Huawei WiFi = Ruckus OEM?
Is it just me? Or do these Huawei wireless APs look like Ruckus APs? http://enterprise.huawei.com/ilink/enenterprise/support/documents/base-network/wirleless-area/index.htm Looks specifically at the A603DE and WA653DE. Even the GUIs look very similar. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
real ARP / CAM limits on Huawei CX600?
Anyone have any good info on how many ARP entries one of the Huawei CX600 routers can take? http://www.huawei.com/en/products/data-communication/metro-services-platform/cx600/index.htm I will be passing about 1000 L2TP tunnels to a router before it, and the subscriber network that will be hitting the interface is about 30K people at any given time. I'm hoping that it's cool ARP-wise and that the bridging that's done internally doesn't break (i.e. Huawei's equivalent to a CAM table) -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com _ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog
high performance open source DHCP solution?
The free DHCP solution, ISC, seems to be having scaling issues (i.e. handling only about 200 DHCPDISCOVER and 20 DHCPRENEW requests), and I was wondering if anyone had any open source suggestions of solutions that could scale much better? (Ideally, I could find a free version of a solution like Nominum, but I know that's asking for much.) Anyone have any suggestions? -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com _ NANOG mailing list NANOG@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog
cheapo UUFB solution for Cisco 7201
I've got a Cisco 7201 with about 500 L2TPv2 tunnels, and I suspect that UUFB (unknown unicast flooding) is resulting in spiking (I put an ACL on to kill broadcast traffic, so I'm sure that's not related). I've googled and don't see anything for the 7201, just the 7600 series. :/ i.e. http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/blocking.html Anyone have any suggestions on (something cheap) that I can put in front of this box to spare it from (what I suspect) is a gateway that unicast floods when a MAC address has aged? To add to my challenges, I'm in Brazil and importing gear is insanely effing difficult. :/ -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
Huawei equiv of Cisco 7201 router and Cisco ME 4924 switch?
I am in Brazil and am having a heckuva time finding a Cisco 7201 router and Cisco ME 4924 switch. Anyone have any ideas on where I could buy these easily? And if not, any suggestions on Huawei equivalents? -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
EAP-SIM authentication for WiFi networks
Can anyone share a working model / solution for EAP-SIM authenticated smart phones on Wi-Fi networks? (Or even EAP-AKA?) i.e. instead of having to login a portal with a user / password or pre-authenticate MAC addresses, have it be seemless if they are already a subscriber. ATT does this with the WISPr client on the iPhones, but I was hoping for something that worked across the board with Android devices for a given carrier. Any suggestions here on who I might talk to? -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
Re: blocking unwanted traffic from hitting gateway
For what it's worth, here are some things I did to cut down on broadcast traffic until I figure out the other pieces --Putting router in between subscribers and gateway (handles thousands of ARP requests every minute much better than Linux) --DCHP relay on one of the northbound interface of the new router (which points towards subscriber gateway) --DHCP unicast settings on the CPE devices Seems to have helped a lot, which leads me to believe it is much more related to broadcast than I previously thought.
blocking unwanted traffic from hitting gateway
I've got about 1000 people hammering a Linux gateway with http requests, but only about 150 of them are authenticated users for the ISP. Once someone authenticates, then I want their traffic to pass through okay. But if they're not an authenticated user, I would like to ideally block those http requests (e.g. Google updater, AV scanners, etc) from ever tying up my web server. Is there some sort of box I could put in front (e.g. OpenBSD pf in transparency mode) or maybe some sort of filter on the webserver? This solution would need to be tied into the authentication services so authenticated users hit the gateway. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
open source DPI suggestions?
Can anyone suggest any open source DPI (deep packet inspection) projects? I am working on various telco projects in emerging markets, but can't quite justify the price for the bigger and more well known players. :/ (Until then, I'll have to rely on some of the more well known Linux and BSD traffic shaping tools) -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
Re: best of breed nowadays in DPI space?
For what it's worth, I just found this great report by Sandvine talking about bandwidth trends in various countries (Gotta enter in an email address, unfortunately) http://www.sandvine.com/news/global_broadband_trends.asp
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
On Apr 9, 2011, at 6:51 AM, John Palmer (NANOG Acct) wrote: OK, its been a year since my Barracuda subscription expired. The unit still stops some spam. I figured that I would go and see what they would do if I tried to renew my subscription EXACTLY one year after it expired. Would their renewal website say Oh, you are at your anniversary date, and renew me for a year? No such luck: They want me to PAY FOR AN ENTIRE YEAR for which I did NOT receive service and then for the current (upcoming year). Sorry - I don't allow myself to be ripped off like that. Sorry Barracuda - you get no money from me and I'll tell everyone I know about this policy of yours. While I agree with you (in theory), in practice, lots of companies do this baloney and there is little you can do if you need their product. In fact, I just got screwed by this policy at Fluke Networks when I tried to renew my subscription to one of their tools.
Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?
On Apr 26, 2011, at 1:54 PM, Dorn Hetzel wrote: Would it turn out to be less expensive to just start a new subscription as if you never had one before? Usually places like this do it by serial number, in which case they don't let you update until you backpay. :)
supporting IPv6 --- what it means exactly?
Is there any clear understanding of what supporting IPv6 means? I recently was told by a vendor that they supported IPv6, and then when I went to go configure an IPv6 address, it was, of course, IPv4. I asked how they supported that, and they said that they supported it because they could pass IPv6 traffic. Well...duh!
best of breed nowadays in DPI space?
I have been recently researching DPI for several projects I am working on, and I recently came across this shoot out between several vendors in 2009 http://www.internetevolution.com/document.asp?doc_id=178633page_number=1 Procera (at that time) emerged the winner for its ability to process P2P traffic (out of 15 participants), and I was wondering what new players, features, or products others might point me to. I am looking for something that does reporting *and* DPI in a distributed environment. That means, I might have several DPI gateways around the country that need to roll up their reporting into one main one. (I also have some other requirements as far as measuring churn reduction and cellular offloading, but I'm not sure that any of the DPI solutions can really do that well.) If anyone has any good contacts in this space, please let me know and I might discuss with them in more detail these opportunities that I'm looking for. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
Re: best of breed nowadays in DPI space?
Those interest in knowing more about the DPI + mobility space (what I'm looking at) might want to check out this Jan 2011 whitepaper. http://www.qosmos.com/resources/whitepapers/new-dpi-challenges-opportunities-lte-era (sorry, sign up required) Not very technical, but a good overview on the subject as it pertains to LTE. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com On Fri, Apr 22, 2011 at 4:06 PM, Rogelio scubac...@gmail.com wrote: I have been recently researching DPI for several projects I am working on, and I recently came across this shoot out between several vendors in 2009 http://www.internetevolution.com/document.asp?doc_id=178633page_number=1 Procera (at that time) emerged the winner for its ability to process P2P traffic (out of 15 participants), and I was wondering what new players, features, or products others might point me to. I am looking for something that does reporting *and* DPI in a distributed environment. That means, I might have several DPI gateways around the country that need to roll up their reporting into one main one. (I also have some other requirements as far as measuring churn reduction and cellular offloading, but I'm not sure that any of the DPI solutions can really do that well.) If anyone has any good contacts in this space, please let me know and I might discuss with them in more detail these opportunities that I'm looking for. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
Re: best of breed nowadays in DPI space?
...and of possible interest to those following this thread, here is a PCRF to DPI compatibility matrix. http://broabandtrafficmanagement.blogspot.com/p/pcrf-pcefdpi-compatibility-matrix.html So far, it seems like Sandvine and Bridgewater take the cake when it comes to 3G/4G policy controls (pricy, I'm sure) Sept 2010 PR stuff of their relationship http://www.sys-con.com/node/1550689 On Fri, Apr 22, 2011 at 5:46 PM, Rogelio scubac...@gmail.com wrote: Those interest in knowing more about the DPI + mobility space (what I'm looking at) might want to check out this Jan 2011 whitepaper. http://www.qosmos.com/resources/whitepapers/new-dpi-challenges-opportunities-lte-era (sorry, sign up required) Not very technical, but a good overview on the subject as it pertains to LTE. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com On Fri, Apr 22, 2011 at 4:06 PM, Rogelio scubac...@gmail.com wrote: I have been recently researching DPI for several projects I am working on, and I recently came across this shoot out between several vendors in 2009 http://www.internetevolution.com/document.asp?doc_id=178633page_number=1 Procera (at that time) emerged the winner for its ability to process P2P traffic (out of 15 participants), and I was wondering what new players, features, or products others might point me to. I am looking for something that does reporting *and* DPI in a distributed environment. That means, I might have several DPI gateways around the country that need to roll up their reporting into one main one. (I also have some other requirements as far as measuring churn reduction and cellular offloading, but I'm not sure that any of the DPI solutions can really do that well.) If anyone has any good contacts in this space, please let me know and I might discuss with them in more detail these opportunities that I'm looking for. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
recommendation on vendor for 8 Cisco 7201 routers?
Anyone have any recommendations for a US Cisco shop that can sell me 8 new Cisco 7201 routers? If so, please email me the best person to contact. Thanks -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
best PCRF for pre-paid mobile solutions?
I am researching some PCRF solutions for some work I am doing with non-US operators, and I am looking for features that work well in pre-paid mobile environments, particularly ones that want to cap or charge 3G and WiFi at different rates / levels. Any suggestions or contacts? -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
overview of RAN solutions?
I am wrapping my mind around the myriad of RAN solutions out there, and I would appreciate it if someone had a good overview of the subject or could direct me to new vendors worth investigating. So far, I see ones that are designed to (a) increase coverage, (b) increase capacity, or (c) do some combo of (a) and (b). Some solutions suck in the donor signal (antennas on top of roof) and then blow it back indoors on various frequencies. A good example of this is something like Axell, which doesn't appear to add much capacity, just stretch the existing uplink's capacity by amplifying the signal indoors. Other solutions (IP-RAN, E-RAN, etc) have an Internet / IP component and allow for all sorts of cool things (synchronization between units for soft handoff, etc). SpiderCloud seems to be a good play here. Then there are other niche plays that don't do everything, but seem to be good enough for various applications, like SMS texting. If I remember right, IPAccess did this sort of thing for schools (which is perfect for emergencies). Any others I should look into? I'm primarily interested in carrier-grade ones... -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com
new subscription management tools driven by LTE?
With LTE picking up momentum, what type of new subscription management tools will operators need? (e.g. control complexities of billions of mobile data transactions, personalized billing, centralized control across various licensed and unlicensed bands, alerts when limits reached, etc.) Bridgewater is one that I have been looking at lately... http://www.bridgewatersystems.com/LTE.aspx ...but I would be curious as to what other companies are seeing out there.
Other NOGs around the world?
What other network operator groups are there around the world (besides NANOG)? (I'd like to follow them to see what types of issues they see in their countries)
iPad apps tested at cable companies
A lot of cable operators I'm working seem to be doing a lot with the iPad (particularly apps that control TV programming). Is anyone else seeing a lot of this? (Wish I could find a URL of what I was looking at, but can't find anything)
tool to wrangle config file changes
Long story short, a really crappy vendor is being shoved down our NOC's throat. They have a horrid CLI (if you can call it that). People don't understand it (it's non-intuitive) and are screwing up things all the time. In the hopes of coping with the madness, some of us are looking to put together some sort of open source configuration management tool, such as RANCID. Any luck with this on non-standard equipment, particularly ones that DO NOT allow you to output something nice and scriptable (e.g. Cisco's show running-config) (If not RANCID, any other suggestions?)
Re: Policy Based Routing advice
Have you tried set interface instead of set ip? Sent from my iPhone On Aug 12, 2010, at 3:13 PM, Andrey Khomyakov khomyakov.and...@gmail.com wrote: I did try an extended ACL and had the same result. The way I know that it's not working is that I see these packets arriving on a wrong interface on the firewall and therefor being dropped. I actually had to open a CR with Cisco and they verified the config and said nothing is wrong with it. They are escalating and will hopefully get back to me about this. Andrey
Re: Policy Based Routing advice
Hmmm... The reason I recommended that is because I think I remember reading somewhere that the set ip command does not work on point-to-point interfaces. The outbound interface in your config has a /30 assigned to it so maybe it is seeing it as a p-t-p interface? Do you have a less preferred route via that interface for the destination ip's? If not, I don't think your pbr will work either. Sent from my iPhone On Aug 12, 2010, at 3:33 PM, Andrey Khomyakov khomyakov.and...@gmail.com wrote: I dont' think this will work. Here is the formal description of set interface from cisco.com: This action specifies that the packet is forwarded out of the local interface. The interface must be a Layer 3 interface (no switchports), and the destination address in the packet must lie within the IP network assigned to that interface. If the destination address for the packet does not lie within that network, the packet is dropped. Since in my case the packets are destined to random addresses on the webz, my understanding that this will effectively be a drop statement for them. But, no, I have not tried it. On Thu, Aug 12, 2010 at 3:25 PM, Rogelio rgam...@gmail.com wrote: Have you tried set interface instead of set ip? Sent from my iPhone On Aug 12, 2010, at 3:13 PM, Andrey Khomyakov khomyakov.and...@gmail.com wrote: I did try an extended ACL and had the same result. The way I know that it's not working is that I see these packets arriving on a wrong interface on the firewall and therefor being dropped. I actually had to open a CR with Cisco and they verified the config and said nothing is wrong with it. They are escalating and will hopefully get back to me about this. Andrey -- Andrey Khomyakov [khomyakov.and...@gmail.com]
NetApp contact in Bay Area?
Anyone have a good NetApp contact for the Bay Area (East Bay, to be exact). I called their line today to try to get a quote (long story, but this is not an opportunity for a VAR), but their voice mail thingee kept punting me off and I never got to talk to a real person. Thanks in advance
LTE for CCTV projects?
A friend of mine works for a physical security company, and he is looking for LTE vendors who might help him create wireless networks that they can run video over. Up to this point, they've used 5.x GHz (802.11a and now 802.11n) for most everything, with 4.9 GHz in certain cases where they could apply for the license. Recently, however, he has been aggressively reaching out to LTE vendors. I asked why LTE instead of WiMAX (which is more baked when it comes to large CCTV deployments around the world), and he gave the following reasons: --true mobile (not simply souped up local wireless) solution --access to the lower 700 MHz band (which can go farther, for obvious reasons) --access to a public safety block (licensed similar to 4.9 GHz). I've googled d block LTE, but can't determine whether or not he is 100% eligible or not... --While WiMAX has better ROI (for most people, anyway), this isn't too much of an option because their overall ROI is good based on the premium services they offer Anyone else's thoughts on this? I'd be particularly intersted in knowing which LTE vendors might be worth talking to in this dept.
Re: black listing of web traffic
Could it be a dns issue? Some sites trying to resolve your ip address and others don't? Sent from my iPhone On Feb 9, 2010, at 4:47 PM, Andrey Gordon andrey.gor...@gmail.com wrote: Can't find my IP on any of the black lists. Don't have any proxies. Sites that behave poorly are consistent. That is to say that facebook.com, apple.com would always come up without an issue, but cnn.com, forever21.com(i know, don't ask, students), store.apple.com would consistently take forever to come up. Just wanted to check of rate-limiting web clients is a common practice nowdays in the industry. If it's not, it's probably an unlikely cause of my troubles... Thanks, Andrey - Andrey Gordon [andrey.gor...@gmail.com] On Tue, Feb 9, 2010 at 4:40 PM, Geoffrey Keating geo...@geoffk.org wrote: Andrey Gordon andrey.gor...@gmail.com writes: Hi list I have a problem that I can't seem to find a solution to yet. My student network is being NATted out and anyone who's on that network had troubles accessing random websites. For example, going to www.apple.com or www.facebook.com would work great, but store.apple.com would either not load or take forever to open up. I've had that problem last week and thought I tracked it down to the NAT ip being black listed with one of the span black lists. Even though that IP is not used for mail out, that somehow seemed to affect it. Changing it to a different one seemed to solve the problem and I got that original address of the list in the mean time. Changed it back and everything was well, until today. Same symptoms, but now I don't see us listed anywhere. The best description of the symptoms seems to be that that IP is rate limited or something. Anyone seen that? Are there any blacklists for web access? Could it be related to the Pushdo botnet SSL traffic generation, http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100129? Perhaps you have an infected machine and so your IP is being blacklisted and/or rate-limited.
Re: Rackmount Vendors
Charles Wyble wrote: I second that. Worked at several places that used them. Also check out Graybar. They have a will call office in Van Nuys. http://www.graybar.com/ PDU search results for example: http://tinyurl.com/4xh4wg If you're looking for a one stop place, Graybar is great. But if you need better prices, it's often better to shop around and get the stuff individually at other shops.