Re: [uknof] tail aggregator

[Andy Davidson]

Hi,

Steve wrote:
> Does anyone provide a service whereby you want links to various
> buildings that may be say around London (but other cities in future) and
> they get a tail to that site and aggregate in to their network and
> provide a single pipe to say Telehouse.

That’s an NNI. Does anyone _not_ offer that?

Andy

Re: [uknof] Full table routers

[Andy Davidson]

Hi, John

Feels like quite a fragile implementation once you separate control from 
forwarding.  Will’s suggestion to not use a full table or Tim’s suggestion to 
use PC routers feels way more robust.  You can use these Aristas in 
applications in your network that don’t need full table, and you can do 10s of 
Mpps on a pc router (see Pim from IPng’s presentation 
https://www.swinog.ch/wp-content/uploads/2021/12/Pim-van-Pelt-IPng-Networks-Evolution-of-DPDK-Controlplanes.pdf
 )

Andy


From: uknof  on behalf of John P Bourke 

Date: Wednesday, 28 June 2023 at 21:25
To: Tim Bray , uknof@lists.uknof.org.uk 

Subject: Re: [uknof] Full table routers
Hi

I may have “an” answer.  I think the Americans call this a “Hail Mary Pass”.

I have a bunch Arista 7150s, which are EOL and a disappointment.  But I found 
this.

https://research.kudelskisecurity.com/2015/10/01/hacking-arista-appliances-for-fun-and-profit/#comments

The Arista runs a full Centos 7.6.  You strip out the Arista BGP process and 
BIRD (or FRR I guess) and you have a route server.  I say route server, because 
by pulling the Arista BGP process you have no interaction with the RIB.

Thanks

John

BTW – Not dissing Arista.  The 7150 is a bit of a unicorn in their portfolio, 
using a chipset from Intel which they bought from a startup, which Intel then 
dropped so Arista understandably did not put a lot of effort into beyond the 
High Frequency Trading use cases that this low latency switch is good for.


From: Tim Bray 
Sent: Wednesday, June 28, 2023 6:56 PM
To: uknof@lists.uknof.org.uk
Subject: Re: [uknof] Full table routers

On 28/06/2023 10:27, John P Bourke wrote:
Any recommendations for full table routers.  We don’t need more than 10G.

I used Debian + FRR on HP proliants.   With startech Nics with intel chipset.   
 Unusual, but did the trick.  Help that there was a whole stack of the same 
hardware running services in the same place.They take a while to boot, but 
you can make it faster and I think the newer variants are better.



Software wise, takes a bit of getting used to.   Sometimes conflict between FRR 
and what Debian wants to do for network setup.  Also you can use CAKE :)
  Also run any scripts or monitoring you want onboard (like counting the BFD 
flaps per hour to watch the problems that go away and come back very quickly)

See also distributions that bundle FRR more specifically for networking rather 
than a general distribution.

--

Tim Bray

Huddersfield, GB

t...@kooky.org

+44 7966479015

Re: [uknof] Age Old Question - Juniper vs Cisco

[Andy Davidson]

On 28 Jul 2021, at 08:22, Jody Botham  wrote:
> if you don't need a lot of functionality and just need an IGP + BGP + 
> throughput then that potentially opens the door to other vendors outside of 
> Juniper and Cisco e.g. Arista. If you want a mature MPLS stack then I'd take 
> Arista back off the list etc.

.. or if you would use MPLS simply to deliver L2VPN/L3VPN/VPLS style services, 
try VxLAN instead. Then Arista is back in scope. 

A

Re: [uknof] Amsterdam data centre interconnects

[Andy Davidson]

Hi, John

You wrote:
> Can you tell me who can provide Data Centre interconnects in Amsterdam ?

We at Asteroid have established formal partnerships with some additional 
parties not on your list: A2B (wavelengths and ethernet products), Afiber (Dark 
fibre, wavelength and ethernet products), and Relined (dark fibre).  It would 
be a pleasure to make an introduction to any/all of these parties who have done 
a great job for our mutual customers.

Just as is the case in London, not every operator is in every building.  You 
may be able to order cross-connects between buildings if they share a campus 
environment (this is often possible even between competing operators in the 
Science Park for instance). Therefore the specific A-end and B-end matter.  Do 
drop me a note off-list if you want a colleague based in the city to offer a 
local perspective.

We operate a growing IXP with public peering and vlan aggregation services on 
the science park in NIKHEF, therefore have a bit of experience with these 
different data centre interconnect providers. NIKHEF is the densest single 
building in terms of interconnect opportunity in the country.

Good luck with your build in Amsterdam,
Andy

Re: [uknof] IPv6 default on EE

[Andy Davidson]

Hi,

Catalin Dominte wrote:
> since they [EE] deployed IPv6 in their network (which I think it’s good) I 
> cannot reach certain destinations that are running on IPv4, because 
> they go via IPv6 by default. 

Have you been able to troubleshoot this more?  I thought, based on what I 
learned in relation to this deployment at UKNOF last year that there was a 
DNS64/NAT64 mechanism for v4 resources with an appropriate A record, and a 
464XLAT mechanism for v4 resources which are 'ipv4 literal' - you are not 
served a DNS name by the application for the server end of the resource. 

This should on paper make everything reachable. If it isn't then it may be due 
to something at the content/application end, and of course the actual 'fix' is 
to get the content/application end problem sorted. 

Happy to see another large network deploy v6 to subscribers! 

A

Re: [uknof] WHOIS Syntax Fail

[Andy Davidson]

Hi,

On 17/08/2018, 12:21, James Bensley  wrote:
> For example - AS51551, I want to peer with them so I want their AS-SET
> so that I can accept their routes, and all downstream customer routes.

There’s a couple of subtleties missing from existing replies to the comments in 
the thread you started, so I hope it’s ok to make some comments now.

Firstly, the Internet thanks you for your secure approach to routing 
configuration by filtering based on their IRR data.  For configuring prefix 
filtering of your peers, in order to limit the effect of routing leaks on end 
user enjoyment and security.  You are a knight of the peering realm and my 
horse is forever at your disposal.

Secondly, the AS-SET is something that the peer should communicate to you, 
rather than something that you should ‘detect’.  It is possible that one peer 
may wish to indicate that they wish to send you different prefixes to what they 
send to someone else. For example they may send their global customer routes to 
knights of the peering realm like you, so you should use AS-65534:GLOBAL, 
whereas gutterick serfs should expect the regional or local prefixes and 
therefore a different filter.  Or perhaps there is a product/partner 
relationship that means they want to signal deaggregates or additional 
transited networks to you which they do not want to send to other peers.  The 
point I am trying to make is that your peering partner should indicate the 
as-macro that they wish you to filter against in your BGP setup.  That said, 
it’s reasonable to expect that if you are not negotiating anything special to a 
peer’s usual behaviour you should get the peer’s usual as-macro, but again they 
should explicitly communicate that rather than have you detect it. The usual 
place to explicitly communicate your peering preferences as a peering network 
is peeringdb and Job has made this point already in this thread.

Lastly, remember RPKI, especially if you want to build filters containing 
prefixes being originated by networks in regions where there is poor IRR 
adoption but more wide RPKI adoption.


Best wishes,
Andy

Re: [uknof] UKNOF38 I feel like curry tonight?

[Andy Davidson]

On Mon, Sep 11, 2017 at 11:16:34AM +0100, Tim Chown wrote:
> The Fat Cat is one of the best pubs in Sheffield and is quite 
> close to the venue, maybe a half mile walk along the river.  The 
> Kelham Island Brewery is also right by it.  Not so sure about 
> curry restaurants.

The closest good one to there is 'Seven Spices'.  This is the closest
to the cluster of hotels near the UKNOF meeting hotel too.  They can
cope with larger groups and normally are quiet.

A smaller Deli style place which serve Indian food in Thalis is at
Kelham Island close to the Fat Cat - 'The Bjaji Shop' - ideal for 
small groups, booking recommended, pricier end.

Hopefully if you are staying a little longer in Sheffield you have a
hotel in the city centre, a mile or so South of the meeting hotel.
You can get excellent Indian food in Sheffield, some of my favourites:

Ashoka (typical decent British Curry house, nice cocktails from memory)

Akbars (a total factory, can cope with large groups)

Meveli (has some South Indian dishes).  Arusuvai is better at South
Indian dishes but further out of town.  Worth the trek if you love a
Dosa IMO.

One of Sheffield's many fine breweries makes a beer that's ideal for
pairing with spicy food (Gan Bei by North Union).  If you see it at
an Indian or Oriental food outlet, do try it.

I hope everyone enjoys their visit to the Jewel of the North of
England, we are all excited to have UKNOF back in town. Do drop me a
line if you would like any other culinary advice.


Andy D

Re: [uknof] Trimming the Routing Table

[Andy Davidson]

Hi, —

Alistair wrote:
> As a side note, does anybody have practical experience with taking two tables 
> and
> how this affects FIB and memory? My knowledge tells me that only one table is
> stored in the FIB but both tables must remain in the memory.

Both tables must remain in memory if you are doing soft-reconfiguration inbound 
(“Keep all” in Juniper dialect).  Can turn that off if you support route 
refresh.

Andy

[uknof] Details for tonight's drinks

[Andy Davidson]

Dear colleagues,

A quick reminder about the details and locations for tonight’s dinner & drinks, 
to which all UKNOF and UK Peering Forum delegates are invited.  They 
will take place at The Common Room, Devonshire Street, Sheffield.  Drinks from 
5pm, dinner a little after 6.  Hope you can all make it.

Best wishes,
Andy

Re: [uknof] Pricing - Lit versus Dark Fibre

[Andy Davidson]

Hi,

Charl wrote:
 If for example I was being charged £50K a year for a service from
 AN Other provider for 1Gig (example, sub 40kms) and I had the option
 to get a service from them that was unlit and unmanaged, what would
 I expect to pay?

The competitiveness of the route (amount of demand and supply, both at and 
between A/B ends), the aggregate amount of fibre that your business (might?) 
buy, and your industry sector will have more bearing on your pricing than any 
other factor.  Distance is not key for domestic circuits from most suppliers.

A

Re: [uknof] UK IPv6 Taskforce

[Andy Davidson]

On 4 Sep 2014, at 23:03, Neil J. McRae n...@domino.org wrote:

 sorry Andy but that's complete rubbish!
 
 NAT44 has been a requirement since the very notion of IPV6.

That’s both correct and nothing to do with what I said, I was talking about the 
relative frustrations of having a broken connectivity with only NAT, or a 
broken connection with some end-to-end actual Internet on it.  

 - it may not be desirable but even those that rolled out IPV6 years ago will 
 need it. the only way NAT44 would have been avoidable would have been for 
 everyone on the planet to press the IPV6 button at the same time! the only 
 odds longer than that happening anytime soon is Roy Hodgson being England 
 manager in a years time! 

Agree with what you say about the inevitability of this broken future; giving 
users native v6 and NAT44 gives content companies an opportunity to sidestep 
the brokenness by simply adopting V6.  Delaying v6 to the home doesn’t give 
them an incentive to move.  Doing this early and getting content onto v6 early 
reduces your spend on CGN tin because there’s less content that you can only 
reach on the v4 only internet.

 to cover another point, only the crazy of crazies would think that anyone had 
 a vested interest to slow down V6 deployment, only folks I can see are the 
 existing RIRs and the brokers trying make some money out this situation

CGN tin vendors. :-)

 (btw we made our first live VoLTE call at BT this week, oh and did you know 
 VoLTE needs V6 to work - I can hear something ringing - no - it's not a phone 
 - it's the killer app bell. ;)

Congrats, hope to hear more about it next week in Belfast.

Andy

Re: [uknof] UK IPv6 Taskforce

[Andy Davidson]

Hi,

Brian Candler wrote:
 I'd say that giving users native V6 and NAT44 gives the content 
 companies *no reason whatsoever* to adopt V6, since they know all 
 their content is reachable via the tried-and-tested V4 path anyway.

I'm making an assumption that native v6 end to end will perform better than 
nat44 squashed connectivity, and that web applications will become more 
interactive with more moving parts, so therefore that content 
networks/applications will get more latency sensitive, and therefore also will 
consume more ports per user session.

I am also making an assumption that users will prefer better performing 
websites to bad performing websites and will vote in some number with their 
feet towards better performing sites, and that native (working) v6 will be so 
much better than nat (broken) v4 that a difference will be observed by users.

And I'm making a final assumption that this is well known by sensible content 
assets like Google and why they have gone and done work to dual stack their 
content infrastructure early.

Yes, these are assumptions but is anyone going to stick a bet against them ?  
Other than NeilX, who is known for recreational contraryism. :-)

Andy

Re: [uknof] UK IPv6 Taskforce

[Andy Davidson]

On 5 Sep 2014, at 15:31, Neil J. McRae 
n...@domino.orgmailto:n...@domino.org wrote:

For the applications that work through CGN the difference between CGN and
IPV6 is largely zero from a performance point of view even under load.

No, applications are getting more port grabby, this is incompatible with NAT at 
scale.  I’ve had things like tiles fail to load on Goog maps at busy times when 
tethered to a mobile device and IM sessions being lumpy.  You could in fact say 
that I have been frustrated by NAT and would not have been were I to have 
native v6 through to these services, which does somewhat bring me to the point 
I made this morning that kicked off the discussion :


On 4 Sep 2014, at 15:17, Neil J. McRae 
n...@domino.orgmailto:n...@domino.org wrote:

Also I see IPV6 frustrating users where its been rolled out before it was ready 
which is something that's very bad.

One could make the same comment about frustrated users because of NAT44, which 
is now the only way forward for all of the subscribers to service providers 
which don’t have a v6 plan by now.
“

Andy

Re: [uknof] UK IPv6 Taskforce

[Andy Davidson]

On 4 Sep 2014, at 15:17, Neil J. McRae n...@domino.org wrote:

 Also I see IPV6 frustrating users where its been rolled out before it was 
 ready which is something that's very bad. 

One could make the same comment about frustrated users because of NAT44, which 
is now the only way forward for all of the subscribers to service providers 
which don’t have a v6 plan by now.

A

Re: [uknof] Automatic / Zero Touch Device Configuration

[Andy Davidson]

On 14 Aug 2014, at 12:19, James Bensley 
jwbens...@gmail.commailto:jwbens...@gmail.com wrote:

Is anyone here using Netconf and Yang?

Yes (to Netconf), and extensively.  As you are probably aware, everything that 
we (www.allegro.nethttp://www.allegro.net) sell is provisioned fully 
automatically and can be done directly from our portal by customers.

There is quite a lot more to it than ‘getting a portal to spit Netconf at your 
routers’, the client is separated by several layers of business and security 
logic before a request lands at a workflow manager and the netconf happens.

The reason that there have to be layers between a business requirement (“Hey, 
sell me some bandwidth!!”) and configuration (“conf t, interface blah”..) is 
that the trick you are trying to pull off is configuration of the network 
rather than configuration of any single device.  The best possible outcome you 
have is that the network will consistently and definitively go from one state 
of “production rest” to another state of “production rest” and not have part 
configured services as you move between the two states.  Netconf helps you 
achieve this pretty well thanks to the fact that build into the protocol is the 
concept of candidate and running configuration - you can lock the code, propose 
a change, test a change — on every device — before then committing that change 
to running config.  All of this in an atomic manner too.  (You don’t think we 
would effectively give our customers enable without such safeguards, right ? 
:-) )

Slides 20 to 27 of 
http://www.slideshare.net/andy.d/network-automation-interconnection-tools  show 
some actual real XML in case you want to see some on-the-wire nuts and bolts 
information that describes what I am talking about.  This presentation is quite 
interconnection focussed because it was especially written for 
peer2.orghttp://peer2.org last week in the US, but you will get the idea.

So, why do you ask ?

Andy

Re: [uknof] Bandwidth graphs

[Andy Davidson]

Hi,

Graeme Fowler wrote:
 On 2 May 2014 17:01:09 Charl Tintinger ctintin...@gmail.com wrote:
  Logstash is also worth considering
 +1 to this. Have recently been introduced to logstash and it it is, frankly, 
 brilliant.

+1 to the +1.  If you have a lot of log events and you need to search them 
quickly, the ElasticSearch integration (ELK Stack) is what you are looking 
for.

This is another quite good thing to look at as well :  http://www.graylog2.org/

Maybe doesn't answer the original question about graphing from Ed which I can 
summarise of I'm storing data in a database, now help me turn it into a 
product. :-P  You need to know how it's going to scale so you should be 
looking at Graphite: http://graphite.readthedocs.org/en/latest/ as platform for 
this data that can scale to a modern production sized network.  This tool is 
going to let you store enough data to be interesting (you probably want to 
change the default granularity settings if you are going to use this for 
billing so that you keep detailed poll averages for three months or more, you 
definitely have to carefully ensure that the 
carbon/graphite-web/twisted/whisper software versions are a known good set 
because its very very beta at this stage.  It has a render url api that will 
let you integrate the data into your applications.  You are going to need to 
secure it so that customers can't render each others' data.

I love graphs.

Andy

Re: [uknof] Here is a Challenge

[Andy Davidson]

 Hi,

John Bourke wrote:
 We are about to take receipt of a stream of satellite image data at a 
 rate 150Mbps, growing to 600Mbps over the next four years.
[...]
 As we only have a mandate to distribute to the UK, I am thinking that 
 I can just peer with UK ISPs and deliver the data to their customers.

I don't know whether just peer means exclusively peer, or whether it means 
simply peer in this context. :-)  Simple might be stretching it -- Peering is 
a commercial relationship between two organisations that (should) expect 
mutual/roughly equal, and these days a more significant monetary benefit.  A 
single service and specialist content originator is likely to find it hard to 
reach the commercial expectations of some access networks in the UK.  That 
said, there's a human element to any peering decision too, and your product 
sounds really cool so you will likely get some sessions on the basis that we're 
all nerds and SATELLITES ARE WAY COOL.

Do you have a service now that is basically what you'd do on day one ?  I have 
all manner of scripts at the office that can neatly predict inter-network 
traffic flow that I'd be happy to run on logs that you have.  Essentially 
because I'm a nerd and as previously established... SATELLITES ARE WAY COOL.

Another note - It is likely to be significantly cheaper to try to avoid having 
to lay large capacity into London from Harwell, e.g. by serving content out of 
racks in region and populating/feeding the data cache on smaller links from 
your office for example.  IOW, run the fatter pipes the shortest distance.

Andy
--
Regards, Andy Davidson andy.david...@allegro.net
CTO || Allegro Networks UK
www.allegro.net || Connectivity You Control

Re: [uknof] London Proof Tier 1 - Manchester TCW

[Andy Davidson]

Hi,

Neil wrote:
 IXmanchester and IXLeeds will be useful if they have root name servers
 at them, otherwise will be irrelevant - don't think either of them
 have this currently. 

There's an L-root in Leeds, and the prefix is on the IXLeeds exchange.

If this is your main selection criteria I look forward to your membership 
application. :-)

Best wishes,
Andy

Re: [uknof] London Proof Tier 1 - Manchester TCW

[Andy Davidson]

Hi, 

Ben King wrote:
 now we want to bring a 3rd tier 1 into Manchester TCW, however I want 
 the utopic 'London Proof'
 transit and I am not sure who can truly provide.

There are some options, for example we can provide 1273 on a direct session on 
a router in Manchester, with a useful amount of London resilience.  But I 
encourage you to consider the design - you may want the same providers in both 
London and Manchester to avoid your traffic tromboning the UK when you have 
only a single interconnect with a network in the 'wrong' city to where you both 
have the customer traffic origination/sink.  

London proof means so much more than a session with a router in the correct 
city.  Or even which direction the long haul transmission goes.  Routes from 
the two community run exchanges in the North of England (IXManchester from 
LINX, and IXLeeds) are probably the closest you will get to utopia with regards 
to domestic reach.

IXManchester does 4Gbit on a typical day, IXLeeds hit 2.5Gbit for the first 
time this week.  Critical mass is steadily building in the North and the more 
people who connect to both (and interconnect widely!), the stronger all of our 
networks become.

Andy

Re: [uknof] Allegro Networks | Spap Point

[Andy Davidson]

Hi, Gavin

Gavin Henry Wrote:
 On 27 Sep 2013 20:45, Will Hargrave wrote:
  I went to the launch on Wednesday actually. Looks quite good, being 
  able to quote and deliver services easily could be a great timesaver.
 Did they mention an API in the road map? 

Thanks for spotting the title tag issue which a colleague saw and dealt with 
after your mail. :-)

I am CTO at Allegro and should be able to answer any of your questions or refer 
you to a colleague (and it may be more polite for me to take it off list), but 
since you asked about the API, I can confirm that there is an API (our own 
portal uses the API to quote and provision services).  Other questions may be 
answered on video captured at our demo/launch:  http://youtu.be/jmUN4RPGJ6g

Best wishes,
Andy

Re: [uknof] Transit providers to avoid?

[Andy Davidson]

On 04/05/2013 15:17, Gavin Henry ghe...@suretec.co.uk wrote:

Which providers does everyone avoid for congestion, over provisioning,
latency, reliability etc.?

All of them. :-)  In other words, you might find that you are in a
position to simply peer directly with the originator or consumer of a
substantial amount of your traffic, which means that you remain in the
best possible (most) control of your customer's experience.

Yes, you need transit for 'the rest', but to know who is best means you
understand what traffic is harder to peer off.

Maybe not the answer you were looking for, but certainly worth a thought
if performance is your goal.

Cheers
Andy

Re: [uknof] A dual stack London2012?

[Andy Davidson]

On 12 Jan 2012, at 22:23, Sebastien Lahtinen wrote:

 Most people don't know what IPv6 is and just want the connections to work. No 
 one will be excluded by not having v6 at these games, but it would be open to 
 widespread criticism if major problems develop in the network during the 
 games.

I normally agree with you, Seb :-) but I disagree here.

No greenfield project in 2012 should not be dual stack, because IPv6 is not an 
experiment any more.  It is production safe in hosting environments.  Further, 
it is extremely likely that the Olympic Games will be staged *after* the RIPE 
region v4 runout (and the APNIC v4 runout was long ago), so there is an 
increasing risk that users will be visiting services relating to the Olympics 
through CGNs - debugging performance issues relating to overloaded or broken 
CGNs is going to be pointless, but debugging reachability issues related to 
IPv6 solves the problem for ever.

Users don't need to know what IPv6 is, if we do our job properly.  The 
challenge (largely solved) is for all this to 'just work', as you comment.  CGN 
and v4 life extension makes that harder, end-to-end and dual stack makes that 
easier.


Andy Davidson