Re: Ciena 6200 clue?
On 7/3/13 9:32 PM, Christopher Morrow wrote: > honestly? this sounds like typical alu :( > some of their kit requires either proxy-arp from the default-gw (and > no support for default-gw, all of the 'internet' is out the management > ether... on that ether link) or 'can we run ospf with your router?' > > what?? you put ospf processing/handling/debugging (ha!) but you can't > point 0/0 at that ip over -> there?? wtf The older microwave radios were like this. Most other vendors just put a serial console on the product at 9600n8 to do a basic config (power, channel, etc). Not ALU. The radio sets up a PPP connection on the serial port and that connects to a windows laptop (XP sp1 or older, win2k works best). Now do you think they use IP for this? nope! ISO CLNS and ISIS to find the radio. Only after these 5 things go right, may you fire up the java GUI that actually talks to it. After about 10 min, it should be up and might talk to it. Now on the odd chance it does not work (shocking, right?), you get to trouble shoot it. Better break out the Italian to English dictionary, all the error messages are in Italian. Thankfully the IP routing development team does not have these issues. Most possess a good amount of clue. -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net
Re: Ciena 6200 clue?
On Wed, Jul 3, 2013 at 5:41 PM, Phil Bedard wrote: > The ALU 7750/7450, etc. routers have a separate routing > process/configuration for their OOB mgmt and as of the last time I looked > do not support a default gateway. honestly? this sounds like typical alu :( some of their kit requires either proxy-arp from the default-gw (and no support for default-gw, all of the 'internet' is out the management ether... on that ether link) or 'can we run ospf with your router?' what?? you put ospf processing/handling/debugging (ha!) but you can't point 0/0 at that ip over -> there?? wtf :(
Re: Ciena 6200 clue?
Hi, So just for completeness - the box does support a default gateway and it was pretty simple to figure out once we were able to connect to it over the Web UI. The professional services tech who installed this stuff basically copied data off of a spreadsheet and didn't really have any notion of how the thing really worked so he didn't really have any answers. On 2013-07-02, at 7:30 PM, Jason Lixfeld wrote: > So I've got a bunch of Ciena 6200 kit in, with some of their professional > services folks onsite, helping with the initial setup. I know nothing of > this kit, other than from what I'm being told, it's pretty bleeding edge, so > much so that not even many people at Ciena know how to use it. > > The SE who's onsite is apparently claiming that there is no provision to set > a default gateway on the management interface. This seems odd to me. What > is more odd is that we have to buy a manual for it. There isn't an > electronic version available, even. > > I've created an account on their portal, so when that gets approved, I'll see > what sort of documentation I can find, but off the top of anyone's head, does > anyone know how to do this default gateway thing on the management interface? > It's apparently been IP'd properly, so that much is working... > > Thanks in advance. Sorry for the lack of content otherwise.
RE: Ciena 6200 clue?
Right that is the "workaround." :) Phil From: Bryan Fields Sent: 7/3/2013 18:15 To: NANOG list Subject: Re: Ciena 6200 clue? On 7/3/13 5:41 PM, Phil Bedard wrote: > The ALU 7750/7450, etc. routers have a separate routing > process/configuration for their OOB mgmt and as of the last time I looked > do not support a default gateway. Well you can set up multiple static routes. The only route you can't set it 0/0. This will work, though I'd suggest only putting the management routes it needs in it. A:Milhouse>bof# static-route 0.0.0.0/0 next-hop 1.0.0.2 MINOR: SYSTEM #1505 Invalid static route destination prefix - cannot configure default route on the management interface A:Milhouse>bof# static-route 0.0.0.0/1 next-hop 1.0.0.2 *A:Milhouse>bof# static-route 128.0.0.0/1 next-hop 1.0.0.2 *A:Milhouse>bof# show bof === BOF (Memory) === primary-imagenope.jpg primary-config Milhouse/config.cfg address 1.0.0.70/24 active primary-dns 1.0.0.2 dns-domain nope.jpg static-route 0.0.0.0/1 next-hop 1.0.0.2 static-route 128.0.0.0/1 next-hop 1.0.0.2 autonegotiate duplex full speed100 wait 4 persist on no li-local-save no li-separate console-speed115200 === -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net
Re: Ciena 6200 clue?
On 7/3/13 5:41 PM, Phil Bedard wrote: > The ALU 7750/7450, etc. routers have a separate routing > process/configuration for their OOB mgmt and as of the last time I looked > do not support a default gateway. Well you can set up multiple static routes. The only route you can't set it 0/0. This will work, though I'd suggest only putting the management routes it needs in it. A:Milhouse>bof# static-route 0.0.0.0/0 next-hop 1.0.0.2 MINOR: SYSTEM #1505 Invalid static route destination prefix - cannot configure default route on the management interface A:Milhouse>bof# static-route 0.0.0.0/1 next-hop 1.0.0.2 *A:Milhouse>bof# static-route 128.0.0.0/1 next-hop 1.0.0.2 *A:Milhouse>bof# show bof === BOF (Memory) === primary-imagenope.jpg primary-config Milhouse/config.cfg address 1.0.0.70/24 active primary-dns 1.0.0.2 dns-domain nope.jpg static-route 0.0.0.0/1 next-hop 1.0.0.2 static-route 128.0.0.0/1 next-hop 1.0.0.2 autonegotiate duplex full speed100 wait 4 persist on no li-local-save no li-separate console-speed115200 === -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net
Re: Ciena 6200 clue?
On 7/3/13 23:41 , Phil Bedard wrote: The ALU 7750/7450, etc. routers have a separate routing process/configuration for their OOB mgmt and as of the last time I looked do not support a default gateway. Can you still call it a routing process if it's incapable of routing? -e
Re: Ciena 6200 clue?
The ALU 7750/7450, etc. routers have a separate routing process/configuration for their OOB mgmt and as of the last time I looked do not support a default gateway. Phil On 7/2/13 7:30 PM, "Jason Lixfeld" wrote: >So I've got a bunch of Ciena 6200 kit in, with some of their professional >services folks onsite, helping with the initial setup. I know nothing of >this kit, other than from what I'm being told, it's pretty bleeding edge, >so much so that not even many people at Ciena know how to use it. > >The SE who's onsite is apparently claiming that there is no provision to >set a default gateway on the management interface. This seems odd to me. > What is more odd is that we have to buy a manual for it. There isn't an >electronic version available, even. > >I've created an account on their portal, so when that gets approved, I'll >see what sort of documentation I can find, but off the top of anyone's >head, does anyone know how to do this default gateway thing on the >management interface? It's apparently been IP'd properly, so that much >is working... > >Thanks in advance. Sorry for the lack of content otherwise.
Re: Ciena 6200 clue?
On 7/3/2013 1:00 PM, Paul Stewart wrote: On 2013-07-03 3:57 PM, "Brandon Ross" wrote: Everyone knows that attacks against your management interface come from devices not on your management network. By removing the default gateway feature, Ciena is improving the security of your network. It's time we created a BCOP specifying that default gateway functionality be disabled or removed in all network deployments, in the interest of security. Security improvements realized in the last few years by dropping all ICMP and TCP DNS at firewall boundaries, not to mention universal deployment of NAT, were just the first few steps to creating a much more secure Internet. Once disablement of default gateway functionality has been become a common practice, the natural reduction in traffic on the Internet should allow most operators to achieve enormous cost savings by powering off all of their equipment. Awesome - sorry, can't resistŠ. :) Ah, somehow my eyeballs glazed over the excellent sarcasm that was made evident in the last paragraph Either way, my point remains: I want the option. I suspect I'm not alone... -- Jeff Shultz
Re: Ciena 6200 clue?
On 7/3/2013 12:57 PM, Brandon Ross wrote: On Tue, 2 Jul 2013, Jason Lixfeld wrote: The SE who's onsite is apparently claiming that there is no provision to set a default gateway on the management interface. Everyone knows that attacks against your management interface come from devices not on your management network. By removing the default gateway feature, Ciena is improving the security of your network. While my device is not a Ciena, it has the same issue - and I don't think I'm going to be getting attacks against my management interface on a 10.0.x.x network. I want the option to decide for myself. I'm not all that interested in setting up a management VLAN so this one device in my central office will be happy on it's "virtually flat" network. -- Jeff Shultz
Re: Ciena 6200 clue?
On 2013-07-03 3:57 PM, "Brandon Ross" wrote: > >Everyone knows that attacks against your management interface come from >devices not on your management network. By removing the default gateway >feature, Ciena is improving the security of your network. > >It's time we created a BCOP specifying that default gateway functionality >be disabled or removed in all network deployments, in the interest of >security. Security improvements realized in the last few years by >dropping all ICMP and TCP DNS at firewall boundaries, not to mention >universal deployment of NAT, were just the first few steps to creating a >much more secure Internet. > >Once disablement of default gateway functionality has been become a >common >practice, the natural reduction in traffic on the Internet should allow >most operators to achieve enormous cost savings by powering off all of >their equipment. > Awesome - sorry, can't resist. :) Paul
Re: Ciena 6200 clue?
On Tue, 2 Jul 2013, Jason Lixfeld wrote: The SE who's onsite is apparently claiming that there is no provision to set a default gateway on the management interface. Everyone knows that attacks against your management interface come from devices not on your management network. By removing the default gateway feature, Ciena is improving the security of your network. It's time we created a BCOP specifying that default gateway functionality be disabled or removed in all network deployments, in the interest of security. Security improvements realized in the last few years by dropping all ICMP and TCP DNS at firewall boundaries, not to mention universal deployment of NAT, were just the first few steps to creating a much more secure Internet. Once disablement of default gateway functionality has been become a common practice, the natural reduction in traffic on the Internet should allow most operators to achieve enormous cost savings by powering off all of their equipment. -- Brandon Ross Yahoo & AIM: BrandonNRoss +1-404-635-6667ICQ: 2269442 Schedule a meeting: https://doodle.com/brossSkype: brandonross
Re: Ciena 6200 clue?
it's probably fair to point out that practically all optical vendors don't actually understand 'ip' and 'routing' and 'systems management' ... try doing ntp with ONS boxes? got ntpv>1? then ... oops :( never mind the situations where you install a 0/0 route on a management interface/config and STILL have to /32 route particular services out the same GW as 0/0 ... (not cisco, another busted vendor)... optical people... srsly, get with the program. On Tue, Jul 2, 2013 at 7:39 PM, Jeff Shultz wrote: > On 7/2/2013 4:30 PM, Jason Lixfeld wrote: > >> >> The SE who's onsite is apparently claiming that there is no provision >> to set a default gateway on the management interface. This seems odd >> to me. > > > Me too, which is why I've got a call in to another company regarding their > management LAN port that I can't configure with a default gateway either. At > least not using the CLI. > > Is this common and I just noticed it because it happened to me, or is this > some collective engineering brain cramp that just took hold? > > -- > Jeff Shultz > > >
Re: Ciena 6200 clue?
On 7/2/2013 4:30 PM, Jason Lixfeld wrote: The SE who's onsite is apparently claiming that there is no provision to set a default gateway on the management interface. This seems odd to me. Me too, which is why I've got a call in to another company regarding their management LAN port that I can't configure with a default gateway either. At least not using the CLI. Is this common and I just noticed it because it happened to me, or is this some collective engineering brain cramp that just took hold? -- Jeff Shultz
Re: Ciena 6200 clue?
On 7/2/2013 6:30 PM, Jason Lixfeld wrote: So I've got a bunch of Ciena 6200 kit in, with some of their professional services folks onsite, helping with the initial setup. I know nothing of this kit, other than from what I'm being told, it's pretty bleeding edge, so much so that not even many people at Ciena know how to use it. The SE who's onsite is apparently claiming that there is no provision to set a default gateway on the management interface. This seems odd to me. What is more odd is that we have to buy a manual for it. There isn't an electronic version available, even. I've created an account on their portal, so when that gets approved, I'll see what sort of documentation I can find, but off the top of anyone's head, does anyone know how to do this default gateway thing on the management interface? It's apparently been IP'd properly, so that much is working... Thanks in advance. Sorry for the lack of content otherwise. Adding to the useless and pointless: Why is all of this being found out after delivery? -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)
Ciena 6200 clue?
So I've got a bunch of Ciena 6200 kit in, with some of their professional services folks onsite, helping with the initial setup. I know nothing of this kit, other than from what I'm being told, it's pretty bleeding edge, so much so that not even many people at Ciena know how to use it. The SE who's onsite is apparently claiming that there is no provision to set a default gateway on the management interface. This seems odd to me. What is more odd is that we have to buy a manual for it. There isn't an electronic version available, even. I've created an account on their portal, so when that gets approved, I'll see what sort of documentation I can find, but off the top of anyone's head, does anyone know how to do this default gateway thing on the management interface? It's apparently been IP'd properly, so that much is working... Thanks in advance. Sorry for the lack of content otherwise.
