. 152.63.67.25099.2% 387 560.5 562.0 560.5 565.1 2.7 19. POS6-0-0.GW4.IND6.ALTER.NET 89.6% 387 839.0 664.8 644.9 839.0 38.6 20. 152.63.67.25099.2% 387 649.3 649.6 649.3 649.9 0.3 21. POS6-0-0.GW4.IND6.ALTER.NET 94.8% 383 946.4 763.8 734.6 946.4 48.5 22. 152.63.67.25099.7% 376 735.5 735.5 735.5 735.5 0.0 23. POS6-0-0.GW4.IND6.ALTER.NET 92.5% 376 895.4 842.2 819.1 909.0 26.8 24. ??? 25. POS6-0-0.GW4.IND6.ALTER.NET 96.7% 365 1153. 955.9 908.9 1153. 78.7 26. ??? 27. POS6-0-0.GW4.IND6.ALTER.NET 96.6% 328 1261. 1057. 998.8 1261. 86.8 28. 152.63.67.25099.6% 245 999.3 999.3 999.3 999.3 0.0 29. POS6-0-0.GW4.IND6.ALTER.NET 98.8% 245 1189. 1123. 1086. 1189. 57.5 30. ??? Beckman --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.angryox.com/ ---
RE: Level 3 / Time Warner problem in Columbus OH?
Just spoke with TW Telecom on my ticket. They have (2) OC-192s down in the Ohio area. They have open troubles with their vendor. Seems odd that both are down according to the rep I spoke with. We have shut down our TW Telecom BGP session until resolved due to high latency. Mike Walter, MCP Systems Administrator 3z.net -Original Message- From: Peter Pauly [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2008 11:43 AM To: Nanog Mailing list Subject: Level 3 / Time Warner problem in Columbus OH? Time Warner is reporting to me that their provider, Level 3 is having problems in Columbus OH that is affecting several large midwest cities. Anyone have more details?