MTU Problem on Cisco 7606
Hi everybody, I have change my core router from 7206 VXR to 7606 with RSP720 since last 1 month. I had GRE Tunnel in 7206 with one of my regions with this config: interface Tunnel1 ip mtu 1500 ip policy route-map clear-df I have copy this config to new 7606 with the same config but now I have Problem with page load. For example yahoo.com totally does not work. I change Tunnel interface config to: interface Tunnel1 ip tcp adjust-mss 1360 tunnel mode ipip But again does not make difference, for example yahoo.com solve but put another site in trouble. I must notice that my region side router is 7206 VXR and we have not change that router, It is the same as before was. The question is what is different between 7600 and 7200 in MTU? I change *system jumbomtu* to *1526* on 7606 but it does not make any difference. Would you please help me in this field? Thanks IOS on 7606: c7600rsp72043-adventerprisek9-mz.152-4.S4a.bin IOS on 7206: c7200p-adventerprisek9-mz.124-24.T.bin -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
How to catch a cracker in the US?
Hi, I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a customers of mine in the last days. The cracker was successful and caused financial damage / was successful with data theft. I set a trap and finally caught his real IP address - a Comcast user in the US (100% not a proxy or bot). What would be the next steps to pursuit him? If I contact local authorities here in Germany I'm afraid months will pass by and Comcast will have possible already deleted their logs by then (?). Any advice? Thank you! Markus
Re: How to catch a cracker in the US?
On Mar 11, 2014, at 2:00 PM, Markus unive...@truemetal.org wrote: Any advice? Start with CERT-BUND, maybe? Although it's questionable whether or not it's possible to remotely absolutely ascertain whether the attacking machine in question was being operated by miscreants unbeknownst to its actual owner. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
RE: [c-nsp] OAM/CFM question on IOS-XR
Hi, Herro91 Sent: Wednesday, March 05, 2014 6:19 PM 1) I think I should be seeing MIPs in my traceroute when there is a P router in between the two PEs, correct? It is a L2 form of traceroute so it will record only L2 hops configured as MIPs or MEPs. So in a p2p PW there are going to be only PW endpoints as MEPs for a particular Level. 2) If the P router in between these PEs is just a transit node, what configuration is required to create the MIPs? See CFM is meant for L2 OAM where there are no interface ip addresses you can ping to or capture in a traceroute. So in case of an e.g. me3400 connected to your XR box than p2p PW to another XR box than another me3400 as CPE. These four boxes form the L2 domain over which you can utilize CFM to pin-point the failure. You could have the me3400 as MEPs and XR boxes as MIPs for the particular level. This gets handy as the L2 (aggregation) domain at each end of the MPLS cloud gets bigger and it's more difficult to see which L2 box dropped the ball. Regarding the MPLS core in between, well you already have tools to identify the failed P/core box. adam -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Herro91 Sent: Wednesday, March 05, 2014 6:19 PM To: Cisco-nsp; nanog@nanog.org Subject: [c-nsp] OAM/CFM question on IOS-XR Hi, I've been working on a basic configuration for E-OAM starting with one domain. I have CFM working between the PEs (IOS-XR) devices tied to an EoMPLS instance, but have a few questions below: 1) I think I should be seeing MIPs in my traceroute when there is a P router in between the two PEs, correct? 2) If the P router in between these PEs is just a transit node, what configuration is required to create the MIPs? I have seen the MIP autocreate all, but it seems to be tied to a service configuration under CFM which would not apply in the case of a transit/P router. Thanks! ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: XO/TWC problems?
This problem seemed resolved for awhile and now its representing with about 7% packet loss. Looks like someone adjusted the routing a bit at XO. On Mon, Mar 10, 2014 at 9:42 PM, Mikeal Clark mikeal.cl...@gmail.comwrote: No one from XO monitors the list? We have a cpl people from ATT networks reporting the same issues now. On Mon, Mar 10, 2014 at 7:27 PM, Mikeal Clark mikeal.cl...@gmail.comwrote: Glad someone else is seeing it. TWC wasn't much help. Not sure how to follow up on this but I have 3 sites that can't stay online because of it. On Mon, Mar 10, 2014 at 6:59 PM, Greg Smythe g...@thesmythes.org wrote: I'm seeing a problem between that IP and another XO router at 207.88.14.193 -=-=-=-=-=-=-=-=-=-=--=-=- Greg Smythe -Original Message- From: Mikeal Clark [mailto:mikeal.cl...@gmail.com] Sent: Monday, March 10, 2014 6:19 PM To: NANOG [nanog@nanog.org] Subject: XO/TWC problems? I'm seeing packet loss between XO and TWC. 206.111.2.89 seems to be the problem. Anyone else seeing similar?
Re: Novartis and Qwest AS209
Thanks Chris. That is what I assumed as well. Some automatic route object registration went awry. Was hoping someone from Qwest/CenturyLink would jump in and fix it as many of the GEOIP databases automated tools use descr field. No further comment required. It was just peeving me a bit so figured I would send something out on it. -jason On 3/6/14, 5:05 AM, Christopher Morrow morrowc.li...@gmail.com wrote: guessing that 209 registered some objects on behalf of novartis/customer? novartis isn't qwest who's now centurylink anyway. On Wed, Mar 5, 2014 at 2:02 PM, Jmac jmceac...@gmail.com wrote: All, I haven¹t posted something to Nanog in probably 10 years so forgive my ignorance on protocol. I am sure this has been posted about but while I figure out how to search the archivesŠ. I see Ripe DB, Maxmind and many others have AS209 associated with the company Novartis. Did I miss something because ARIN whois shows it different. If this is wrong, it seems the source of the error is db.ripe.net. aut-num: AS209 https://apps.db.ripe.net/search/lookup.html?source=ripekey=AS209type=a ut- num as-name: ASN-QWEST-US descr: NOVARTIS-DMZ-US admin-c: NOVN1-RIPE https://apps.db.ripe.net/search/lookup.html?source=ripekey=NOVN1-RIPEt ype =PERSON tech-c: NOVN2-RIPE https://apps.db.ripe.net/search/lookup.html?source=ripekey=NOVN2-RIPEt ype =PERSON mnt-by: NOVARTIS-MNT https://apps.db.ripe.net/search/lookup.html?source=ripekey=NOVARTIS-MNT ty pe=MNTNER source: RIPE # Filtered Thanks Jason
Google Apps/Mail Contact
Anyone from Google Apps for education, Specifically the Mail side of the house listening? Having a hell of a time with normal support channels on an SMTP issue. Unicast Welcome. Thanks! Nick Olsen Network Operations (855) FLSPEED x106
Re: Google Apps/Mail Contact
Highly automated systems that won't let up blocking till whatever part of your mail stream to them is considered spam doesn't stop. Could be cracked accounts, spamming customers, malware, users with .forwards to their gmail so all their inbound spam is forwarded as well .. On Wednesday, March 12, 2014, Nick Olsen n...@flhsi.com wrote: Anyone from Google Apps for education, Specifically the Mail side of the house listening? Having a hell of a time with normal support channels on an SMTP issue. Unicast Welcome. Thanks! Nick Olsen Network Operations (855) FLSPEED x106 -- --srs (iPad)
Re: XO/TWC problems?
As seen from Cogent to XO. http://i.imgur.com/aFyAw1p.png On Tue, Mar 11, 2014 at 1:56 PM, Mikeal Clark mikeal.cl...@gmail.comwrote: This problem seemed resolved for awhile and now its representing with about 7% packet loss. Looks like someone adjusted the routing a bit at XO. On Mon, Mar 10, 2014 at 9:42 PM, Mikeal Clark mikeal.cl...@gmail.com wrote: No one from XO monitors the list? We have a cpl people from ATT networks reporting the same issues now. On Mon, Mar 10, 2014 at 7:27 PM, Mikeal Clark mikeal.cl...@gmail.com wrote: Glad someone else is seeing it. TWC wasn't much help. Not sure how to follow up on this but I have 3 sites that can't stay online because of it. On Mon, Mar 10, 2014 at 6:59 PM, Greg Smythe g...@thesmythes.org wrote: I'm seeing a problem between that IP and another XO router at 207.88.14.193 -=-=-=-=-=-=-=-=-=-=--=-=- Greg Smythe -Original Message- From: Mikeal Clark [mailto:mikeal.cl...@gmail.com] Sent: Monday, March 10, 2014 6:19 PM To: NANOG [nanog@nanog.org] Subject: XO/TWC problems? I'm seeing packet loss between XO and TWC. 206.111.2.89 seems to be the problem. Anyone else seeing similar?