Re: Force10 Gear - Opinions
On Mon, Aug 25, 2008 at 7:26 PM, Jo Rhett [EMAIL PROTECTED] wrote: 1) Reliability Very good. Across our entire business we've lost 1 RPM module in ~2 years. How many boxes in total? Losing a single routing engine in two years is not a bad MTBF, though I wonder if we're talking about one chassis or one thousand. 2) Performance [Note: we have no 10g interfaces, so I can only speak to a many-singleg-port environment] Much higher than Cisco. So good at dealing with traffic problems that we have had multi-gig DoS attacks that we wouldn't have known about without having an IDS running on a mirroring port. Routing n*GE at line rate isn't difficult these days, even with all 64-byte packets and other DoS conditions. Linksys, D-Link, SMC, etc are able to pull it off on the layer 3 switches sold at Fry's for a couple benjamins a pop. :) Now mind you, this is all traffic through the router. I'd imagine Force 10 would have a problem with traffic aimed at its interface or loopback IPs, given their lack of control plane policing/filtering, unlike say: http://aharp.ittns.northwestern.edu/papers/copp.html 3) Support staff (how knowledgeable are they?) Significantly higher than Cisco, and escalation is easier. On par with Juniper. This is good, though not necessarily hard when you have a small pool of TAC people. Then again, I've always had a good support experience with Extreme, but I'm not about to run out and replace my core with Black Diamonds. :) These things are so very solid that I rarely spend any time doing network work any more. Gigabit line-speed BCP38 makes life easier for the abuse helpdesk too. I'm unaware of any hardware-forwarding-based platforms which can't do this. Though if I find any, I'll be sure to steer clear! Paul Wall
RE: Is it time to abandon bogon prefix filters?
On Sun, 24 Aug 2008, Tomas L. Byrnes wrote: You're missing one of the basic issues with bogon sources: they are often advertised bogons, IE the bad guy DOES care about getting the packets back, and has, in fact, created a way to do so. This is usually VERY BAD traffic, and EVEN WORSE if a user goes TO a site hosted in such IP space. So, Bogon filtering has value beyond mere spoofed source rejection. Unmanaged (or semi-managed) routers probably should not be running BGP or other exterior routing protocols. Unmanaged routers with BGP provide more opportunities to create havoc and mischief.
Re: Force10 Gear - Opinions
Then again, I've always had a good support experience with Extreme, but I'm not about to run out and replace my core with Black Diamonds. :) I once worked at a place where we had BD 6808's at the core; one of them consistently had hardware issues, and it took me the better part of a year of fighting with Extreme to get them to replace the chassis, but when they did, the problems went away, imagine that. I suppose similar isolated incidents could happen with anyone occasionally though. Chris On Tue, Aug 26, 2008 at 3:26 AM, Paul Wall [EMAIL PROTECTED] wrote: On Mon, Aug 25, 2008 at 7:26 PM, Jo Rhett [EMAIL PROTECTED] wrote: 1) Reliability Very good. Across our entire business we've lost 1 RPM module in ~2 years. How many boxes in total? Losing a single routing engine in two years is not a bad MTBF, though I wonder if we're talking about one chassis or one thousand. 2) Performance [Note: we have no 10g interfaces, so I can only speak to a many-singleg-port environment] Much higher than Cisco. So good at dealing with traffic problems that we have had multi-gig DoS attacks that we wouldn't have known about without having an IDS running on a mirroring port. Routing n*GE at line rate isn't difficult these days, even with all 64-byte packets and other DoS conditions. Linksys, D-Link, SMC, etc are able to pull it off on the layer 3 switches sold at Fry's for a couple benjamins a pop. :) Now mind you, this is all traffic through the router. I'd imagine Force 10 would have a problem with traffic aimed at its interface or loopback IPs, given their lack of control plane policing/filtering, unlike say: http://aharp.ittns.northwestern.edu/papers/copp.html 3) Support staff (how knowledgeable are they?) Significantly higher than Cisco, and escalation is easier. On par with Juniper. This is good, though not necessarily hard when you have a small pool of TAC people. Then again, I've always had a good support experience with Extreme, but I'm not about to run out and replace my core with Black Diamonds. :) These things are so very solid that I rarely spend any time doing network work any more. Gigabit line-speed BCP38 makes life easier for the abuse helpdesk too. I'm unaware of any hardware-forwarding-based platforms which can't do this. Though if I find any, I'll be sure to steer clear! Paul Wall
Re: Force10 Gear - Opinions
On Tue, 26 Aug 2008, Chris Riling wrote: I once worked at a place where we had BD 6808's at the core; one of them consistently had hardware issues, and it took me the better part of a year of fighting with Extreme to get them to replace the chassis, but when they did, the problems went away, imagine that. I suppose similar isolated incidents could happen with anyone occasionally though. If you've worked long enough, you will have had everything happen to you. I've had power supply problems where it was actually the SUP720-3BXL that was the issue (discovered after first replacing PSU, then chassis, then finally the SUP). We have a GSR where we have replaced everything so far (including chassis), problem still persists. What do to then? Ask to replace everything again but do this in one bang? Must be interesting to work as a TAC engineer, they must see a lot of weird things. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
RE: It's Ars Tech's turn to bang the IPv4 exhaustion drum
I'm looking at building a large network with Ipv6 in the Los Angeles metro area, to serve a number of small businesses via a large scale wireless network. Essentially a large scale private WAN, with globally routable addresses (for a VoIP/IPTV roll out later) So I'm not exactly a traditional ISP or colocation customer, but share characteristics with them. Does this matter? Should I just submit my request and see what happens? Yes, you should just submit your request and see what happens. If there isn't enough documentation or you filled out something incorrectly, ARIN generally contacts you and explains what you need to provide in order to justify your request. It is pretty painless really. At worst, because your business model is out of the ordinary, you might spend a week or two going back and forth explaining things. --Michael Dillon
Re: Native v6 with Level(3)?
On Tue, Aug 26, 2008 at 1:47 AM, Jay Hennigan [EMAIL PROTECTED] wrote: Christopher Morrow wrote: www.nanog.org/mtg-0510/bamford.html ) maybe L3's support staff should check their internal documentation?? Slide 17 says: Deployment completed Q3 2005... so, they apparently have it, can get it to you and do 6PE (or did 6PE a bit ago). Maybe ask again and aim the nay-sayer to the nanog preso and ask them to call stewart up directly? We had the same issue when we inquired initially. Apparently Level(1) support at Level(3) has Level(0) clue as to their capabilities. This is, sadly, not different from a bunch of ISP's (I think vzb is still in a wierd state where getting their sales/install/support folks to put v6 on your link is harder than it ought to be) I responded to Kyle off-list as to the email address for getting to the people with the answers. Stewart is still on the team and they had us up and running on IPv6 within a couple of days once I contacted the right people. hurray! :) what's the email address so other folks searching might be able to find it? Looking at the ARIN contact info for: 2001:1900::/32 doesn't produce something that seems ipv6 specific (which is probably good). -chris
Domain Security risk?
Hey folks, I have a customer that owns a domain and has owned it for years. Out of the blue they got an email from Asia Internet Network Information Center. They claim to be an approved Domain name dispute resolution committee member. When I researched it: http://www.adndrc.org/adndrc/index.html They do not appear to be approved. Has anyone had dealings with them? Currently I am pushing this to ICANN and Network Solutions (domain registrar). Comments? Ideas? Thanks, Jim McBurnett Senior Network Engineer CCNP,CCVP, CCDA Thomas Glover Associates, Inc. 864-473-1200 x 106 office 864-641-5863 Cell
RE: Native v6 with Level(3)?
This is, sadly, not different from a bunch of ISP's (I think vzb is still in a wierd state where getting their sales/install/support folks to put v6 on your link is harder than it ought to be) I responded to Kyle off-list as to the email address for getting to the people with the answers. Stewart is still on the team and they had us up and running on IPv6 within a couple of days once I contacted the right people. hurray! :) what's the email address so other folks searching might be able to find it? Please go to the ARIN IPv6 wiki and add any ISP contact info to this page: http://www.getipv6.info/index.php/Providers_Currently_Selling_IPv6_Tran sit --Michael Dillon
Re: Force10 Gear - Opinions
Paul Wall wrote: On Fri, Aug 22, 2008 at 10:34 AM, Matlock, Kenneth L [EMAIL PROTECTED] wrote: Does anyone here have real-world experience with Force 10 gear (Specifically their E-Series and C-Series)? They came and did their whole dog and pony show today, but I wanted to get real-world feedback on their gear. I need to know about their 1) Reliability 2) Performance EANTC did a comprehensive study of the E-series: http://www.eantc.de/en/test_reports_presentations/test_reports/force_10_sfm_failover_video_ftos_6211.html http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/EANTC_Full_Report.pdf http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2006-2008/Cisco-Force10/Section_8.pdf Standard benchmarketing. Not that I blame Cisco or EANTC for that, since they were debunking some benchmarketing done by Force10 and Tolly, but consider the source (and follow the money) when reading any independent test and what that means for accuracy. 80% of the EANTC report can be summed up as The default CAM profile didn't do what we wanted, and we didn't bother asking Force10 for the commands to make it work. There are indeed some interesting product weaknesses, like any vendor has, but the fact that Force10's CAM can be partitioned to match the buyer's needs, rather than having a fixed configuration that all customers are forced to use, is an advantage in my book. S (Disclosure: I am a former employee of both Cisco and Force10, but have no ties to either today.)
RE: Domain Security risk?
Looks like they are to me: http://www.icann.org/en/announcements/announcement-03dec01.htm http://www.icann.org/en/dndr/tdrp/approved-providers.htm -M -- Martin Hannigan http://www.verneglobal.com/ Senior Director e: [EMAIL PROTECTED] Verne Global Datacenters c: +16178216079 Keflavik, Icelandf: +16172347098 -Original Message- From: Jim McBurnett [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 10:40 AM To: nanog@nanog.org Subject: Domain Security risk? Hey folks, I have a customer that owns a domain and has owned it for years. Out of the blue they got an email from Asia Internet Network Information Center. They claim to be an approved Domain name dispute resolution committee member. When I researched it: http://www.adndrc.org/adndrc/index.html They do not appear to be approved. Has anyone had dealings with them? Currently I am pushing this to ICANN and Network Solutions (domain registrar). Comments? Ideas? Thanks, Jim McBurnett Senior Network Engineer CCNP,CCVP, CCDA Thomas Glover Associates, Inc. 864-473-1200 x 106 office 864-641-5863 Cell
OT but funny: shades of gallery.colofinder.net
Not to pick on the Democrats unduly - they just went first in terms of giving us crummy cabling as a metaphor for crummy government; inshallah the Republicans will give us something as good or better when they have their turn next week... http://www.wired.com/techbiz/media/multimedia/2008/08/gallery_dnc_tech?slide=7slideView=4 Is anyone still running a cabling horror show photo rogue's gallery? Drive Slow, Paul Wall
RE: speaking of slightly OT but perhaps still operational content
Unless they have installed a DAS system for cell signal transport or a number of micro or nano cells in the building they will have congestion. But what is a political convention without a little congestion. John (ISDN) Lee From: Dorn Hetzel [EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 12:50 PM To: NANOG list Subject: speaking of slightly OT but perhaps still operational content I noticed where the democrats plan to ask a stadium full of people to all use their cellphones at the same time (on Thursday, I believe) Any thoughts on how useable cell service will or wont be in the vicinity of this event? :) -Dorn
RE: speaking of slightly OT but perhaps still operational content
Probably very less amount of users will be able to call and the rest in that cell site coverage will get congestion. -amir -Original Message- From: John Lee [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 27, 2008 12:51 AM To: Dorn Hetzel; NANOG list Subject: RE: speaking of slightly OT but perhaps still operational content Unless they have installed a DAS system for cell signal transport or a number of micro or nano cells in the building they will have congestion. But what is a political convention without a little congestion. John (ISDN) Lee From: Dorn Hetzel [EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 12:50 PM To: NANOG list Subject: speaking of slightly OT but perhaps still operational content I noticed where the democrats plan to ask a stadium full of people to all use their cellphones at the same time (on Thursday, I believe) Any thoughts on how useable cell service will or wont be in the vicinity of this event? :) -Dorn Internal Virus Database is out of date. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.6.4/1615 - Release Date: 8/16/2008 7:11 AM
Re: OT but funny: shades of gallery.colofinder.net
On Tue, Aug 26, 2008 at 12:41 PM, Paul Wall [EMAIL PROTECTED] wrote: Not to pick on the Democrats unduly - they just went first in terms of giving us crummy cabling as a metaphor for crummy government; http://www.wired.com/techbiz/media/multimedia/2008/08/gallery_dnc_tech?slide=7slideView=4 Paul, One makes difference choices when it only has to last 7 days. Here's what it looks like at DNC headquarters in DC where it has to last from year to year: http://bill.herrin.us/cables-sm.jpg Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: speaking of slightly OT but perhaps still operational content
Perhaps I'm wrong, but I thought its fairly typical for large events such as these (with lots of communications assets being deployed, not unlike a Superbowl, etc) for Cell companies to roll in COWs (Cell-on-wheels) type deployments to support additional capacity. Am I living in a fantasy land? Deepak John Lee wrote: Unless they have installed a DAS system for cell signal transport or a number of micro or nano cells in the building they will have congestion. But what is a political convention without a little congestion. John (ISDN) Lee From: Dorn Hetzel [EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 12:50 PM To: NANOG list Subject: speaking of slightly OT but perhaps still operational content I noticed where the democrats plan to ask a stadium full of people to all use their cellphones at the same time (on Thursday, I believe) Any thoughts on how useable cell service will or wont be in the vicinity of this event? :) -Dorn
Re: OT but funny: shades of gallery.colofinder.net
On Tue, Aug 26, 2008 at 3:22 PM, William Herrin [EMAIL PROTECTED] wrote: One makes difference choices when it only has to last 7 days. Here's what it looks like at DNC headquarters in DC where it has to last from year to year: But of course. Hope you're not killing yourself out in Denver; event networking can be a bear. http://bill.herrin.us/cables-sm.jpg Who knew that the Rainbow Coalition's day job was in IT at the DNC? Drive Slow, Paul Wall
Where to put our router
Good afternoon (or whatever it is for you ;), We have just finished moving a large amount of equipment to a new facility outside of downtown Chicago. At present we have an uplink via a point-to-point to Equinox downtown. We are preparing to add another provider, and are debating where we should put our router. The two options would be in Equinox downtown (co-located with our existing provider) or at the new facility. Were we to do the former we would turn our existing point-to-point into our connection from our edge router to our distribution switch and add a second point-to-point for redundancy from the distro switch back to the router. Were we to do the latter we would get a second point-to-point direct from our new provider to their network and connect it to our router where it is now. The major advantage I can think of to having it in Equinox is the availability of cross connects to just about anyone. There are a few providers in the new facility, but not many. The major disadvantage is that if we suddenly need a large amount of transport (i.e. a new large client, a definitive short-term possibility) we would either need to get a new or additional point-to-point from downtown to the facility or would need to get another router to utilize at the new facility (were we to meet up with one of the in-building providers instead of getting the point-to-point transport). Any thoughts related to the advantages or disadvantages of doing one or the other would be greatly appreciated. Thanks in advance. Kind regards, Jake Mertel Nobis Technology Group, L.L.C.
US government mandates? use of DNSSEC by federal agencies
Not sure what this will actually mean in the long run, but it's at least worth noting. http://www.gcn.com/online/vol1_no1/46987-1.html http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdf Bill Bogstad
Re: OT but funny: shades of gallery.colofinder.net
After the first and second InterOps our cable plant for networks that lasted a week were considerably better organized. The short duration isn't that compelling for ... pasta panic. Paul Wall wrote: On Tue, Aug 26, 2008 at 3:22 PM, William Herrin [EMAIL PROTECTED] wrote: One makes difference choices when it only has to last 7 days. Here's what it looks like at DNC headquarters in DC where it has to last from year to year: But of course. Hope you're not killing yourself out in Denver; event networking can be a bear. http://bill.herrin.us/cables-sm.jpg Who knew that the Rainbow Coalition's day job was in IT at the DNC? Drive Slow, Paul Wall
Re: OT but funny: shades of gallery.colofinder.net
On Tue, Aug 26, 2008 at 05:12:39PM -0400, Eric Brunner-Williams wrote: After the first and second InterOps our cable plant for networks that lasted a week were considerably better organized. The short duration isn't that compelling for ... pasta panic. I got to go to one Interop; way back in Atlanta when Cabletron and whomever else turned into Bay Networks were still separate companies. It seemed pretty clean to me; which one was that? Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
RE: OT but funny: shades of gallery.colofinder.net
Cabletron != baynetworks, that was Wellfleet and Synoptics that merged to become Bay, that became Nortel. I've been around too long. -Keith -Original Message- From: Jay R. Ashworth [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 5:19 PM To: nanog@nanog.org Subject: Re: OT but funny: shades of gallery.colofinder.net On Tue, Aug 26, 2008 at 05:12:39PM -0400, Eric Brunner-Williams wrote: After the first and second InterOps our cable plant for networks that lasted a week were considerably better organized. The short duration isn't that compelling for ... pasta panic. I got to go to one Interop; way back in Atlanta when Cabletron and whomever else turned into Bay Networks were still separate companies. It seemed pretty clean to me; which one was that? Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
Re: speaking of slightly OT but perhaps still operational content
Even with a COW, I'm not sure all the providers together have anywhere near enough spectrum to service 75,000 geographically coincident calls :) On Tue, Aug 26, 2008 at 3:33 PM, Deepak Jain [EMAIL PROTECTED] wrote: Perhaps I'm wrong, but I thought its fairly typical for large events such as these (with lots of communications assets being deployed, not unlike a Superbowl, etc) for Cell companies to roll in COWs (Cell-on-wheels) type deployments to support additional capacity. Am I living in a fantasy land? Deepak John Lee wrote: Unless they have installed a DAS system for cell signal transport or a number of micro or nano cells in the building they will have congestion. But what is a political convention without a little congestion. John (ISDN) Lee From: Dorn Hetzel [EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 12:50 PM To: NANOG list Subject: speaking of slightly OT but perhaps still operational content I noticed where the democrats plan to ask a stadium full of people to all use their cellphones at the same time (on Thursday, I believe) Any thoughts on how useable cell service will or wont be in the vicinity of this event? :) -Dorn
Level 3 TPA routing today?
Anyone seeing issues with Level 3 between anywhere and Tampa, particularly Atlanta and Dallas? We've seen lots of outbound issues and customers calling about their sites being down or slow. Ultimately turned our two links to them off and then everyone says looks better. I opened a ticket with them and of course they say no one has reported any issues whatsoever. I sent them a bunch of traces and will try turning them back on later tonight since these non-issues tend to resolve themselves if I wait for a single homed customer to yell loud enough for them to fix it. Thanks, David
Re: Level 3 TPA routing today?
On Tue, Aug 26, 2008 at 6:44 PM, David Hubbard [EMAIL PROTECTED] wrote: Anyone seeing issues with Level 3 between anywhere and Tampa, particularly Atlanta and Dallas? We've seen lots of outbound issues and customers calling about their sites being down or slow. Ultimately turned our two links to them off and then everyone says looks better. I opened a ticket with them and of course they say no one has reported any issues whatsoever. I sent them a bunch of traces and will try turning them back on later tonight since these non-issues tend to resolve themselves if I wait for a single homed customer to yell loud enough for them to fix it. Thanks, David David, I'm seeing the same thing in the Atlanta market. I can trace to 1 IP in a prefix but not another. Almost like maybe there's some FIB horkage across a multi-path link or something. Fired off an e-mail, awaiting status for now. --chip -- Just my $.02, your mileage may vary, batteries not included, etc
Re: OT but funny: shades of gallery.colofinder.net
Date: Tue, 26 Aug 2008 15:22:51 -0400 From: William Herrin [EMAIL PROTECTED] On Tue, Aug 26, 2008 at 12:41 PM, Paul Wall [EMAIL PROTECTED] wrote: Not to pick on the Democrats unduly - they just went first in terms of giving us crummy cabling as a metaphor for crummy government; http://www.wired.com/techbiz/media/multimedia/2008/08/gallery_dnc_tech?slide=7slideView=4 Paul, One makes difference choices when it only has to last 7 days. Here's what it looks like at DNC headquarters in DC where it has to last from year to year: http://bill.herrin.us/cables-sm.jpg When you build a network for a week, it's just not a good investment in time to be too neat. After all, in a week, it is all gone. Fun is networking a large show where the network is in a big, transparent room at the center of everything with lots of press taking pictures. Thee you have to build fast, debug fast, tear down really fast, and have everything look pretty. At Supercomputing every fall the net work has external connections of about 20 OC-192s and probably over 150 fiber links handled by a variety of different routers and switches all of which the NOC staff has to be able to work with. Last time I did SC was 2005 in Seattle. Pics at https://scinet.supercomp.org/gallery2/v/SC2005_Seattle/Mitch_Kutzko/ Look at the Tuesday November 15th page for pictures of the NOC. No single picture can really show the whole thing. A few are less than tidy...I guess Jim R. was not watching closely enough. I'll admit that most don't look quite as good as the DNC, but they were built rather more quickly and all by volunteers, albeit mostly seriously over-qualified ones. I retired from SCinet after 2005, but I miss if every November and I'd love to be in Austin this November to help build it again. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpZAhYlhSlQ7.pgp Description: PGP signature
Re: US government mandates? use of DNSSEC by federal agencies
Date: Tue, 26 Aug 2008 16:53:24 -0400 From: Bill Bogstad [EMAIL PROTECTED] Not sure what this will actually mean in the long run, but it's at least worth noting. http://www.gcn.com/online/vol1_no1/46987-1.html http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdf It will mean something in the medium term as '.gov' and '.org' will be signed very soon and OMB might be able to even get the root signed. (Since OMB can pull funding, no one argues with them much.) All of this will increase pressure on Verisign to deal with '.com' and '.net'. Note that this only has an impact on '.gov' and the zones immediately below it, but I suspect most sub-domains of *.gov will be signed as a result of this, even if it is not required. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpCIOrtUhcgp.pgp Description: PGP signature
RE: Level 3 TPA routing today?
Anyone seeing issues with Level 3 between anywhere and Tampa, particularly Atlanta and Dallas? We just have co-lo in Tampa, but our upstream's connectivity is through Level3 and we've been seeing intermittent packet loss up there all day. We alerted our upstream but no updates so far. It hasn't been bad enough for our customers to call and complain though. -- Justin Scott | GravityFree Network Administrator 1960 Stickney Point Road, Suite 210 Sarasota | FL | 34231 | 800.207.4431 941.927.7674 x115 | f 941.923.5429 www.GravityFree.com
Re: Level 3 TPA routing today?
On Tue, 26 Aug 2008, David Hubbard wrote: Anyone seeing issues with Level 3 between anywhere and Tampa, particularly Atlanta and Dallas? We've Internap just reported problems with L3 out of Miami: we are seeing latency, minor packet loss and path problems to a number of destinations and other PNAPs via our Level3 (AS3356) upstream connection in the MIA003 PNAP. --- david raistrickhttp://www.netmeister.org/news/learn2quote.html [EMAIL PROTECTED] http://www.expita.com/nomime.html
BGP, ebgp-multihop and multiple peers
Hi everyone, This question comes after likely overlooking an IETF document or BCP that describes what I'm after. Given that I am looking for advice from someone who is more experienced operationally in this regard than me, and that this technically is an implementation-neutral question, I wanted to ask here. Taking one router I have as an example, I have four IPv6 BGP peers (two are for true routing, the other two for route server projects), and five IPv4 BGP peers. Two of the v4 peers are Cymru for BOGONS, the other three are purely outbound to route server projects. All five v4 peers are ebgp-multihop. I'm looking for advice on the configuration of the peers with ebgp-multihop (IPv4). I have a reserved block carved out of my allocation specifically for /32s on loopbacks, and when I light up a new peer, I configure a new looopback interface for that peer, and subsequently give it the next available IP from the reserved /32 block. There are numerous drawbacks to doing it this way... waste of IPv4 addresses, additional keystrokes on the router for interface config, documentation, expanded margin for error et-al. There are a few benefits to doing it this way (IMHO), but I see obvious benefits of using a single loopback interface and single IP for ALL of these multihop peers. Before I state good/bad, or get any wrong idea in my head, I'd like to ask the real experts here which way they would/do this type of thing, and why. - single loopback/single IP for all peers, or; - each peer with its own loopback/IP? Thanks, Steve
Re: Level 3 TPA routing today?
On Tue, 26 Aug 2008, david raistrick wrote: On Tue, 26 Aug 2008, David Hubbard wrote: Anyone seeing issues with Level 3 between anywhere and Tampa, particularly Atlanta and Dallas? We've Internap just reported problems with L3 out of Miami: we are seeing latency, minor packet loss and path problems to a number of destinations and other PNAPs via our Level3 (AS3356) upstream connection in the MIA003 PNAP. I've been seeing 30-70% packet loss between Cox Business and Level3 from DC to NY since 8:17pm EDT. Maybe via Internap? Loss% Snt Last Avg Best Wrst StDev 3. mrfddsrj01-ge706.rd.dc.cox.n 0.0% 1002.4 5.1 2.2 51.9 8.3 4. xe-9-2-0.edge1.Washington1.L 67.0% 1002.5 6.8 2.4 41.6 8.6 5. vlan99.csw4.Washington1.Leve 69.0% 1002.7 8.3 2.6 23.7 5.0 6. ae-93-93.ebr3.Washington1.Le 68.0% 1003.0 9.9 2.7 30.9 6.3 7. ae-3.ebr3.NewYork1.Level3.ne 70.0% 100 10.5 15.8 8.1 44.2 8.8 8. ae-83-83.csw3.NewYork1.Level 71.0% 100 18.9 14.2 8.1 42.0 7.1 9. ae-31-89.car1.NewYork1.Level 66.0% 1008.6 25.7 8.5 165.4 41.7 Beckman --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.angryox.com/ ---
Re: BGP, ebgp-multihop and multiple peers
Steve, You ask a very good question because I have seen some providers embark on the multiple loopback approach for numerous reasons. I suggest a single loopback per routing-instance whenever possible. The cost savings in OSS and integration in routing configurations with a single repeatable block of configuration per peer/peer group is far more beneficial than some corner case technical benefit of having multiple loopback addresses. I have been forced for other feature support to deploy multiple loopback interfaces, but have always opted to keep all EBGP peering with a single loopback interface per routing-instance. Kind regards, Truman On 26/08/2008, at 7:48 PM, Steve Bertrand wrote: Hi everyone, This question comes after likely overlooking an IETF document or BCP that describes what I'm after. Given that I am looking for advice from someone who is more experienced operationally in this regard than me, and that this technically is an implementation-neutral question, I wanted to ask here. Taking one router I have as an example, I have four IPv6 BGP peers (two are for true routing, the other two for route server projects), and five IPv4 BGP peers. Two of the v4 peers are Cymru for BOGONS, the other three are purely outbound to route server projects. All five v4 peers are ebgp-multihop. I'm looking for advice on the configuration of the peers with ebgp- multihop (IPv4). I have a reserved block carved out of my allocation specifically for /32s on loopbacks, and when I light up a new peer, I configure a new looopback interface for that peer, and subsequently give it the next available IP from the reserved /32 block. There are numerous drawbacks to doing it this way... waste of IPv4 addresses, additional keystrokes on the router for interface config, documentation, expanded margin for error et-al. There are a few benefits to doing it this way (IMHO), but I see obvious benefits of using a single loopback interface and single IP for ALL of these multihop peers. Before I state good/bad, or get any wrong idea in my head, I'd like to ask the real experts here which way they would/do this type of thing, and why. - single loopback/single IP for all peers, or; - each peer with its own loopback/IP? Thanks, Steve
RE: Level 3 TPA routing today?
We've also been seeing some weird (hard to track down) issues all day with Level 3 in both Tampa and Atlanta, especially from our NMS systems monitoring systems all over the place. My contact at Level 3 didn't know of anything going on and couldn't really find anything. Anyone else have a Level 3 response? -Scott -Original Message- From: Peter Beckman [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 9:40 PM To: [EMAIL PROTECTED] Subject: Re: Level 3 TPA routing today? On Tue, 26 Aug 2008, david raistrick wrote: On Tue, 26 Aug 2008, David Hubbard wrote: Anyone seeing issues with Level 3 between anywhere and Tampa, particularly Atlanta and Dallas? We've Internap just reported problems with L3 out of Miami: we are seeing latency, minor packet loss and path problems to a number of destinations and other PNAPs via our Level3 (AS3356) upstream connection in the MIA003 PNAP. I've been seeing 30-70% packet loss between Cox Business and Level3 from DC to NY since 8:17pm EDT. Maybe via Internap? Loss% Snt Last Avg Best Wrst StDev 3. mrfddsrj01-ge706.rd.dc.cox.n 0.0% 1002.4 5.1 2.2 51.9 8.3 4. xe-9-2-0.edge1.Washington1.L 67.0% 1002.5 6.8 2.4 41.6 8.6 5. vlan99.csw4.Washington1.Leve 69.0% 1002.7 8.3 2.6 23.7 5.0 6. ae-93-93.ebr3.Washington1.Le 68.0% 1003.0 9.9 2.7 30.9 6.3 7. ae-3.ebr3.NewYork1.Level3.ne 70.0% 100 10.5 15.8 8.1 44.2 8.8 8. ae-83-83.csw3.NewYork1.Level 71.0% 100 18.9 14.2 8.1 42.0 7.1 9. ae-31-89.car1.NewYork1.Level 66.0% 1008.6 25.7 8.5 165.4 41.7 Beckman -- - Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.angryox.com/ -- -
Re: BGP, ebgp-multihop and multiple peers
On Tue, Aug 26, 2008 at 7:48 PM, Steve Bertrand [EMAIL PROTECTED] wrote: There are a few benefits to doing it this way (IMHO), but I see obvious benefits of using a single loopback interface and single IP for ALL of these multihop peers. Before I state good/bad, or get any wrong idea in my head, I'd like to ask the real experts here which way they would/do this type of thing, and why. - single loopback/single IP for all peers, or; - each peer with its own loopback/IP? You should use caution when using loopback IP addresses and building external multihop BGP sessions. By permitting external devices to transmit packets to your loopback(s), you open the door to spoof/denial of service attacks. However, if you must establish sessions to something external, it would be best to do so from a dedicated IP address for external peering that you can poke a hole into your ACLs and apply the appropriate rate-limiting/filtering/CoPP controls. Ideally, if you have an allocation for loopbacks, I would hope you wouldn't allow the Internet fling packets at them. Most frequently loopback peering is used when aggregating multiple physical interfaces and is used in conjunction with static routes to load balance traffic over the interfaces.
