On 12 May 2012 04:29, Ben Bartsch uwcable...@gmail.com wrote:
Has anyone seen this behavior with BGP IPv6 between Juniper (owned by Level
3, advertising routes correctly, sending default ::/0) and Cisco (6509
running 12.2.58.SXI6 advipservices, receiving all routes fine except
default, hearing
On (2012-04-27 22:05 +), Paul Vixie wrote:
this seems late, compared to the various commitments made to rpki in
recent years. is anybody taking it seriously?
(disclaimer I'm almost completely clueless on RPKI).
If two fails don't make win, then I think ROVER is better solution, doesn't
On (2012-04-23 12:45 +), Leigh Porter wrote:
I have juniper SRX110s that use the magic new multi site IPSec thing.
+1. This is the way to roll OOB, CPE (Cisco ISR, Juniper SRX), RS232
console server (opengear, avocent) and switch if you happen to have modern
gear which support proper OOB
If you try
% sudo ip route add 194.100.7.227/32 dev eth0
% sudo arp -i eth0 -s 194.100.7.227 ff:ff:ff:ff:ff:ff
% ping 194.100.7.227
Chances are that you get ping replies (Cisco VXR, Cisco ISR, Juniper SRX,
Juniper M10i, Juniper M7i, Linksys e4200)
But you also might not be getting replies
On (2012-03-07 07:07 +), Leigh Porter wrote:
What's the nicest way of allowing the ops servers all talk to each VPN
instance? At the moment I just us pretty normal L3VPN techniques so that
every VPN sees routes tagged with the ops VPN target community and so that
the ops VPN sees all
On (2012-03-07 09:46 -), Tim Franklin wrote:
This does occasionally brighten up my day with gems like rip no work and
reset-recycle-bin, so it's not all bad :)
I liked how ssh is secure-telnet, took bit head scratching to enable ssh.
But again, I don't think crappy or good CLI is very
On (2012-03-06 09:24 +), Leigh Porter wrote:
Has anybody had any experience of Huawei Mobile/Metro edge routers? I'm
looking for something that will handle various MPLS services (Layer 2/3),
QinQ with about 10x1Gb Ethernet interfaces (no need for 10G).
How are they compared to
On (2012-03-06 11:05 +0100), Bjørn Mork wrote:
do without docs. On paper they look fine, CLI is worse than IOS, but
honestly if CLI is critical to you, you're probably doing something wrong
anyhow (meaning, systems should be touching routers, not people)
Hmm, we have systems using CLI
On (2012-02-01 09:07 -0800), Owen DeLong wrote:
I would hardly call conserver software a home-baked solution unless you'd
also call anything based on OSS a home-baked solution.
Home-baked, i.e. it's not product you can get shipped and it'll work out of
the box and you have organization
On (2012-01-30 11:08 -0500), Ray Soucy wrote:
What are people using for console servers these days? We've
historically used retired routers with ASYNC ports, but it's time for
an upgrade.
This is very very common thread, replaying couple times a year in various
lists, with to my cursory look
On (2012-01-31 10:01 +), Nick Hilliard wrote:
I like feature list you posted, btw. If there were any console servers out
there with these features, I would buy a bunch of them.
I think OpenGear supports all of them (according to co-worker who tested
them recently), but not 100% sure
On (2012-01-31 11:09 -0800), Owen DeLong wrote:
- IP address mappable to a console port. So that accessing device normally
is 'ssh router' and via OOB 'ssh router.oob' no need to train people
How about normal is 'ssh device' and OOB is 'console device'?
Home-baked systems are certainly
On (2012-01-27 22:40 +0100), bas wrote:
But do you generally agree that the market has a requirement for a
deep-buffer TOR switch?
Or am I crazy for thinking that my customers need such a solution?
No, you're not crazy. If your core is higher rate than your customer, then
you need at
On (2012-01-28 21:06 +0900), Masataka Ohta wrote:
The required amount of memory is merely 150KB.
Assuming we don't support jumbo frames and switch cannot queue sub packet
sizes (normally they can't but VXR at least has 512B cell concept, so
tx-ring is packet size agnostic, but this is just
On (2012-01-28 21:53 +0900), Masataka Ohta wrote:
1.5MB @ 100Mbps is 120ms, which is prohibitively lengthy
even as BE.
The solution is to have less number of classes.
The solution is to per class define max queue size, so user with fewer
queues configured will not use all available buffer
On (2012-01-27 11:35 +0100), Tei wrote:
Theres also a rumour that these new consoles will require internet to
download games. These games can weigth 9 to 20 GB. That may be 30
million users in USA, maybe 50 worldwide.
Source to these rumours?
It seems ridiculous thought, considering you can
On (2012-01-27 17:35 +0100), bas wrote:
Chassis:
Juniper EX8200-8XS512MB/10GE
Cisco WS-X6708-10GE 32MB/10GE (or 24MB)
Cisco N7K-M132XP-12 36MB/10GE
Arista DCS-7548S-LC 48MB/10GE
Brocade BR-MLX-10Gx8-X128MB/10GE (not sure)
1GE
On (2012-01-19 12:10 -0800), jon Heise wrote:
Does anyone have any experience with these two routers, we're looking to
buy one of them but i have little experience dealing with cisco routers
and zero experience with juniper.
It might be because of your schedule/timetable, but you are
On (2012-01-11 17:45 -0500), Justin M. Streiner wrote:
If multicast is used it shouldn't take 150pbps, it should be much lower.
That could be one of the things that helps spur v6 adoption -
multicast being somewhat less of an afterthought :)
While v4 multicast works, and delivering video
On (2012-01-15 09:47 -1000), Antonio Querubin wrote:
This is misguided, IPV6 does no magic to help scale multicast to Internet
scale compared to IPV4.
Actually, IPv6 embedded RP improves scalability over IPv4 MSDP
peering and ASM.
Unfortunately that does exactly nothing to help with
On (2011-12-29 16:56 +0800), Mark Tinka wrote:
On Thursday, December 29, 2011 03:46:48 AM sth...@nethelp.no
wrote:
And there are other platforms, e.g. Juniper M/MX/T, where
there is no concept of punt a packet to software to
forwarded in hardware, or dropped. IPv6 prefixes 64
IOS
On (2011-11-23 09:41 -0500), Mark Radabaugh wrote:
The question is: How does a router break in this manner?It
appears to unintentionally be doing something different with traffic
based on the source address, not the destination address.I
realize this can be done intentionally - but
On (2011-11-23 11:45 -0500), Mark Radabaugh wrote:
I was told the router was reloaded to resolve a CEF issue. Not sure
what was wrong with 'clear cef linecard'.
Or just fixing the broken prefixes/adjacencies and opening CTAC case about
what was wrong with them.
On (2011-10-22 20:38 -0500), Jack Bates wrote:
the route. This seems strange to me. Any idea why a route would be
rejected unless multihop was enabled?
RFC4271 states:
--
- By default (if none of the above conditions apply), the BGP
speaker SHOULD use the IP address of the interface that
On (2011-09-30 01:55 -0400), Christopher Morrow wrote:
when will vendors learn that punting to the RE/RP/smarts for packets
in the fastpath is ... not just 'unwise' but wholesale stupid? :(
What to do with IP options or IPv6 hop-by-hop options? What to do with IPv6
packets which contain
On (2011-09-30 10:09 -0400), Christopher Morrow wrote:
a switch to be used that stops processing this sort of thing, in an
internet core (and honestly most enterprise core) routers, all I want
is packet-in/packet-out. there's no need for anything else, stop
trying to send line-rate packets to
On (2011-09-30 10:45 -0400), Christopher Morrow wrote:
after this long, yes... this is just dumb, there's no reason that the
default should be punt. There are cases (you've brought up a few)
where it's required today because of design limitations, there really
shouldn't be cases like this
One:
Looks like some random person registered this one. The domain and ip do not
look related to cisco even though someone has falsely pasted their logo all
over the site.
Another:
Does seem odd that Cisco would use Go Daddy. My first thought was a
disgruntled (ex) Juniper Employee. Then
On (2011-09-02 10:24 -0400), Jesse McGraw wrote:
I've recently run into a hard-to-troubleshoot issue where,
somewhere out in the greater Internet, someone was silently dropping
packets from my company that happened to be marked with DSCP AF21.
I'd fully expect others to either ignore these
On (2011-09-02 12:02 -0400), valdis.kletni...@vt.edu wrote:
Except you can't actually *guarantee* that QoS works every packet, every time,
during congestion even within the same network. Remember - QoS is just a
marking to shoot the other guy first. If a link ends up overcommitted with
QoS
On (2011-08-13 22:44 +1000), Jeffrey S. Young wrote:
That's interesting and if true would represent a real change. Can you list
the larger SPs in the US that use OSPF?
ATT, L3?
Anyhow I fully agree with the sentiment that in eu/us markets most SP rock
ISIS. At one time when I was shopping
On (2011-07-13 14:08 -0700), Larry Stites wrote:
Given what you know now, if you were 21 and just starting into networking /
communications industry which areas of study or specialty would you
prioritize?
Again? Buy AAPL, INTC and MSFT with loan money and study *cough*, finer things
in life.
On (2011-06-09 00:55 -0700), Owen DeLong wrote:
To be an IPv6 TIer 1, one has to peer with other IPv6 Tier 1s. HE has
aggressively tried to improve the situation through promiscuous peering
in every way possible. If you are interested in peering with HE and
you have a presence at any of the
On (2011-06-09 18:03 +0900), Patrick W. Gilmore wrote:
Even though HE gives away free transit now, Owen said nothing about free
transit.
Yes there might be that some networks are unable physically to connect to HE.
But I'm sure within time HE will have global presence to reach all networks
On (2011-04-29 18:34 -0400), david raistrick wrote:
3) as an a midstream network provider I have almost no motivation to
support this. Sure, my network usage would be reduced - but I (more
or less simplified here, but) make my living on each bit of traffic
I carry - if I offered a way for
On (2010-11-25 21:14 -0800), George Bonser wrote:
Hey George,
9000 MTU internally. We don't deploy any servers anymore with MTU 1500.
MTU 1500 is just plain stupid with any network 100mb ethernet.
I'm big proponent of high MTU, to facilitate user MTU of 1500 while adding
say GRE or IPSEC
On (2010-11-26 12:39 -0500), valdis.kletni...@vt.edu wrote:
That's only half the calculation. The *other* half is if you have gear that
has a packets-per-second issue - if you go to 9000 MTU, you can move 6 times
as
much data in the same packets-per-second. Anybody who's ever had to
trim a
On (2010-11-17 14:40 +0100), Fredy Kuenzler wrote:
We asked some customers what gear they are running, and here is a
short compilation - all these systems were affected by the BGP
flaps:
- Cisco 2821 - c2800nm-advipservicesk9-mz.124-20.T4
- Cisco 2821 -
On (2010-09-14 14:27 +0200), Elmar K. Bins wrote:
I as a networking droid have not much quarrel with that, but I am interested
in how or whether at all others handle this.
About year ago I spent half and hour hacking together base36 and rfc2289
stateless DNS for IPv6. I'm not making any
On (2010-08-28 09:22 +0100), Thomas Mangin wrote:
i suspect that these folk will test better next time. i sure hope so.
Not sure the researcher can afford to buy a ios xr and may not have access to
one !
Indeed.
Also testing is hard, especially so, when you essentially need to reinvent
On (2010-08-28 18:20 +0900), Randy Bush wrote:
a bgp regression suite would not have caught this as it was not a
repeat. but it sure would be useful to implementors.
Naturally 'proving' that non-trivial software works is practically
impossible. But stating what non-existing test-suite would
On (2010-08-28 13:23 +0200), Thomas Mangin wrote:
Those tools are not suitable for regression testing ( I know I wrote exabgp )
not saying they could not be adapted though.
Fizzing may return crashes or issues with the daemon but it is unlikely. You
need predictable input for regression
On (2010-07-25 17:32 +1000), Karl Auer wrote:
The risk of a ULA prefix conflict is for *all practical purposes* zero.
http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+
It wouldn't puke nice graph with 'n', it did try, but never finished.
So if there are
On (2010-07-25 10:28 -0400), valdis.kletni...@vt.edu and Mark Smith wrote
similarly:
http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+
So if there are million assigned ULA's there is 36.5% chance of collision,
if
formula is right.
Bzzt! Wrong,
On (2010-07-24 03:50 -0400), valdis.kletni...@vt.edu wrote:
Firewall != NAT. The former is still needed in IPv6, the latter is not. And
I
suspect that most Joe Sixpacks think of that little box they bought as a
Maybe you are talking strictly in context of residential DSL, in which case
I
On (2010-07-24 02:13 -0700), Owen DeLong wrote:
This is non-technical problem, enterprises of non-trivial size can't
typically even tell without months of research all the devices and software
where they've written down the IP addresses.
Sounds like they haven't written them down very
On (2010-07-19 23:45 -0500), Brad Fleming wrote:
Hey,
: for local rtbh
: for local + remote rtbh
I didn't have much reason for selecting other than it was easy
to identify visually. And obviously, I have safe-guards to not leak
those communities into other networks.
On (2010-03-07 08:41 +1100), Mark Andrews wrote:
Not implementing IPv6 will start to lose them business soon as they
won't be able to reach IPv6 only sites. Not quite yet but soon. While
all the services that there customers want to reach are available over
IPv4 they will be fine. Once
On (2010-03-07 14:21 +0800), Owen DeLong wrote:
While it is more complete than many other countries, there are still rural
areas where it is not, and, the relatively high churn rate in competitive
markets will actually still lead to a need for increasing address allocations
and assignments as
On (2010-03-06 10:07 -0800), Cameron Byrne wrote:
Folks are risking their business and their customers if they don't
have an IPv6 plan, and when i say IPv6 plan i mean IPv6-only. This
list has already examined how polluted the remaining free IPv4 blocks
are ... and as others have pointed
On (2009-07-18 15:58 +0700), Roland Dobbins wrote:
uRPF for 7600/6500 can only be in one mode for the whole box, all
interfaces. This is a major problem in many cases.
I referred to this as 'chassis wide uRPF'. I'm not sure if that is big
issue in many networks. You run uRPF/strict to single
On (2009-03-03 13:50 -0800), Kevin Oberman wrote:
This is only a problem if you have multiple systems running DECnet (or
some other protocol using this) with the same layer 3 address. That
should never happen, so there should be no duplication.
Why would they need to have same L3 address? The
On (2009-02-28 18:05 +0100), sth...@nethelp.no wrote:
show route 195.128.231.0/24 detail
[..omitted..]
AS path: AS2 PA[5]: 39792 35320 AS_TRANS AS_TRANS 35748
AS path: AS4 PA[4]: 35320 3.21 AS_TRANS 35748
AS path: Merged[5]: 39792 35320
On (2009-02-28 22:38 +0100), JAKO Andras wrote:
Hey,
http://standards.ieee.org/regauth/oui/oui.txt
02-07-01 (hex)RACAL-DATACOM
After enabling DECnet routing, the interface MAC address turns to
something like this:
Hardware is BCM1250 Internal MAC, address is
On (2009-01-30 16:33 -0500), Ricky Beam wrote:
That depends on the hardware. I've seen gear running as low as ~8k. I'd
have to consult standard, but I think the max is 10k (10240).
Which standard are you referring to? AFAIK, nothing above 1500 is
standardised
--
++ytti
On (2008-09-13 13:26 -0500), Brandon Ewing wrote:
Hey Brandon,
Are you sure? According to the IOS guide for 3560E/3750E, ip verify is
still an unsupported interface command. I don't have a 3560E handy to test
on, but I know that a non-E 3560 refuses it with a notice regarding how
On (2008-09-11 00:50 -0700), Jo Rhett wrote:
As someone who does a lot of work talking to NOCs trying to chase down
attack sources, I can honestly tell you that I haven't talked to a
single NOC in the last 16 months who had BCP38 on every port, or even on
most of their ports. And the
On (2008-09-04 09:35 -0700), Jo Rhett wrote:
quickly, but that turns out not to be the case. To this day I've never
found a network operator using uRPF on Cisco gear.
(note: network operator. it's probably fine for several-hundred-meg
enterprise sites)
To this day I've never met
801 - 858 of 858 matches
Mail list logo
