RE: link monitoring
We use LibreNMS and smokeping to monitor latency and dropped packets on all our links and setup alerts if they go over a certain threshold. We are working on a script to automatically reroute traffic based on the alerts to route around the bad link to give us time to fix it. Thanks Travis From: NANOG On Behalf Of Baldur Norddahl Sent: Thursday, April 29, 2021 3:39 PM To: nanog@nanog.org Subject: link monitoring Hello We had a 100G link that started to misbehave and caused the customers to notice bad packet loss. The optical values are just fine but we had packet loss and latency. Interface shows FEC errors on one end and carrier transitions on the other end. But otherwise the link would stay up and our monitor system completely failed to warn about the failure. Had to find the bad link by traceroute (mtr) and observe where packet loss started. The link was between a Juniper MX204 and Juniper ACX5448. Link length 2 meters using 2 km single mode SFP modules. What is the best practice to monitor links to avoid this scenarium? What options do we have to do link monitoring? I am investigating BFD but I am unsure if that would have helped the situation. Thanks, Baldur
Re: link monitoring
If I may add one thing I forgot, this post reminded me. In the question I think it was probably a 100G CWDM4 short distance link. When monitoring a 100G coherent (QPSK, 16QAM, whatever) longer distance link, be absolutely sure to poll all of the SNMP OIDs for it the same as if it was a point to point microwave link. Depending on exactly what line card and optic it is, it may behave somewhat similarly to a faded or misaligned radio link under conditions related to degradation of the fiber or the lasers. In particular I'm thinking of coherent 100G linecards that can switch on the fly between 'low FEC' and 'high FEC' payload vs FEC percentage (much as an ACM-capable 18 or 23 GHz band radio would), which should absolutely trigger an alarm. And also the data for FEC decode stress percentage level, etc. On Thu, Apr 29, 2021 at 2:37 PM Lady Benjamin Cannon of Glencoe, ASCE < l...@6by7.net> wrote: > We monitor light levels and FEC values on all links and have thresholds > for early-warning and PRe-failure analysis. > > Short answer is yes we see links lose packets before completely failing > and for dozens of reasons that’s still a good thing, but you need to > monitor every part of a resilient network. > > Ms. Lady Benjamin PD Cannon of Glencoe, ASCE > 6x7 Networks & 6x7 Telecom, LLC > CEO > l...@6by7.net > "The only fully end-to-end encrypted global telecommunications company > in the world.” > > FCC License KJ6FJJ > > Sent from my iPhone via RFC1149. > > On Apr 29, 2021, at 2:32 PM, Eric Kuhnke wrote: > > > The Junipers on both sides should have discrete SNMP OIDs that respond > with a FEC stress value, or FEC error value. See blue highlighted part here > about FEC. Depending on what version of JunOS you're running the MIB for it > may or may not exist. > > > https://kb.juniper.net/InfoCenter/index?page=content=KB36074=MX2008=LIST > > In other equipment sometimes it's found in a sub-tree of SNMP adjacent to > optical DOM values. Once you can acquire and poll that value, set it up as > a custom thing to graph and alert upon certain threshold values in your > choice of NMS. > > Additionally signs of a failing optic may show up in some of the optical > DOM MIB items you can poll: > https://mibs.observium.org/mib/JUNIPER-DOM-MIB/ > > It helps if you have some non-misbehaving similar linecards and optics > which can be polled during custom graph/OID configuration, to establish a > baseline 'no problem' value, which if exceeded will trigger whatever > threshold value you set in your monitoring system. > > On Thu, Apr 29, 2021 at 1:40 PM Baldur Norddahl > wrote: > >> Hello >> >> We had a 100G link that started to misbehave and caused the customers to >> notice bad packet loss. The optical values are just fine but we had packet >> loss and latency. Interface shows FEC errors on one end and carrier >> transitions on the other end. But otherwise the link would stay up and our >> monitor system completely failed to warn about the failure. Had to find the >> bad link by traceroute (mtr) and observe where packet loss started. >> >> The link was between a Juniper MX204 and Juniper ACX5448. Link length 2 >> meters using 2 km single mode SFP modules. >> >> What is the best practice to monitor links to avoid this scenarium? What >> options do we have to do link monitoring? I am investigating BFD but I am >> unsure if that would have helped the situation. >> >> Thanks, >> >> Baldur >> >> >>
Re: link monitoring
We monitor light levels and FEC values on all links and have thresholds for early-warning and PRe-failure analysis. Short answer is yes we see links lose packets before completely failing and for dozens of reasons that’s still a good thing, but you need to monitor every part of a resilient network. Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7 Networks & 6x7 Telecom, LLC CEO l...@6by7.net "The only fully end-to-end encrypted global telecommunications company in the world.” FCC License KJ6FJJ Sent from my iPhone via RFC1149. > On Apr 29, 2021, at 2:32 PM, Eric Kuhnke wrote: > > > The Junipers on both sides should have discrete SNMP OIDs that respond with a > FEC stress value, or FEC error value. See blue highlighted part here about > FEC. Depending on what version of JunOS you're running the MIB for it may or > may not exist. > > https://kb.juniper.net/InfoCenter/index?page=content=KB36074=MX2008=LIST > > In other equipment sometimes it's found in a sub-tree of SNMP adjacent to > optical DOM values. Once you can acquire and poll that value, set it up as a > custom thing to graph and alert upon certain threshold values in your choice > of NMS. > > Additionally signs of a failing optic may show up in some of the optical DOM > MIB items you can poll: https://mibs.observium.org/mib/JUNIPER-DOM-MIB/ > > It helps if you have some non-misbehaving similar linecards and optics which > can be polled during custom graph/OID configuration, to establish a baseline > 'no problem' value, which if exceeded will trigger whatever threshold value > you set in your monitoring system. > >> On Thu, Apr 29, 2021 at 1:40 PM Baldur Norddahl >> wrote: >> Hello >> >> We had a 100G link that started to misbehave and caused the customers to >> notice bad packet loss. The optical values are just fine but we had packet >> loss and latency. Interface shows FEC errors on one end and carrier >> transitions on the other end. But otherwise the link would stay up and our >> monitor system completely failed to warn about the failure. Had to find the >> bad link by traceroute (mtr) and observe where packet loss started. >> >> The link was between a Juniper MX204 and Juniper ACX5448. Link length 2 >> meters using 2 km single mode SFP modules. >> >> What is the best practice to monitor links to avoid this scenarium? What >> options do we have to do link monitoring? I am investigating BFD but I am >> unsure if that would have helped the situation. >> >> Thanks, >> >> Baldur >> >>
Re: link monitoring
The Junipers on both sides should have discrete SNMP OIDs that respond with a FEC stress value, or FEC error value. See blue highlighted part here about FEC. Depending on what version of JunOS you're running the MIB for it may or may not exist. https://kb.juniper.net/InfoCenter/index?page=content=KB36074=MX2008=LIST In other equipment sometimes it's found in a sub-tree of SNMP adjacent to optical DOM values. Once you can acquire and poll that value, set it up as a custom thing to graph and alert upon certain threshold values in your choice of NMS. Additionally signs of a failing optic may show up in some of the optical DOM MIB items you can poll: https://mibs.observium.org/mib/JUNIPER-DOM-MIB/ It helps if you have some non-misbehaving similar linecards and optics which can be polled during custom graph/OID configuration, to establish a baseline 'no problem' value, which if exceeded will trigger whatever threshold value you set in your monitoring system. On Thu, Apr 29, 2021 at 1:40 PM Baldur Norddahl wrote: > Hello > > We had a 100G link that started to misbehave and caused the customers to > notice bad packet loss. The optical values are just fine but we had packet > loss and latency. Interface shows FEC errors on one end and carrier > transitions on the other end. But otherwise the link would stay up and our > monitor system completely failed to warn about the failure. Had to find the > bad link by traceroute (mtr) and observe where packet loss started. > > The link was between a Juniper MX204 and Juniper ACX5448. Link length 2 > meters using 2 km single mode SFP modules. > > What is the best practice to monitor links to avoid this scenarium? What > options do we have to do link monitoring? I am investigating BFD but I am > unsure if that would have helped the situation. > > Thanks, > > Baldur > > >
Re: link monitoring
I'll sell you my Solar Winds license - cheap! Pete Rohrman Stage2 Support 212 497 8000, Opt. 2 On 4/29/21 4:39 PM, Baldur Norddahl wrote: Hello We had a 100G link that started to misbehave and caused the customers to notice bad packet loss. The optical values are just fine but we had packet loss and latency. Interface shows FEC errors on one end and carrier transitions on the other end. But otherwise the link would stay up and our monitor system completely failed to warn about the failure. Had to find the bad link by traceroute (mtr) and observe where packet loss started. The link was between a Juniper MX204 and Juniper ACX5448. Link length 2 meters using 2 km single mode SFP modules. What is the best practice to monitor links to avoid this scenarium? What options do we have to do link monitoring? I am investigating BFD but I am unsure if that would have helped the situation. Thanks, Baldur
link monitoring
Hello We had a 100G link that started to misbehave and caused the customers to notice bad packet loss. The optical values are just fine but we had packet loss and latency. Interface shows FEC errors on one end and carrier transitions on the other end. But otherwise the link would stay up and our monitor system completely failed to warn about the failure. Had to find the bad link by traceroute (mtr) and observe where packet loss started. The link was between a Juniper MX204 and Juniper ACX5448. Link length 2 meters using 2 km single mode SFP modules. What is the best practice to monitor links to avoid this scenarium? What options do we have to do link monitoring? I am investigating BFD but I am unsure if that would have helped the situation. Thanks, Baldur
Re: Myanmar internet - something to think about if you're having a bad day
On Thu, Apr 29, 2021 at 1:55 PM Bradley Huffaker wrote: > > Censorship does not need to be complete to be highly effective. Almost > all regulation, drugs/speeding/etc, is designed to increase the cost to > the point were “most” individuals are discouraged. While VPNs can be used > to bypass China’s Great Firewall the added friction is enough to keep most > happily engaged with easer distractions. > > I'm glad someone noted this... I'd also say that it seems to me that the restrictions are a LOT like 'seatbelt laws' in the US, where most states enforce as a secondary action: "Oh you were speeding AND you aren't wearing a seat belt, bonus fine" (note: I'm a seatbelt user, just using this as an example) and that the censorship COULD be used as a further action for repressing folk: "Oh, you came to our attention for , oh and you're using a VPN to get around #dearleader'srestrictions?? max fine" > > https://fsi.stanford.edu/news/china%E2%80%99s-great-firewall-built-friction-based-censorship-says-margaret-roberts > > On Apr 29, 2021, at 9:31 AM, Sabri Berisha wrote: > > - On Apr 28, 2021, at 11:32 AM, Eric Kuhnke > wrote: > > Hi, > > There's plenty of non technical teenagers in Pakistan with VPN clients on > their phone or laptop who seem perfectly capable of using a VPN to watch > Youtube or access Twitter and other social media, during the periods of > time that the government orders things to be blocked. > > Even my third-grader was able to figure out that she needed a VPN when I > blocked Roblox's IP space (128.116.0.0/17) on my home router. > > Other than, as reports said, soldiers snipping cables in datacenters, > regimes will have a difficult time completely blocking whatever they don't > like. Even China can't do it. > > Thanks, > > Sabri > > >
Re: Myanmar internet - something to think about if you're having a bad day
Censorship does not need to be complete to be highly effective. Almost all regulation, drugs/speeding/etc, is designed to increase the cost to the point were “most” individuals are discouraged. While VPNs can be used to bypass China’s Great Firewall the added friction is enough to keep most happily engaged with easer distractions. https://fsi.stanford.edu/news/china%E2%80%99s-great-firewall-built-friction-based-censorship-says-margaret-roberts > On Apr 29, 2021, at 9:31 AM, Sabri Berisha wrote: > > - On Apr 28, 2021, at 11:32 AM, Eric Kuhnke wrote: > > Hi, > There's plenty of non technical teenagers in Pakistan with VPN clients on > their phone or laptop who seem perfectly capable of using a VPN to watch > Youtube or access Twitter and other social media, during the periods of time > that the government orders things to be blocked. > Even my third-grader was able to figure out that she needed a VPN when I > blocked Roblox's IP space (128.116.0.0/17) on my home router. > > Other than, as reports said, soldiers snipping cables in datacenters, regimes > will have a difficult time completely blocking whatever they don't like. Even > China can't do it. > > Thanks, > > Sabri
Re: Myanmar internet - something to think about if you're having a bad day
- On Apr 28, 2021, at 11:32 AM, Eric Kuhnke wrote: Hi, > There's plenty of non technical teenagers in Pakistan with VPN clients on > their > phone or laptop who seem perfectly capable of using a VPN to watch Youtube or > access Twitter and other social media, during the periods of time that the > government orders things to be blocked. Even my third-grader was able to figure out that she needed a VPN when I blocked Roblox's IP space (128.116.0.0/17) on my home router. Other than, as reports said, soldiers snipping cables in datacenters, regimes will have a difficult time completely blocking whatever they don't like. Even China can't do it. Thanks, Sabri
NIST RPKI Monitor version 2.0
We (NIST) have released a new version of the NIST RPKI Monitor (v2.0): https://www.nist.gov/services-resources/software/nist-rpki-deployment-monitor We are open to adding more features and analyses based on user feedback. Your comments/suggestions are welcome. Thank you. Sriram
Re: Broken Mini-SAS cable removal?
On Fri, Apr 23, 2021 at 10:49 AM Warren Kumari wrote: > > > Does anyone know of a purpose built tool for this? Something that won't get > me on the additional screenings lists? It's not purpose-built, but you may find a traveller hook / Shrum tool useful. Carolina Roller is one manufacturer. Ironically, this tool has been adopted by the locksport community, but is intended for use in textile manufacturing.