Juniper QFX5100 VLAN flood input filter doesn't work

2017-11-07 Thread Stanislaw 

Hello, list (again),

I've been trying to use VLAN BUM traffic filter on QFX5100. The 
configuration on the test VLAN was quite trivial:


Model: qfx5100-48s-6q
Junos: 17.2R2.8

# show vlans Testvlan
vlan-id 4030;
forwarding-options {
filter {
input Testvlan-ingress;
}
flood {
input Testvlan-flood;
}
}

I connected two linux hosts to the test VLAN:
# show interfaces ge-0/0/42
unit 0 {
family ethernet-switching {
vlan {
members Testvlan;
}
}
}

# show interfaces ge-0/0/43
unit 0 {
family ethernet-switching {
vlan {
members Testvlan;
}
}
}

The firewall filter wwas quite simple:
# show firewall family ethernet-switching filter Testvlan-ingress
term accept {
then accept;
}


The flood input filter I was trying to use.
According to the documentation, only Broadcast, Unknown unicast and 
Multicast (BUM) traffic goes here. The regular unicast traffic should be 
left intact by it.

# show firewall family ethernet-switching filter Testvlan-flood
term allow_arp {
from {
ether-type arp;
}
then accept;
}
term allow_ipv6_ns {
from {
destination-mac-address {
33:33:ff:00:00:00/24;
}
ether-type 0x86dd;
}
then accept;
}

term discard_all {
then discard;
}

I started hosts to ping (and snif) each other.. And I saw only ARP 
requests/responses.


"show ethernet-switching table" displayed that both hosts MAC were 
successfully learned, thus traffic between them should be considered as 
regular unicast.


However, the last term in Testvlan-flood filter was blocking it.
If I replace it with "accept" - traffic begins to flow.

Are any Juniper QFX gurus here? I would really appreciate some advice.

Re: Network nerd poker night 11/8 in Seattle

2017-11-07 Thread Miles Fidelman 
Doesn't anybody play real poker any more? You know, 5 card draw, 7 card stud.  
Oh for a good game of high-stakes 7 card high-low stud.
Miles Fidelman
 Original message From: Gordon Cook  Date: 
11/7/17  2:08 PM  (GMT-07:00) To: Avi Freedman  Cc: 
"nanog@nanog.org list"  Subject: Re: Network nerd poker night 
11/8 in Seattle 
Hi Avi

long time no talk

 regards Gordon


> On Nov 7, 2017, at 3:22 PM, Avi Freedman  wrote:
> 
> 
> If there are any network+poker nerds in the Seattle area tomorrow, we have 5 
> seats left at a network nerd poker night I'm hosting tomorrow night.
> 
> Attendees are from cloud, content provider, hosting, infra services, travel, 
> and SaaS analytics industries.
> 
> We'll have food, drinks, a training session, and will be running ~3 
> single-table No Limit Texas Hold'em tournaments.  
> 
> If there's time/interest afterwards I may also initiate anyone interested 
> into the wonders of Pot Limit Omaha.
> 
> Prizes will be Bose head sets, to avoid corporate gift issues with playing 
> for or awarding $.
> 
> It's at the W Hotel in Bellevue, at 6pm tomorrow night.
> 
> The focus is poker, socializing, and free-form network tech, business, and 
> policy nerd discussions.  Travel and gadget geeking allowed as well.  Kentik 
> is sponsoring the space, tables, and professional dealers, and we'll have a < 
> 5 minute sponsor presentation.
> 
> RSVP / info @ 
> https://www.greenvelope.com/viewer/?ActivityCode=.public:ab155c3532ca4bd5ad563ff222b6a338393435313037#details
> 
> If it overflows we'll cut off RSVPs at the URL and/or let people know by 
> email.
> 
> We're also going to organize to do another in Seattle in Feb and larger ones 
> in NY and the Bay area in Q1, so if you have interest or ideas for format or 
> quick content topics we could cover, please let me know.  One thing we're 
> considering is adding a table for heads-up battles - participants to decide 
> if they want to add peering as part of the stakes.
> 
> Thanks,
> 
> Avi
>

Re: Juniper MX80 strange dst MAC address behavior

2017-11-07 Thread Alain Hebert 
    Last time I was able to smell broken memory was during the "core" 
days when a lead shorted.


-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911  http://www.pubnix.netFax: 514-990-9443

On 11/07/17 16:07, Job Snijders wrote:

This smells like broken memory.

I recommend to open a TAC/JTAC case.

Kind regards,

Job

Re: Network nerd poker night 11/8 in Seattle

2017-11-07 Thread Gordon Cook 
Hi Avi

long time no talk

 regards Gordon


> On Nov 7, 2017, at 3:22 PM, Avi Freedman  wrote:
> 
> 
> If there are any network+poker nerds in the Seattle area tomorrow, we have 5 
> seats left at a network nerd poker night I'm hosting tomorrow night.
> 
> Attendees are from cloud, content provider, hosting, infra services, travel, 
> and SaaS analytics industries.
> 
> We'll have food, drinks, a training session, and will be running ~3 
> single-table No Limit Texas Hold'em tournaments.  
> 
> If there's time/interest afterwards I may also initiate anyone interested 
> into the wonders of Pot Limit Omaha.
> 
> Prizes will be Bose head sets, to avoid corporate gift issues with playing 
> for or awarding $.
> 
> It's at the W Hotel in Bellevue, at 6pm tomorrow night.
> 
> The focus is poker, socializing, and free-form network tech, business, and 
> policy nerd discussions.  Travel and gadget geeking allowed as well.  Kentik 
> is sponsoring the space, tables, and professional dealers, and we'll have a < 
> 5 minute sponsor presentation.
> 
> RSVP / info @ 
> https://www.greenvelope.com/viewer/?ActivityCode=.public:ab155c3532ca4bd5ad563ff222b6a338393435313037#details
> 
> If it overflows we'll cut off RSVPs at the URL and/or let people know by 
> email.
> 
> We're also going to organize to do another in Seattle in Feb and larger ones 
> in NY and the Bay area in Q1, so if you have interest or ideas for format or 
> quick content topics we could cover, please let me know.  One thing we're 
> considering is adding a table for heads-up battles - participants to decide 
> if they want to add peering as part of the stakes.
> 
> Thanks,
> 
> Avi
>

Re: Juniper MX80 strange dst MAC address behavior

2017-11-07 Thread Job Snijders 
This smells like broken memory.

I recommend to open a TAC/JTAC case.

Kind regards,

Job

Juniper MX80 strange dst MAC address behavior

2017-11-07 Thread Stanislaw 
Today I was investigating strange unknown unicast traffic in LAN of IX 
which I operate. It was about 200 kbps of constant unknown unicast load.
Unknown unicast is a rare ocasion in IX LAN as participants MAC 
addresses are almost persistent.


I added a server in the vlan and started sniffing:
all the unicast was coming from one participant MAC. One of the frames:
XX:XX:XX:XX:ee:98 > 5e:5c:ab:31:c0:cb, ethertype IPv4 (0x0800), length 
1434: XX.XX.16.30.80 > XX.XX.76.137.41934: Flags [.], seq 
1619512599:1619513967, ack 3595347045, win 235, options [nop,nop,TS val 
3650267181 ecr 1841068329], length 1368: HTTP
Okay, destination MAC 5e:5c:ab:31:c0:cb isn't really in switches FDB 
table.


I looked up the routing table and figured out that router announcing the 
bestpath for XX.XX.76.137 has MAC 5e:5e:ab:31:c0:cb.


So customers sent a frame to: 5e:*5c*:ab:31:c0:cb
The right address should be : 5e:*5e*:ab:31:c0:cb

I tried next packet in dump, the same story:
customer sends to: *90*:c6:9a:*e5*:2f:c1
right mac is : *b0*:c6:9a:*e4*:2f:c1

I converted differencing bytes to binary representation:
90: 1001
b0: 1011

e5: 11100101
e4: 11100100

I guess all the unknown unicast frames MAC addresses were having the 
same slightly difference from the right ones.


So the router in general works fine (it has several gigabits of traffic 
in the IX) but sometimes it changes one or two bits in frame's 
destination MAC address.
My guess it is caused by a large ARP table on customer's router. The 
router may have some tricky lookup algorithm preceding constant 
calculating speed over accuracy.
I called their NOC, they said it is Juniper MX80 and also confirmed that 
it has more than 4k ARPs.


Have anybody encountered with that kind of issue?

Network nerd poker night 11/8 in Seattle

2017-11-07 Thread Avi Freedman 

If there are any network+poker nerds in the Seattle area tomorrow, we have 5 
seats left at a network nerd poker night I'm hosting tomorrow night.

Attendees are from cloud, content provider, hosting, infra services, travel, 
and SaaS analytics industries.

We'll have food, drinks, a training session, and will be running ~3 
single-table No Limit Texas Hold'em tournaments.  

If there's time/interest afterwards I may also initiate anyone interested into 
the wonders of Pot Limit Omaha.

Prizes will be Bose head sets, to avoid corporate gift issues with playing for 
or awarding $.

It's at the W Hotel in Bellevue, at 6pm tomorrow night.

The focus is poker, socializing, and free-form network tech, business, and 
policy nerd discussions.  Travel and gadget geeking allowed as well.  Kentik is 
sponsoring the space, tables, and professional dealers, and we'll have a < 5 
minute sponsor presentation.

RSVP / info @ 
https://www.greenvelope.com/viewer/?ActivityCode=.public:ab155c3532ca4bd5ad563ff222b6a338393435313037#details

If it overflows we'll cut off RSVPs at the URL and/or let people know by email.

We're also going to organize to do another in Seattle in Feb and larger ones in 
NY and the Bay area in Q1, so if you have interest or ideas for format or quick 
content topics we could cover, please let me know.  One thing we're considering 
is adding a table for heads-up battles - participants to decide if they want to 
add peering as part of the stakes.

Thanks,

Avi

Re: GO DADDY Person?

2017-11-07 Thread Anne P. Mitchell Esq. 
 
> 
> Is there a GoDaddy person on this list?
> 
> There is a domain that has been created that is 100% a bot and need to flag
> it immediately.

Ilissa, may we share this directly with our GoDaddy contact, including your 
contact information?

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop

Re: media are reporting "major Internet outage"

2017-11-07 Thread Andree Toonk 
Yah as mentioned by others, lots of chatter on the outages list.

In short, starting at 17:47 utc level3 started leaking a whole bunch of
more specifics, mainly for various comcast ASns but also others like for
example AS10481 (Argentina)

Many of these more specific announcements for large network such as
comcast were picked up by other large network such at Tata, NTT, Liberty
Global (UPC) and as a result  caused a major traffic shift, resulting in
a choke point somewhere along the way.

One an example is the prefix 98.242.128.0/17 which is normally not
visible, only as the larger block 98.192.0.0/10 (AS7922).

Yesterday it was visible as 98.242.128.0/17 originated via another
comcast AS (20214), with transit via level3.

Good replay and visual of the timeline here:
https://stat.ripe.net/widget/bgplay#w.resource=98.242.128.0%2F17

Cheers
 Andree


My secret spy satellite informs me that Miles Fidelman wrote On
2017-11-06, 6:45 PM:
> Folks,
> 
> It seems like various media outlets are reporting a "major Internet
> outage" - some going so far as to call it an "attack."
> 
> A few headlines that crossed Facebook today:
> 
> "Major internet outage hits the U.S."  (Mashable via AOL News)
> 
> "Widespread Comcast internet outage across U.S. includes Massachusetts
> customers"  (WHDH, Channel 7 News, Boston)
> 
> A couple of more detailed sources reported that issues at L3 were
> effecting Comcast, specifically.
> 
> Kind of interesting that there's been no mention here on nanog, nor have
> I personally noticed any issues (as a user or a hosting provider).
> 
> Tempest in a teapot?
> 
> Miles Fidelman
>

someone from easydns here? dns3.easydns.org. 2620:49:3::10 unreachable from AS8560 and 6939

2017-11-07 Thread Thomas Mieslinger 

Hi,

can someone operating easydns nameserver check whether 2620:49:3::10 is 
answering?


I create a atlas measurement

https://atlas.ripe.net/measurements/10137819

and I can see that some AS still can reach 2620:49:3::10 but many many 
timeouts. For me, it stops working after 2a00:dd80:9:3::2 (AS42210)


Cheers

Thomas

Need a contact at GoDaddy NOC

2017-11-07 Thread Serge Malev 
Hi.

Could anyone from GoDaddy NOC, please, get in touch with me off list?

One of our IP addresses is being blocked from accessing an address hosting some 
websites at Godaddy. Even GoDaddy's support and SSO sites are blocked.

Using a different IP address for outbound Source NAT makes things work. But we 
would like to figure out what caused blocking in the first place to make sure 
we stop it happening in the future.


Thank you.

GO DADDY Person?

2017-11-07 Thread Ilissa Miller 
Is there a GoDaddy person on this list?

There is a domain that has been created that is 100% a bot and need to flag
it immediately.

Already contacted GoDaddy directly but it is still active.  Please contact
me off list

Thanks!

RE: media are reporting "major Internet outage"

2017-11-07 Thread Aaron Gould 
I wonder if that was the cause of the snapchat outage yesterday or if the 
snapchat outage was altogether separate from what y'all are talking about. ?

-Aaron