RE: as702 looking glass?
No BGP looking glass but there is a traceroute gateway in AS702: http://zelfservice.nl.uu.net/netwerk/pops/trace.uunet John van Oppen Spectrum Networks LLC Direct: 206.973.8302 Main: 206.973.8300 Website: http://spectrumnetworks.us -Original Message- From: R. Scott Evans [mailto:na...@rsle.net] Sent: Friday, September 04, 2009 12:21 PM To: nanog@nanog.org Subject: Re: as702 looking glass? On Fri, 4 Sep 2009 13:38:56 +0400 (MSD), Serg Shubenkov wrote Folks, Does anyone know if Verizon (AS702) has a publicly accessable looking glass? -- Serg Shubenkov it's been 2 years since I last inquired, but the answer then was: Date: Fri, 17 Aug 2007 17:37:09 + (GMT) From: hel...@verizonbusiness.com Subject: (2007081704481) BGP routes Hi there, I am afraid we do not have a public looking glass...
Re: Network Ring
Does anyone have best practise for implementing those technologies ? I am currently doing a testing LAB with CISCO REP since i have a few Metro on hand. It works quite well in my LAB. There is one Request Time Out if the link break BUT it is physical layer not REP :) From: Rubens Kuhl rube...@gmail.com To: ty chan chanty...@yahoo.com Cc: nanog@nanog.org Sent: Monday, September 7, 2009 8:15:23 PM Subject: Re: Network Ring My vote goes to proprietary ring protection from the vendor you choose: - EAPS (Extreme) - REP (Cisco) - MRP (Foundry/Brocade) - EPSR (Allied Telesis) Although EAPS is implemented in all Extreme switches, select models from the other vendors implement ring protection, but these models also do other things you might want your network to have (QinQ, per-VLAN controls). Rubens On Mon, Sep 7, 2009 at 1:14 AM, ty chanchanty...@yahoo.com wrote: Dear all, I am in process of planning ring network to cover 15 POPs in City. Some technologies are chosen for consideration like SDH(Huawei), PVRST+(Cisco), RSTP(Zyxel), EAPS (extreme network) and MPLS(VPLS). The purpose is to provide L2 Ethernet connectivities from POPs to central point (DC) and ring protection. I know you all are in those network for years. can you give me some advises? Best regards, chanty
SA pigeon 'faster than broadband'
http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/africa/8248056.stm?ad=1 Update needed for RFC 1149 (1 April 1990), A Standard for the Transmission of IP Datagrams on Avian Carriers
Re: Route table prefix monitoring
Olsen, Jason wrote: Howdy all, What I'm left thinking is that it would have been great if we'd had a snapshot of our core routing table as it stood hours or even days prior to this event occurring, so that I could compare it with our current broken state, so the team could have seen that subnet in the core table and what the next hop was for the prefix. Are there any tools that people are using to track when/what prefixes are added/withdrawn from their routing tables, or to pull the routing table as a whole at regular intervals for storage/comparison purposes? It looks like there's a plugin for NAGIOS, but I'm looking for suggestions on any other tools (commercial, open source, home grown) that we might take a look at. For reference, we are running Cisco as well as Juniper kit. Periodic table dumps, or even a log of the updates from a quagga router inside your infrastructure could provide this information. That in a nutshell is what routeviews and other collectors do for the dfz routing table. Feel free to drop me your thoughts off-list. Thank you for any insight ahead of time, -Jason Feren Olsen
Re: Repeated Blacklisting / IP reputation
Peter Beckman wrote: On Thu, 10 Sep 2009, Mark Andrews wrote: What a load of rubbish. How is ARIN or any RIR/LIR supposed to know the intent of use? Why don't we just blacklist everything and only whitelist those we know are good? Because the cost of determining who is good and who is not has a great cost. If you buy an IP block, regardless of your intent, that IP block should not have the ill-will of the previous owner passed on with it. You don't buy ip blocks or at least not from ARIN. Among other things that ARIN does not guarantee is routability. If the previous owner sucked, the new owner should have the chance to use that IP block without restriction until they prove that they suck, at which point it will be blocked again. That system seems to work well enough: blacklist blocks when they start do be evil, according to your own (you being the neteng in charge) definition of evil. ARIN needs to be impartial. If they are going to sell the block, they should do their best to make a coordinated effort to make sure the block is as unencumbered as possible. I get that there is a sense that ARIN needs to do more due dilligence to determine if the receiving party is worthy of that block, but I'm not aware of the process, and from the grumblings it doesn't seem like fun. Note we all could start using IPv6 and avoid this problem altogether. Because as we know IPv6 space is inexhaustable. Just like IPv4 was when it began its life. ;-) That won't avoid the problem, it will simply put the problem off until it rears its head again. I'm sure that IPv6 space will be more easily gotten until problems arise, and in a few years (maybe decades, we can put this problem on our children's shoulders), we'll be back where we are now -- getting recycled IP space that is blocked or encumbered due to bad previous owners. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: Repeated Blacklisting / IP reputation
Benjamin Billon wrote: Why don't we just blacklist everything and only whitelist those we know are good? snip Note we all could start using IPv6 and avoid this problem altogether. snip Yeah. When ISP will start receiving SMTP traffic in IPv6, they could start to accept whitelisted senders only. I've been reciveving smtp traffic including spam on ipv6 since 2001. IPv6 emails == clean Utopian thought?
NAP MIA peering problems
Hi, Anybody seeing peerings down at NAP Miami (198.32.124.0/23)? Regards, Wolfgang
RE: NAP MIA peering problems
Major DC power issues at the NOTA. Robert D. Scott rob...@ufl.edu Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Phone Tree University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -Original Message- From: Wolfgang Nagele [mailto:wnag...@ripe.net] Sent: Friday, September 11, 2009 9:17 AM To: nanog@nanog.org Subject: NAP MIA peering problems Hi, Anybody seeing peerings down at NAP Miami (198.32.124.0/23)? Regards, Wolfgang
Re: NAP MIA peering problems
Hi, Anybody seeing peerings down at NAP Miami (198.32.124.0/23)? Just recovered. Outage lasted about 1 hour. Regards, Wolfgang
RE: NAP MIA peering problems
Yes ATT is having a major outage affecting both data and voice. * * * * * Allen Bass Manager, Technology Operations Arise Virtual Solutions Inc. 3450 Lakeside Drive, Suite 620 Miramar, Florida 33027 www.arise.com -Original Message- From: Wolfgang Nagele [mailto:wnag...@ripe.net] Sent: Friday, September 11, 2009 9:19 AM To: nanog@nanog.org Subject: Re: NAP MIA peering problems Hi, Anybody seeing peerings down at NAP Miami (198.32.124.0/23)? Just recovered. Outage lasted about 1 hour. Regards, Wolfgang
Re: SA pigeon 'faster than broadband'
On Fri, 11 Sep 2009 05:43:07 -0400 William Allen Simpson william.allen.simp...@gmail.com wrote: http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/africa/8248056.stm?ad=1 Twenty five years ago we said Never underestimate the bandwidth of a station wagon full of mag tapes hurtling down the highway. The tapes have got smaller as has the station wagon which has also grown wings and a self-directing control system. That's progress. -- D'Arcy J.M. Cain da...@druid.net | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 425 1212 (DoD#0082)(eNTP) | what's for dinner.
Re: SA pigeon 'faster than broadband'
William Allen Simpson wrote: http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/africa/8248056.stm?ad=1 Update needed for RFC 1149 (1 April 1990), A Standard for the Transmission of IP Datagrams on Avian Carriers Truly practical with today's storage media... if the Wiki story is correct, it was a 4Gb memory stick (http://en.wikipedia.org/wiki/Sneakernet under Usage Examples). There was the old Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. —Tanenbaum, Andrew S. but then a pigeon would have trouble hauling 9-track tapes :-) Jeff
Re: SA pigeon 'faster than broadband'
On Fri, 11 Sep 2009 09:36:34 -0400 Jeff Kell jeff-k...@utc.edu wrote: William Allen Simpson wrote: http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/africa/8248056.stm?ad=1 Update needed for RFC 1149 (1 April 1990), A Standard for the Transmission of IP Datagrams on Avian Carriers Truly practical with today's storage media... if the Wiki story is correct, it was a 4Gb memory stick (http://en.wikipedia.org/wiki/Sneakernet under Usage Examples). There was the old Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway. —Tanenbaum, Andrew S. but then a pigeon would have trouble hauling 9-track tapes :-) I don't know when Andy Tanenbaum said it, but I first heard it in 1969, referring to the Taconic Parkway in New York --Steve Bellovin, http://www.cs.columbia.edu/~smb
NAP of Americas
Hi Fellows, Does anyone have issues with Internet connection through NAP of Americas? Kind Regards, Xavier Enviado desde mi BlackBerry de Movistar
Blacklist
We are an ISP and one of our users webmail account was hacked into (poor passwd). Spam was sent out from it. We are black listed on Hotmail. I can't find anyway to get off their list. Who do I contact? Thanks David Gower President Gower Computer Support, Inc. 903 597-9220
AW: NAP of Americas
We do have problems since 13:27 CET BR Philipp -Ursprüngliche Nachricht- Von: Xavier Banchon [mailto:xbanc...@telconet.net] Gesendet: Freitag, 11. September 2009 15:11 An: nanog@nanog.org Betreff: NAP of Americas Hi Fellows, Does anyone have issues with Internet connection through NAP of Americas? Kind Regards, Xavier Enviado desde mi BlackBerry de Movistar
Re: NAP of Americas
xbanc...@telconet.net (Xavier Banchon) wrote: Does anyone have issues with Internet connection through NAP of Americas? Yes - there's obviously been some failure on the DC power, which took the peering grid down (and a few ISPs, too). Session's have come up again around an hour ago. Btw - anyone there and not peering with 31529 (.de ccTLD service), please drop me an email. It's pretty hard to get a list of participants... Cheers, Elmar.
Re: Blacklist
On Fri, 2009-09-11 at 09:37 -0500, David Gower wrote: We are an ISP and one of our users webmail account was hacked into (poor passwd). Spam was sent out from it. We are black listed on Hotmail. I can't find anyway to get off their list. Who do I contact? http://postmaster.live.com/ - it is listed in their bounce messages, even... -- William Pitcock SystemInPlace - Simple Hosting Solutions 1-866-519-6149 http://www.systeminplace.net/ Follow us on Twitter: http://www.twitter.com/systeminplace
Re: Route table prefix monitoring
On Sep 10, 2009, at 7:23 AM, Joel Jaeggli wrote: Olsen, Jason wrote: Howdy all, What I'm left thinking is that it would have been great if we'd had a snapshot of our core routing table as it stood hours or even days prior to this event occurring, so that I could compare it with our current broken state, so the team could have seen that subnet in the core table and what the next hop was for the prefix. Are there any tools that people are using to track when/what prefixes are added/withdrawn from their routing tables, or to pull the routing table as a whole at regular intervals for storage/comparison purposes? It looks like there's a plugin for NAGIOS, but I'm looking for suggestions on any other tools (commercial, open source, home grown) that we might take a look at. For reference, we are running Cisco as well as Juniper kit. Periodic table dumps, or even a log of the updates from a quagga router inside your infrastructure could provide this information. That in a nutshell is what routeviews and other collectors do for the dfz routing table. There is also an Internet draft for the BGP Monitoring Protocol (hhttp://tools.ietf.org/html/draft-ietf-grow-bmp-02) . This draft provides for a method whereby the BGP speakers export their received updates to a central collector. This allows you to get route views in (more) real time, with no more screen scraping (and probably much lower CPU as well). Personally I think its an awesome idea and is something that we have need for a long long time (over the years I must have written 7-8 screen scrapers to get BGP RIB info, and they always suck). Draft Abstract: This document proposes a simple protocol, BMP, which can be used to monitor BGP sessions. BMP is intended to provide a more convenient interface for obtaining route views for research purpose than the screen-scraping approach in common use today. The design goals are to keep BMP simple, useful, easily implemented, and minimally service-affecting. BMP is not suitable for use as a routing protocol. W Feel free to drop me your thoughts off-list. Thank you for any insight ahead of time, -Jason Feren Olsen For every complex problem, there is a solution that is simple, neat, and wrong. -- H. L. Mencken
Dedicated Route Reflectors
Hello, We're in the process of planning for an MPLS network that will use BGP for signaling between PEs. This will be a BGP free Core (i.e. no BGP on the P routers). What are folks doing for iBGP in this case? Full Mesh? Full Mesh the Main POP PEs and Route Reflect to some outlining PEs? Are folks using dedicated/centralized Route Reflectors (redundant of course)? What about using some of the P routers as the Centralized Route Reflectors? The boxes aren't doing much from a Control Plane perspective, why not use them as Route Reflectors. Any comments would be appreciated. Thanks, Serge __ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
RE: Network Ring
An additional requirement often overlooked by Metro Ethernet architects is to ensure that layer 3 multicast stateful protocols are implemented in the carrier equipment. In order to ensure that PIM (S,G) stateful packets are not flooded out all ports in customers' geographically-dispersed switches, PIM snooping must be implemented in the carrier's equipment. Otherwise, the carriers' Metro Ethernet service operates like a 1990's-style shared hub incorrectly flooding (S,G) packets. For customers that have constant 10+ Mbps (S,G) multicast streams, the absence of PIM snooping effectively renders 10+ Mbps ports useless. -Original Message- From: ty chan [mailto:chanty...@yahoo.com] Sent: Friday, September 11, 2009 12:29 AM To: Rubens Kuhl Cc: nanog@nanog.org Subject: Re: Network Ring Does anyone have best practise for implementing those technologies ? I am currently doing a testing LAB with CISCO REP since i have a few Metro on hand. It works quite well in my LAB. There is one Request Time Out if the link break BUT it is physical layer not REP :) From: Rubens Kuhl rube...@gmail.com To: ty chan chanty...@yahoo.com Cc: nanog@nanog.org Sent: Monday, September 7, 2009 8:15:23 PM Subject: Re: Network Ring My vote goes to proprietary ring protection from the vendor you choose: - EAPS (Extreme) - REP (Cisco) - MRP (Foundry/Brocade) - EPSR (Allied Telesis) Although EAPS is implemented in all Extreme switches, select models from the other vendors implement ring protection, but these models also do other things you might want your network to have (QinQ, per-VLAN controls). Rubens On Mon, Sep 7, 2009 at 1:14 AM, ty chanchanty...@yahoo.com wrote: Dear all, I am in process of planning ring network to cover 15 POPs in City. Some technologies are chosen for consideration like SDH(Huawei), PVRST+(Cisco), RSTP(Zyxel), EAPS (extreme network) and MPLS(VPLS). The purpose is to provide L2 Ethernet connectivities from POPs to central point (DC) and ring protection. I know you all are in those network for years. can you give me some advises? Best regards, chanty
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith p...@cisco.com. Routing Table Report 04:00 +10GMT Sat 12 Sep, 2009 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 295211 Prefixes after maximum aggregation: 139476 Deaggregation factor: 2.12 Unique aggregates announced to Internet: 147649 Total ASes present in the Internet Routing Table: 32157 Prefixes per ASN: 9.18 Origin-only ASes present in the Internet Routing Table: 27945 Origin ASes announcing only one prefix: 13653 Transit ASes present in the Internet Routing Table:4212 Transit-only ASes present in the Internet Routing Table:101 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 24 Max AS path prepend of ASN (12026) 22 Prefixes from unregistered ASNs in the Routing Table: 422 Unregistered ASNs in the Routing Table: 115 Number of 32-bit ASNs allocated by the RIRs:266 Prefixes from 32-bit ASNs in the Routing Table: 120 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:231 Number of addresses announced to Internet: 2104209216 Equivalent to 125 /8s, 107 /16s and 175 /24s Percentage of available address space announced: 56.8 Percentage of allocated address space announced: 65.0 Percentage of available address space allocated: 87.3 Percentage of address space in use by end-sites: 78.8 Total number of prefixes smaller than registry allocations: 141055 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:70468 Total APNIC prefixes after maximum aggregation: 24950 APNIC Deaggregation factor:2.82 Prefixes being announced from the APNIC address blocks: 66937 Unique aggregates announced from the APNIC address blocks:30456 APNIC Region origin ASes present in the Internet Routing Table:3784 APNIC Prefixes per ASN: 17.69 APNIC Region origin ASes announcing only one prefix: 1037 APNIC Region transit ASes present in the Internet Routing Table:588 Average APNIC Region AS path length visible:3.5 Max APNIC Region AS path length visible: 16 Number of APNIC addresses announced to Internet: 458005344 Equivalent to 27 /8s, 76 /16s and 155 /24s Percentage of available APNIC address space announced: 78.0 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 55296-56319, 131072-132095 APNIC Address Blocks43/8, 58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:124876 Total ARIN prefixes after maximum aggregation:66495 ARIN Deaggregation factor: 1.88 Prefixes being announced from the ARIN address blocks:99443 Unique aggregates announced from the ARIN address blocks: 38338 ARIN Region origin ASes present in the Internet Routing Table:13222 ARIN Prefixes per ASN: 7.52 ARIN Region origin ASes announcing only one prefix:5117 ARIN Region transit ASes present in the Internet Routing Table:1294 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 24 Number of ARIN addresses announced to Internet: 707359360 Equivalent to 42 /8s, 41 /16s and 114 /24s Percentage of available ARIN address space announced: 62.0 ARIN
Re: SA pigeon 'faster than broadband'
--- william.allen.simp...@gmail.com wrote: From: William Allen Simpson william.allen.simp...@gmail.com http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/africa/8248056.stm?ad=1 Update needed for RFC 1149 (1 April 1990), A Standard for the Transmission of IP Datagrams on Avian Carriers Note this part, though. Several recommendations have, in the past, been made to the customer but none of these have, to date, been accepted, Telkom's Troy Hector told South Africa's Sapa news agency in an e-mail. It would be nice to know what those recommendations were... scott
Intelligent network monitoring systems (commercial/open source, what have you)
Howdy, Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? What I mean is, many times these days there are several different sub systems you have to monitor inside of a router/switch and not just interface utilization, the CPU, and the RAM. Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line card statistics, etc? Can anyone recommend anything other than customize MRTG a lot that we can use to get a better look into these systems? thanks, -Drew
Re: Intelligent network monitoring systems (commercial/open source, what have you)
Most of these threads usually result in telling the poster to RTFM with a link to it :) I'm too lazy to link the manual. :) c-nsp has extensive archives with lots of questions about various specific SNMP mibs that weren't immediately evident from RTFM. It all comes down to SNMP to the best of my knowledge. Drew Weaver wrote: Howdy, Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? What I mean is, many times these days there are several different sub systems you have to monitor inside of a router/switch and not just interface utilization, the CPU, and the RAM. Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line card statistics, etc? Can anyone recommend anything other than customize MRTG a lot that we can use to get a better look into these systems? thanks, -Drew
RE: Intelligent network monitoring systems (commercial/open source, what have you)
Ah, I was mainly interested in an Orion like system that actually has all of that kind of worked-in. Thanks for the heads up. -Drew -Original Message- From: Charles Wyble [mailto:char...@thewybles.com] Sent: Friday, September 11, 2009 3:07 PM To: Drew Weaver Cc: NANOG list Subject: Re: Intelligent network monitoring systems (commercial/open source, what have you) Most of these threads usually result in telling the poster to RTFM with a link to it :) I'm too lazy to link the manual. :) c-nsp has extensive archives with lots of questions about various specific SNMP mibs that weren't immediately evident from RTFM. It all comes down to SNMP to the best of my knowledge. Drew Weaver wrote: Howdy, Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? What I mean is, many times these days there are several different sub systems you have to monitor inside of a router/switch and not just interface utilization, the CPU, and the RAM. Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line card statistics, etc? Can anyone recommend anything other than customize MRTG a lot that we can use to get a better look into these systems? thanks, -Drew
Re: Intelligent network monitoring systems (commercial/open source, what have you)
On Fri, Sep 11, 2009 at 2:07 PM, Charles Wyble char...@thewybles.comwrote: It all comes down to SNMP to the best of my knowledge. True. While you don't want the MRTG answer, I'd suggest looking at Cacti. There's a large library of device profiles people have put together so as to prevent you from having to hunt down MIBs/OIDs for devices. If you have a database of your devices, it's fairly trivial to import them into Cacti once you have the device profiles (I use a shell script and curl). -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Intelligent network monitoring systems (commercial/open source, what have you)
On Fri September 11 2009 13:59, Drew Weaver wrote: Howdy, Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? What I mean is, many times these days there are several different sub systems you have to monitor inside of a router/switch and not just interface utilization, the CPU, and the RAM. Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line card statistics, etc? Can anyone recommend anything other than customize MRTG a lot that we can use to get a better look into these systems? thanks, -Drew Have you looked at OpenNMS ?? -- Larry Smith lesm...@ecsis.net
Re: Intelligent network monitoring systems (commercial/open source, what have you)
Drew Weaver wrote: Ah, I was mainly interested in an Orion like system that actually has all of that kind of worked-in. Yeah I got that. I am not aware of anything that does that. Not to say it doesn't exist, but if it does it's somewhat well hidden. http://www.frank4dd.com/howto/nagios/cisco-patch-update-monitoring.htm looks interesting and has come up in several searches I've done in the past when needing to monitor cisco kit. I'm guessing CiscoWorks might have what you are looking for? I've never been happy with the big commercial NMS products. NAGIOS(with SNMP plugin)+mrtg/cacti+smokeping has served me and many of my colleagues very well. There is alerting and trending which must be taken into consideration. Alerting is pretty easy, especially with giving nagios knowledge of hierarchy (if a switch or router stops responding you don't get alerts for all the servers attached/downstream of it). You can easily automate the setup with things like nmap2nagios and other tools. Trending (which it seems is your primary concern) is harder. Zabbix has some cool SLA reporting and dashboards. I seem to recall a FLOSS NMS thread a few months ago on here, or maybe it was c-nsp. Dunno. Are you primarily concerned with monitoring, or with trending/capacity planning? Thanks for the heads up. -Drew -Original Message-
Re: Intelligent network monitoring systems (commercial/open source, what have you)
We use Cacti for this purpose, but it still requires creating custom datasources for the vendor-specific SNMP MIBs. +1 for cacti. I think pretty much everything requires bringing in the mibs and setting up mappings etc. I've used Nagios/Cacti/Ganglia/MRTG.
Re: Intelligent network monitoring systems (commercial/open source, what have you)
Drew Weaver wrote: Howdy, Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? What I mean is, many times these days there are several different sub systems you have to monitor inside of a router/switch and not just interface utilization, the CPU, and the RAM. Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line card statistics, etc? Can anyone recommend anything other than customize MRTG a lot that we can use to get a better look into these systems? Netdisco and zabbix both have decent auto-discovery built in. zabbix will auto build a template for you which you can then deploy to your devices.
RE: Intelligent network monitoring systems (commercial/open source, what have you)
If you are interested in an Orion-Like system, but can't foot the bill for it, maybe look at IpMonitor. Solarwinds acquired IpMonitor a while back, so their sales reps will try to sell you on Orion. I've had many years of good luck with it (IpMonitor) and Solarwinds seems to be handling the software pretty well. On Fri, 2009-09-11 at 15:08 -0400, Drew Weaver wrote: Ah, I was mainly interested in an Orion like system that actually has all of that kind of worked-in. Thanks for the heads up. -Drew -Original Message- From: Charles Wyble [mailto:char...@thewybles.com] Sent: Friday, September 11, 2009 3:07 PM To: Drew Weaver Cc: NANOG list Subject: Re: Intelligent network monitoring systems (commercial/open source, what have you) Most of these threads usually result in telling the poster to RTFM with a link to it :) I'm too lazy to link the manual. :) c-nsp has extensive archives with lots of questions about various specific SNMP mibs that weren't immediately evident from RTFM. It all comes down to SNMP to the best of my knowledge. Drew Weaver wrote: Howdy, Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? What I mean is, many times these days there are several different sub systems you have to monitor inside of a router/switch and not just interface utilization, the CPU, and the RAM. Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line card statistics, etc? Can anyone recommend anything other than customize MRTG a lot that we can use to get a better look into these systems? thanks, -Drew -- Prediction is very difficult, especially about the future. Niels Bohr -- Ray Sanders Linux Administrator Village Voice Media Office: 602-744-6547 Cell: 602-300-4344
Re: Intelligent network monitoring systems (commercial/open source, what have you)
On Fri, 2009-09-11 at 14:59 -0400, Drew Weaver wrote: Howdy, Can anyone suggest a network monitoring system that knows the difference between a cisco 1701 and a GSR 12810/6500, etc? What I mean is, many times these days there are several different sub systems you have to monitor inside of a router/switch and not just interface utilization, the CPU, and the RAM. Statistics such as CEF utilization, fabric utilization, PFC/DFC, various line card statistics, etc? Can anyone recommend anything other than customize MRTG a lot that we can use to get a better look into these systems? We use Cacti for this purpose, but it still requires creating custom datasources for the vendor-specific SNMP MIBs. William -- William Pitcock SystemInPlace - Simple Hosting Solutions 1-866-519-6149 http://www.systeminplace.net/ Follow us on Twitter: http://www.twitter.com/systeminplace
Re: SA pigeon 'faster than broadband'
On Fri, Sep 11, 2009 at 2:54 PM, Scott Weekssur...@mauigateway.com wrote: Note this part, though. Several recommendations have, in the past, been made to the customer but none of these have, to date, been accepted, Telkom's Troy Hector told South Africa's Sapa news agency in an e-mail. It would be nice to know what those recommendations were... Buy a business-grade service like a T1 instead of ADSL perhaps? From tfa (emphasis mine): in the same time [2 hours] the **ADSL** had sent 4% of the [4GB memory stick] data. 4% of 4 gigs in 2 hours puts their ADSL _upload_speed_ in the ballpark of: 4,000,000,000 bytes * 0.04 * 8 bits per byte / 2 hours / 60 minutes per hour / 60 seconds per minute ~= 180,000 bits per second 180kbps is more or less middle-of-the-road for ADSL. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Repeated Blacklisting / IP reputation
Marty, On Sep 10, 2009, at 2:45 PM, Martin Hannigan wrote: Not sure when ICANN got into the business of economic bailouts, ?? The blog posting implies it: AfriNIC and LACNIC have fewest IPv4 /8s and service the regions with the most developing economies. We decided that those RIRs should have four of the easiest to use /8s reserved for them. The economies term used here is essentially synonymous with countries. The decision IANA made (which is, of course, always reversible until the last /8s are allocated) is in keeping with RIR practices regarding treatment of LACNIC and AfriNIC in global allocation issues. There is also a possible unintended consequence. If v4 address space markets do end up being legitimized (I do believe that they will FWIW) ICANN is in effect declaring one class of space more valuable than another an arbitrarily assigning that value. ICANN is not declaring value of anything. All we are doing is trying to distribute the remaining /8s in a way that can be publicly verified that we have no bias in how /8s are allocated at the same time as trying to minimize the pain experienced by the recipients the /8s. Or are you unhappy that LACNIC and AfriNIC have 2 /8s from the least tainted pools? There is currently a global policy that the RIR's and ICANN agreed to that defines the allocation of /8's from IANA to RIR's. That policy doesnt include a set-aside and I think that arbitrarily adding one is not in the spirit of cooperation. The global policy for IPv4 address allocation does not specify how IANA selects the addresses it assigns to the RIRs. IANA has used different algorithms in the past. What IANA is doing now is described in the blog posting I referenced. It's possible that not everything is above the table as well. Actually, no. The whole point in publishing the algorithm IANA is using in allocating /8s is to allow anyone to verify for themselves we are following that algorithm. I think that the perception is reality here though. ICANN has arbitrarily created process that impacts RIR's unequally. To me, that's unfair. As stated, we followed existing RIR practices regarding treatment of LACNIC and AfriNIC. Oddly, the RIR CEOs were happy with the algorithm when we asked them about it. Question is -- do a few /8's really matter? Sure. An they'll matter more as the IPv4 pool approaches exhaustion. That's why IANA has published the algorithm by which allocations are made. The goal is to forestall (or at least help defend from) the inevitable accusations of evil doing folks accuse ICANN of all the time (e.g., your message). Regards, -drc
Multi-homed implementation and BGP convergence time
Hello - my company currently has two connections with a single tier 1 ISP. We are using the AS from our ISP at this time. In the next month we will be implementing a third connection with a second tier 1 ISP, so we will now be using our own AS number on all three routers. My question is when we implement the new connection and update our existing connections to use are own AS number, how much downtime will there be? So far the second ISP has only said that it could be hours for BGP to fully converge. We are looking for more detail about how long the outage will be and how widespread. Will it be relatively short to our customers that are on one of the ISPs we are directly connected to? Is downtime less for customers on other tier 1 ISPs versus tier 2, etc. ISPs? We will only be receiving a default route on each of the three connections. Our routers will be advertising a small number of routes - 6 to 8. Thank you. Andy Claybaugh
Re: Multi-homed implementation and BGP convergence time
--- andrew.clayba...@securian.com wrote: From: andrew.clayba...@securian.com own AS number, how much downtime will there be? So far the second ISP has only said that it could be hours for BGP to fully converge. We are looking for more detail about how long the outage will be and how widespread. --- 1) Hire someone that has done this before. There're many things to be aware of. 2) Get a different provider. Anyone that said it could be hours for BGP to fully converge is misleading you. Especially, if you're a new customer to them. That's a bad omen for things to come. This can be done with very minimal impact. scott
Re: Multi-homed implementation and BGP convergence time
andrew.clayba...@securian.com wrote: Hello - my company currently has two connections with a single tier 1 ISP. We are using the AS from our ISP at this time. In the next month we will be implementing a third connection with a second tier 1 ISP, so we will now be using our own AS number on all three routers. My question is when we implement the new connection and update our existing connections to use are own AS number, how much downtime will there be? So far the second ISP has only said that it could be hours for BGP to fully converge. We are looking for more detail about how long the outage will be and how widespread. It should not take several hours. Typically less than 15 minutes. I would suggest that you first ensure that your networks and ASN are in the routing registries. Then schedule a downtime with your present ISP and begin advertising using your ASN. If you're not presently speaking BGP with your existing ISP, set that up first advertising your network(s) with your own ASN. Will it be relatively short to our customers that are on one of the ISPs we are directly connected to? Is downtime less for customers on other tier 1 ISPs versus tier 2, etc. ISPs? There may be a short downtime when you switch to originating from your own ASN. With sufficient clue on your part and that of your current ISP, and assuming that either of the two connections can handle all of your traffic, you may be able to eliminate most or all of it. Adding the second ISP won't result in significant downtime especially if you're just taking default routes and your routers don't need to build large BGP tables. Tier 1, tier 2 etc. are terms used primarily by salespeople, and don't have a lot to do with technical matters. We will only be receiving a default route on each of the three connections. Our routers will be advertising a small number of routes - 6 to 8. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: SA pigeon 'faster than broadband'
On 11/09/2009 21:13, William Herrin wrote: 180kbps is more or less middle-of-the-road for ADSL. In terms of technology, it's about as close to bottom of the range as you can get. The south african incumbent, Telkom, have three different products, described here: http://www.telkom.co.za/products_services/dsl/cost_dsl_cost.html I love the product names: their 128k/384k product is called FastDSL. Their top-of-the-range, gold plated product is a 512k/4M trailblazer service called FastestDSL. The irony of it all... There is hope for telecoms in ZA, though - there's been several major changes to the ZA telecoms scene over the last year. A court ruling in august last year effectively opened up the telecoms market so that any company could get a generic telecoms license (VANS - value-added network service). The court case was fought tooth and nail by the ministry of communications who seemed desperate to protect the telkom / neotel duopoly. This was possibly related to the fact that Telkom is 39.8% owned by the ZA government and is something of a money-spinner. But in a major step forward for the country, the high court in Jo'burg disagreed that licenses should be restricted and refused leave to appeal after the ruling. There are now ~600 VANS license holders in south africa, up from 2 last year. The second event was that the ZA minister of communications for the last 10 years, Ivy Matsepe-Casaburri, retired from her position as minister due to natural causes. As usual for controversial figures, there were different points of view expressed on her life's work. One - typically held by government and other official figures - praised her role in communications, saying that with her incisive intellect she has made an invaluable contribution to the development of policy in various fields, including information and communication technology. Another point of view from the industry put things slightly differently: http://blogs.timeslive.co.za/patternrecognition/2009/04/07/ivy-matsepe-casaburri-has-died/ Last, but not least, the Seacom cable linking ZA to Marseille, Mumbai and a bunch of countries up the east coast of Africa - a cable which Matsepe-Casaburri did her best to prevent from landing in south africa - is nearing completion. This will take away Telkom's monopoly on international connectivity, which is the second major step after market liberalisation required to actually improve the industry's infrastructure. So, good news all around. Let's hope that IP over carrier pigeon will soon become a thing of the past. Nick
[NANOG-announce] Tentative NANOG47 Agenda available!
Folks, The tentative agenda for NANOG47 is now available. See http://www.nanog.org/meetings/nanog47/agenda.php. Looking forward to seeing you all in Dearborn. Dave (for the NANOG PC) ___ NANOG-announce mailing list nanog-annou...@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-announce
BGP Update Report
BGP Update Report Interval: 03-Sep-09 -to- 10-Sep-09 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS919898231 9.2% 474.5 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 2 - AS18101 17532 1.6% 18.2 -- RIL-IDC Reliance Infocom Ltd Internet Data Centre, 3 - AS35805 15727 1.5% 40.7 -- UTG-AS United Telecom AS 4 - AS845212112 1.1% 12.1 -- TEDATA TEDATA 5 - AS764310681 1.0% 8.4 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) 6 - AS17974 10057 0.9% 23.8 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 7 - AS8151 9846 0.9% 10.9 -- Uninet S.A. de C.V. 8 - AS117697462 0.7% 414.6 -- MOBILENETICS-LA-GW1 - Mobilenetics Corporation 9 - AS292557215 0.7% 78.4 -- ZAJIL-AS ZAJIL Autonomous Number in Saudi Arabia 10 - AS124796460 0.6% 30.6 -- UNI2-AS Uni2 Autonomous System 11 - AS4795 6386 0.6% 24.5 -- INDOSATM2-ID INDOSATM2 ASN 12 - AS174886348 0.6% 5.5 -- HATHWAY-NET-AP Hathway IP Over Cable Internet 13 - AS4755 6119 0.6% 5.0 -- TATACOMM-AS TATA Communications formerly VSNL is Leading ISP 14 - AS5050 6047 0.6%1209.4 -- PSC-EXT - Pittsburgh Supercomputing Center 15 - AS4249 5697 0.5% 32.9 -- LILLY-AS - Eli Lilly and Company 16 - AS131245660 0.5% 18.7 -- IBGC IBGC Autonomous system of Inter-Bg-Com Ltd. 17 - AS309695397 0.5% 337.3 -- TAN-NET TransAfrica Networks 18 - AS413135165 0.5%1033.0 -- NOVATEL-AS Novatel Bulgaria 19 - AS198064856 0.5% 539.6 -- VIRTELA-NET-VGBLON2 Virtela Communications 20 - AS9829 4816 0.5% 9.8 -- BSNL-NIB National Internet Backbone TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS171362278 0.2%2278.0 -- SPANGROUP-UTI - Span Manufacturing Ltd. 2 - AS476401435 0.1%1435.0 -- TRICOMPAS Tricomp Sp. z. o. o. 3 - AS495172540 0.2%1270.0 -- TEIKHOS-AS Teikhos 4 - AS5050 6047 0.6%1209.4 -- PSC-EXT - Pittsburgh Supercomputing Center 5 - AS193982088 0.2%1044.0 -- INDENET - Indenet.net 6 - AS413135165 0.5%1033.0 -- NOVATEL-AS Novatel Bulgaria 7 - AS227391616 0.1% 808.0 -- BYU-H - Brigham Young University Hawaii 8 - AS12333 694 0.1% 694.0 -- DFINET DFi Service SA 9 - AS178192570 0.2% 642.5 -- ASN-EQUINIX-AP Equinix Asia Pacific 10 - AS4628 1799 0.2% 599.7 -- ASN-PACIFIC-INTERNET-IX Pacific Internet Ltd 11 - AS198064856 0.5% 539.6 -- VIRTELA-NET-VGBLON2 Virtela Communications 12 - AS26414 518 0.1% 518.0 -- LVCINT - LVC International, LLC 13 - AS919898231 9.2% 474.5 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 14 - AS31630 458 0.0% 458.0 -- GENELEC-INET-AS Information Engineering Company GENELEC 15 - AS37909 915 0.1% 457.5 -- WAKHOK-NET Wakkanai Hokusei Gakuen University 16 - AS453262528 0.2% 421.3 -- BBTS-AS-AP Broad Band Telecom Services Ltd 17 - AS11613 418 0.0% 418.0 -- U-SAVE - U-Save Auto Rental of America, Inc. 18 - AS117697462 0.7% 414.6 -- MOBILENETICS-LA-GW1 - Mobilenetics Corporation 19 - AS28691 408 0.0% 408.0 -- EUROCDN-AS Legend Software - Welnet service 20 - AS44194 397 0.0% 397.0 -- FREIFUNK-BERLIN-AS Freifunk Berlin TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 88.204.221.0/24 10730 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 2 - 95.59.1.0/24 10697 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 3 - 95.59.3.0/24 10374 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 4 - 95.59.8.0/23 10373 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 5 - 95.59.2.0/23 10373 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 6 - 95.59.4.0/22 10373 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 7 - 89.218.218.0/23 10357 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 8 - 89.218.220.0/23 10357 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 9 - 92.46.244.0/2310346 0.9% AS9198 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 10 - 72.23.246.0/24 6021 0.5% AS5050 -- PSC-EXT - Pittsburgh Supercomputing Center 11 - 84.1.45.0/24 5137
RE: SA pigeon 'faster than broadband'
This says more about current ADSL technology not really being broadband than it does about South Africa's telecommunications infrastructure. Doing the arithmetic, my Southern California ATT 384/1.5 ADSL connection would take approximately 23 hours to transmit 32 Gb (4 GB x 8) with the 384 Kbps upload speed. The referenced BBC article says that the South African link took 2 hours to transmit 4% of the 32 Gb, but assuming wire speed my ADSL connection would transmit 8% of 32 Gb in that same 2 hour time span. The BBC article does not mention the ADSL upload speed, but my feeling is that the slow transfer rate has much more to do with ADSL than South Africa's government. -Original Message- From: Nick Hilliard [mailto:n...@foobar.org] Sent: Friday, September 11, 2009 2:21 PM To: William Herrin Cc: na...@merit.edu Subject: Re: SA pigeon 'faster than broadband' On 11/09/2009 21:13, William Herrin wrote: 180kbps is more or less middle-of-the-road for ADSL. In terms of technology, it's about as close to bottom of the range as you can get. The south african incumbent, Telkom, have three different products, described here: http://www.telkom.co.za/products_services/dsl/cost_dsl_cost.html I love the product names: their 128k/384k product is called FastDSL. Their top-of-the-range, gold plated product is a 512k/4M trailblazer service called FastestDSL. The irony of it all... There is hope for telecoms in ZA, though - there's been several major changes to the ZA telecoms scene over the last year. A court ruling in august last year effectively opened up the telecoms market so that any company could get a generic telecoms license (VANS - value-added network service). The court case was fought tooth and nail by the ministry of communications who seemed desperate to protect the telkom / neotel duopoly. This was possibly related to the fact that Telkom is 39.8% owned by the ZA government and is something of a money-spinner. But in a major step forward for the country, the high court in Jo'burg disagreed that licenses should be restricted and refused leave to appeal after the ruling. There are now ~600 VANS license holders in south africa, up from 2 last year. The second event was that the ZA minister of communications for the last 10 years, Ivy Matsepe-Casaburri, retired from her position as minister due to natural causes. As usual for controversial figures, there were different points of view expressed on her life's work. One - typically held by government and other official figures - praised her role in communications, saying that with her incisive intellect she has made an invaluable contribution to the development of policy in various fields, including information and communication technology. Another point of view from the industry put things slightly differently: http://blogs.timeslive.co.za/patternrecognition/2009/04/07/ivy-matsepe-c asaburri-has-died/ Last, but not least, the Seacom cable linking ZA to Marseille, Mumbai and a bunch of countries up the east coast of Africa - a cable which Matsepe-Casaburri did her best to prevent from landing in south africa - is nearing completion. This will take away Telkom's monopoly on international connectivity, which is the second major step after market liberalisation required to actually improve the industry's infrastructure. So, good news all around. Let's hope that IP over carrier pigeon will soon become a thing of the past. Nick
RE: Multi-homed implementation and BGP convergence time
The time should be measured in seconds for your BGP advertised prefixes to propagate to most of the Internet. It may take longer for some isolated ISP's to receive the routes. If you use the longest prefix method to advertise to your preferred ISP, a convergence to the backup ISP (where shorter prefixes are advertised) may take 30 seconds or so max. Converging back to the preferred ISP should take a few seconds max. -Original Message- From: andrew.clayba...@securian.com [mailto:andrew.clayba...@securian.com] Sent: Friday, September 11, 2009 1:55 PM To: nanog@nanog.org Subject: Multi-homed implementation and BGP convergence time Hello - my company currently has two connections with a single tier 1 ISP. We are using the AS from our ISP at this time. In the next month we will be implementing a third connection with a second tier 1 ISP, so we will now be using our own AS number on all three routers. My question is when we implement the new connection and update our existing connections to use are own AS number, how much downtime will there be? So far the second ISP has only said that it could be hours for BGP to fully converge. We are looking for more detail about how long the outage will be and how widespread. Will it be relatively short to our customers that are on one of the ISPs we are directly connected to? Is downtime less for customers on other tier 1 ISPs versus tier 2, etc. ISPs? We will only be receiving a default route on each of the three connections. Our routers will be advertising a small number of routes - 6 to 8. Thank you. Andy Claybaugh
Re: SA pigeon 'faster than broadband'
--- n...@foobar.org wrote: So, good news all around. Let's hope that IP over carrier pigeon will soon become a thing of the past. - 4GB = 32Gb 32Gb in 2 hours is 4.45Mbps. That's a pretty good DSL upstream bandwidth. scott
Re: SA pigeon 'faster than broadband'
If this news had come out a little earlier, some pigeon breeding programs may have qualified for broadband stimulus grants. Edible, self-replicating IP carriers are pretty special anyhow. Scott Weeks wrote: --- n...@foobar.org wrote: So, good news all around. Let's hope that IP over carrier pigeon will soon become a thing of the past. - 4GB = 32Gb 32Gb in 2 hours is 4.45Mbps. That's a pretty good DSL upstream bandwidth. scott -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
Re: SA pigeon 'faster than broadband'
Edible, self-replicating IP carriers are pretty special anyhow. Mainstream IPv6 Here we come! ;) On Fri, Sep 11, 2009 at 3:37 PM, Richard Bennett rich...@bennett.comwrote: If this news had come out a little earlier, some pigeon breeding programs may have qualified for broadband stimulus grants. Edible, self-replicating IP carriers are pretty special anyhow. Scott Weeks wrote: --- n...@foobar.org wrote: So, good news all around. Let's hope that IP over carrier pigeon will soon become a thing of the past. - 4GB = 32Gb 32Gb in 2 hours is 4.45Mbps. That's a pretty good DSL upstream bandwidth. scott -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC -- Respectfully, Chris Hart Systems Administrator Extrameasures, LLC. 8910 University Center Lane, Suite 475 San Diego, CA 92122 Office - 858.546.1052 x32 Fax - 858.546.1057
Re: Repeated Blacklisting / IP reputation
On Fri, Sep 11, 2009 at 4:23 PM, David Conrad d...@virtualized.org wrote: Marty, It's possible that not everything is above the table as well. Actually, no. The whole point in publishing the algorithm IANA is using in allocating /8s is to allow anyone to verify for themselves we are following that algorithm. Sorry, poor wording on my part. See below. I think that the perception is reality here though. ICANN has arbitrarily created process that impacts RIR's unequally. To me, that's unfair. As stated, we followed existing RIR practices regarding treatment of LACNIC and AfriNIC. Oddly, the RIR CEOs were happy with the algorithm when we asked them about it. I honestly don't think that it's up to them to create a set-aside either, hence my comment about behind the scenes activities. I appreciate you detailing that, but I honestly don't think it matters since as you mentioned you get accused of this all of the time. I would expect that ICANN would not only follow the rules, but safeguard them as well. Numbering policy usually goes to the members of each of the RIR communities, just as the IANA to RIR policy did. The algorithm itself is great. The set-aside is the problem. I'd be happy with the algorithm and all of the space. It would be more fair to us all and not appear as a cost shifting or potential windfall. Best, -M -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
Re: Multi-homed implementation and BGP convergence time
andrew.clayba...@securian.com wrote: Hello - my company currently has two connections with a single tier 1 ISP. We are using the AS from our ISP at this time. In the next month we will be implementing a third connection with a second tier 1 ISP, so we will now be using our own AS number on all three routers. My question is when we implement the new connection and update our existing connections to use are own AS number, how much downtime will there be? So far the second ISP has only said that it could be hours for BGP to fully converge. We are looking for more detail about how long the outage will be and how widespread. Hours? No way. It's more like minutes. Will it be relatively short to our customers that are on one of the ISPs we are directly connected to? Is downtime less for customers on other tier 1 ISPs versus tier 2, etc. ISPs? Doesn't matter. We will only be receiving a default route on each of the three connections. Our routers will be advertising a small number of routes - 6 to 8. I strongly encourage you to reconsider and take more than a default if you're multihoming and your routers have enough memory. Remember to create a full mesh on your BGP routers. And as already said, if you're totally new to BGP and multihoming, hire someone with experience in such matters to set it up. ~Seth
Re: Dedicated Route Reflectors
Hi there The RR vs Full Mesh depends on what how you would like to balance your exit/peering points across the network. If you have, say, 3 border routers in 3 different regions, you should need at least 3 RRs if you want each region having it's own preference for the external routes. I would advise Full Mesh if the equipments can manage the number of iBGP sessions and update-groups are quite fast this days, also the management overhead is not much of an issue as advertised. About keeping the P routers as RR, I think that is will load the FIB with useless external routes, and keeping them in a VRF is not quite OK, depending on the used platform. Pavel. Serge Vautour wrote: Hello, We're in the process of planning for an MPLS network that will use BGP for signaling between PEs. This will be a BGP free Core (i.e. no BGP on the P routers). What are folks doing for iBGP in this case? Full Mesh? Full Mesh the Main POP PEs and Route Reflect to some outlining PEs? Are folks using dedicated/centralized Route Reflectors (redundant of course)? What about using some of the P routers as the Centralized Route Reflectors? The boxes aren't doing much from a Control Plane perspective, why not use them as Route Reflectors. Any comments would be appreciated. Thanks, Serge __ Looking for the perfect gift? Give the gift of Flickr! http://www.flickr.com/gift/
Re: Multi-homed implementation and BGP convergence time
Seth Mattinen wrote: Jay Hennigan wrote: Tier 1, tier 2 etc. are terms used primarily by salespeople, and don't have a lot to do with technical matters. Sure it does. If you're multihoming it will increase your AS path length. There is no general correlation between AS path length and whether or not a network pays to exchange traffic. There is a noticeable correlation between cost and local-preference, as-path prepending, metric setting and other ways networks control how they send you traffic. This is affected by peering selectivity as well as transit prices. - Kevin
Re: Dedicated Route Reflectors
On 11 Sep, 2009, at 09:30, Serge Vautour wrote: Hello, We're in the process of planning for an MPLS network that will use BGP for signaling between PEs. This will be a BGP free Core (i.e. no BGP on the P routers). What are folks doing for iBGP in this case? Full Mesh? Full Mesh the Main POP PEs and Route Reflect to some outlining PEs? Are folks using dedicated/centralized Route Reflectors (redundant of course)? What about using some of the P routers as the Centralized Route Reflectors? The boxes aren't doing much from a Control Plane perspective, why not use them as Route Reflectors. serge, you can, and probably should, segment your mpls signalling ibgp from your internet/peering ibgp. in other words, on your pe, you configure ipv4/ipv6 bgp sessions to your peering/transit routers, then you configure mp-bgp sessions to three or four mpls vpn route reflectors. the mpls route reflectors do not participate in the actual routing of any packets (they don't set next-hop-self, only the pe routers would), their only function is to reflect the vpn signalling between disparate pe boxen. similarly, if you have a very large number of pe routers, you can setup three or four boxes to reflect internet/customer routes...these boxes also would not route any packets, they would just reflect the non-mpls bgp sessions (they don't set next-hop-self, only the pe/ transit/peering router do). alternately, if you have local transit/peering routers at every pe site, then you can mesh all the transit/peering routers and have the local pe routers be rr clients of that site's transit/peering routers hth /joshua
Re: OSPF vs IS-IS vs PrivateAS eBGP
I seem to get the impression that isis is preferred in the core. Any reasons why folks dont prefer to go with ospf? Glen On Thu, Aug 20, 2009 at 3:36 PM, Randy Bush ra...@psg.com wrote: Unless you want your customers to have very substantial control over your internal network, don't use an SPF IGP like ospf or is-is. with your customer ^ i know that's what you meant, but i thought it worth making it very explicit. practice safe routing, do not share blood with customer. is-is in core with ibgp, and well-filtered ebgp (and packet filters a la bcp 38) to customers. randy
Re: OSPF vs IS-IS vs PrivateAS eBGP
I seem to get the impression that isis is preferred in the core. Any reasons why folks dont prefer to go with ospf? a bit harder to attack clnp (is-is) than ip (ospf) is-is a bit simpler to configure, though you can get a sick as you want. but don't. a bit simpler to code, so worked and was stable when ospf was far flakier than it is now. randy
Re: OSPF vs IS-IS vs PrivateAS eBGP
I can tell you one reason IS-IS has been traditionally preferred over OSPFv2 is due to it's use of TLVs, which makes IS-IS highly extensible and easy to support new features. I remember when we first rolled out MPLS code on our core routers at UUnet, support for traffic engineering extensions made it into IS-IS long before OSPFv2 due to the ease with which the developers could augment the protocol. Opaque LSAs in OSPF have made this situation a bit more bearable, but other things like OSPFv2s tight integration and reliance on IPv4 addressing for proper operation cause other issues, therefore support for things like IPv6 requires an updated protocol - OSPFv3. If you are running IPv4 and IPv6 in your network you'll need to run both OSPFv2 and OSPFv3. IS-IS on the other hand, since it is CLNS based and not coupled with IPv4 for transport can support IPv4, IPv6, and whatever new protocol we'll be using whenever we run out of the trillions of IP space that IPv6 will provide. Sorry for the typos and the top-posting, as I'm on my crackberry. Stefan Fouant Neustar, Inc. / Principal Engineer 46000 Center Oak Plaza Sterling, VA 20166 Office: +1.571.434.5656 ▫ Mobile: +1.202.210.2075 ▫ GPG ID: 0xB5E3803D ▫ stefan.fou...@neustar.biz - Original Message - From: Glen Kent glen.k...@gmail.com To: Randy Bush ra...@psg.com Cc: nanog@nanog.org nanog@nanog.org Sent: Fri Sep 11 20:35:27 2009 Subject: Re: OSPF vs IS-IS vs PrivateAS eBGP I seem to get the impression that isis is preferred in the core. Any reasons why folks dont prefer to go with ospf? Glen On Thu, Aug 20, 2009 at 3:36 PM, Randy Bush ra...@psg.com wrote: Unless you want your customers to have very substantial control over your internal network, don't use an SPF IGP like ospf or is-is. with your customer ^ i know that's what you meant, but i thought it worth making it very explicit. practice safe routing, do not share blood with customer. is-is in core with ibgp, and well-filtered ebgp (and packet filters a la bcp 38) to customers. randy
Re: OSPF vs IS-IS vs PrivateAS eBGP
On Sep 11, 2009, at 6:23 PM, Randy Bush wrote: I seem to get the impression that isis is preferred in the core. Any reasons why folks dont prefer to go with ospf? a bit harder to attack clnp (is-is) than ip (ospf) is-is a bit simpler to configure, though you can get a sick as you want. but don't. a bit simpler to code, so worked and was stable when ospf was far flakier than it is now. I'd also add that ISIS supports IPv6 through the addition of TLVs whereas OSPF was redesigned into OSPFv3. Personally I like ISIS due to it's simplicity and use it for router loopback advertisement only.
Re: Multi-homed implementation and BGP convergence time
Kevin Loch wrote: Seth Mattinen wrote: Jay Hennigan wrote: Tier 1, tier 2 etc. are terms used primarily by salespeople, and don't have a lot to do with technical matters. Sure it does. If you're multihoming it will increase your AS path length. There is no general correlation between AS path length and whether or not a network pays to exchange traffic. That has nothing to do with what I was trying to say. When one mixes shorter/longer paths, you will generally see most of your traffic come in via the shorter path. It's like if I were to multihome with the local cable co (who has Level3 as an upstream) with a connection to Level3 myself. It's not likely that traffic inbound to me is going to choose the longer route unless the shorter one is down, and it's pointless as a backup because a regional outage affecting Level3 may kill the cable co's link to them as well. ~Seth