RE: 40G reforming

2018-02-05 Thread Ryan, Spencer 
Looks like you’re right. Too many 7xxx model numbers. Either way, same result. 
The MAC layer in the switch treats it like a QSFP port would be.

From: Tim Jackson [mailto:jackson@gmail.com]
Sent: Monday, February 5, 2018 9:11 PM
To: Ryan, Spencer 
Cc: Hunter Fuller ; nanog list 
Subject: RE: 40G reforming

I'm pretty sure that this is only available on 7150S which is FM6000, not 
broadcom at all.



On Feb 5, 2018 8:00 PM, "Ryan, Spencer" 
> wrote:
You don’t use 40G modules at all. Just 4 x 10G SFP+.

The Broadcom trident chip is configured at the MAC layer for 40G, so it’s 
identical to a real 40G port inside.

Some more reading:

https://www.arista.com/assets/data/pdf/Whitepapers/AgilePorts_over_DWDM_Final.pdf


Spencer Ryan | Senior Systems Administrator | 
sr...@arbor.net>
Arbor Networks | The security division of NETSCOUT
+1.734.794.5033 (d) | 
+1.734.846.2053 (m)
www.arbornetworks.com



From: Hunter Fuller [mailto:hf0002+na...@uah.edu]
Sent: Monday, February 5, 2018 2:57 PM
To: Ryan, Spencer >
Cc: Marian Ďurkovič >; Baldur Norddahl 
>; 
nanog@nanog.org
Subject: Re: 40G reforming

I suspect that implies that you can just take a 40Gbase-SR4 module and break it 
out into individual "10G" multi-mode pairs for DWDM use. Has anyone tried this? 
I'm also very interested in using that strategy.
On Mon, Feb 5, 2018 at 1:36 PM Ryan, Spencer 
>>
 wrote:
Indeed. Arista does (did?) make at least one platform where you can do this.

-Original Message-
From: NANOG 
[mailto:nanog-boun...@nanog.org>]
 On Behalf Of Marian Durkovic
Sent: Monday, February 5, 2018 2:33 PM
To: Baldur Norddahl 
>>
Cc: 
nanog@nanog.org>
Subject: Re: 40G reforming

Many switches based on BCM Trident ASIC allow you to configure 4 consecutive
SFP+ ports as 40G link (not LACP, but using real hardware 40G framing).
In such case, you can plug 4 DWDM SFP+ modules directly into the switch, 
without the need for any reformer.

   M.

On Mon, 5 Feb 2018 20:03:33 +0100, Baldur Norddahl wrote
> I may need to clarify that I do not want to break the port into 4x10G
> as such. To the switch this will be an ordinary 40G link to another
> switch far away.
>
> I want to take advantage of the fact that 40G is transported as four
> individual streams. Each of the four streams are to be converted from
> 850 nm to a 1550 DWDM channel (one channel per stream). And the
> reverse at the other end of the link.
>
> The point of doing this is that 40G DWDM modules are not generally
> available and neither are 80 km modules.
>
> I need a true 40G channel so 4x10G LACP is not an option here. For the
> same reason I am unable to accept a solution that splits the 40G port
> into 4x10G and then perhaps recombines using LACP. Instead I am
> looking at an optical solution that is invisible to the switch hardware.
>
> The only doubt I have about the proposed solution is whether the frame
> format of the 10G substreams is somehow incompatible with what goes on
> in the reformer. As I understand these reformers they are little more
> than two SFP(+) modules connected back to back. And therefore it
> should not matter that the frame format may be different.
>
> Regards
>
> Baldur
>
> Den 5. feb. 2018 7.20 PM skrev "Paul Zugnoni" 
> >>:
>
> Whether a 40G port can be broken into 4x10G is dependent on the
> router/switch hardware and the optic you use. Good news is that most
> 40G ports are capable of being broken out into 4x10G, since a 40G port
> is usually operating as 4x10G internally anyway to the ASIC. The QSFP
> you'll need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for
> MTP/Singlemode (or a lower power, less expensive equivalent). This is
> a pretty common use of 40G ports. All 4 10G ports would then be at
> 850nm or 1310nm, which you can then plug into any 10G SR or LR ports.
>
>

RE: 40G reforming

2018-02-05 Thread Tim Jackson 
I'm pretty sure that this is only available on 7150S which is FM6000, not
broadcom at all.



On Feb 5, 2018 8:00 PM, "Ryan, Spencer"  wrote:

You don’t use 40G modules at all. Just 4 x 10G SFP+.

The Broadcom trident chip is configured at the MAC layer for 40G, so it’s
identical to a real 40G port inside.

Some more reading:

https://www.arista.com/assets/data/pdf/Whitepapers/
AgilePorts_over_DWDM_Final.pdf


Spencer Ryan | Senior Systems Administrator | sr...@arbor.net
Arbor Networks | The security division of NETSCOUT
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com



From: Hunter Fuller [mailto:hf0002+na...@uah.edu]
Sent: Monday, February 5, 2018 2:57 PM
To: Ryan, Spencer 
Cc: Marian Ďurkovič ; Baldur Norddahl ;
nanog@nanog.org
Subject: Re: 40G reforming

I suspect that implies that you can just take a 40Gbase-SR4 module and
break it out into individual "10G" multi-mode pairs for DWDM use. Has
anyone tried this? I'm also very interested in using that strategy.

On Mon, Feb 5, 2018 at 1:36 PM Ryan, Spencer > wrote:
Indeed. Arista does (did?) make at least one platform where you can do this.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org]
On Behalf Of Marian Durkovic
Sent: Monday, February 5, 2018 2:33 PM
To: Baldur Norddahl >
Cc: nanog@nanog.org
Subject: Re: 40G reforming

Many switches based on BCM Trident ASIC allow you to configure 4 consecutive
SFP+ ports as 40G link (not LACP, but using real hardware 40G framing).
In such case, you can plug 4 DWDM SFP+ modules directly into the switch,
without the need for any reformer.

   M.

On Mon, 5 Feb 2018 20:03:33 +0100, Baldur Norddahl wrote
> I may need to clarify that I do not want to break the port into 4x10G
> as such. To the switch this will be an ordinary 40G link to another
> switch far away.
>
> I want to take advantage of the fact that 40G is transported as four
> individual streams. Each of the four streams are to be converted from
> 850 nm to a 1550 DWDM channel (one channel per stream). And the
> reverse at the other end of the link.
>
> The point of doing this is that 40G DWDM modules are not generally
> available and neither are 80 km modules.
>
> I need a true 40G channel so 4x10G LACP is not an option here. For the
> same reason I am unable to accept a solution that splits the 40G port
> into 4x10G and then perhaps recombines using LACP. Instead I am
> looking at an optical solution that is invisible to the switch hardware.
>
> The only doubt I have about the proposed solution is whether the frame
> format of the 10G substreams is somehow incompatible with what goes on
> in the reformer. As I understand these reformers they are little more
> than two SFP(+) modules connected back to back. And therefore it
> should not matter that the frame format may be different.
>
> Regards
>
> Baldur
>
> Den 5. feb. 2018 7.20 PM skrev "Paul Zugnoni" >:
>
> Whether a 40G port can be broken into 4x10G is dependent on the
> router/switch hardware and the optic you use. Good news is that most
> 40G ports are capable of being broken out into 4x10G, since a 40G port
> is usually operating as 4x10G internally anyway to the ASIC. The QSFP
> you'll need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for
> MTP/Singlemode (or a lower power, less expensive equivalent). This is
> a pretty common use of 40G ports. All 4 10G ports would then be at
> 850nm or 1310nm, which you can then plug into any 10G SR or LR ports.
>
> What router or switch platform is driving the 40G?
>
> Paul Z
>
> On Mon, Feb 5, 2018 at 7:57 AM, Baldur Norddahl
> >
> wrote:
>
> > Hello
> >
> > Is it possible to reform a 40G signal as individual 10G links?
> >
> > The idea is to use a 40G QSFP multimode MTP module such as
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > ucts_44058.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIj
> > aFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=_rJfOmyDlGmPG
> > C6M5FbhQ1V8_mho1OCpkcuYRNlaOvA=. Then connect it using a MTP
> > breakout cable such as
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > ucts_68049.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=
Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=
Cz0mCyM3dtcHoZ7lGy7uyroI_Y7AwmKXdnYNFIF0rPI= to get four dual fiber
connectors. These are then connected to four 10G SFP+ multimode modules
such as https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.
com_products_11589.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=
Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=l-
9OAiUxeydRJCJc7d1kTKPVSkwQlkV4xkZFlbFxyRs=. The

RE: 40G reforming

2018-02-05 Thread Ryan, Spencer 
You don’t use 40G modules at all. Just 4 x 10G SFP+.

The Broadcom trident chip is configured at the MAC layer for 40G, so it’s 
identical to a real 40G port inside.

Some more reading:

https://www.arista.com/assets/data/pdf/Whitepapers/AgilePorts_over_DWDM_Final.pdf


Spencer Ryan | Senior Systems Administrator | 
sr...@arbor.net
Arbor Networks | The security division of NETSCOUT
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com



From: Hunter Fuller [mailto:hf0002+na...@uah.edu]
Sent: Monday, February 5, 2018 2:57 PM
To: Ryan, Spencer 
Cc: Marian Ďurkovič ; Baldur Norddahl ; 
nanog@nanog.org
Subject: Re: 40G reforming

I suspect that implies that you can just take a 40Gbase-SR4 module and break it 
out into individual "10G" multi-mode pairs for DWDM use. Has anyone tried this? 
I'm also very interested in using that strategy.

On Mon, Feb 5, 2018 at 1:36 PM Ryan, Spencer 
> wrote:
Indeed. Arista does (did?) make at least one platform where you can do this.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On 
Behalf Of Marian Durkovic
Sent: Monday, February 5, 2018 2:33 PM
To: Baldur Norddahl 
>
Cc: nanog@nanog.org
Subject: Re: 40G reforming

Many switches based on BCM Trident ASIC allow you to configure 4 consecutive
SFP+ ports as 40G link (not LACP, but using real hardware 40G framing).
In such case, you can plug 4 DWDM SFP+ modules directly into the switch, 
without the need for any reformer.

   M.

On Mon, 5 Feb 2018 20:03:33 +0100, Baldur Norddahl wrote
> I may need to clarify that I do not want to break the port into 4x10G
> as such. To the switch this will be an ordinary 40G link to another
> switch far away.
>
> I want to take advantage of the fact that 40G is transported as four
> individual streams. Each of the four streams are to be converted from
> 850 nm to a 1550 DWDM channel (one channel per stream). And the
> reverse at the other end of the link.
>
> The point of doing this is that 40G DWDM modules are not generally
> available and neither are 80 km modules.
>
> I need a true 40G channel so 4x10G LACP is not an option here. For the
> same reason I am unable to accept a solution that splits the 40G port
> into 4x10G and then perhaps recombines using LACP. Instead I am
> looking at an optical solution that is invisible to the switch hardware.
>
> The only doubt I have about the proposed solution is whether the frame
> format of the 10G substreams is somehow incompatible with what goes on
> in the reformer. As I understand these reformers they are little more
> than two SFP(+) modules connected back to back. And therefore it
> should not matter that the frame format may be different.
>
> Regards
>
> Baldur
>
> Den 5. feb. 2018 7.20 PM skrev "Paul Zugnoni" 
> >:
>
> Whether a 40G port can be broken into 4x10G is dependent on the
> router/switch hardware and the optic you use. Good news is that most
> 40G ports are capable of being broken out into 4x10G, since a 40G port
> is usually operating as 4x10G internally anyway to the ASIC. The QSFP
> you'll need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for
> MTP/Singlemode (or a lower power, less expensive equivalent). This is
> a pretty common use of 40G ports. All 4 10G ports would then be at
> 850nm or 1310nm, which you can then plug into any 10G SR or LR ports.
>
> What router or switch platform is driving the 40G?
>
> Paul Z
>
> On Mon, Feb 5, 2018 at 7:57 AM, Baldur Norddahl
> >
> wrote:
>
> > Hello
> >
> > Is it possible to reform a 40G signal as individual 10G links?
> >
> > The idea is to use a 40G QSFP multimode MTP module such as
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > ucts_44058.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIj
> > aFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=_rJfOmyDlGmPG
> > C6M5FbhQ1V8_mho1OCpkcuYRNlaOvA=. Then connect it using a MTP
> > breakout cable such as
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > ucts_68049.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=Cz0mCyM3dtcHoZ7lGy7uyroI_Y7AwmKXdnYNFIF0rPI=
> >  to get four dual fiber connectors. These are then connected to four 10G 
> > SFP+ multimode modules such as 
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_11589.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=l-9OAiUxeydRJCJc7d1kTKPVSkwQlkV4xkZFlbFxyRs=.
> >  The reformer could be 
> >

Re: improving signal to noise ratio from centralized network syslogs

2018-02-05 Thread Brian Knight 

On 2018-02-03 15:49, Scott Weeks wrote:

Then, you can watch your network in real time
like so (below is all one line):

tail -f /var/log/router.log /var/log/switch.log
| egrep -vi 'term1|term2|termN'

'egrep -v' takes out all the lines you don't
want to see while the syslog messages scroll
across the screen.


Syslog-ng can do regex filtering on messages also.  So instead of doing 
an 'egrep -v' on a huge file after it has been logged, you can put your 
filter right into the syslog-ng configuration, and have those filtered 
messages output to a file (or any other output that syslog-ng supports). 
 The result is a smaller file to search and work with.


We implemented a simple email alerter using this functionality.  In 
syslog-ng, we set up two filters.  One filter does the 'egrep -v':


filter f_email_msg {
not message("%PKT_INFRA-LINEPROTO-.*[0-9/]+\\.")   # filter out 
subinterface up/downs

and not message("%PKT_INFRA-LINEPROTO-.*Multilink")
and not message("%PKT_INFRA-LINEPROTO-.*Serial")
and not message("%PKT_INFRA-LINEPROTO-.*Tunnel")
# etc
};

Another filter applied to the messages filters messages to just our core 
devices:


filter f_email_sources {
host("192.0.2.1")
or host("192.0.2.2")
or host("192.0.2.3")
or host("192.0.2.4")
or host("192.0.2.5")
or host("192.0.2.6")
};

Then those are tied together in a syslog-ng rule that outputs to a file:

destination d_email_log {
file("/var/log/syslog-ng/alert/alerts.log"
  template("$HOST:$MSG\n")
  create_dirs(yes)
);
};
log { source(s_devices); filter(f_email_sources); filter(f_email_msg); 
destination(d_email_log); };


A lightweight Python script that runs as a daemon checks that file once 
every 10 seconds, and if the file length is non-zero, it sends the 
contents of the file in an email to the admins.  A shell script run as a 
cron job would work equally as well.


(Also, for emailed syslogs, there is more incentive for the admin to 
keep her or his message filter up to date, as opposed to a file the 
administrator must manually examine.  Otherwise the admin has a full 
inbox :) )


It's very simple and stable, and has worked better than the commercial 
product we used to use for this purpose.


-Brian

Re: improving signal to noise ratio from centralized network syslogs

2018-02-05 Thread valdis . kletnieks 
On Mon, 05 Feb 2018 20:27:13 +, James Bensley said:
> On 5 February 2018 at 18:57,   wrote:
> > On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
> >> I have no knowledge of syslog-ng.  Does it do the
> >> real time scrolling like I mention?
> >
> > Use 'tail -f' or similar.
>
> The only problem is that with BASH based solutions is that they are
> slow. They don't scale well.

The basic point was that you need to supply your own solution for monitoring
syslog-ng logs, be it tail or logwatch or whatever - it doesn't come with its 
own.


pgpO7IpPvL61m.pgp
Description: PGP signature

Re: improving signal to noise ratio from centralized network syslogs

2018-02-05 Thread James Bensley 
On 5 February 2018 at 18:57,   wrote:
> On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
>> I have no knowledge of syslog-ng.  Does it do the
>> real time scrolling like I mention?
>
> Use 'tail -f' or similar.

The only problem is that with BASH based solutions is that they are
slow. They don't scale well.

Some years ago I wrote a script that would periodically (every 5
minutes by default) grep for interesting events / filter uninteresting
events from the syslog file and email you the results. It's here if
anyone is interested: https://null.53bits.co.uk/index.php?page=sysgrep

It's OK for a small network or small number of devices but it doesn't
scale well. Having said that, it's better than nothing and costs $0
(which exactly why I used it in the first place).

Cheers,
James.

Re: 40G reforming

2018-02-05 Thread Hunter Fuller 
I suspect that implies that you can just take a 40Gbase-SR4 module and
break it out into individual "10G" multi-mode pairs for DWDM use. Has
anyone tried this? I'm also very interested in using that strategy.

On Mon, Feb 5, 2018 at 1:36 PM Ryan, Spencer  wrote:

> Indeed. Arista does (did?) make at least one platform where you can do
> this.
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Marian Durkovic
> Sent: Monday, February 5, 2018 2:33 PM
> To: Baldur Norddahl 
> Cc: nanog@nanog.org
> Subject: Re: 40G reforming
>
> Many switches based on BCM Trident ASIC allow you to configure 4
> consecutive
> SFP+ ports as 40G link (not LACP, but using real hardware 40G framing).
> In such case, you can plug 4 DWDM SFP+ modules directly into the switch,
> without the need for any reformer.
>
>M.
>
> On Mon, 5 Feb 2018 20:03:33 +0100, Baldur Norddahl wrote
> > I may need to clarify that I do not want to break the port into 4x10G
> > as such. To the switch this will be an ordinary 40G link to another
> > switch far away.
> >
> > I want to take advantage of the fact that 40G is transported as four
> > individual streams. Each of the four streams are to be converted from
> > 850 nm to a 1550 DWDM channel (one channel per stream). And the
> > reverse at the other end of the link.
> >
> > The point of doing this is that 40G DWDM modules are not generally
> > available and neither are 80 km modules.
> >
> > I need a true 40G channel so 4x10G LACP is not an option here. For the
> > same reason I am unable to accept a solution that splits the 40G port
> > into 4x10G and then perhaps recombines using LACP. Instead I am
> > looking at an optical solution that is invisible to the switch hardware.
> >
> > The only doubt I have about the proposed solution is whether the frame
> > format of the 10G substreams is somehow incompatible with what goes on
> > in the reformer. As I understand these reformers they are little more
> > than two SFP(+) modules connected back to back. And therefore it
> > should not matter that the frame format may be different.
> >
> > Regards
> >
> > Baldur
> >
> > Den 5. feb. 2018 7.20 PM skrev "Paul Zugnoni" :
> >
> > Whether a 40G port can be broken into 4x10G is dependent on the
> > router/switch hardware and the optic you use. Good news is that most
> > 40G ports are capable of being broken out into 4x10G, since a 40G port
> > is usually operating as 4x10G internally anyway to the ASIC. The QSFP
> > you'll need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for
> > MTP/Singlemode (or a lower power, less expensive equivalent). This is
> > a pretty common use of 40G ports. All 4 10G ports would then be at
> > 850nm or 1310nm, which you can then plug into any 10G SR or LR ports.
> >
> > What router or switch platform is driving the 40G?
> >
> > Paul Z
> >
> > On Mon, Feb 5, 2018 at 7:57 AM, Baldur Norddahl
> > 
> > wrote:
> >
> > > Hello
> > >
> > > Is it possible to reform a 40G signal as individual 10G links?
> > >
> > > The idea is to use a 40G QSFP multimode MTP module such as
> > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > > ucts_44058.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIj
> > > aFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=_rJfOmyDlGmPG
> > > C6M5FbhQ1V8_mho1OCpkcuYRNlaOvA=. Then connect it using a MTP
> > > breakout cable such as
> > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > >
> ucts_68049.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=Cz0mCyM3dtcHoZ7lGy7uyroI_Y7AwmKXdnYNFIF0rPI=
> to get four dual fiber connectors. These are then connected to four 10G
> SFP+ multimode modules such as
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_11589.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=l-9OAiUxeydRJCJc7d1kTKPVSkwQlkV4xkZFlbFxyRs=.
> The reformer could be
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_43721.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=NwCHiC_boNNs7zCOgJFRZ5nmZOVEPBovGYNTtdQ_pCE=.
> And finally the reformed signal can be transported using anything including
> DWDM modules such as
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_44058.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=_rJfOmyDlGmPGC6M5FbhQ1V8_mho1OCpkcuYRNlaOvA=
> .
> > >
> > > Just using fs.com as a reference to the kind of equipment I am
> > > talking about. Many other vendors offer simelar products.
> > >
> > > The motivation for doing this is to get access to the many options
> > > that are available for 10G optics but not possible with 40G.
> > >
> > > Regards,
> > >
> > > Baldur
> > >
> > >
>
> --

--

RE: 40G reforming

2018-02-05 Thread Ryan, Spencer 
Indeed. Arista does (did?) make at least one platform where you can do this. 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Marian Durkovic
Sent: Monday, February 5, 2018 2:33 PM
To: Baldur Norddahl 
Cc: nanog@nanog.org
Subject: Re: 40G reforming

Many switches based on BCM Trident ASIC allow you to configure 4 consecutive
SFP+ ports as 40G link (not LACP, but using real hardware 40G framing).
In such case, you can plug 4 DWDM SFP+ modules directly into the switch, 
without the need for any reformer.

   M.

On Mon, 5 Feb 2018 20:03:33 +0100, Baldur Norddahl wrote
> I may need to clarify that I do not want to break the port into 4x10G 
> as such. To the switch this will be an ordinary 40G link to another 
> switch far away.
> 
> I want to take advantage of the fact that 40G is transported as four 
> individual streams. Each of the four streams are to be converted from 
> 850 nm to a 1550 DWDM channel (one channel per stream). And the 
> reverse at the other end of the link.
> 
> The point of doing this is that 40G DWDM modules are not generally 
> available and neither are 80 km modules.
> 
> I need a true 40G channel so 4x10G LACP is not an option here. For the 
> same reason I am unable to accept a solution that splits the 40G port 
> into 4x10G and then perhaps recombines using LACP. Instead I am 
> looking at an optical solution that is invisible to the switch hardware.
> 
> The only doubt I have about the proposed solution is whether the frame 
> format of the 10G substreams is somehow incompatible with what goes on 
> in the reformer. As I understand these reformers they are little more 
> than two SFP(+) modules connected back to back. And therefore it 
> should not matter that the frame format may be different.
> 
> Regards
> 
> Baldur
> 
> Den 5. feb. 2018 7.20 PM skrev "Paul Zugnoni" :
> 
> Whether a 40G port can be broken into 4x10G is dependent on the 
> router/switch hardware and the optic you use. Good news is that most 
> 40G ports are capable of being broken out into 4x10G, since a 40G port 
> is usually operating as 4x10G internally anyway to the ASIC. The QSFP 
> you'll need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for 
> MTP/Singlemode (or a lower power, less expensive equivalent). This is 
> a pretty common use of 40G ports. All 4 10G ports would then be at 
> 850nm or 1310nm, which you can then plug into any 10G SR or LR ports.
> 
> What router or switch platform is driving the 40G?
> 
> Paul Z
> 
> On Mon, Feb 5, 2018 at 7:57 AM, Baldur Norddahl 
> 
> wrote:
> 
> > Hello
> >
> > Is it possible to reform a 40G signal as individual 10G links?
> >
> > The idea is to use a 40G QSFP multimode MTP module such as 
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > ucts_44058.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIj
> > aFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=_rJfOmyDlGmPG
> > C6M5FbhQ1V8_mho1OCpkcuYRNlaOvA=. Then connect it using a MTP 
> > breakout cable such as 
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_prod
> > ucts_68049.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=Cz0mCyM3dtcHoZ7lGy7uyroI_Y7AwmKXdnYNFIF0rPI=
> >  to get four dual fiber connectors. These are then connected to four 10G 
> > SFP+ multimode modules such as 
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_11589.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=l-9OAiUxeydRJCJc7d1kTKPVSkwQlkV4xkZFlbFxyRs=.
> >  The reformer could be 
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_43721.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=NwCHiC_boNNs7zCOgJFRZ5nmZOVEPBovGYNTtdQ_pCE=.
> >  And finally the reformed signal can be transported using anything 
> > including DWDM modules such as 
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_44058.html=DwIDaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=wWoshgttJT0E6q6-qJzP_ZcIrEz_EP88taPCbvAiK2Y=_rJfOmyDlGmPGC6M5FbhQ1V8_mho1OCpkcuYRNlaOvA=.
> >
> > Just using fs.com as a reference to the kind of equipment I am 
> > talking about. Many other vendors offer simelar products.
> >
> > The motivation for doing this is to get access to the many options 
> > that are available for 10G optics but not possible with 40G.
> >
> > Regards,
> >
> > Baldur
> >
> >

Re: 40G reforming

2018-02-05 Thread Marian Ďurkovič 
Many switches based on BCM Trident ASIC allow you to configure 4 consecutive
SFP+ ports as 40G link (not LACP, but using real hardware 40G framing).
In such case, you can plug 4 DWDM SFP+ modules directly into the switch, without
the need for any reformer.

   M.

On Mon, 5 Feb 2018 20:03:33 +0100, Baldur Norddahl wrote
> I may need to clarify that I do not want to break the port into 4x10G 
> as such. To the switch this will be an ordinary 40G link to another 
> switch far away.
> 
> I want to take advantage of the fact that 40G is transported as four
> individual streams. Each of the four streams are to be converted from 850
> nm to a 1550 DWDM channel (one channel per stream). And the reverse at 
> the other end of the link.
> 
> The point of doing this is that 40G DWDM modules are not generally
> available and neither are 80 km modules.
> 
> I need a true 40G channel so 4x10G LACP is not an option here. For the 
> same reason I am unable to accept a solution that splits the 40G port 
> into 4x10G and then perhaps recombines using LACP. Instead I am 
> looking at an optical solution that is invisible to the switch hardware.
> 
> The only doubt I have about the proposed solution is whether the frame
> format of the 10G substreams is somehow incompatible with what goes on 
> in the reformer. As I understand these reformers they are little more 
> than two SFP(+) modules connected back to back. And therefore it 
> should not matter that the frame format may be different.
> 
> Regards
> 
> Baldur
> 
> Den 5. feb. 2018 7.20 PM skrev "Paul Zugnoni" :
> 
> Whether a 40G port can be broken into 4x10G is dependent on the
> router/switch hardware and the optic you use. Good news is that most 
> 40G ports are capable of being broken out into 4x10G, since a 40G port 
> is usually operating as 4x10G internally anyway to the ASIC. The QSFP you'll
> need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for 
> MTP/Singlemode (or a lower power, less expensive equivalent). This is 
> a pretty common use of 40G ports. All 4 10G ports would then be at 
> 850nm or 1310nm, which you can then plug into any 10G SR or LR ports.
> 
> What router or switch platform is driving the 40G?
> 
> Paul Z
> 
> On Mon, Feb 5, 2018 at 7:57 AM, Baldur Norddahl 
> wrote:
> 
> > Hello
> >
> > Is it possible to reform a 40G signal as individual 10G links?
> >
> > The idea is to use a 40G QSFP multimode MTP module such as
> > https://www.fs.com/products/44058.html. Then connect it using a MTP
> > breakout cable such as https://www.fs.com/products/68049.html to get four
> > dual fiber connectors. These are then connected to four 10G SFP+ multimode
> > modules such as https://www.fs.com/products/11589.html. The reformer
> > could be https://www.fs.com/products/43721.html. And finally the reformed
> > signal can be transported using anything including DWDM modules such as
> > https://www.fs.com/products/44058.html.
> >
> > Just using fs.com as a reference to the kind of equipment I am talking
> > about. Many other vendors offer simelar products.
> >
> > The motivation for doing this is to get access to the many options that
> > are available for 10G optics but not possible with 40G.
> >
> > Regards,
> >
> > Baldur
> >
> >

Re: 40G reforming

2018-02-05 Thread Paul Zugnoni via NANOG 
Whether a 40G port can be broken into 4x10G is dependent on the
router/switch hardware and the optic you use. Good news is that most 40G
ports are capable of being broken out into 4x10G, since a 40G port is
usually operating as 4x10G internally anyway to the ASIC. The QSFP you'll
need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for MTP/Singlemode (or
a lower power, less expensive equivalent). This is a pretty common use of
40G ports. All 4 10G ports would then be at 850nm or 1310nm, which you can
then plug into any 10G SR or LR ports.

What router or switch platform is driving the 40G?

Paul Z

On Mon, Feb 5, 2018 at 7:57 AM, Baldur Norddahl 
wrote:

> Hello
>
> Is it possible to reform a 40G signal as individual 10G links?
>
> The idea is to use a 40G QSFP multimode MTP module such as
> https://www.fs.com/products/44058.html. Then connect it using a MTP
> breakout cable such as https://www.fs.com/products/68049.html to get four
> dual fiber connectors. These are then connected to four 10G SFP+ multimode
> modules such as https://www.fs.com/products/11589.html. The reformer
> could be https://www.fs.com/products/43721.html. And finally the reformed
> signal can be transported using anything including DWDM modules such as
> https://www.fs.com/products/44058.html.
>
> Just using fs.com as a reference to the kind of equipment I am talking
> about. Many other vendors offer simelar products.
>
> The motivation for doing this is to get access to the many options that
> are available for 10G optics but not possible with 40G.
>
> Regards,
>
> Baldur
>
>

Re: 40G reforming

2018-02-05 Thread Tarko Tikan 

hey,


I want to take advantage of the fact that 40G is transported as four
individual streams. Each of the four streams are to be converted from 850
nm to a 1550 DWDM channel (one channel per stream). And the reverse at the
other end of the link.


You probably want something similar to:
http://www.10gtek.com/qsfp-extender


--
tarko

RE: 40G reforming

2018-02-05 Thread Ryan, Spencer 
40G is either 4 x 10G over a single pair, or broken out into 8 fibers in the 
short or parallel versions.

Almost all Ethernet platforms support running most or all of their 40G ports as 
1 x 40 or 4 x 10. 

When using the breakout cables though your options are usually more limited. A 
1U switch as a 4 x SFP+ to 1 x QSFP(28) converter will work, depending on your 
use case. 


Spencer Ryan | Senior Systems Administrator | sr...@arbor.net Arbor Networks | 
The security division of NETSCOUT
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Baldur Norddahl
Sent: Monday, February 5, 2018 10:57 AM
To: nanog@nanog.org
Subject: 40G reforming

Hello

Is it possible to reform a 40G signal as individual 10G links?

The idea is to use a 40G QSFP multimode MTP module such as 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_44058.html=DwICaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=6Ncau5mGbJHTsn49WZBhiGcOVEmu482YmvfcECst4Mw=n2mTvNLQoiqsoG6Xi1BrMs_SjV3eJO4k15Bo0EUujAg=.
 Then connect it using a MTP breakout cable such as 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_68049.html=DwICaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=6Ncau5mGbJHTsn49WZBhiGcOVEmu482YmvfcECst4Mw=QQafQeEfacv-FvVFG7i3lwVhi_0mf3k9if5ROFPqpF0=
 to get four dual fiber connectors. These are then connected to four 10G SFP+ 
multimode modules such as 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_11589.html=DwICaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=6Ncau5mGbJHTsn49WZBhiGcOVEmu482YmvfcECst4Mw=kHc5CkRMpHo-GOihA9giouVj-Ua8mfpDWy8-PFEoi7U=.
 The reformer could be 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_43721.html=DwICaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=6Ncau5mGbJHTsn49WZBhiGcOVEmu482YmvfcECst4Mw=1ZjK8WS9SvmkSJZuO3ONs20yRL2BLAJTfdYxi-SCu9A=.
 And finally the reformed signal can be transported using anything including 
DWDM modules such as 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.fs.com_products_44058.html=DwICaQ=Hlvprqonr5LuCN9TN65xNw=Iw8ah1pcqZhOErIjaFRfuA=6Ncau5mGbJHTsn49WZBhiGcOVEmu482YmvfcECst4Mw=n2mTvNLQoiqsoG6Xi1BrMs_SjV3eJO4k15Bo0EUujAg=.

Just using fs.com as a reference to the kind of equipment I am talking about. 
Many other vendors offer simelar products.

The motivation for doing this is to get access to the many options that are 
available for 10G optics but not possible with 40G.

Regards,

Baldur

RADB - aut-num policy question

2018-02-05 Thread Ryan, Spencer 
Hello all,

I'm a bit out of my element on this one and hoping someone can help.

I'm putting together an aut-num entry for RADB and have a question about our 
Comcast peerings.

We peer with AS7922 in several sites, but if you look at the actual pathing via 
bgp.he.net or just the routes themselves you can see that the first AS in the 
path after ours is either 7015 or 33668 depending on region for the paths that 
prefer comcast's network.

For the import/export policy can I just reference 7922 or do I also need to 
include the others?


Thanks in advance!


Spencer Ryan | Senior Systems Administrator | 
sr...@arbor.net
Arbor Networks | The security division of NETSCOUT
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com

Re: 40G reforming

2018-02-05 Thread Baldur Norddahl 
I may need to clarify that I do not want to break the port into 4x10G as
such. To the switch this will be an ordinary 40G link to another switch far
away.

I want to take advantage of the fact that 40G is transported as four
individual streams. Each of the four streams are to be converted from 850
nm to a 1550 DWDM channel (one channel per stream). And the reverse at the
other end of the link.

The point of doing this is that 40G DWDM modules are not generally
available and neither are 80 km modules.

I need a true 40G channel so 4x10G LACP is not an option here. For the same
reason I am unable to accept a solution that splits the 40G port into 4x10G
and then perhaps recombines using LACP. Instead I am looking at an optical
solution that is invisible to the switch hardware.

The only doubt I have about the proposed solution is whether the frame
format of the 10G substreams is somehow incompatible with what goes on in
the reformer. As I understand these reformers they are little more than two
SFP(+) modules connected back to back. And therefore it should not matter
that the frame format may be different.

Regards

Baldur


Den 5. feb. 2018 7.20 PM skrev "Paul Zugnoni" :

Whether a 40G port can be broken into 4x10G is dependent on the
router/switch hardware and the optic you use. Good news is that most 40G
ports are capable of being broken out into 4x10G, since a 40G port is
usually operating as 4x10G internally anyway to the ASIC. The QSFP you'll
need would be a 40G-SR4 for MTP/Multimode or 40G-LR4 for MTP/Singlemode (or
a lower power, less expensive equivalent). This is a pretty common use of
40G ports. All 4 10G ports would then be at 850nm or 1310nm, which you can
then plug into any 10G SR or LR ports.

What router or switch platform is driving the 40G?

Paul Z

On Mon, Feb 5, 2018 at 7:57 AM, Baldur Norddahl 
wrote:

> Hello
>
> Is it possible to reform a 40G signal as individual 10G links?
>
> The idea is to use a 40G QSFP multimode MTP module such as
> https://www.fs.com/products/44058.html. Then connect it using a MTP
> breakout cable such as https://www.fs.com/products/68049.html to get four
> dual fiber connectors. These are then connected to four 10G SFP+ multimode
> modules such as https://www.fs.com/products/11589.html. The reformer
> could be https://www.fs.com/products/43721.html. And finally the reformed
> signal can be transported using anything including DWDM modules such as
> https://www.fs.com/products/44058.html.
>
> Just using fs.com as a reference to the kind of equipment I am talking
> about. Many other vendors offer simelar products.
>
> The motivation for doing this is to get access to the many options that
> are available for 10G optics but not possible with 40G.
>
> Regards,
>
> Baldur
>
>

Re: Akamai caches hammering Sophos XG firewalls

2018-02-05 Thread Niels Bakker 

* jeremyp...@gmail.com (Jeremy Parr) [Mon 05 Feb 2018, 18:28 CET]:
Somewhat OT, but before I was a jack of all trades enterprise 
sysadmin, I was a jack of all trades ISP sysadmin.


I'm seeing an issue at a few sites where I have Sophos XG firewalls 
deployed where the XG gets hammered on it's WAN interface by Akamai 
hosts with TCP re-transmissions. Anyone at Akamai who may have some 
background on this issue please reach out to me. The hosts currently 
in question are 24.244.145.137 and 24.244.145.139, but I suspect 
that is only due to these being closest to me, colocated at my ISP 
AS15146.


Chances are your firewall cannot keep enough state in memory and 
starts complaining about packets because it's missing sessions.



-- Niels.

Re: improving signal to noise ratio from centralized network syslogs

2018-02-05 Thread valdis . kletnieks 
On Mon, 05 Feb 2018 10:49:42 -0800, "Scott Weeks" said:
> I have no knowledge of syslog-ng.  Does it do the
> real time scrolling like I mention?

Use 'tail -f' or similar.


pgppqrj2ic42P.pgp
Description: PGP signature

Re: improving signal to noise ratio from centralized network syslogs

2018-02-05 Thread Scott Weeks 


--- sh...@short.id.au wrote:

In addition to that, you can use some fancy awk colour 
coding, so you can make it highlight certain lines based 
on content.. I use this for my e-mail logs, but I’m sure 
it could be adapted:

tail -n 1000 -f /var/log/mail-submission.log | grep smtp.*relay | awk '
/sent/ {print "\033[32m" $0 "\033[39m"}
/bounced/ {print "\033[31m" $0 "\033[39m"}
/deferred/ {print "\033[33m" $0 "\033[39m"}



The main thing for me is to find things that 
your network is doing that you weren't aware 
of.  Not normal things you want to see that 
a monitoring system will alert you about.

scott

Re: improving signal to noise ratio from centralized network syslogs

2018-02-05 Thread Scott Weeks 


--- ta...@lanparty.ee wrote:
> This is done with the 'logging facility'
> command on the devices:
> 
> After defining your syslog server's IP
> address and the level of messaging you want
> (I set it to debug because I want to see
> everything):
> 
> on the routers: logging facility local0
> on the switches:  logging facility local1

Alternative, and more universal, way to do it is to use multiple IPs for 
syslog server. Then configure correct syslog server IP on the device.

syslog-ng and others can all do filtering to different destinations 
based on the IP where message was received.



The nice thing about the simple way is you see 
everything that's happening on the network, except
what you 'egrep -v' out, which you already know 
about.  Then you find things you weren't expecting.
  
You don't go looking for stuff.  You just watch the 
network events scroll by in real time ans see what 
shows up.

I have no knowledge of syslog-ng.  Does it do the
real time scrolling like I mention?

scott

Akamai caches hammering Sophos XG firewalls

2018-02-05 Thread Jeremy Parr 
Somewhat OT, but before I was a jack of all trades enterprise
sysadmin, I was a jack of all trades ISP sysadmin.

I'm seeing an issue at a few sites where I have Sophos XG firewalls
deployed where the XG gets hammered on it's WAN interface by Akamai
hosts with TCP re-transmissions. Anyone at Akamai who may have some
background on this issue please reach out to me. The hosts currently
in question are 24.244.145.137 and 24.244.145.139, but I suspect that
is only due to these being closest to me, colocated at my ISP AS15146.

40G reforming

2018-02-05 Thread Baldur Norddahl 

Hello

Is it possible to reform a 40G signal as individual 10G links?

The idea is to use a 40G QSFP multimode MTP module such as 
https://www.fs.com/products/44058.html. Then connect it using a MTP 
breakout cable such as https://www.fs.com/products/68049.html to get 
four dual fiber connectors. These are then connected to four 10G SFP+ 
multimode modules such as https://www.fs.com/products/11589.html. The 
reformer could be https://www.fs.com/products/43721.html. And finally 
the reformed signal can be transported using anything including DWDM 
modules such as https://www.fs.com/products/44058.html.


Just using fs.com as a reference to the kind of equipment I am talking 
about. Many other vendors offer simelar products.


The motivation for doing this is to get access to the many options that 
are available for 10G optics but not possible with 40G.


Regards,

Baldur