Re: FIXED - Re: Broken SSL cert caused by router?
On Sat, Mar 28, 2015 at 09:05:38AM -0700, Mike wrote: On 03/27/2015 10:34 AM, Frank Bulk wrote: Glad you figured that out. I've used three SSL evaluation websites to help me with intermediate certificate issues: https://www.ssllabs.com/ssltest/analyze.html (will show the names and details of the certs, missing or not https://www.wormly.com/test_ssl (quick SSL tester, will point out if intermediate certificate is missing) https://www.digicert.com/help/ (will show a green chain link between certs when they're all there *and* in order) I went back to Frank's list and did some additional testing. I have a different server which was set up the same way as the previous one discussed, and I thought I would use the above tools and see if my problem would have been identified by any of them. I am sorry to report, no, none of these either caught the problem either. Are you able to share the URL of the misconfigured site? It would be interesting to examine exactly what's going on. - Matt -- The main advantages of Haynes and Chilton manuals are that they cost $15, where the factory manuals cost $100 and up, and that they will tell you how to use two hammers, a block of wood, and a meerkat to replace special tool no. 2-112-A-- Matt Roberds in asr.
Re: booster to gain distance above 60km
In my experience I would say you probably have dirty connectors, and all you need to do is to clean all connections along the fiber or possibly straighten out any too tight bends you might have. You only gave us the output at the far end. We also need the output directly from the module to calculate the optical power budget. Note that the fiber attenuation is higher at 1310 nm than 1550 nm. So you will gain extra power just by switching to 1550 nm modules. Amplifiers only work at 1550 nm. Typical loss is 0.4 dB/km at 1310 and 0.3 dB/km at 1550. With new fiber it can be as low as 0.22 dB/km at 1550. With a power budget of 23 dB that is more than 100 km. You will however lose a little to insertion loss in the WDM. To work with 1550 nm you would buy two 1550 nm DWDM modules. Remember to use different channels on each module: http://www.fiberstore.com/10gbase-100ghz-dwdm-sfp-80km-single-mode-optical-transceiver-p-31535.html You will need a DWDM Mux type A in one end of the link and type B in the other end: Type A: http://www.fiberstore.com/2-channels-type-a-1ru-rack-mount-simplex-bidi-dwdm-mux-demux-p-26496.html Type B: http://www.fiberstore.com/2-channels-type-b-1ru-rack-mount-simplex-bidi-dwdm-mux-demux-p-30544.html You will actually only need one channel, but they do not appear to have that. So you get another channel, which you could use to make a dual 10 Gbps link. This should work without amplifiers for the given distance. If you do want to add amplification, you could either amplify the output of the module with a booster or you could amplify the input to the module with a preamp. I have no experience in doing that, so I can not tell which option is better. The booster is slightly cheaper. Regards, Baldur On 28 March 2015 at 20:14, Rodrigo 1telecom rodr...@1telecom.com.br wrote: Already use this bidi sfp+ to 80km from fiberstore... But i can't link two sides... Have -24dbi... Everything alright with fiber... If i using this circuit with this signal i will have many trouble... I wiil buy a dwdm simplex solution from fiberstore again to use on this curcuit... What booster and preamplifier i have to use on it?! I will buy a 8channel simplex ... C21/c51, c22/c52 etc Do you know what a booster and an amplifier i have to buy? Enviado via iPhone Grupo Connectoway Em 28/03/2015, às 13:51, Baldur Norddahl baldur.nordd...@gmail.com escreveu: Hi The easy way to get 63 km is to use a SFP+ module that is rated for 63 km. Fiberstore has 60 km BIDI SFP+ for USD 325 and 80 km BIDI for USD 425. If you want to use a booster you would need DWDM modules instead. And you have to add in the DWDM splitter and two boosters. For each end of the link it would be USD 435 for the SFP+ module, USD 174 for the BIDI DWDM splitter in a rack chassis and USD 1300 for a 13 dBm output booster. So - forget about the booster and just get the 80 km BIDI modules. Regards, Baldur On 26 March 2015 at 13:07, Rodrigo Augusto rodr...@1telecom.com.br wrote: Hi folksŠ we have a point and have a 63km between point A to point BŠ. We have a sigle fiber ( only one fiber) and use a fiberstore sfp+ 10GB dibi 1270/1330 module to connect these sites. All attenuation are okŠI don¹t have any trouble on fiber Š. I have received this signal on my sfp+: Receiver signal average optical power : 0.0026 mW / -25.85 dBm Does anyone know if have some possible to amplifier this scenario to get more 7db ? Is it possible to put any booster or any way to solve this? I think to use a optical PreAmlifierŠbut I don¹t know if is possible because my scenario have just one fiberŠor, use a ROPA- remote optical pumping amplifier) because I have 63kmŠ Does anyone have some idea? Rodrigo Augusto Gestor de T.I. Grupo Connectoway http://www.connectoway.com.br http://www.connectoway.com.br/ http://www.1telecom.com.br http://www.1telecom.com.br/ * rodr...@connectoway.com.br mailto:rodr...@connectoway.com.br ( (81) 3497-6060 ( (81) 8184-3646 ( INOC-DBA 52965*100
Re: booster to gain distance above 60km
Sorry I forgot to read you message properly. You are saying you want 8 channels - note this will give you twice as much insertion loss compared to two channels and might tip the balance towards requiring amplification. You should also ask Fiberstore for advice for which channels you choose, as there might be a huge difference in loss. You can not amplify the single fiber. The amplifier will not tolerate a BIDI signal. You will therefore need to amplify each channel in separate amplifiers and that becomes very expensive. In theory the signal could be split using an optical circulator: http://www.fiberstore.com/c/optical-circulator_1311 and then you could amplify either RX or TX - probably you would want to amplify RX to sidestep issues with feedback and reflections disturbing the amplifier. I never tried this but I am very curious if it actually works... Regards, Baldur On 28 March 2015 at 20:14, Rodrigo 1telecom rodr...@1telecom.com.br wrote: Already use this bidi sfp+ to 80km from fiberstore... But i can't link two sides... Have -24dbi... Everything alright with fiber... If i using this circuit with this signal i will have many trouble... I wiil buy a dwdm simplex solution from fiberstore again to use on this curcuit... What booster and preamplifier i have to use on it?! I will buy a 8channel simplex ... C21/c51, c22/c52 etc Do you know what a booster and an amplifier i have to buy? Enviado via iPhone Grupo Connectoway Em 28/03/2015, às 13:51, Baldur Norddahl baldur.nordd...@gmail.com escreveu: Hi The easy way to get 63 km is to use a SFP+ module that is rated for 63 km. Fiberstore has 60 km BIDI SFP+ for USD 325 and 80 km BIDI for USD 425. If you want to use a booster you would need DWDM modules instead. And you have to add in the DWDM splitter and two boosters. For each end of the link it would be USD 435 for the SFP+ module, USD 174 for the BIDI DWDM splitter in a rack chassis and USD 1300 for a 13 dBm output booster. So - forget about the booster and just get the 80 km BIDI modules. Regards, Baldur On 26 March 2015 at 13:07, Rodrigo Augusto rodr...@1telecom.com.br wrote: Hi folksŠ we have a point and have a 63km between point A to point BŠ. We have a sigle fiber ( only one fiber) and use a fiberstore sfp+ 10GB dibi 1270/1330 module to connect these sites. All attenuation are okŠI don¹t have any trouble on fiber Š. I have received this signal on my sfp+: Receiver signal average optical power : 0.0026 mW / -25.85 dBm Does anyone know if have some possible to amplifier this scenario to get more 7db ? Is it possible to put any booster or any way to solve this? I think to use a optical PreAmlifierŠbut I don¹t know if is possible because my scenario have just one fiberŠor, use a ROPA- remote optical pumping amplifier) because I have 63kmŠ Does anyone have some idea? Rodrigo Augusto Gestor de T.I. Grupo Connectoway http://www.connectoway.com.br http://www.connectoway.com.br/ http://www.1telecom.com.br http://www.1telecom.com.br/ * rodr...@connectoway.com.br mailto:rodr...@connectoway.com.br ( (81) 3497-6060 ( (81) 8184-3646 ( INOC-DBA 52965*100
Re: booster to gain distance above 60km
Already use this bidi sfp+ to 80km from fiberstore... But i can't link two sides... Have -24dbi... Everything alright with fiber... If i using this circuit with this signal i will have many trouble... I wiil buy a dwdm simplex solution from fiberstore again to use on this curcuit... What booster and preamplifier i have to use on it?! I will buy a 8channel simplex ... C21/c51, c22/c52 etc Do you know what a booster and an amplifier i have to buy? Enviado via iPhone Grupo Connectoway Em 28/03/2015, às 13:51, Baldur Norddahl baldur.nordd...@gmail.com escreveu: Hi The easy way to get 63 km is to use a SFP+ module that is rated for 63 km. Fiberstore has 60 km BIDI SFP+ for USD 325 and 80 km BIDI for USD 425. If you want to use a booster you would need DWDM modules instead. And you have to add in the DWDM splitter and two boosters. For each end of the link it would be USD 435 for the SFP+ module, USD 174 for the BIDI DWDM splitter in a rack chassis and USD 1300 for a 13 dBm output booster. So - forget about the booster and just get the 80 km BIDI modules. Regards, Baldur On 26 March 2015 at 13:07, Rodrigo Augusto rodr...@1telecom.com.br wrote: Hi folksŠ we have a point and have a 63km between point A to point BŠ. We have a sigle fiber ( only one fiber) and use a fiberstore sfp+ 10GB dibi 1270/1330 module to connect these sites. All attenuation are okŠI don¹t have any trouble on fiber Š. I have received this signal on my sfp+: Receiver signal average optical power : 0.0026 mW / -25.85 dBm Does anyone know if have some possible to amplifier this scenario to get more 7db ? Is it possible to put any booster or any way to solve this? I think to use a optical PreAmlifierŠbut I don¹t know if is possible because my scenario have just one fiberŠor, use a ROPA- remote optical pumping amplifier) because I have 63kmŠ Does anyone have some idea? Rodrigo Augusto Gestor de T.I. Grupo Connectoway http://www.connectoway.com.br http://www.connectoway.com.br/ http://www.1telecom.com.br http://www.1telecom.com.br/ * rodr...@connectoway.com.br mailto:rodr...@connectoway.com.br ( (81) 3497-6060 ( (81) 8184-3646 ( INOC-DBA 52965*100
Re: FIXED - Re: Broken SSL cert caused by router?
On 3/28/15 9:05 AM, Mike wrote: I went back to Frank's list and did some additional testing. I have a different server which was set up the same way as the previous one discussed, and I thought I would use the above tools and see if my problem would have been identified by any of them. I am sorry to report, no, none of these either caught the problem either. Although I still do not fully understand the dependencies involved, it seems that if my server was failing to supply the full certificate chain, and the browser was compensating for it by (attempting?) to load the missing certificate from elsewhere, and this Meraki router was somehow able to confound that process, that would be an issue worthy of exploring more. I certainly don't blame these ssl check sites but clearly theres more checks needed. The Qualsys site (https://www.ssllabs.com/ssltest/analyze.html) will report whether or not the server supplied the intermediate cert. But I agree with you that the other tools should make a bigger deal about it if the server doesn't supply it. FWIW, it's been the CW to do this for some time now, as there are systems like the one you've run into that were designed before intermediate certs were commonplace, and don't know how to handle them. I've also experienced situations where an enterprise purchases a DV certificate to be used on an offline system, and while that system has access to the root CA certs, it cannot retrieve the intermediate cert. Having the end system supply the intermediate cert as well solves this issue. The method of supplying the intermediate cert is simple, just append the intermediate certificate to the end of the file with your server certificate (the .crt file). Any reasonably modern software will handle that transparently, and provide the intermediate cert along with the server cert when doing its business. hope this helps, Doug -- I am conducting an experiment in the efficacy of PGP/MIME signatures. This message should be signed. If it is not, or the signature does not validate, please let me know how you received this message (direct, or to a list) and the mail software you use. Thanks! signature.asc Description: OpenPGP digital signature
Re: booster to gain distance above 60km
Hi The easy way to get 63 km is to use a SFP+ module that is rated for 63 km. Fiberstore has 60 km BIDI SFP+ for USD 325 and 80 km BIDI for USD 425. If you want to use a booster you would need DWDM modules instead. And you have to add in the DWDM splitter and two boosters. For each end of the link it would be USD 435 for the SFP+ module, USD 174 for the BIDI DWDM splitter in a rack chassis and USD 1300 for a 13 dBm output booster. So - forget about the booster and just get the 80 km BIDI modules. Regards, Baldur On 26 March 2015 at 13:07, Rodrigo Augusto rodr...@1telecom.com.br wrote: Hi folksŠ we have a point and have a 63km between point A to point BŠ. We have a sigle fiber ( only one fiber) and use a fiberstore sfp+ 10GB dibi 1270/1330 module to connect these sites. All attenuation are okŠI don¹t have any trouble on fiber Š. I have received this signal on my sfp+: Receiver signal average optical power : 0.0026 mW / -25.85 dBm Does anyone know if have some possible to amplifier this scenario to get more 7db ? Is it possible to put any booster or any way to solve this? I think to use a optical PreAmlifierŠbut I don¹t know if is possible because my scenario have just one fiberŠor, use a ROPA- remote optical pumping amplifier) because I have 63kmŠ Does anyone have some idea? Rodrigo Augusto Gestor de T.I. Grupo Connectoway http://www.connectoway.com.br http://www.connectoway.com.br/ http://www.1telecom.com.br http://www.1telecom.com.br/ * rodr...@connectoway.com.br mailto:rodr...@connectoway.com.br ( (81) 3497-6060 ( (81) 8184-3646 ( INOC-DBA 52965*100
RE: booster to gain distance above 60km
http://www.fiberstore.com/narrow/80km-120km_v993t0/bidi-sfp+_64 http://www.fiberstore.com/narrow/80km-120km_v993t0/bidi-xfp_113What Thanks for sharing. First time I saw 10G BiDi optics at 80 km. I needed them for an application a few months ago and had to take a new approach when I only could find 60 km ones. Frank -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Baldur Norddahl Sent: Saturday, March 28, 2015 11:52 AM To: Rodrigo Augusto Cc: nanog Subject: Re: booster to gain distance above 60km Hi The easy way to get 63 km is to use a SFP+ module that is rated for 63 km. Fiberstore has 60 km BIDI SFP+ for USD 325 and 80 km BIDI for USD 425. If you want to use a booster you would need DWDM modules instead. And you have to add in the DWDM splitter and two boosters. For each end of the link it would be USD 435 for the SFP+ module, USD 174 for the BIDI DWDM splitter in a rack chassis and USD 1300 for a 13 dBm output booster. So - forget about the booster and just get the 80 km BIDI modules. Regards, Baldur On 26 March 2015 at 13:07, Rodrigo Augusto rodr...@1telecom.com.br wrote: Hi folksŠ we have a point and have a 63km between point A to point BŠ. We have a sigle fiber ( only one fiber) and use a fiberstore sfp+ 10GB dibi 1270/1330 module to connect these sites. All attenuation are okŠI don¹t have any trouble on fiber Š. I have received this signal on my sfp+: Receiver signal average optical power : 0.0026 mW / -25.85 dBm Does anyone know if have some possible to amplifier this scenario to get more 7db ? Is it possible to put any booster or any way to solve this? I think to use a optical PreAmlifierŠbut I don¹t know if is possible because my scenario have just one fiberŠor, use a ROPA- remote optical pumping amplifier) because I have 63kmŠ Does anyone have some idea? Rodrigo Augusto Gestor de T.I. Grupo Connectoway http://www.connectoway.com.br http://www.connectoway.com.br/ http://www.1telecom.com.br http://www.1telecom.com.br/ * rodr...@connectoway.com.br mailto:rodr...@connectoway.com.br ( (81) 3497-6060 ( (81) 8184-3646 ( INOC-DBA 52965*100
Re: FIXED - Re: Broken SSL cert caused by router?
On 03/27/2015 10:34 AM, Frank Bulk wrote: Glad you figured that out. I've used three SSL evaluation websites to help me with intermediate certificate issues: https://www.ssllabs.com/ssltest/analyze.html (will show the names and details of the certs, missing or not https://www.wormly.com/test_ssl (quick SSL tester, will point out if intermediate certificate is missing) https://www.digicert.com/help/ (will show a green chain link between certs when they're all there *and* in order) Frank I went back to Frank's list and did some additional testing. I have a different server which was set up the same way as the previous one discussed, and I thought I would use the above tools and see if my problem would have been identified by any of them. I am sorry to report, no, none of these either caught the problem either. Although I still do not fully understand the dependencies involved, it seems that if my server was failing to supply the full certificate chain, and the browser was compensating for it by (attempting?) to load the missing certificate from elsewhere, and this Meraki router was somehow able to confound that process, that would be an issue worthy of exploring more. I certainly don't blame these ssl check sites but clearly theres more checks needed. Mike-
Re: Generating IPv6 list with filtergen.level3.net
On Wed, Nov 02, 2011 at 08:00:20PM -0600, Kevin Epperson wrote: Hi Courtney - Try something like: whois -h filtergen.level3.net AS3356 -cp -v6 or whois -h filtergen.level3.net AS3356 -cp -v4v6 Using AS7922 or something of that nature (currently I dont see any v6 routes registered under 7922.) -Kevin Digging up a (very) old thread here, apologies. Does anyone know if filtergen is going to support IPv6-length subnet masks? Trying to use -le=128 returns an error. I can work around with sed, but just curious if this tool is still being developed. Emails to r...@level3.net return a bounce directing one to their customer portal. Also curious if the tool now supports IOS-XR RPL -- Brandon Ewing (nicot...@warningg.com) pgpEhycQ6u1Q4.pgp Description: PGP signature
