Re: AWS Elastic IP architecture

2015-05-31 Thread Matthew Kaufman 
Since your network has IPv6, I fail to see the issue.

Nobody is anywhere near being able to go single-stack on IPv6, so AWS is just 
another network your customers will continue to reach over v4. So what?

Heck, if v6 support from a cloud hosting company is so important, I see a great 
business opportunity in your future.

Matthew Kaufman

(Sent from my iPhone)

 On May 31, 2015, at 10:57 AM, Owen DeLong o...@delong.com wrote:
 
 Sigh…
 
 IPv6 has huge utility.
 
 AWS’ implementation of IPv6 is brain-dead and mostly useless for most 
 applications.
 
 I think if you will review my track record over the last 5+ years, you will 
 plainly see that I am fully aware of the utility and need for IPv6.
 
 http://lmgtfy.com?q=owen+delong+ipv6 http://lmgtfy.com/?q=owen+delong+ipv6
 
 My network (AS1734) is fully dual-stacked, unlike AWS.
 
 If AWS is so convinced of the utility of IPv6, why do they continue to refuse 
 to do a real implementation that provides IPv6 capabilities to users of their 
 current architecture.
 
 Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. You cannot 
 put a native IPv6 address on an AWS virtual server at all (EC2 or VPC). 
 Unless your application is satisfied by running an IPv4-only web server which 
 has an IPv6 VIP proxy in front of it with some extra headers added by the 
 proxy to help you parse out the actual source address of the connection, then 
 your application cannot use IPv6 on AWS.
 
 As such, I stand by my statement that there is effectively no meaningful 
 support for IPv6 in AWS, period.
 
 AWS may disagree and think that ELB for classic EC2 is somehow meaningful, 
 but their lack of other support for any of their modern architectures and the 
 fact that they are in the process of phasing out classic EC2 makes me think 
 that’s a pretty hard case to make.
 
 Owen
 
 On May 31, 2015, at 9:01 AM, Blair Trosper blair.tros...@gmail.com wrote:
 
 Disagree, and so does AWS.  IPv6 has a huge utility:  being a universal, 
 inter-region management network (a network that unites traffic between 
 regions on public and private netblocks).   Plus, at least the CDN and ELBs 
 should be dual-stack, since more and more ISPs are turning on IPv6.
 
 On Sun, May 31, 2015 at 8:40 AM, Owen DeLong o...@delong.com 
 mailto:o...@delong.com wrote:
 I wasn’t being specific about VPC vs. Classic.
 
 The support for IPv6 in Classic is extremely limited and basically useless 
 for 99+% of applications.
 
 I would argue that there is, therefore, effectively no meaningful support 
 for IPv6 in AWS, period.
 
 What you describe below seems to me that it would only make the situation I 
 described worse, not better in the VPC world.
 
 Owen
 
 On May 31, 2015, at 4:23 AM, Andras Toth diosbej...@gmail.com 
 mailto:diosbej...@gmail.com wrote:
 
 Congratulations for missing the point Matt, when I sent my email
 (which by the way went for moderation) there wasn't a discussion about
 Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
 true as I mentioned in my previous email. I did not state it works
 everywhere, but it does work.
 
 In fact as Owen mentioned the following, I assumed he is talking about
 Classic because this statement is only true there. In VPC you can
 define your own IP subnets and it can overlap with other customers, so
 basically everyone can have their own 10.0.0.0/24 http://10.0.0.0/24 for 
 example.
 They are known to be running multiple copies of RFC-1918 in disparate
 localities already. In terms of scale, modulo the nightmare that must
 make of their management network and the fragility of what happens
 when company A in datacenter A wants to talk to company A in
 datacenter B and they both have the same 10-NET addresses
 
 Andras
 
 
 On Sun, May 31, 2015 at 7:18 PM, Matt Palmer mpal...@hezmatt.org 
 mailto:mpal...@hezmatt.org wrote:
 On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
 Perhaps if that energy which was spent on raging, instead was spent on
 a Google search, then all those words would've been unnecessary.
 
 Official documentation:
 http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses
  
 http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses
 
 Congratulations, you've managed to find exactly the same info as Owen
 already covered:
 
 Load balancers in a VPC support IPv4 addresses only.
 
 and
 
 Load balancers in EC2-Classic support both IPv4 and IPv6 addresses.
 
 - Matt

Re: AWS Elastic IP architecture

2015-05-31 Thread Owen DeLong 

 On May 31, 2015, at 11:36 AM, Blair Trosper blair.tros...@gmail.com wrote:
 
 AWS built their network first...before IPv6 popped, so you can appreciate 
 the huge task
 they have of retrofitting all their products to support it.

Sure, and if they said “We have a plan, and it will take X amount of time”, I 
would respect that.

If they said “We have a plan and we’re not sure how long it will take”, I would 
continue to poke
them about sooner is better than later and having a target date helps people to 
plan.

“We don’t think IPv6 matters and we aren’t announcing any plans to get it 
implemented or any
date by which it will be available”, on the other hand, being what they have 
actually repeatedly
said to me until very recently, not so much.

Now, they’re saying (essentially) “We think IPv6 might matter, but we aren’t 
announcing
any plans to get it implemented or any date by which it will be available” .  
To me, this
is still a problematic situation for their customers.

Especially when you look at the impact it has on the rest of the internet.

Review Lee Howard’s Denver ION presentation about per-user-per-year costs of 
delivering IPv4
over the next several years and it rapidly becomes clear that the failure of 
Amazon to make dual
stack available is actually one of the major factors preventing eyeball 
carriers from being able to
make plans for IPv6 monastic on any reasonable timeframe and a major factor in 
their CGN
costs.

 I don't envy the task, but they have said publicly and privately that it's a 
 priority.  But it's
 also a massive undertaking, and you can't expect them to snap their fingers 
 and turn it
 out over a weekend, man…

They haven’t, really, exactly said that. They’ve sort of hinted that they might 
be working on it
in some places. They’ve sort-a-kind-a paid it some lip service. They haven’t 
announced plans,
dates, or any firm commitment in any form.

 The prize of being first cuts both ways when newer technologies at lower 
 network levels
 start taking off and you don't have support built in to something proprietary.

I started talking to folks at Amazon about this issue more than 5 years ago. At 
the time, they
told me flat out that it was not a priority. I gave them half a decade to 
figure out it was a priority
and do something about it while remaining relatively quite about it publicly. 
At this point, things
have reached a point where the damage that occurs as a result of applications 
being deployed
on such a dead-end service and the limitations that service imposes on those 
applications can
no longer be tolerated.

 Would it be great if they had it faster?  Obviously yes.

Agreed.

 Are they working on it as a priority?  Yes.

Do you have any evidence to support this claim?

 Can they go any faster?  Probably.

Isn’t that answer alone a sign that perhaps it isn’t so much of a priority to 
them?

 Are there other choices for cloud providers that are full dual stack if this 
 really is a 
 live or die issue for you?  Yes.

This represents one of the most common fallacies in people’s thinking about 
IPv6.

Your failure to implement IPv6 doesn’t just impact you and your customers. 
Especially when you’re
something like AWS. It impacts the customers of your customers and their 
service providers, too.
If Amazon and Skype were IPv6 capable, you would actually find a relatively 
significant fraction of
traffic that is likely to get CGN’d today would be delivered over IPv6 instead. 
That’s a HUGE win
and a HUGE cost savings to lots of eyeball ISPs out there. None of them are 
likely AWS customers.
None of them are likely to be perceived by AWS as “demand” for IPv6, yet, they 
are in fact the
source of the majority of the demand.

 Access to dual-stack isn't a fundamental human right.  If you don't like what 
 AWS is doing,
 then use someone else who has dualstack.

Again, you are ignoring the larger consequences of their failure.

You can rest assured that I am not purchasing service from AWS due to their 
failed policies toward IPv6.

However, that doesn’t fully mitigate the impact to me from those bad decisions. 
So, in an effort to both further
mitigate those impacts and to help others avoid them, I have started vocally 
encouraging people to take a
serious look at AWS’ lack of IPv6 and consider alternatives when selecting a 
cloud hosting provider.

 I don't get the outrage...and it's so irrational, that you've caused me to 
 actually *defend* AWS.

I hope I have explained the reasons for my position a bit better so that you no 
longer feel the need to do so.

I am not outraged by AWS’ actions. They are free to do what they wish. However, 
I want to make sure that
application developers are aware of the impact this has on their application, 
should they choose to deploy
it in AWS and I want to encourage current users of AWS to consider IPv6-capable 
alternatives for the good
of the internet.

Owen

 
 bt
 
 
 On Sun, May 31, 2015 at 1:29 PM, Matthew Kaufman

Re: AWS Elastic IP architecture

2015-05-31 Thread Blair Trosper 
Disagree, and so does AWS.  IPv6 has a huge utility:  being a universal,
inter-region management network (a network that unites traffic between
regions on public and private netblocks).   Plus, at least the CDN and ELBs
should be dual-stack, since more and more ISPs are turning on IPv6.

On Sun, May 31, 2015 at 8:40 AM, Owen DeLong o...@delong.com wrote:

 I wasn’t being specific about VPC vs. Classic.

 The support for IPv6 in Classic is extremely limited and basically useless
 for 99+% of applications.

 I would argue that there is, therefore, effectively no meaningful support
 for IPv6 in AWS, period.

 What you describe below seems to me that it would only make the situation
 I described worse, not better in the VPC world.

 Owen

  On May 31, 2015, at 4:23 AM, Andras Toth diosbej...@gmail.com wrote:
 
  Congratulations for missing the point Matt, when I sent my email
  (which by the way went for moderation) there wasn't a discussion about
  Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
  true as I mentioned in my previous email. I did not state it works
  everywhere, but it does work.
 
  In fact as Owen mentioned the following, I assumed he is talking about
  Classic because this statement is only true there. In VPC you can
  define your own IP subnets and it can overlap with other customers, so
  basically everyone can have their own 10.0.0.0/24 for example.
  They are known to be running multiple copies of RFC-1918 in disparate
  localities already. In terms of scale, modulo the nightmare that must
  make of their management network and the fragility of what happens
  when company A in datacenter A wants to talk to company A in
  datacenter B and they both have the same 10-NET addresses
 
  Andras
 
 
  On Sun, May 31, 2015 at 7:18 PM, Matt Palmer mpal...@hezmatt.org
 wrote:
  On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
  Perhaps if that energy which was spent on raging, instead was spent on
  a Google search, then all those words would've been unnecessary.
 
  Official documentation:
 
 http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses
 
  Congratulations, you've managed to find exactly the same info as Owen
  already covered:
 
  Load balancers in a VPC support IPv4 addresses only.
 
  and
 
  Load balancers in EC2-Classic support both IPv4 and IPv6 addresses.
 
  - Matt

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Jason Canady 
If your traffic is small, you could setup a VyOS box.  You can still get 
redundancy by having two switches, each one connected to an upstream 
provider receiving a default route.  Then hookup your VyOS router to 
each switch and receive full routes to that.  You will need a /29 subnet 
from your providers to pull this off.  If your VyOS box goes down for 
whatever reason, you will failover to using one or the other switch.  
Announce your prefixes using the BGP session on each switch so that your 
inbound traffic doesn't hit the VyOS box.


--

Jason Canady
Unlimited Net, LLC
Responsive, Reliable, Secure

www.unlimitednet.us
ja...@unlimitednet.us
twitter: @unlimitednet

On 5/29/15 4:36 AM, Maqbool Hashim wrote:

Hi,


We are an enterprise that are eBGP multihoming to two ISPs. We wish to load 
balance in inbound and outbound traffic thereby using our capacity as 
efficiently as possible. My current feeling is that it would be crazy for us to 
take a full Internet routing table from either ISP. I have read this document 
from NANOG presentations:


https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rjauact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fnanog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQusg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU


The above document reenforces my opinion that we do not need full routing tables. However 
I was seeking some clarity as there are other documents which suggest taking a full 
routing table would be optimal. I guess it depends on our criteria and 
requirements for load balancing:


- Just care about roughly balancing link utilisation

- Be nice to make some cost savings


We have PI space and two Internet routers one for each ISP. Either of our links is 
sufficient to carry all our traffic, but we want to try and balance utilisation to remain 
within our commits if possible. I am thinking a rough approach for us would 
be:


- Take partial (customer) routes from both providers

- Take defaults from both and pref one


Maybe we can refine the above a bit more, any suggestions would be most welcome!


Many Thanks

Re: Multiple vendors' IPv6 issues

2015-05-31 Thread Bruce Simpson 

On 27/05/2015 20:35, Brian Rak wrote:


You don't need full promisc mode, just the (poorly documented) 
allmulticast option (ip link set dev $macvtap allmulticast on)


...And poorly supported on some real hardware (notably Wi-Fi adapters), 
where the hash filter on each NIC's MAC is not guaranteed to support 
ALLMULTI.


It's a prerequisite for software multicast forwarding, and, it might be 
argued, a good litmus test for IPv6 readiness.

Re: AWS Elastic IP architecture

2015-05-31 Thread Owen DeLong 

 On May 31, 2015, at 11:29 AM, Matthew Kaufman matt...@matthew.at wrote:
 
 Since your network has IPv6, I fail to see the issue.
 
 Nobody is anywhere near being able to go single-stack on IPv6, so AWS is just 
 another network your customers will continue to reach over v4. So what?

Sigh… The point is that all of the services and applications being built on and 
delivered over AWS are stuck in the IPv4 mud until such time as they can get 
IPv6 from AWS or move to a different cloud provider.

 Heck, if v6 support from a cloud hosting company is so important, I see a 
 great business opportunity in your future.

There are already several cloud hosting companies that provide full dual-stack 
support. I already mentioned several of them earlier in the thread, so this is 
a rather silly conclusion to draw from the thread as a whole.

Remember where this all started… Someone asked if the internal Amazon structure 
was using LISP for encapsulation.

I made the semi-sarcastic comment that if they were using LISP, they probably 
wouldn’t have so much difficulty supporting IPv6, therefore they probably 
aren’t using LISP.

My statement was taken all sorts of other ways by various people.

Nonetheless, the bottom line remains the same:

AWS can’t do IPv6 outside of a  very tiny limited space which provides a 
solution only for one particular application (pretending to provide IPv6 web 
services from an IPv4-only web server through a proxy).

People who are building applications and considering hosting their applications 
in the cloud should seriously consider whether this limitation in AWS matters 
to them. IMHO, forward-thinking application developers will eschew AWS in favor 
of clouds that have dual-stack support and build dual-stack capable 
applications.

YMMV.

Owen

 
 Matthew Kaufman
 
 (Sent from my iPhone)
 
 On May 31, 2015, at 10:57 AM, Owen DeLong o...@delong.com wrote:
 
 Sigh…
 
 IPv6 has huge utility.
 
 AWS’ implementation of IPv6 is brain-dead and mostly useless for most 
 applications.
 
 I think if you will review my track record over the last 5+ years, you will 
 plainly see that I am fully aware of the utility and need for IPv6.
 
 http://lmgtfy.com?q=owen+delong+ipv6 http://lmgtfy.com/?q=owen+delong+ipv6
 
 My network (AS1734) is fully dual-stacked, unlike AWS.
 
 If AWS is so convinced of the utility of IPv6, why do they continue to 
 refuse to do a real implementation that provides IPv6 capabilities to users 
 of their current architecture.
 
 Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. You 
 cannot put a native IPv6 address on an AWS virtual server at all (EC2 or 
 VPC). Unless your application is satisfied by running an IPv4-only web 
 server which has an IPv6 VIP proxy in front of it with some extra headers 
 added by the proxy to help you parse out the actual source address of the 
 connection, then your application cannot use IPv6 on AWS.
 
 As such, I stand by my statement that there is effectively no meaningful 
 support for IPv6 in AWS, period.
 
 AWS may disagree and think that ELB for classic EC2 is somehow meaningful, 
 but their lack of other support for any of their modern architectures and 
 the fact that they are in the process of phasing out classic EC2 makes me 
 think that’s a pretty hard case to make.
 
 Owen
 
 On May 31, 2015, at 9:01 AM, Blair Trosper blair.tros...@gmail.com wrote:
 
 Disagree, and so does AWS.  IPv6 has a huge utility:  being a universal, 
 inter-region management network (a network that unites traffic between 
 regions on public and private netblocks).   Plus, at least the CDN and ELBs 
 should be dual-stack, since more and more ISPs are turning on IPv6.
 
 On Sun, May 31, 2015 at 8:40 AM, Owen DeLong o...@delong.com 
 mailto:o...@delong.com wrote:
 I wasn’t being specific about VPC vs. Classic.
 
 The support for IPv6 in Classic is extremely limited and basically useless 
 for 99+% of applications.
 
 I would argue that there is, therefore, effectively no meaningful support 
 for IPv6 in AWS, period.
 
 What you describe below seems to me that it would only make the situation I 
 described worse, not better in the VPC world.
 
 Owen
 
 On May 31, 2015, at 4:23 AM, Andras Toth diosbej...@gmail.com 
 mailto:diosbej...@gmail.com wrote:
 
 Congratulations for missing the point Matt, when I sent my email
 (which by the way went for moderation) there wasn't a discussion about
 Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
 true as I mentioned in my previous email. I did not state it works
 everywhere, but it does work.
 
 In fact as Owen mentioned the following, I assumed he is talking about
 Classic because this statement is only true there. In VPC you can
 define your own IP subnets and it can overlap with other customers, so
 basically everyone can have their own 10.0.0.0/24 http://10.0.0.0/24 for 
 example.
 They are known to be running multiple copies of RFC-1918 in disparate
 localities already. In terms

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Michael 
Well, we´re using 2x Cisco 3560X switches for simple inbound/outbound 
load sharing with our provider for years 
(http://wiki.nil.com/EBGP_load_sharing). There´s no need for us going 
full routes...

Regards,
Michael

Re: AWS Elastic IP architecture

2015-05-31 Thread Owen DeLong 
Sigh…

IPv6 has huge utility.

AWS’ implementation of IPv6 is brain-dead and mostly useless for most 
applications.

I think if you will review my track record over the last 5+ years, you will 
plainly see that I am fully aware of the utility and need for IPv6.

http://lmgtfy.com?q=owen+delong+ipv6 http://lmgtfy.com/?q=owen+delong+ipv6

My network (AS1734) is fully dual-stacked, unlike AWS.

If AWS is so convinced of the utility of IPv6, why do they continue to refuse 
to do a real implementation that provides IPv6 capabilities to users of their 
current architecture.

Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. You cannot 
put a native IPv6 address on an AWS virtual server at all (EC2 or VPC). Unless 
your application is satisfied by running an IPv4-only web server which has an 
IPv6 VIP proxy in front of it with some extra headers added by the proxy to 
help you parse out the actual source address of the connection, then your 
application cannot use IPv6 on AWS.

As such, I stand by my statement that there is effectively no meaningful 
support for IPv6 in AWS, period.

AWS may disagree and think that ELB for classic EC2 is somehow meaningful, but 
their lack of other support for any of their modern architectures and the fact 
that they are in the process of phasing out classic EC2 makes me think that’s a 
pretty hard case to make.

Owen

 On May 31, 2015, at 9:01 AM, Blair Trosper blair.tros...@gmail.com wrote:
 
 Disagree, and so does AWS.  IPv6 has a huge utility:  being a universal, 
 inter-region management network (a network that unites traffic between 
 regions on public and private netblocks).   Plus, at least the CDN and ELBs 
 should be dual-stack, since more and more ISPs are turning on IPv6.
 
 On Sun, May 31, 2015 at 8:40 AM, Owen DeLong o...@delong.com 
 mailto:o...@delong.com wrote:
 I wasn’t being specific about VPC vs. Classic.
 
 The support for IPv6 in Classic is extremely limited and basically useless 
 for 99+% of applications.
 
 I would argue that there is, therefore, effectively no meaningful support for 
 IPv6 in AWS, period.
 
 What you describe below seems to me that it would only make the situation I 
 described worse, not better in the VPC world.
 
 Owen
 
  On May 31, 2015, at 4:23 AM, Andras Toth diosbej...@gmail.com 
  mailto:diosbej...@gmail.com wrote:
 
  Congratulations for missing the point Matt, when I sent my email
  (which by the way went for moderation) there wasn't a discussion about
  Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
  true as I mentioned in my previous email. I did not state it works
  everywhere, but it does work.
 
  In fact as Owen mentioned the following, I assumed he is talking about
  Classic because this statement is only true there. In VPC you can
  define your own IP subnets and it can overlap with other customers, so
  basically everyone can have their own 10.0.0.0/24 http://10.0.0.0/24 for 
  example.
  They are known to be running multiple copies of RFC-1918 in disparate
  localities already. In terms of scale, modulo the nightmare that must
  make of their management network and the fragility of what happens
  when company A in datacenter A wants to talk to company A in
  datacenter B and they both have the same 10-NET addresses
 
  Andras
 
 
  On Sun, May 31, 2015 at 7:18 PM, Matt Palmer mpal...@hezmatt.org 
  mailto:mpal...@hezmatt.org wrote:
  On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
  Perhaps if that energy which was spent on raging, instead was spent on
  a Google search, then all those words would've been unnecessary.
 
  Official documentation:
  http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses
   
  http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses
 
  Congratulations, you've managed to find exactly the same info as Owen
  already covered:
 
  Load balancers in a VPC support IPv4 addresses only.
 
  and
 
  Load balancers in EC2-Classic support both IPv4 and IPv6 addresses.
 
  - Matt

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Baldur Norddahl 
Remember this:

1) for inbound traffic there will be no difference at all.

2) routers will ignore a static route if the link is down. If you can get
BFD from the providers then even better.

So you can emulate 99% of what you get with full routes by loading in
static routes. A simple example would be adding a 0.0.0.0/1 route to one
provider and 128.0.0.0/1 route to the other and get approximately 50% load
sharing.

You will still get redundancy as the route will ignored if the link is down
and traffic will follow the default route to the other transit provider.

If you find an offline source for IP ranges originated by each provider and
their peers, you can add routes for that to improve routing. Taking in
partial routes is also good if this provides you with a route count that
your routers can handle.

BGP shortest AS length routing is really not very good to begin with. If
you want the best routes, you need to analyse your traffic, sort by volume
or other metric and figure out which way is best for your top x AS
destinations.  It may be more work, but you will get better routing
compared to investing in expensive routers to take in full routes and then
hope BGP magic takes cares for the rest automatically.

Regards,

Baldur

Re: AWS Elastic IP architecture

2015-05-31 Thread Blair Trosper 
AWS built their network first...before IPv6 popped, so you can appreciate
the huge task
they have of retrofitting all their products to support it.

I don't envy the task, but they have said publicly and privately that it's
a priority.  But it's
also a massive undertaking, and you can't expect them to snap their fingers
and turn it
out over a weekend, man...

The prize of being first cuts both ways when newer technologies at lower
network levels
start taking off and you don't have support built in to something
proprietary.

Would it be great if they had it faster?  Obviously yes.
Are they working on it as a priority?  Yes.
Can they go any faster?  Probably.
Are there other choices for cloud providers that are full dual stack if
this really is a
live or die issue for you?  Yes.

Access to dual-stack isn't a fundamental human right.  If you don't like
what AWS is doing,
then use someone else who has dualstack.

I don't get the outrage...and it's so irrational, that you've caused me to
actually *defend* AWS.

bt


On Sun, May 31, 2015 at 1:29 PM, Matthew Kaufman matt...@matthew.at wrote:

 Since your network has IPv6, I fail to see the issue.

 Nobody is anywhere near being able to go single-stack on IPv6, so AWS is
 just another network your customers will continue to reach over v4. So what?

 Heck, if v6 support from a cloud hosting company is so important, I see a
 great business opportunity in your future.

 Matthew Kaufman

 (Sent from my iPhone)

  On May 31, 2015, at 10:57 AM, Owen DeLong o...@delong.com wrote:
 
  Sigh…
 
  IPv6 has huge utility.
 
  AWS’ implementation of IPv6 is brain-dead and mostly useless for most
 applications.
 
  I think if you will review my track record over the last 5+ years, you
 will plainly see that I am fully aware of the utility and need for IPv6.
 
  http://lmgtfy.com?q=owen+delong+ipv6 
 http://lmgtfy.com/?q=owen+delong+ipv6
 
  My network (AS1734) is fully dual-stacked, unlike AWS.
 
  If AWS is so convinced of the utility of IPv6, why do they continue to
 refuse to do a real implementation that provides IPv6 capabilities to users
 of their current architecture.
 
  Currently, on AWS, the only IPv6 is via ELB for classic EC2 hosts. You
 cannot put a native IPv6 address on an AWS virtual server at all (EC2 or
 VPC). Unless your application is satisfied by running an IPv4-only web
 server which has an IPv6 VIP proxy in front of it with some extra headers
 added by the proxy to help you parse out the actual source address of the
 connection, then your application cannot use IPv6 on AWS.
 
  As such, I stand by my statement that there is effectively no meaningful
 support for IPv6 in AWS, period.
 
  AWS may disagree and think that ELB for classic EC2 is somehow
 meaningful, but their lack of other support for any of their modern
 architectures and the fact that they are in the process of phasing out
 classic EC2 makes me think that’s a pretty hard case to make.
 
  Owen
 
  On May 31, 2015, at 9:01 AM, Blair Trosper blair.tros...@gmail.com
 wrote:
 
  Disagree, and so does AWS.  IPv6 has a huge utility:  being a
 universal, inter-region management network (a network that unites traffic
 between regions on public and private netblocks).   Plus, at least the CDN
 and ELBs should be dual-stack, since more and more ISPs are turning on IPv6.
 
  On Sun, May 31, 2015 at 8:40 AM, Owen DeLong o...@delong.com mailto:
 o...@delong.com wrote:
  I wasn’t being specific about VPC vs. Classic.
 
  The support for IPv6 in Classic is extremely limited and basically
 useless for 99+% of applications.
 
  I would argue that there is, therefore, effectively no meaningful
 support for IPv6 in AWS, period.
 
  What you describe below seems to me that it would only make the
 situation I described worse, not better in the VPC world.
 
  Owen
 
  On May 31, 2015, at 4:23 AM, Andras Toth diosbej...@gmail.com
 mailto:diosbej...@gmail.com wrote:
 
  Congratulations for missing the point Matt, when I sent my email
  (which by the way went for moderation) there wasn't a discussion about
  Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
  true as I mentioned in my previous email. I did not state it works
  everywhere, but it does work.
 
  In fact as Owen mentioned the following, I assumed he is talking about
  Classic because this statement is only true there. In VPC you can
  define your own IP subnets and it can overlap with other customers, so
  basically everyone can have their own 10.0.0.0/24 http://10.0.0.0/24
 for example.
  They are known to be running multiple copies of RFC-1918 in disparate
  localities already. In terms of scale, modulo the nightmare that must
  make of their management network and the fragility of what happens
  when company A in datacenter A wants to talk to company A in
  datacenter B and they both have the same 10-NET addresses
 
  Andras
 
 
  On Sun, May 31, 2015 at 7:18 PM, Matt Palmer mpal...@hezmatt.org
 mailto:mpal...@hezmatt.org wrote:

RE: WiFi courses/vendors recommendation

2015-05-31 Thread James Laszko 
I don't have a vendor-agnostic answer for you on #1, but as far as a vendor - 
Ruckus Wireless.   We are a partner who sells and deploys and the stuff is 
quite awesome for what you're looking for.  I'd be happy to introduce you to 
relevant people over there for guidance.


Regards,


James Laszko
Mythos Technology Inc
jam...@mythostech.com


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Abdullah Medhat
Sent: Sunday, May 31, 2015 3:07 AM
To: nanog@nanog.org
Subject: WiFi courses/vendors recommendation

Good day all,

We are looking forward to establish MetroWifi network as a new business line in 
our company, in addition to small/medium events Wifi coverage.

I have two questions:
1. What are the required resources/material/training curriculum to let our 
engineers start educating in this? We are looking for the vendor-agnostic 
materials that will give our engineers the WiFi essentials/fundamentals to 
start building a good foundation before evolving to the professional level.

2. What vendors do you recommend? We need to find a cost-effective yet 
competent option with good pre/post sales service.

Thanks,

-- 

Abdullah Medhat

Re: AWS Elastic IP architecture

2015-05-31 Thread George, Wes 

On 5/31/15, 3:11 PM, Owen DeLong o...@delong.com wrote:

if they said “We have a plan, and it will take X amount of time”, I would
respect that.

If they said “We have a plan and we’re not sure how long it will take”, I
would continue to poke
them about sooner is better than later and having a target date helps
people to plan.

“We don’t think IPv6 matters and we aren’t announcing any plans to get it
implemented or any
date by which it will be available”, on the other hand, being what they
have actually repeatedly
said to me until very recently, not so much.

Now, they’re saying (essentially) “We think IPv6 might matter, but we
aren’t announcing
any plans to get it implemented or any date by which it will be
available” .  To me, this
is still a problematic situation for their customers.

At the risk of feeding the troll...

This isn't just an AWS problem.

All Compute Engine networks use the IPv4 protocol. Compute Engine
currently does not support IPv6. However, Google is a major advocate of
IPv6 and it is an important future direction.
https://cloud.google.com/compute/docs/networking


The foundational work to enable IPv6 in the Azure environment is well
underway. However, we are unable to share a date when IPv6 support will be
generally available at this time.

http://azure.microsoft.com/en-us/pricing/faq/


This is only marginally better, as it acknowledges that it's important,
but still has no actual committed timeline and doesn't even reference any
available ELB hacks.

Anyone else want to either name and shame, or highlight cloud providers
that actually *support* IPv6 as an alternative to these so that one might
be able to vote with one's wallet?


This E-mail and any of its attachments may contain Time Warner Cable 
proprietary information, which is privileged, confidential, or subject to 
copyright belonging to Time Warner Cable. This E-mail is intended solely for 
the use of the individual or entity to which it is addressed. If you are not 
the intended recipient of this E-mail, you are hereby notified that any 
dissemination, distribution, copying, or action taken in relation to the 
contents of and attachments to this E-mail is strictly prohibited and may be 
unlawful. If you have received this E-mail in error, please notify the sender 
immediately and permanently delete the original and any copy of this E-mail and 
any printout.

Re: AWS Elastic IP architecture

2015-05-31 Thread Matthew Kaufman 

On 5/31/2015 11:57 AM, Owen DeLong wrote:
People who are building applications and considering hosting their 
applications in the cloud should seriously consider whether this 
limitation in AWS matters to them.


It doesn't, because everyone on the Internet can reach IPv4-hosted 
services.


IMHO, forward-thinking application developers will eschew AWS in favor 
of clouds that have dual-stack support and build dual-stack capable 
applications.


Forward-thinking developers are using big clouds that have the resources 
to enable IPv6 long before having IPv6 actually matters.


Matthew Kaufman

Re: AWS Elastic IP architecture

2015-05-31 Thread Owen DeLong 
As I said before:

Host Virtual (vr.org http://vr.org/)
Softlayer (softlayer.com http://softlayer.com/)
Linode (Linode.com http://linode.com/)

All have full dual-stack support.

I’m sure there are others.

Owen

 On May 31, 2015, at 2:49 PM, George, Wes wesley.geo...@twcable.com wrote:
 
 
 On 5/31/15, 3:11 PM, Owen DeLong o...@delong.com wrote:
 
 if they said “We have a plan, and it will take X amount of time”, I would
 respect that.
 
 If they said “We have a plan and we’re not sure how long it will take”, I
 would continue to poke
 them about sooner is better than later and having a target date helps
 people to plan.
 
 “We don’t think IPv6 matters and we aren’t announcing any plans to get it
 implemented or any
 date by which it will be available”, on the other hand, being what they
 have actually repeatedly
 said to me until very recently, not so much.
 
 Now, they’re saying (essentially) “We think IPv6 might matter, but we
 aren’t announcing
 any plans to get it implemented or any date by which it will be
 available” .  To me, this
 is still a problematic situation for their customers.
 
 At the risk of feeding the troll...
 
 This isn't just an AWS problem.
 
 All Compute Engine networks use the IPv4 protocol. Compute Engine
 currently does not support IPv6. However, Google is a major advocate of
 IPv6 and it is an important future direction.
 https://cloud.google.com/compute/docs/networking
 
 
 The foundational work to enable IPv6 in the Azure environment is well
 underway. However, we are unable to share a date when IPv6 support will be
 generally available at this time.
 
 http://azure.microsoft.com/en-us/pricing/faq/
 
 
 This is only marginally better, as it acknowledges that it's important,
 but still has no actual committed timeline and doesn't even reference any
 available ELB hacks.
 
 Anyone else want to either name and shame, or highlight cloud providers
 that actually *support* IPv6 as an alternative to these so that one might
 be able to vote with one's wallet?
 
 
 This E-mail and any of its attachments may contain Time Warner Cable 
 proprietary information, which is privileged, confidential, or subject to 
 copyright belonging to Time Warner Cable. This E-mail is intended solely for 
 the use of the individual or entity to which it is addressed. If you are not 
 the intended recipient of this E-mail, you are hereby notified that any 
 dissemination, distribution, copying, or action taken in relation to the 
 contents of and attachments to this E-mail is strictly prohibited and may be 
 unlawful. If you have received this E-mail in error, please notify the sender 
 immediately and permanently delete the original and any copy of this E-mail 
 and any printout.

Re: AWS Elastic IP architecture

2015-05-31 Thread Christopher Morrow 
On Sun, May 31, 2015 at 9:07 PM, Owen DeLong o...@delong.com wrote:
 As I said before:

 Host Virtual (vr.org http://vr.org/)
 Softlayer (softlayer.com http://softlayer.com/)
 Linode (Linode.com http://linode.com/)

 All have full dual-stack support.

snip

 At the risk of feeding the troll...

 This isn't just an AWS problem.

So... ok. What does it mean, for a customer of a cloud service, to be
ipv6 enabled?
What really matters for a cloud service user? What information could
be surfaced to the cloud providers in order to get the most important
ipv6 'stuff' done 'now'?

o Is it most important to be able to address ever VM you create with
an ipv6 address?

o Is it most important to be able to talk to backend services (perhaps
at your prem) over ipv6?

o Is it most important that administrative interfaces to the VM
systems (either REST/etc interfaces for managing vms or 'ssh'/etc) be
ipv6 reachable?

o Is it most important to be able to terminate ipv6 connections (or
datagrams) on a VM service for the public to use?

I don't see, especially if the vm networking is unique to each
customer, that 'ipv6 address on vm' is hugely important as a
first/important goal. I DO see that landing publicly available
services on an ipv6 endpoint is super helpful.

Would AWS (or any other cloud provider that's not currently up on the
v6 bandwagon) enabling a loadbalanced ipv6 vip for your public service
(perhaps not just http/s services even?) be enough to relieve some of
the pressure on other parties and move the ball forward meaningfully
enough for the cloud providers and their customers?

-chris

WiFi courses/vendors recommendation

2015-05-31 Thread Abdullah Medhat 
Good day all,

We are looking forward to establish MetroWifi network as a new business
line in our company, in addition to small/medium events Wifi coverage.

I have two questions:
1. What are the required resources/material/training curriculum to let our
engineers start educating in this? We are looking for the vendor-agnostic
materials that will give our engineers the WiFi essentials/fundamentals to
start building a good foundation before evolving to the professional level.

2. What vendors do you recommend? We need to find a cost-effective yet
competent option with good pre/post sales service.

Thanks,

-- 

Abdullah Medhat

Re: WiFi courses/vendors recommendation

2015-05-31 Thread Ilissa Miller 
You may want to check out iBwave.  They do training as well.

Ilissa Miller


 On May 31, 2015, at 3:27 PM, Abdullah Medhat 
 abdullah.medhat.sa...@gmail.com wrote:

 Good day all,

 We are looking forward to establish MetroWifi network as a new business
 line in our company, in addition to small/medium events Wifi coverage.

 I have two questions:
 1. What are the required resources/material/training curriculum to let our
 engineers start educating in this? We are looking for the vendor-agnostic
 materials that will give our engineers the WiFi essentials/fundamentals to
 start building a good foundation before evolving to the professional level.

 2. What vendors do you recommend? We need to find a cost-effective yet
 competent option with good pre/post sales service.

 Thanks,

 --

 Abdullah Medhat

Re: WiFi courses/vendors recommendation

2015-05-31 Thread Dave Taht 
On Sun, May 31, 2015 at 3:28 PM, James Laszko jam...@mythostech.com wrote:
 I don't have a vendor-agnostic answer for you on #1, but as far as a vendor - 
 Ruckus Wireless.   We are a partner who sells and deploys and the stuff is 
 quite awesome for what you're looking for.  I'd be happy to introduce you to 
 relevant people over there for guidance.


1) I have long thought about developing such course materials or
working with the author (dave lang) of the wonderful scale2012 report
to do so. If you find any good materials pre-existing please let me
know also. I once gave a good intro talk on wifi subjects... (
https://www.youtube.com/watch?v=Wksh2DPHCDI )

As for 2)

There are many vendors in the enterprise wifi space - cisco, ubnt,
aruba, and meraki, to name a few more. Of these the only ones publicly
acknowledging doing something about their wifi bufferbloat are cisco
and meraki. (I realize you have plenty of other issues/features to
look for, it's fixing that one happens to be my number #1 requirement
these days)

 Regards,


 James Laszko
 Mythos Technology Inc
 jam...@mythostech.com


 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Abdullah Medhat
 Sent: Sunday, May 31, 2015 3:07 AM
 To: nanog@nanog.org
 Subject: WiFi courses/vendors recommendation

 Good day all,

 We are looking forward to establish MetroWifi network as a new business line 
 in our company, in addition to small/medium events Wifi coverage.

 I have two questions:
 1. What are the required resources/material/training curriculum to let our 
 engineers start educating in this? We are looking for the vendor-agnostic 
 materials that will give our engineers the WiFi essentials/fundamentals to 
 start building a good foundation before evolving to the professional level.

 2. What vendors do you recommend? We need to find a cost-effective yet 
 competent option with good pre/post sales service.

 Thanks,

 --

 Abdullah Medhat



-- 
Dave Täht
What will it take to vastly improve wifi for everyone?
https://plus.google.com/u/0/explore/makewififast

RE: WiFi courses/vendors recommendation

2015-05-31 Thread Mike Lyon 
Ubiquiti Networks.

Its cheap and it works great. Support sucks though.

I use Ubuquiti gear for my wireless ISP and i use their UniFi APs for when
i do events.

If you need high density wireless, check out Xirrus Wireless access points,
they are awesome.

-Mike
On May 31, 2015 3:30 PM, James Laszko jam...@mythostech.com wrote:

 I don't have a vendor-agnostic answer for you on #1, but as far as a
 vendor - Ruckus Wireless.   We are a partner who sells and deploys and the
 stuff is quite awesome for what you're looking for.  I'd be happy to
 introduce you to relevant people over there for guidance.


 Regards,


 James Laszko
 Mythos Technology Inc
 jam...@mythostech.com


 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Abdullah Medhat
 Sent: Sunday, May 31, 2015 3:07 AM
 To: nanog@nanog.org
 Subject: WiFi courses/vendors recommendation

 Good day all,

 We are looking forward to establish MetroWifi network as a new business
 line in our company, in addition to small/medium events Wifi coverage.

 I have two questions:
 1. What are the required resources/material/training curriculum to let our
 engineers start educating in this? We are looking for the vendor-agnostic
 materials that will give our engineers the WiFi essentials/fundamentals to
 start building a good foundation before evolving to the professional level.

 2. What vendors do you recommend? We need to find a cost-effective yet
 competent option with good pre/post sales service.

 Thanks,

 --

 Abdullah Medhat

Re: AWS Elastic IP architecture

2015-05-31 Thread Matt Palmer 
On Sun, May 31, 2015 at 10:46:02PM -0400, Christopher Morrow wrote:
 So... ok. What does it mean, for a customer of a cloud service, to be
 ipv6 enabled?

IPv6 feature-parity with IPv4.

My must-haves, sorted in order of importance (most to least):

 o Is it most important to be able to terminate ipv6 connections (or
 datagrams) on a VM service for the public to use?
 
 o Is it most important to be able to address ever VM you create with
 an ipv6 address?
 
 o Is it most important to be able to talk to backend services (perhaps
 at your prem) over ipv6?

If, by backend services, you mean things like RDS, S3, etc, this is in the
right place.

 o Is it most important that administrative interfaces to the VM
 systems (either REST/etc interfaces for managing vms or 'ssh'/etc) be
 ipv6 reachable?
 
 I don't see, especially if the vm networking is unique to each
 customer, that 'ipv6 address on vm' is hugely important as a
 first/important goal. I DO see that landing publicly available
 services on an ipv6 endpoint is super helpful.

Being able to address VMs over IPv6 (and have VMs talk to the outside world
over IPv6) is *really* useful.  Takes away the need to NAT anything.

 Would AWS (or any other cloud provider that's not currently up on the
 v6 bandwagon) enabling a loadbalanced ipv6 vip for your public service
 (perhaps not just http/s services even?) be enough to relieve some of
 the pressure on other parties and move the ball forward meaningfully
 enough for the cloud providers and their customers?

No.  I'm currently building an infrastructure which is entirely v6-native
internally; the only parts which are IPv4 are public-facing incoming service
endpoints, and outgoing connections to other parts of the Internet, which
are proxied.  Everything else is talking amongst themselves entirely over
IPv6.

- Matt

-- 
After years of studying math and encountering surprising and
counterintuitive results, I came to accept that math is always reasonable,
by my intuition of what is reasonably is not always reasonable.
-- Steve VanDevender, ASR

Re: AWS Elastic IP architecture

2015-05-31 Thread Andras Toth 
Perhaps if that energy which was spent on raging, instead was spent on
a Google search, then all those words would've been unnecessary.

As it turns out that IPv6 is already available on ELBs since 2011:
https://aws.amazon.com/blogs/aws/elastic-load-balancing-ipv6-zone-apex-support-additional-security/

Official documentation:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses

Netflix is using it already as per their techblog since 2012:
http://techblog.netflix.com/2012/07/enabling-support-for-ipv6.html

Regards,
Andras


On Sat, May 30, 2015 at 11:04 AM, Owen DeLong o...@delong.com wrote:

 On May 29, 2015, at 8:23 AM, Christopher Morrow morrowc.li...@gmail.com 
 wrote:

 On Fri, May 29, 2015 at 3:45 AM, Owen DeLong o...@delong.com wrote:
 Yeah, if it were LISP, they could probably handle IPv6.

 why can't they do v6 with any other encap?

 That’s not my point.

 the encap really doesn't matter at all to the underlying ip protocol
 used, or shouldn't... you decide at the entrance to the 'virtual
 network' that 'thingy is in virtual-network-5 and encap the packet...
 regardless of ip version of the thing you are encapsulating.

 Whatever encapsulation or other system they are using, clearly they can’t do 
 IPv6 for some reason because they outright refuse to even offer so much as a 
 verification that IPv6 is on any sort of roadmap or is at all likely to be 
 considered for deployment any time in the foreseeable future.

 So, my point wasn’t that LISP is the only encapsulation that supports IPv6. 
 Indeed, I didn’t even say that. What I said was that their apparent complete 
 inability to do IPv6 makes it unlikely that they are using an IPv6-capable 
 encapsulation system. Thus, it is unlikely they are using LISP. I only 
 referenced LISP because it was specifically mentioned by the poster to whom I 
 was responding.

 Please try to avoid putting words in my mouth in the future.

 Owen

BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Maqbool Hashim 
Hi,


We are an enterprise that are eBGP multihoming to two ISPs. We wish to load 
balance in inbound and outbound traffic thereby using our capacity as 
efficiently as possible. My current feeling is that it would be crazy for us to 
take a full Internet routing table from either ISP. I have read this document 
from NANOG presentations:


https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rjauact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fnanog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQusg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU


The above document reenforces my opinion that we do not need full routing 
tables. However I was seeking some clarity as there are other documents which 
suggest taking a full routing table would be optimal. I guess it depends on 
our criteria and requirements for load balancing:


- Just care about roughly balancing link utilisation

- Be nice to make some cost savings


We have PI space and two Internet routers one for each ISP. Either of our links 
is sufficient to carry all our traffic, but we want to try and balance 
utilisation to remain within our commits if possible. I am thinking a rough 
approach for us would be:


- Take partial (customer) routes from both providers

- Take defaults from both and pref one


Maybe we can refine the above a bit more, any suggestions would be most welcome!


Many Thanks

Re: AWS Elastic IP architecture

2015-05-31 Thread Matt Palmer 
On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
 Perhaps if that energy which was spent on raging, instead was spent on
 a Google search, then all those words would've been unnecessary.
 
 Official documentation:
 http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses

Congratulations, you've managed to find exactly the same info as Owen
already covered:

Load balancers in a VPC support IPv4 addresses only.

and

Load balancers in EC2-Classic support both IPv4 and IPv6 addresses.

- Matt

Re: AWS Elastic IP architecture

2015-05-31 Thread Andras Toth 
Congratulations for missing the point Matt, when I sent my email
(which by the way went for moderation) there wasn't a discussion about
Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
true as I mentioned in my previous email. I did not state it works
everywhere, but it does work.

In fact as Owen mentioned the following, I assumed he is talking about
Classic because this statement is only true there. In VPC you can
define your own IP subnets and it can overlap with other customers, so
basically everyone can have their own 10.0.0.0/24 for example.
They are known to be running multiple copies of RFC-1918 in disparate
localities already. In terms of scale, modulo the nightmare that must
make of their management network and the fragility of what happens
when company A in datacenter A wants to talk to company A in
datacenter B and they both have the same 10-NET addresses

Andras


On Sun, May 31, 2015 at 7:18 PM, Matt Palmer mpal...@hezmatt.org wrote:
 On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
 Perhaps if that energy which was spent on raging, instead was spent on
 a Google search, then all those words would've been unnecessary.

 Official documentation:
 http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses

 Congratulations, you've managed to find exactly the same info as Owen
 already covered:

 Load balancers in a VPC support IPv4 addresses only.

 and

 Load balancers in EC2-Classic support both IPv4 and IPv6 addresses.

 - Matt

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Faisal Imtiaz 
If you wish to do outbound traffic engineering, and want to take advantage of 
best paths to different networks (outbound), then you have to take full routes.

Or putting it  another way Taking full routes offers the most flexibility, 
anything else would be a compromise (an acceptable compromise) to overcome some 
existing resource limitations...  

Regards.

Faisal Imtiaz
Snappy Internet  Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

- Original Message -
 From: Maqbool Hashim maqb...@madbull.info
 To: nanog@nanog.org
 Sent: Friday, May 29, 2015 4:36:34 AM
 Subject: BGP Multihoming 2 providers full or partial?
 
 Hi,
 
 
 We are an enterprise that are eBGP multihoming to two ISPs. We wish to load
 balance in inbound and outbound traffic thereby using our capacity as
 efficiently as possible. My current feeling is that it would be crazy for us
 to take a full Internet routing table from either ISP. I have read this
 document from NANOG presentations:
 
 
 https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rjauact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fnanog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQusg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU
 
 
 The above document reenforces my opinion that we do not need full routing
 tables. However I was seeking some clarity as there are other documents
 which suggest taking a full routing table would be optimal. I guess it
 depends on our criteria and requirements for load balancing:
 
 
 - Just care about roughly balancing link utilisation
 
 - Be nice to make some cost savings
 
 
 We have PI space and two Internet routers one for each ISP. Either of our
 links is sufficient to carry all our traffic, but we want to try and balance
 utilisation to remain within our commits if possible. I am thinking a
 rough approach for us would be:
 
 
 - Take partial (customer) routes from both providers
 
 - Take defaults from both and pref one
 
 
 Maybe we can refine the above a bit more, any suggestions would be most
 welcome!
 
 
 Many Thanks

Re: AWS Elastic IP architecture

2015-05-31 Thread tvest 
Point of clarification: AWS customer IP subnets can overlap, but customer VPCs  
that encompass overlapping subnets cannot peer with each other. In other words, 
the standard arguments in favor of address uniqueness still apply.

TV

On May 31, 2015 7:23:37 AM EDT, Andras Toth diosbej...@gmail.com wrote:
Congratulations for missing the point Matt, when I sent my email
(which by the way went for moderation) there wasn't a discussion about
Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
true as I mentioned in my previous email. I did not state it works
everywhere, but it does work.

In fact as Owen mentioned the following, I assumed he is talking about
Classic because this statement is only true there. In VPC you can
define your own IP subnets and it can overlap with other customers, so
basically everyone can have their own 10.0.0.0/24 for example.
They are known to be running multiple copies of RFC-1918 in disparate
localities already. In terms of scale, modulo the nightmare that must
make of their management network and the fragility of what happens
when company A in datacenter A wants to talk to company A in
datacenter B and they both have the same 10-NET addresses

Andras


On Sun, May 31, 2015 at 7:18 PM, Matt Palmer mpal...@hezmatt.org
wrote:
 On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
 Perhaps if that energy which was spent on raging, instead was spent
on
 a Google search, then all those words would've been unnecessary.

 Official documentation:

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses

 Congratulations, you've managed to find exactly the same info as Owen
 already covered:

 Load balancers in a VPC support IPv4 addresses only.

 and

 Load balancers in EC2-Classic support both IPv4 and IPv6 addresses.

 - Matt


-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Faisal Imtiaz 
BGP traffic engineering is kind of like Soda Prefer. that folks have Some 
like Pepsi, some Like Coke, some don't care as long as it is Cold and fizzy.

Depending on who your two providers are, you may be happy with just taking full 
routes, and doing some creative routing (i.e. setting up static routes for 
outbound for specific prefixes, not the most elegant solution).

Remember, BGP allows for Asymmetric routing, as such with default routes, you 
will have traffic coming in from both providers (by default) and traffic going 
out via one of them (by default).

At the end of the day you are most likely to make a decision based on what is 
your cost for having a more powerful router, and how much 'creative routing' 
you want to / need to do.
(My Personal opinion, is that it is a 50/50 decision to upgrade hardware just 
to take full routing tables.. however if there are other reasons or needs, that 
can sway the decision in one direction or the other).

:) 

Faisal Imtiaz
Snappy Internet  Telecom

- Original Message -
 From: Maqbool Hashim maqb...@madbull.info
 To: Joseph Jackson jjack...@aninetworks.net, nanog@nanog.org
 Sent: Sunday, May 31, 2015 8:09:02 AM
 Subject: RE: BGP Multihoming 2 providers full or partial?
 
 Hi,
 
 No the current devices can't support full table (well not from both
 providers) we would need to upgrade.  Really in terms of cost saving just
 want to make sure to not get charged overages because we utilise too much of
 one link and not enough of another.  I don't think the shortest AS path will
 be of that much concern or noticeable for most destinations.
 
 We do however have a set of remote sites which communicate over the Internet
 to our central sites where the transit providers are.  Just general Internet
 at the remote sites- but traffic from remote sites to central sites would be
 the most important.
 
 I am just not sure of exactly how to define the partial routing table
 criteria to our two providers.  Should we just take routes for each provider
 and their peers and a default from both?
 
 The main reason for not taking a full routing table is the cost/inconvenience
 of upgrading existing hardware.
 
 Thanks
 
 -Original Message-
 From: Joseph Jackson [mailto:jjack...@aninetworks.net]
 Sent: 31 May 2015 12:41
 To: Maqbool Hashim; nanog@nanog.org
 Subject: RE: BGP Multihoming 2 providers full or partial?
 
 Can your devices support a full table?
 
 You can load balance  outbound traffic easily with out doing a full table.
 THo that won't be the shortest AS path.  In regards to cost savings how
 were you thinking of doing so?  Does one provider charge more?  Just use the
 cheaper provider.
 
 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Maqbool Hashim
 Sent: Friday, May 29, 2015 3:37 AM
 To: nanog@nanog.org
 Subject: BGP Multihoming 2 providers full or partial?
 
 Hi,
 
 
 We are an enterprise that are eBGP multihoming to two ISPs. We wish to load
 balance in inbound and outbound traffic thereby using our capacity as
 efficiently as possible. My current feeling is that it would be crazy for us
 to take a full Internet routing table from either ISP. I have read this
 document from NANOG presentations:
 
 
 https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rjauact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fnanog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQusg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU
 
 
 The above document reenforces my opinion that we do not need full routing
 tables. However I was seeking some clarity as there are other documents
 which suggest taking a full routing table would be optimal. I guess it
 depends on our criteria and requirements for load balancing:
 
 
 - Just care about roughly balancing link utilisation
 
 - Be nice to make some cost savings
 
 
 We have PI space and two Internet routers one for each ISP. Either of our
 links is sufficient to carry all our traffic, but we want to try and balance
 utilisation to remain within our commits if possible. I am thinking a
 rough approach for us would be:
 
 
 - Take partial (customer) routes from both providers
 
 - Take defaults from both and pref one
 
 
 Maybe we can refine the above a bit more, any suggestions would be most
 welcome!
 
 
 Many Thanks

Re: AWS Elastic IP architecture

2015-05-31 Thread Owen DeLong 
I wasn’t being specific about VPC vs. Classic.

The support for IPv6 in Classic is extremely limited and basically useless for 
99+% of applications.

I would argue that there is, therefore, effectively no meaningful support for 
IPv6 in AWS, period.

What you describe below seems to me that it would only make the situation I 
described worse, not better in the VPC world.

Owen

 On May 31, 2015, at 4:23 AM, Andras Toth diosbej...@gmail.com wrote:
 
 Congratulations for missing the point Matt, when I sent my email
 (which by the way went for moderation) there wasn't a discussion about
 Classic vs VPC yet. The discussion was no ipv6 in AWS which is not
 true as I mentioned in my previous email. I did not state it works
 everywhere, but it does work.
 
 In fact as Owen mentioned the following, I assumed he is talking about
 Classic because this statement is only true there. In VPC you can
 define your own IP subnets and it can overlap with other customers, so
 basically everyone can have their own 10.0.0.0/24 for example.
 They are known to be running multiple copies of RFC-1918 in disparate
 localities already. In terms of scale, modulo the nightmare that must
 make of their management network and the fragility of what happens
 when company A in datacenter A wants to talk to company A in
 datacenter B and they both have the same 10-NET addresses
 
 Andras
 
 
 On Sun, May 31, 2015 at 7:18 PM, Matt Palmer mpal...@hezmatt.org wrote:
 On Sun, May 31, 2015 at 01:38:05AM +1000, Andras Toth wrote:
 Perhaps if that energy which was spent on raging, instead was spent on
 a Google search, then all those words would've been unnecessary.
 
 Official documentation:
 http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html#internet-facing-ip-addresses
 
 Congratulations, you've managed to find exactly the same info as Owen
 already covered:
 
 Load balancers in a VPC support IPv4 addresses only.
 
 and
 
 Load balancers in EC2-Classic support both IPv4 and IPv6 addresses.
 
 - Matt

RE: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Joseph Jackson 
Can your devices support a full table?  

You can load balance  outbound traffic easily with out doing a full table.   
THo that won't be the shortest AS path.  In regards to cost savings how were 
you thinking of doing so?  Does one provider charge more?  Just use the cheaper 
provider.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Maqbool Hashim
Sent: Friday, May 29, 2015 3:37 AM
To: nanog@nanog.org
Subject: BGP Multihoming 2 providers full or partial?

Hi,


We are an enterprise that are eBGP multihoming to two ISPs. We wish to load 
balance in inbound and outbound traffic thereby using our capacity as 
efficiently as possible. My current feeling is that it would be crazy for us to 
take a full Internet routing table from either ISP. I have read this document 
from NANOG presentations:


https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rjauact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fnanog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQusg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU


The above document reenforces my opinion that we do not need full routing 
tables. However I was seeking some clarity as there are other documents which 
suggest taking a full routing table would be optimal. I guess it depends on 
our criteria and requirements for load balancing:


- Just care about roughly balancing link utilisation

- Be nice to make some cost savings


We have PI space and two Internet routers one for each ISP. Either of our links 
is sufficient to carry all our traffic, but we want to try and balance 
utilisation to remain within our commits if possible. I am thinking a rough 
approach for us would be:


- Take partial (customer) routes from both providers

- Take defaults from both and pref one


Maybe we can refine the above a bit more, any suggestions would be most welcome!


Many Thanks

RE: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Maqbool Hashim 
Hi,

No the current devices can't support full table (well not from both providers) 
we would need to upgrade.  Really in terms of cost saving just want to make 
sure to not get charged overages because we utilise too much of one link and 
not enough of another.  I don't think the shortest AS path will be of that much 
concern or noticeable for most destinations.

We do however have a set of remote sites which communicate over the Internet to 
our central sites where the transit providers are.  Just general Internet at 
the remote sites- but traffic from remote sites to central sites would be the 
most important.

I am just not sure of exactly how to define the partial routing table 
criteria to our two providers.  Should we just take routes for each provider 
and their peers and a default from both?

The main reason for not taking a full routing table is the cost/inconvenience 
of upgrading existing hardware.

Thanks

-Original Message-
From: Joseph Jackson [mailto:jjack...@aninetworks.net] 
Sent: 31 May 2015 12:41
To: Maqbool Hashim; nanog@nanog.org
Subject: RE: BGP Multihoming 2 providers full or partial?

Can your devices support a full table?  

You can load balance  outbound traffic easily with out doing a full table.   
THo that won't be the shortest AS path.  In regards to cost savings how were 
you thinking of doing so?  Does one provider charge more?  Just use the cheaper 
provider.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Maqbool Hashim
Sent: Friday, May 29, 2015 3:37 AM
To: nanog@nanog.org
Subject: BGP Multihoming 2 providers full or partial?

Hi,


We are an enterprise that are eBGP multihoming to two ISPs. We wish to load 
balance in inbound and outbound traffic thereby using our capacity as 
efficiently as possible. My current feeling is that it would be crazy for us to 
take a full Internet routing table from either ISP. I have read this document 
from NANOG presentations:


https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rjauact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fnanog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQusg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU


The above document reenforces my opinion that we do not need full routing 
tables. However I was seeking some clarity as there are other documents which 
suggest taking a full routing table would be optimal. I guess it depends on 
our criteria and requirements for load balancing:


- Just care about roughly balancing link utilisation

- Be nice to make some cost savings


We have PI space and two Internet routers one for each ISP. Either of our links 
is sufficient to carry all our traffic, but we want to try and balance 
utilisation to remain within our commits if possible. I am thinking a rough 
approach for us would be:


- Take partial (customer) routes from both providers

- Take defaults from both and pref one


Maybe we can refine the above a bit more, any suggestions would be most welcome!


Many Thanks

RE: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Maqbool Hashim 
Thanks,

So we just need to take a decision on whether we want to pay the price for a 
full routing table, whether it gives us enough value for the expenditure.

-Original Message-
From: Faisal Imtiaz [mailto:fai...@snappytelecom.net] 
Sent: 31 May 2015 13:06
To: Maqbool Hashim
Cc: nanog@nanog.org
Subject: Re: BGP Multihoming 2 providers full or partial?

If you wish to do outbound traffic engineering, and want to take advantage of 
best paths to different networks (outbound), then you have to take full routes.

Or putting it  another way Taking full routes offers the most flexibility, 
anything else would be a compromise (an acceptable compromise) to overcome some 
existing resource limitations...  

Regards.

Faisal Imtiaz
Snappy Internet  Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

- Original Message -
 From: Maqbool Hashim maqb...@madbull.info
 To: nanog@nanog.org
 Sent: Friday, May 29, 2015 4:36:34 AM
 Subject: BGP Multihoming 2 providers full or partial?
 
 Hi,
 
 
 We are an enterprise that are eBGP multihoming to two ISPs. We wish to 
 load balance in inbound and outbound traffic thereby using our 
 capacity as efficiently as possible. My current feeling is that it 
 would be crazy for us to take a full Internet routing table from 
 either ISP. I have read this document from NANOG presentations:
 
 
 https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rj
 auact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fna
 nog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQu
 sg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU
 
 
 The above document reenforces my opinion that we do not need full 
 routing tables. However I was seeking some clarity as there are other 
 documents which suggest taking a full routing table would be optimal. 
 I guess it depends on our criteria and requirements for load balancing:
 
 
 - Just care about roughly balancing link utilisation
 
 - Be nice to make some cost savings
 
 
 We have PI space and two Internet routers one for each ISP. Either of 
 our links is sufficient to carry all our traffic, but we want to try 
 and balance utilisation to remain within our commits if possible. I am 
 thinking a rough approach for us would be:
 
 
 - Take partial (customer) routes from both providers
 
 - Take defaults from both and pref one
 
 
 Maybe we can refine the above a bit more, any suggestions would be 
 most welcome!
 
 
 Many Thanks

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Faisal Imtiaz 
Interesting... is the cost associated with full tables just for the Hardware or 
is the service provider charging extra for the full table.

Faisal Imtiaz
Snappy Internet  Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

- Original Message -
 From: Maqbool Hashim maqb...@madbull.info
 To: Faisal Imtiaz fai...@snappytelecom.net
 Cc: nanog@nanog.org
 Sent: Sunday, May 31, 2015 8:10:51 AM
 Subject: RE: BGP Multihoming 2 providers full or partial?
 
 Thanks,
 
 So we just need to take a decision on whether we want to pay the price for a
 full routing table, whether it gives us enough value for the expenditure.
 
 -Original Message-
 From: Faisal Imtiaz [mailto:fai...@snappytelecom.net]
 Sent: 31 May 2015 13:06
 To: Maqbool Hashim
 Cc: nanog@nanog.org
 Subject: Re: BGP Multihoming 2 providers full or partial?
 
 If you wish to do outbound traffic engineering, and want to take advantage of
 best paths to different networks (outbound), then you have to take full
 routes.
 
 Or putting it  another way Taking full routes offers the most
 flexibility, anything else would be a compromise (an acceptable compromise)
 to overcome some existing resource limitations...
 
 Regards.
 
 Faisal Imtiaz
 Snappy Internet  Telecom
 7266 SW 48 Street
 Miami, FL 33155
 Tel: 305 663 5518 x 232
 
 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
 
 - Original Message -
  From: Maqbool Hashim maqb...@madbull.info
  To: nanog@nanog.org
  Sent: Friday, May 29, 2015 4:36:34 AM
  Subject: BGP Multihoming 2 providers full or partial?
  
  Hi,
  
  
  We are an enterprise that are eBGP multihoming to two ISPs. We wish to
  load balance in inbound and outbound traffic thereby using our
  capacity as efficiently as possible. My current feeling is that it
  would be crazy for us to take a full Internet routing table from
  either ISP. I have read this document from NANOG presentations:
  
  
  https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=rj
  auact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2Fna
  nog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQu
  sg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU
  
  
  The above document reenforces my opinion that we do not need full
  routing tables. However I was seeking some clarity as there are other
  documents which suggest taking a full routing table would be optimal.
  I guess it depends on our criteria and requirements for load balancing:
  
  
  - Just care about roughly balancing link utilisation
  
  - Be nice to make some cost savings
  
  
  We have PI space and two Internet routers one for each ISP. Either of
  our links is sufficient to carry all our traffic, but we want to try
  and balance utilisation to remain within our commits if possible. I am
  thinking a rough approach for us would be:
  
  
  - Take partial (customer) routes from both providers
  
  - Take defaults from both and pref one
  
  
  Maybe we can refine the above a bit more, any suggestions would be
  most welcome!
  
  
  Many Thanks

RE: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Maqbool Hashim 
Just for the hardware and the planning required for migrating to new hardware 
human resource etc.

-Original Message-
From: Faisal Imtiaz [mailto:fai...@snappytelecom.net] 
Sent: 31 May 2015 14:01
To: Maqbool Hashim
Cc: nanog@nanog.org
Subject: Re: BGP Multihoming 2 providers full or partial?

Interesting... is the cost associated with full tables just for the Hardware or 
is the service provider charging extra for the full table.

Faisal Imtiaz
Snappy Internet  Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

- Original Message -
 From: Maqbool Hashim maqb...@madbull.info
 To: Faisal Imtiaz fai...@snappytelecom.net
 Cc: nanog@nanog.org
 Sent: Sunday, May 31, 2015 8:10:51 AM
 Subject: RE: BGP Multihoming 2 providers full or partial?
 
 Thanks,
 
 So we just need to take a decision on whether we want to pay the price 
 for a full routing table, whether it gives us enough value for the 
 expenditure.
 
 -Original Message-
 From: Faisal Imtiaz [mailto:fai...@snappytelecom.net]
 Sent: 31 May 2015 13:06
 To: Maqbool Hashim
 Cc: nanog@nanog.org
 Subject: Re: BGP Multihoming 2 providers full or partial?
 
 If you wish to do outbound traffic engineering, and want to take 
 advantage of best paths to different networks (outbound), then you 
 have to take full routes.
 
 Or putting it  another way Taking full routes offers the most 
 flexibility, anything else would be a compromise (an acceptable 
 compromise) to overcome some existing resource limitations...
 
 Regards.
 
 Faisal Imtiaz
 Snappy Internet  Telecom
 7266 SW 48 Street
 Miami, FL 33155
 Tel: 305 663 5518 x 232
 
 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
 
 - Original Message -
  From: Maqbool Hashim maqb...@madbull.info
  To: nanog@nanog.org
  Sent: Friday, May 29, 2015 4:36:34 AM
  Subject: BGP Multihoming 2 providers full or partial?
  
  Hi,
  
  
  We are an enterprise that are eBGP multihoming to two ISPs. We wish 
  to load balance in inbound and outbound traffic thereby using our 
  capacity as efficiently as possible. My current feeling is that it 
  would be crazy for us to take a full Internet routing table from 
  either ISP. I have read this document from NANOG presentations:
  
  
  https://www.google.com/url?sa=trct=jq=esrc=ssource=webcd=1cad=
  rj 
  auact=8ved=0CCoQFjAAurl=https%3A%2F%2Fwww.nanog.org%2Fmeetings%2F
  na 
  nog41%2Fpresentations%2FBGPMultihoming.pdfei=cyRnVb--FeWY7gbq4oHoAQ
  u sg=AFQjCNFsMx3NZ0Vn4bJ5zJpzFz3senbaqgbvm=bv.93990622,d.ZGU
  
  
  The above document reenforces my opinion that we do not need full 
  routing tables. However I was seeking some clarity as there are 
  other documents which suggest taking a full routing table would be optimal.
  I guess it depends on our criteria and requirements for load balancing:
  
  
  - Just care about roughly balancing link utilisation
  
  - Be nice to make some cost savings
  
  
  We have PI space and two Internet routers one for each ISP. Either 
  of our links is sufficient to carry all our traffic, but we want to 
  try and balance utilisation to remain within our commits if 
  possible. I am thinking a rough approach for us would be:
  
  
  - Take partial (customer) routes from both providers
  
  - Take defaults from both and pref one
  
  
  Maybe we can refine the above a bit more, any suggestions would be 
  most welcome!
  
  
  Many Thanks

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread Mark Tinka 


On 31/May/15 14:09, Maqbool Hashim wrote:

 I am just not sure of exactly how to define the partial routing table 
 criteria to our two providers.  Should we just take routes for each provider 
 and their peers and a default from both?

Since you can't take a full feed from either upstream, partial routes
will mean taking your upstream's own routes + their directly-connected
customers + default.

You may make it more flexible by asking for their peering routes also,
but if these are large global transit providers, that could be the full
BGP table anyway (or 90% of it).

Mark.

Re: BGP Multihoming 2 providers full or partial?

2015-05-31 Thread William Herrin 
On Fri, May 29, 2015 at 4:36 AM, Maqbool Hashim maqb...@madbull.info wrote:
 We are an enterprise that are eBGP multihoming to two ISPs. We wish to load 
 balance in inbound and outbound traffic thereby using our capacity as 
 efficiently as possible. My current feeling is that it would be crazy for us 
 to take a full Internet routing table from either ISP. I have read this 
 document from NANOG presentations:

Hello,

Without a full table you are not protected from partitions. Partitions
are when a particular destination is reachable via one of your ISPs
but not via the other. Without receiving the route, you have no idea
which ISP can reach it.

Partitions happen fairly often but rarely last long (on the order of
minutes). The worst cases tend to be when two backbones get into a
peering dispute. Those have been known to last a week or more. See:
Cogent v. everybody else.

Think of it this way: a partial table is like an unsigned SSL
certificate. Better than static routes but not fully protected.

Regards,
Bill Herrin





-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: http://www.dirtside.com/