Re: The US government has betrayed the Internet. We need to take it back
This has been known for years so why the sudden list spam Calea in Canada goes into full force jan 1 2014 and yes it was meant to stop pedo bears but it is much farther reaching Sent from my iPhone On 2013-09-06, at 5:33 PM, Scott Weeks sur...@mauigateway.com wrote: --- s...@circlenet.us wrote: From: Sam Moats s...@circlenet.us There only options are to: Disobey the law, unacceptable in my opinion Close down services, noble but I need to eat and you probably want to keep getting email Compromise your principles and obey the law, the path often choosen. So, there's no choice except to get a 5-gallon bucket of gov't-ky jelly and take it? So many things come to mind on your flag-waving emails, I can't think of what to say first. And believe me, that's not usual... ;-) After a while, you'll become raw and probably change your mind. scott
Re: will ISP peer with 2 local WAN routers?
Offer to provide a /29 out of your own arin assigned block works wonders Sent from my iPhone On 2013-08-29, at 7:40 PM, Joe Maimon jmai...@ttec.com wrote: Adam Greene wrote: Hi guys, I have a customer who peers via eBGP with Lightpath aka Cablevision (AS 6128) and Level3 (AS 3356) and wants to do some dual-WAN router redundancy. I am not optimistic for your odds in having 6128 do anything other than /30 for you. (Though even then you still have options, up to and including eem IP takeover) I have heard that carriers will sometimes agree to set up a /29 WAN subnet for a customer and peer with (2) customer routers. Carriers who do that and more are my favorites.
Re: ARIN WHOIS for leads
Lol yet we can't use the side cutters cause we all report to the corporate overlords Sent from my iPhone On 2013-07-26, at 8:18 PM, Jon Lewis jle...@lewis.org wrote: On Fri, 26 Jul 2013, Larry Stites wrote: NANOG : network operators are precisely those who directly assisted in creating the 'magic lamp' and the cork which held the marketing Jeanie inside. The same operators who took the cork out and rubbed the 'magic lamp'... The Jeanie is now out of the bottle and you all are complaining about it, all the while creating new magic, more lamps and more Jeanie's... Go figure. NANOG complaining about being harassed by the marketing technologies it has created... We're also the people at the controls, and the people holding the wire cutters (physical and virtual), so we're not a good demographic to piss off. -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: ARIN WHOIS for leads
Welcome to nanog aka the cold call jungle Sent from my iPhone On 2013-07-25, at 6:31 PM, Otis L. Surratt, Jr. o...@ocosa.com wrote: -Original Message- From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com] Sent: Thursday, July 25, 2013 6:20 PM To: Justin Vocke; nanog@nanog.org Subject: RE: ARIN WHOIS for leads Wouldn't that defeat the purpose of maintaining the whois? Yep! We registered a few domains and get the same thing, I think it's something that people are going to have to live with. :/ I agree. We just politely tell them we are not interested and move on about our day. Some cold callers we have taken up on offers. It just depends who calls and whether or not we are looking for new service. WHOIS Privacy is nice for the domains and we use for some of our domains but not all. We just hate when customers get those scam notices and call us or open tickets about it. Otis Original message From: Justin Vocke justin.vo...@gmail.com Date: 07/25/2013 4:04 PM (GMT-08:00) To: nanog@nanog.org Subject: ARIN WHOIS for leads Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from wholesale carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Re: Prism continued
Only victim in all of this is the poor NSA contractor who had to sift thru my browser history Sent from my iPhone On 2013-06-15, at 4:24 PM, Matthew Petach mpet...@netflight.com wrote: On Thu, Jun 13, 2013 at 7:20 AM, Jon Lewis jle...@lewis.org wrote: On Wed, 12 Jun 2013 goe...@anime.net wrote: cellphones with cameras are probably better for the purposes of covert mass surveillance, especially ones with front facing cameras. far more of them out there, and wireless to boot. suprised everyone gets their panties in a bunch over presumed games console monitoring, what about all your iphones already out there? My iPhone lives in a holster that covers both cameras when not in use or charging. Do you throw a sheet over your gaming console when you're not using it? You'd be amazed at how many hours of footage the government has of the inside of my pants pockets... :D Matt
Re: Data Center Installations
Zip ties have no reason to be in a dc grr Sent from my iPhone On 2013-05-01, at 6:57 PM, Mike Lyon mike.l...@gmail.com wrote: Is hard to beat Monoprice :) But no, I have purchased velcro in bulk from ULine (not the kind for wrapping cable though) and found it to be cheaper and I usually got it the next day for not that much shipping. -Mike On Wed, May 1, 2013 at 4:49 PM, Michael Loftis mlof...@wgops.com wrote: On Wed, May 1, 2013 at 4:33 PM, Mike Lyon mike.l...@gmail.com wrote: For bulk velcro, I found Uline to be fairly cheap. I have to ask, is this an April fools joke? ULine isn't cheap for anything. Monoprice, $13, around $25 delivered depending on where you're at and how yu ship it, for 5x black hook and loop 5yd per roll... vs. ULine $28 (1x black hook and loop 75') and probably about same SH. No easy way to get them to quote SH but last time I ordered from them (they're about the only place to get some stuff) ULine is over 2x as much. Oh and Monoprice has it in quite a few colors if you don't care for black. If you're going for pre-made cable wrap type stuff it's a bit more, but still half or less than ULine. ULine is definitely a supplier of last resort, but they've got a lot of different stuff. -- Mike Lyon 408-621-4826 mike.l...@gmail.com http://www.linkedin.com/in/mlyon
Re: authority to route?
Careful though cause the crayons must be crayola approved Sent from my iPhone On 2012-11-14, at 5:28 PM, joel jaeggli joe...@bogus.com wrote: On 11/14/12 2:40 PM, Joe Abley wrote: On 2012-11-12, at 14:43, Jim Mercer j...@reptiles.org wrote: Is there a common practice of providers to vet / validate requests to advertise blocks? Yes, most providers whose customers request a particular route to be pointed towards them will ask for ambiguous instructions, written on letterhead with crayon, and signed illegibly by someone who may or may not have authority to do so but who in any case cannot be identified clearly by their scrawl. Some providers ask for route objects and appropriate import/export policy in RADB. that fandamently no higher quality an attestation than a LOA but it's a lot easier to read. Ideally the letterhead should be crudely constructed in photoshop and then faxed across a noisy analogue line. Once you have one of those babies in your file, no lawyer can touch you. Joe
Re: RFC becomes Visio
Just be happy they didn't ask for power point Sent from my iPhone On 2012-10-02, at 5:03 PM, William F. Maton Sotomayor wma...@ottix.net wrote: On Tue, 2 Oct 2012, Michael Hallgren wrote: Le mardi 02 octobre 2012 à 23:25 +0200, Dan Luedtke a écrit : On Fri, 2012-09-28 at 19:31 +0100, Nick Hilliard wrote: Here's a visio diagram you can send them: http://www.foobar.org/~nick/bgp-network-diagram.vsd Is there a .png version of it somewhere? The whole thread made my day, I'm eager to see this diagram as well. I don't have this MS Visio thingy you all use to set up your Avian Carrier BGP sessions... Don't use ``MS Visio thingy'', prefer TeX with metapost, PGF/TikZ (or PSTRicks). The output is by far more beautiful, and maintaining the document much more slim. I still miss doing this stuff using gpic/groff. ;-) wfms
Re: Cisco 7206 IOS for PPPoE Termination
You are joking I hope Sent from my iPhone On 2012-09-23, at 3:38 PM, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Dear Paul, Thanks for you reply, May I have those optimization knobs for virtual-template and throttles? Maybe looking into your configurations help me in this field. I will look for the service provider image too. Thanks On Sun, Sep 23, 2012 at 11:17 PM, PC paul4...@gmail.com wrote: For this application, you may wish to consider the service provider images. The latest 15.x(S) image works, as it is the derivative of what was formerly the service-provider oriented 12.2(SRx) images. However, it's unlikely to drop steady state CPU, but it may contain some optimizations for concurrent PPP (re)negotiations on the G2 platform during session recovery. PPPoE will generally handle more users on ethernet as it is easier to push packets on when not dealing with the ATM encapsulations, but to what extent this holds true on the 7200, I can't tell you for sure. I'd also read the broadband aggregation guide under the IOS documentation on cisco.com, and tune all the knobs that may help you, there are some pointers on what items on virtual-templates are punitive in performance, other optional items such as disabling SNMP counters on virtual access interfaces to reduce cpu usage, and other items that may help little by little. There are also various knobs to throttle PPPoE renegotiation rates during recovery. I wish you luck (and consider getting another and/or bigger router to split the load). On Sun, Sep 23, 2012 at 1:23 PM, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Which software you used before for them? On Sun, Sep 23, 2012 at 10:43 PM, Rinse Kloek rinse.kl...@isp.solcon.nl wrote: 6000 PPP users on a NPE-G2 is way too much imho. Currently we do no more than 3000 users on a NPE-G2 with PPPoA. (Max cpu 50%). 5 years ago, we did about 5000 users on a NPE-G2, but as traffic ratio's grow each year the maximum users a NPE-G2 can handle will drop each year. Don't forget an NPE-G2 is a software based plaform, so traffic forwarding is done in software CPU. regards, Rinse Kloek Op 23-9-2012 20:51, Shahab Vahabzadeh schreef: Hello everybody, I am using C7206 VXR NPE-G2 routers as BRAS in my network and the current IOS is *c7200p-adventerprisek9-mz.**124-24.T.bin* on them. Also their memory upgraded to 2GB instead of 1GB. And I have near 6500 online user on each of my BRAS and there is no speciefic feature except aaa with radius and ordinary features. There router is also terminating dot1q too because my PSTN centers traffic comes through dot1q vlans to BRAS es. I think I have some problem with current IOS, My CPU Usage is abnormal and Its near %70 or %80. And when I have a network problem and some of PSTN centers goes down CPU go to %99 and it gets problem to recovery. Do you know any good IOS for me as a service provider to use? I heard that some service providers have near 8000 online user on 7206. Thanks -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: Heads-Up: GoDaddy Broke the Interwebs...
And this is bad why? Sent from my iPhone On 2012-09-11, at 1:14 PM, Jason Bertoch jason_bert...@nwrdc.fsu.edu wrote: Now it's CNN /Jason -Original Message- From: Kyle Creyts [mailto:kyle.cre...@gmail.com] Sent: Tuesday, September 11, 2012 1:55 PM To: Operations Dallas Cc: nanog@nanog.org Subject: Re: Heads-Up: GoDaddy Broke the Interwebs... No DDoS or Anonymous attack appears to have been involved. On Tue, Sep 11, 2012 at 10:54 AM, Kyle Creyts kyle.cre...@gmail.com wrote: http://www.godaddy.com/newscenter/release-view.aspx?news_item_id=410 On Mon, Sep 10, 2012 at 1:27 PM, Operations Dallas operations.tcdal...@hotmail.com wrote: I thought I saw an article on routergod.com from Dance Patrick regarding anycast DNS.. ~oliver Sent via DynaTAC. Please forgive spelling and grammar. -Original Message- From: bill.ing...@t-systems.com Date: Mon, 10 Sep 2012 19:13:27 To: aa...@heyaaron.com; nanog@nanog.org Subject: RE: Heads-Up: GoDaddy Broke the Interwebs... Looks like this may be a DDoS attack from Anonymous: http://techcrunch.com/2012/09/10/godaddy-outage-takes-down-millions-o f-sites/ -Original Message- From: Aaron C. de Bruyn [mailto:aa...@heyaaron.com] Sent: Monday, September 10, 2012 1:07 PM To: NANOG mailing list Subject: Heads-Up: GoDaddy Broke the Interwebs... For the last ~15 minutes I've been receiving complaints about DNS issues. GoDaddy DNS is apparently b0rked. I'm also seeing a lot of tweets about their hosting and VPS being down. I'm unable to access the control panel for one of my customer accounts. -A -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
Re: Update from the NANOG Communications Committee regarding recent off-topic posts
On list spam has been minimal but off list cold call type emails have been mounting for several months Sent from my iPhone On 2012-07-30, at 5:29 PM, Brian Dickson brian.peter.dick...@gmail.com wrote: As a quick update, we've implemented some list settings last week to help to keep spam off the list. New subscribers are moderated until we're comfortable with their posts. We rejected the idea of keyword based message filtering since not only is a lot of work to maintain, it's trivial to get around it if you really want to post banned words. Comments and suggestions are welcome. Matt Griswold, on behalf of the NANOG Communications Committee I've always liked the idea found in xkcd.com/810 ;-). Brian
RE: Rate shaping in Active E FTTx networks
Juniper dynamic application awareness does a decent job and so does the cisco counterpart saves buying more hw From: Erik Muller [er...@buh.org] Sent: Thursday, July 26, 2012 10:21 PM To: nanog@nanog.org Subject: Re: Rate shaping in Active E FTTx networks On 7/26/12 12:45 , Jason Lixfeld wrote: Hi all, I'm trying to gauge what operators are doing to handle per-subscriber Internet access PIR bandwidth in Active E FTTx networks. I presume operators would want to limit the each subscriber to a certain PIR, but within that limit, do things like perform preferential treatment of interactive services like steaming video or Skype, etc., ahead of non-interactive services like FTP. My impression is that a subscriber's physical access in these networks is exponentially larger than their allocated amount of Internet access. This would leave ample room on the physical access access for other services like Voice and IPTV that might run on separate VLANs than the Internet access VLAN. That said, I doubt there's really that much of a concern about allocating PIR on these other service VLANs. So in terms of PIR for Internet access, is there some magic box that sits between the various subscriber aggregation points and the core, which takes care of shaping the subscriber's Internet access PIR, while making sure that the any preferential treatment of interactive services is performed. Is that a lot to ask for one box? The ridiculously deep buffers required in order to shape to PIR vs. police to it (because policing to a PIR is just plain ugly) and the requirements to perform any sort of preferential packet treatment above and beyond that seem like quite a lot to ask of one box. Am I wrong? Who might make a box like this, if it exists? And if not, what are folks using the achieve these results? Thanks in advance for any insights.. I've seen a few deployments using Packeteer's (now BlueCoat) PacketShaper for this purpose; the only downside I've heard with that platform is cost. Sandvine and Fortinet are a couple other options that have different approaches, but have a lot of this functionality rolled in alongside their broader security services. -e
RE: airFiber (text of the 8 minute video)
that statement posted a few days ago saying that the former Motorola Canopy team designed this product turned me off right away From: Greg Ihnen [os10ru...@gmail.com] Sent: Friday, March 30, 2012 6:36 PM To: Dylan Bouterse Cc: 'nanog@nanog.org' Subject: Re: airFiber (text of the 8 minute video) On Mar 30, 2012, at 6:01 PM, Dylan Bouterse wrote: A couple of thoughts. First, it's not fair to compare 24GHz to 2.4 or even 5Gig range due to the wave length. You will get 2.4GHz bleed through walls, windows, etc. VERY close to a 5GHz transmitter you may get some bleed through walls but not reliably. 24GHz will not propagate through objects as it's millimeter wavelength. That coupled with the fact it is a directional PTP product, you will be able to get a good amount of density of 24GHz PTP links using the same frequency in a small area (downtown for instance). The comparison isn't on wavelength, it's on the unlicensed-ness of it. Think CB vs Ham Radio. Where 2.4GHz and 5.8GHz are congested people have no where to go but up. You may not be alone up there. Guys already running 24GHz links might look at the sudden availability of cheap 24GHz gear in a different light. Granted there's many things in AirFiber's favor regarding congestion being less of a problem. The short range and high directivity, high cost, etc, but remember this isn't the only 24GHz product out there. In the kind of places where one of these links might be needed, others might have the same need. If you're thinking about the implications of possible congestion/interference when you're thinking about a link between the main office and the warehouse at a plant to give the guys in the warehouse internet that's not mission critical that's one thing. If it's key infrastructure for your ISP business then things start to look different. The licensed links start looking better regarding reliability down the road because you have a protected frequency. For ISPs out in farm country this is less of an issue, but in the more urban areas it is a concern. You start getting interference to your backhaul and you've got serious issues. You possibly have downgraded service or no service at many towers involving lots of customers. Another point, the GPS on the airFiber will also allow for frequency reuse to a point. I would like to see smaller channel sizes though. I hear it will be a software upgrade down the road. I'm shocked the old Canopy guys didn't code that into the first release to be honest. The GPS/reuse thing is for transmitters that are synced, that is transmitters belonging to the same system. Someone else's system won't be synced with yours and you won't see that benefit. So if you're thinking that's going to help between competitors it won't. Greg Dylan -Original Message- From: Owen DeLong [mailto:o...@delong.com] Sent: Thursday, March 29, 2012 7:18 PM To: Oliver Garraux Cc: NANOG list Subject: Re: airFiber (text of the 8 minute video) On Mar 29, 2012, at 12:33 PM, Oliver Garraux wrote: Also keep in mind this is unlicensed gear (think unprotected airspace). Nothing stops everyone else in town from throwing one up and soon you're drowning in a high noise floor and it goes slow or doesn't work at all. Like what's happened to 2.4GHz and 5.8GHz in a lot of places. There's few urban or semi-urban places where you still can use those frequencies for backhaul. The reason why people pay the big bucks for licenses and gear for licensed frequencies is you're buying insurance it's going to work in the future. Greg I was at Ubiquiti's conference. I don't disagree with what you're saying. Ubiquiti's take on it seemed to be that 24 Ghz would likely never be used to the extent that 2.4 / 5.8 is. They are seeing 24 Ghz as only for backhaul - no connections to end users. I guess point-to-multipoint connections aren't permitted by the FCC for 24 Ghz. AirFiber appears to be fairly highly directional. It needs to be though, as each link uses 100 Mhz, and there's only 250 Mhz available @ 24 Ghz. It also sounded like there was a decent possibility of supporting licensed 21 / 25 Ghz spectrum with AirFiber in the future. Oliver I don't think it's an FCC issue so much as 24Ghz has so much fade tendency with atmospheric moisture that an omnidirectional antenna is about as effective as a resistor coupled to ground (i.e. dummy load). The only way you can get a signal to go any real distance at that frequency is to use a highly directional high-gain antenna at both ends. Owen
Re: Verizon FiOS - is BGP an option?
Peering is generally for a comercial endevor to my understandind fios is a residential service so which are you trying to accomplish Sent from my iPhone On 2012-03-13, at 7:32 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Tue, Mar 13, 2012 at 8:20 PM, Faisal Imtiaz fai...@snappydsl.net wrote: So I have to ask you the big question... Why do you want to do BGP with Comcast or Verizon ? (Over FIOS or Cable ?) Is the intent to Peer with their network ? (which they will rightfully only allow on bigger fatter connections).. 'peer' has many connotations, I think most of the cases of it over FIOS are just: I want bgp so I can announce my prefixes, and see yours/default/etc (which leads to 'multihoming' and other normal (for businesses) activities on the Internet. or Are you trying to delivery your IP's to a End Customer behind that FIOS / Cable Connection ? ... (there a ways to accomplish this without needing their cooperation..) or you are multihomed or you want some semblence of 'the internet is down' so other bits of your infrastructure can take over or you want ... a thousand other things.
Re: NANOG Operational TTL Alert for 160-bit Headers (aka IPv4)
Someone has been drinking the bong water Sent from my iPhone On 2012-03-03, at 5:03 PM, Guru NANOG nanog.g...@gmail.com wrote: Common Misconception - IPv4 is Out of Address Space NANOG Operational TTL Alert for 160-bit Headers (aka IPv4) The 8-bit TTL field is reduced to 4-bits plus two 11 bits stuck at 1 for a long time The new 8-bit fields are: SD11 Packets without the 11 will enter Deep Packet Inspection processing (slow) SD are new Source and Destination Address bits set via the generic 128-bit records 4+8+12+30+6 = 60 + 68 = 128 VRHL+111.T1.000+Port12+30+Frag6 T1 sets the TTL bits - Use T0 at your own risk - VRHL=0101=5 NANOG.GURU.☺
Re: Canadian ops working under a U.S. TN visa
Had 4 HD,s held for a week Sent from my iPhone On 2012-02-16, at 7:59 PM, John Levine jo...@iecc.com wrote: I am in the last-moment phase of moving from Canada to the U.S. for a one-year contract. Tomorrow I will be crossing at the Peace Bridge at Niagara to apply for my TN visa. And here I thought it was just West Virginia and Alabama that required their own separate visas for furriners. ;) Watch out or I'll tell you about the time I was busted at the Rainbow Bridge for undeclared photo albums. R's, John
Re: Console Server Recommendation
Currenly run 80+ raritan ksx boxes under the cc device with zero issue alot more expensive than othe solutions but the single point of touch is a life saver Sent from my iPhone On 2012-01-30, at 6:44 PM, Christopher J. Pilkington c...@0x1.net wrote: On Jan 30, 2012, at 16:52, Robert Hajime Lanning lann...@lanning.cc wrote: Avocent Cyclades ACS uses Cat5 straight through cables to Cisco consoles. We have Cyclades ACS boxen also, but ours require rollover cables, not straight, when talking to a Cisco console. YMMV.
Re: recommendations for external montioring services?
Solar winds as you send in the specific mib required to monitor and a week later it's general release Sent from my iPhone On 2011-12-13, at 7:11 PM, Robert Brockway rob...@timetraveller.org wrote: On Mon, 12 Dec 2011, Eric J Esslinger wrote: I'm not looking to monitor a massive infrastructure: 3 web sites, 2 mail servers (pop,imap,submission port, https webmail), 4 dns servers (including lookups to ensure they're not listening but not talking), and one inbound mx. A few network points to ping to ensure connectivity throughout my system. Scheduled notification windows (for example, during work hours I don't want my phone pinged unless it's everything going offline. Off hours I do. Secondary notifications if problem persists to other users, or in the event of many triggers. That sort of thing). Sensitivity settings (If web server 1 shows down for 5 min, that's not a big deal. Another one if it doesn't respond to repeated queries within 1 minute is a big deal) A Weekly summary of issues would be nice. (especially the 'well it was down for a short bit but we didn't notify as per settings') I don't have a lot of money to throw at this. I Hi Eric. The feature set you are describing should be in any monitoring system worthy of the name. I've used Nagios to good effect for the best part of the last 12 years or so. Before that I used Big Brother, which sucked in various ways. I did an evaluation on a wide variety of FOSS monitoring systems 2-3 years ago and Nagios won at the time (again). Generally I found the alternatives had problems that I considered to be quite serious (such as being overly complicated or doing checks so frequently that they loaded the systems they were supposed to be monitoring[1]). I'm currently trialing Icinga, a fork of Nagios. Puppet can be set up to manage Nagios/Icinga config which cuts down on the admin overhead. Nagios/Icinga can be hooked up to Collectd to provide performance data as well as alert monitoring. One concern about external monitoring services is the level of visibility they need to have in to your network to adequately monitor them. My recommendation is to do a proper risk assessment on the available options. DO have detailed internal monitoring of our systems but sometimes that is not entirely useful, due to the fact that there are a few 'single points of failure' within our network/notification system, not to mention if the monitor itself goes offline it's not exactly going to be able to tell me about it. (and that happened once, right before the mail server decided to stop receiving mail). There are a couple of ways to deal with this. Some monitoring applications can fail-over to a standby server if the primary fails. But this isn't even really necessary. You will arguably gain higher reliability by running multiple _independent_ monitors and have them monitor each other[2]. I have often used this approach. The principal aim here is to guarantee that you are alerted to any single failure (a production service, system or a monitor). Multiple simultaneous failures could still produce a blackspot. It is possible to design a system that will discover multiple simultaneous failures, but it takes more effort and resources. [1] Sometimes I wonder if the people developing certain systems have any operational experience at all. [2] A system designed to fail-over on certain conditions may fail to fail-over, ah, so to speak. Cheers, Rob -- Email: rob...@timetraveller.orgLinux counter ID #16440 IRC: Solver (OFTC Freenode) Web: http://www.practicalsysadmin.com Director, Software in the Public Interest (http://spi-inc.org/) Free Open Source: The revolution that quietly changed the world One ought not to believe anything, save that which can be proven by nature and the force of reason -- Frederick II (26 December 1194 – 13 December 1250)
Re: BGP conf
Why would you want to advertise full verizon routes out to the ix? You shoud only be advertising your own network via ix Sent from my iPhone On 2011-11-01, at 7:59 PM, Edward avanti edward.ava...@gmail.com wrote: Halo, First, I accept this might not really right list for request, have use nsp cisco list but only first post to was succeed, sent several other for past 4 day and none appear (verified by list archive) so please excuse request. I am in need of a cisco config for BGP setup, we have a require to include IX peering at new location as well as our Verizon link, we like to take full bgp from Verizon and send to IX what they send us, I spend days reading google, and so many conflict web site example, so many example seem insecure no prefix list so on. end result to date is only sore eyes, would someone who do same (not need be Verizon) be kind to send us off list working running config (yes without your password heh) or at least how to apply to BGP router including access/prefix list and interfaces so we have an idea on what do, if you take two full BGP feed from two transit carrierin load share and IX, that good, because that our stage three plan, but I can work without two transit. I am not ignorant with cisco 7201, but am total newby to BGP. Best Thanks Edwardo
Telus mail server admin
Looking for a Telus tech with a clue to contact me offline regarding an issue that has arisen this week. DISCLAIMER: This communication and any files transmitted with it may contain information that is privileged or confidential and is intended to be for the use of the individual (s) or entity named above. This material may contain confidential or personal information which may be subject to the provisions of the Municipal Freedom of Information Protection of Privacy Act. If you are not the intended recipient of this communication and any files transmitted with it, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or taking of any action in reliance upon this communication, is strictly prohibited. If you have received this e-mail in error, please contact the sender and delete the original and any copy of this e-mail, and any printout thereof, immediately. Finally, the recipient should check this e-mail and any attachments for the presence of viruses. The Dryden Police Services Board and the Corporation of the City of Dryden accepts no liability for any damage caused by any virus transmitted by this email.
Re: ouch..
Nat444 or frontal labotomy hmm let's see at least with the second I would still be able to make a living as a micro soft network admin;) Sent from my iPhone On 2011-09-14, at 6:07 PM, James Jones ja...@freedomnet.co.nz wrote: On 9/14/11 2:46 PM, Leo Bicknell wrote: In a message written on Thu, Sep 15, 2011 at 09:24:25AM +1200, Don Gould wrote: How many of you have sat and thought about the merit of this web site? Ok, I'll take a swing at your list... * Does Juniper break promises? Yes. * Does Cisco break them? Yes. * What bad things and experiences have you had with Cisco, Juniper? It might take me several days, and many pages to compile that list. * What is the best technology for each company? Cisco: The AGS+ was ahead of its time. Jiniper: The Olive is quite nifty. * Did you know that Cisco has a 100Gb solution? Yes, but I can't afford it. Now, with that out of the way, how much does everyone else hate even the thought of NAT444? :) :) :) Just the thought of NAT444 makes my stomach turn.
RE: OT: Given what you know now, if you were 21 again...
Get an executive MBA then you can dictate to us lowly techs what technology we will use without ever having to know why. Plus you will earn 10x the $$$ by the time you are 30 without having to recertify every couple years. From: Scott Berkman [sc...@sberkman.net] Sent: Wednesday, July 13, 2011 7:01 PM To: Saku Ytti Cc: nanog@nanog.org Subject: Re: OT: Given what you know now, if you were 21 again... Saku nailed it. Learn the networking basics and underlying concepts (OSI!), everything else is an application that runs on that, and can be picked up pretty easily if you understand what it depends on. Wireshark (or your favorite capture tool) is your friend. That said, I feel knowing some of the parallels like *nix and vendor specifics (ie if you know Cisco IOS, many others follow this interface like a standard) really comes in useful over time. -Scott On Thu, 2011-07-14 at 00:28 +0300, Saku Ytti wrote: On (2011-07-13 14:08 -0700), Larry Stites wrote: Given what you know now, if you were 21 and just starting into networking / communications industry which areas of study or specialty would you prioritize? Again? Buy AAPL, INTC and MSFT with loan money and study *cough*, finer things in life. But in all seriousness, networking like I suppose most professions are not about knowing one thing and stopping. It's evolving rather rapidly so most thing you know now are irrelevant in decade or two. What you should learn is how to learn, how to attack problems and learn to love doing both.
RE: Multitenant FWs
Paloalto Networks build some nice gear From: David Oramas [david.ora...@aptel.com.au] Sent: Sunday, May 01, 2011 8:42 PM To: nanog@nanog.org Subject: Multitenant FWs Hi, What do you guys recommend for Multitenant Firewalls with support for over 1,000+ users/contexts? I have looked at Centrinet's Accessmanager and Barracuda NG Firewall. Any other players/products? Many Thanks in advance for the input,
RE: Switch with 24x SFP PVLAN QinQ Layer 2
Rad ETX 1002 and ETX 201A as CPE -Original Message- From: Nick Colton [mailto:ncol...@allophone.net] Sent: Wednesday, March 02, 2011 9:17 AM To: Adam Armstrong Cc: nanog@nanog.org Subject: Re: Switch with 24x SFP PVLAN QinQ Layer 2 Adam, Have you looked at the Calix E7 platform or the Adtran TA5000? Both are Layer 2 only. Nick Colton Allo Communications On Wed, Mar 2, 2011 at 3:19 AM, Adam Armstrong li...@memetic.org wrote: Hi All, I'm scouring the Internet for potential devices to use in a FTTB/FTTP scenario. Requirements are basically just 24/48 SFP ports, PVLAN and selective QinQ. Most devices that fit the requirements are Layer 3, which pushes the cost per port too high. Has anyone come across anything I've not found yet? Thanks, adam.
Re: 6453 routing leaks (January and Today)
Would love a pm on the platform in question Sent from my iPhone On 2011-02-25, at 12:23 PM, Paul Stewart p...@paulstewart.org wrote: Yes, very scary actually Human error is unavoidable - it's going to happen at times - BUT In our communities design, there has been times where we have missed a tag on an inbound customer for example. It scares the crap out of me to think that something like that simple mistake could cause route leakage. Thankfully, anytime it has happened it would caught pretty quickly and fixed - in the meantime the routes simply didn't leave our network (the way it should be). Obviously the scales are different between someone like ourselves and that of TATA - but the principles and common sense remain. Paul -Original Message- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: Friday, February 25, 2011 12:52 PM To: Jared Mauch Cc: NANOG list Subject: Re: 6453 routing leaks (January and Today) On Fri, Feb 25, 2011 at 07:22:36AM -0500, Jared Mauch wrote: Update: I have had a source ask me to post the following: -- snip -- The problem with route leaking was caused by specific routing platform resulting in some peer routes not being properly tagged. We are deploying additional measures to prevent this from happening in the future -- snip -- Hopefully someone learned a lesson about BGP community design, and how it should fail safe by NOT leaking if you accidentally fail to tag a route. Always require a positive match on a route to advertise to peers, not the absence of a negative match. -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
