Re: Open source Netflow analysis for monitoring AS-to-AS traffic

again all, -Brian On 2024-03-26 19:04, Brian Knight via NANOG wrote: > What's presently the most commonly used open source toolset for monitoring > AS-to-AS traffic? > > I want to see with which ASes I am exchanging the most traffic across my > transits and IX links. I want

Open source Netflow analysis for monitoring AS-to-AS traffic

What's presently the most commonly used open source toolset for monitoring AS-to-AS traffic? I want to see with which ASes I am exchanging the most traffic across my transits and IX links. I want to look for opportunities to peer so I can better sell expansion of peering to upper management.

Re: The Reg does 240/4

AWS this year. Those who may not be trading address blocks are starting to feel the bite.-BrianOn Feb 15, 2024, at 5:31 PM, Tom Beecher wrote:$/IPv4 address peaked in 2021, and has been declining since. On Thu, Feb 15, 2024 at 16:05 Brian Knight via NANOG <nanog@nanog.org> wrote:On 2024-02-15

Re: The Reg does 240/4

On 2024-02-15 13:10, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote: I've said it before, and I'll say it again: The only thing stopping global IPv6 deployment is Netflix continuing to offer services over IPv4. If Netflix dropped IPv4, you would see IPv6 available *everywhere* within a month. As

Re: One Can't Have It Both Ways Re: Streamline the CG-NAT Re: EzIP Re: IPv4 address block

On 2024-01-13 04:03, Brett O'Hara wrote: They have no interest in trying new things or making new technology work without a solid financial reason and there is none for them implementing ipv6. When I left $DAYJOB-1 almost 2 years ago, they had just finished increasing fees on IPv4 blocks

Re: Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

On 2023-11-15 21:47, Christopher Hawker wrote: Hello everyone, Aftab Siddiqui is currently exploring the possibility of using Route Object Authorisations (ROAs) as a potential replacement to LOAs. Separate to this (and unknowing of Aftab's research), I had started a discussion on the RPKI

Re: Zayo woes

On 2023-09-19 09:41, Matthew Petach wrote: On Tue, Sep 19, 2023 at 7:19AM Mike Hammett wrote: [...] I've never understood companies that acquire and don't completely integrate as quickly as they can. Ah, spoken with the voice of someone who's never been in the position of: a) acquiring

Re: Scheduled outage -- Nationwide no driver license updates this weekend

It seems to say more about fluctuating funding and IT management.I seem to recall an issue with the FAA’s NOTAM / TFR database a few weeks back, one that grounded all flights one fine morning. Wasn’t network-related, but the articles I read about the application’s architecture and fault-tolerance

Re: DMARC ViolationAS21299 - 46.42.196.0/24 ASN prepending 255 times

Ask your upstream providers for a BGP community tag that lowers localpref below 100 within their network. Set that community tag on any backup routes along with your (moderate) path prepending. The backup upstream will then install that route only if there is no other way to get to your AS.

Re: Authoritative Resources for Public DNS Pinging

On 2022-02-10 11:42, John Todd wrote: "The Prudent Mariner never relies solely on any single aid to navigation" It's best to ping multiple targets, and take action only if all targets do not return replies. For route tracking a la $VENDOR_C's IP SLA, if possible, we'll ping next-hop IP,

Re: Can it really be this quiet?

Also, lots of people out sick with the ‘rona. Fortunately, Omicron seems much less harmful than other variants. Hope all are staying safe and well. -Brian > On Jan 3, 2022, at 2:06 PM, Josh Luthman wrote: > >  > Likely a parallel between vacation, ie people not touching things, and things

Re: IPv6 woes - RFC

On 2021-09-04 23:33, Mark Tinka wrote: On 9/5/21 04:49, John Levine wrote: I have asked my ISP about IPv6 and their answer is that that they're not opposed to it but since I am the only person who has asked for it, it's quite low on the list of things to do. Supporting the routing and

Re: DPDK and energy efficiency

On 2021-03-05 15:40, Eric Kuhnke wrote: For comparison purposes, I'm curious about the difference in wattage results between: a) Your R640 at 420W running DPDK b) The same R640 hardware temporarily booted from a Ubuntu server live USB, in which some common CPU stress and memory disk/IO

Re: DPDK and energy efficiency

On 2021-03-05 12:22, Etienne-Victor Depasquale wrote: Sure, here goes: https://www.surveymonkey.com/results/SM-BJ9FCT6K9/ Thanks for sharing these results. We run DPDK workloads (Cisco nee Viptela vEdge Cloud) on ESXI. Fwiw, a quick survey of a few of our Dell R640s running mostly vEdge

Re: Famous operational issues

On 2021-02-17 13:28, John Kristoff wrote: On Wed, 17 Feb 2021 14:07:54 -0500 John Curran wrote: I have no idea what outages were most memorable for others, but the Stanford transfer switch explosion in October 1996 resulted in a much of the Internet in the Bay Area simply not being reachable

Re: Ingress filtering on transits, peers, and IX ports

As a final update to this thread, we started blocking spoofed and invalid traffic as of early Thursday morning Nov 19th. So far, knock on wood, no reports of issues from our customer base. In addition, I've been able to verify with the security research team's test tool that we are no longer

Re: Ingress filtering on transits, peers, and IX ports

Randy, thank you for the reminder to look also at what services (L4 ports) should be generally blocked. As I was implementing a similar rule for logging purposes, I discovered an oddity with $VENDOR_C_XR ACLs. I created the following: object-group port TCPUDP-BLOCKED eq 0 eq sunrpc eq

Re: Ingress filtering on transits, peers, and IX ports

fe00::/9 fec0::/10 exit Thanks, -Brian On 2020-10-14 17:43, Brian Knight wrote: So I have put together what I think is a reasonable and complete ACL. From my time in the enterprise world, I know that a good ingress ACL filters out traffic sourcing from: * Bogon blocks, like 0.0.0.0/8

Re: Ingress filtering on transits, peers, and IX ports

CL. I think that's good for an enterprise network, but as an SP, I'm very hesitant to include this. Is this included in anyone else's transit / peer / IX ACL? Is there anything else that I'm not thinking of? Thanks, -Brian On 2020-10-14 09:25, Brian Knight via NANOG wrote: Hi Marcos, T

Re: Ingress filtering on transits, peers, and IX ports

o DoS a single /32 endpoint IP > being targeted, as in common online gaming disputes? > > What volume of pps or Mbps would appear as spurious traffic as a result of > this attack? > > On Tue, Oct 13, 2020 at 3:14 PM Brian Knight via NANOG > wrote: > >> We recently

Re: Ingress filtering on transits, peers, and IX ports

-bcp.pdf Regards. El mar., 13 oct. 2020 a las 19:52, Brian Knight via NANOG () escribió: Hi Mel, My understanding of uRPF is: * Strict mode will permit a packet only if there is a route for the source IP in the RIB, and that route points to the interface where the packet was received * Loose

Re: Ingress filtering on transits, peers, and IX ports

per: > > https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-unicast-rpf.html > > > -mel beckman > >> On Oct 13, 2020, at 3:15 PM, Brian Knight via NANOG wrote: > >> We recently received an email notice from a grou

Ingress filtering on transits, peers, and IX ports

We recently received an email notice from a group of security researchers who are looking at the feasibility of attacks using spoofed traffic. Their methodology, in broad strokes, was to send traffic to our DNS servers with a source IP that looked like it came from our network. Their attacks

Re: Backup over 4G/LTE

In the past couple of years, we deployed CradlePoint IBR650's and IBR600's (with and without wifi respectively). It's a configurable mini-router that can also accept wired access. There is an on-board SIM slot. Downside is that the unit is a bit expensive as a CPE. Lately we have been

Re: RIPE our of IPv4

ucceed, really. But the global end game picture looks more and more bleak to me. > > Frankly, I'm surprised anti-IPv6 people still have employment. > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http:/

Re: RIPE our of IPv4

> On Nov 27, 2019, at 4:04 PM, Mark Andrews wrote: > >  > >> On 28 Nov 2019, at 06:08, Brian Knight wrote: >> >>> On 2019-11-26 17:11, Ca By wrote: >>> On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha >>> wrote: >>>> - On

Re: RIPE our of IPv4

>> On Nov 27, 2019, at 2:54 PM, Brandon Butterworth >> wrote: >> >> On Wed Nov 27, 2019 at 01:08:04PM -0600, Brian Knight wrote: >> None of which matters a damn to almost all of my business eyeball >> customers. They can still get from our networ

Re: RIPE our of IPv4

On 2019-11-26 17:11, Ca By wrote: On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha wrote: - On Nov 26, 2019, at 1:36 AM, Doug Barton do...@dougbarton.us wrote: [snip] there is no ROI at this point. In this kind of environment there needs to be a strong case to invest the capex to

Re: QoS for Office365

> On Jul 9, 2019, at 9:19 AM, Mark Tinka wrote: > > > >> On 9/Jul/19 16:18, Ross Tajvar wrote: >> I think the difficulty lies in appropriately marking the traffic. Like >> Joe said, the IPs are always changing. > > Does anyone know if they are reasonably static in an Express Route scenario?

Re: Multicast traffic % in enterprise network ?

On 2018-08-08 13:49, Mankamana Mishra (mankamis) via NANOG wrote: Hi Every one, Recently we had good discussion over multicast uses in public internet. From discussion, it was pointed out uses of multicast is more with in enterprise. Wanted to understand how much % multicast traffic present in

Re: 60 Hudson Woes

As the engineer working on that Cisco / IBM issue Erik mentioned... ;) I was able to get walk-up, same-day access to the building for myself a few weeks ago (as a customer of DR) and didn’t get my hand slapped for it. DR just created the access ticket with the building and that was enough. It

Re: improving signal to noise ratio from centralized network syslogs

On 2018-02-03 15:49, Scott Weeks wrote: Then, you can watch your network in real time like so (below is all one line): tail -f /var/log/router.log /var/log/switch.log | egrep -vi 'term1|term2|termN' 'egrep -v' takes out all the lines you don't want to see while the syslog messages scroll

Re: Templating/automating configuration

On Wed, 07 Jun 2017 04:23:33 -0500 t...@pelican.org wrote Hi Brian, On Tuesday, 6 June, 2017 21:48, "Brian Knight" m...@knight-networks.com said: Because we had different sources of truth which were written in-house, we wound up rolling our own template engine

Re: Templating/automating configuration

Because we had different sources of truth which were written in-house, we wound up rolling our own template engine in Python. It took about 3 weeks to write the engine and adapt existing templates. Given a circuit ID, it generates the full config for copy and paste into a terminal session. It

Re: DHCPv6 PD & Routing Questions

On Tue, Nov 24, 2015 at 6:34 PM, Baldur Norddahl wrote: > > DHCPv6-PD allows multiple PD requests. But did anyone actually implement > that? I am not aware of any device that will hand out sub delegations on > one interface, notice that it is out of address space and