Re: Linux Centralized Administration
On 13 January 2012 01:57, Paul Graydon p...@paulgraydon.co.uk wrote: On 01/12/2012 03:51 PM, chaim.rie...@gmail.com wrote: On 1/12/2012 4:43 PM, Jimmy Hess wrote: Something to think about before attempting to centrally manage, your systems actually have to be centrally manageable -- that doesn't happen automatically and requires extra work. this is why i never update. i would rather build a new image and deploy it to the thousands of servers than worry about updates. be it an openssh security notice, or new ntp configuration, for me it is easier to rebuild servers than update config files. For that matter, imaging is a bad way to go about handling this, you'd be better served by setting up something like Puppet or Chef and have them handle configuration management for you centrally, along with necessary software packages. Paul I looked into Puppet and though I've got it managing parts of our infrastructure it seems quite difficult to bolt on to an existing setup. There are also some things that I can't see how to do easily with Puppet (Don't upgrade packages on the live environment until we've tested them in staging being a big one.) I'm starting to look at Blueprint (http://devstructure.com) to help build the Puppet manifests so that we can deploy Puppet without breaking any existing machines, Puppet for configuration management and Spacewalk to audit what is up-to-date and help schedule security updates. Dan
Re: community strings for Reliance Globalcom
On Thu, Jan 12, 2012 at 2:57 PM, Philip Lavine source_ro...@yahoo.com wrote: does anybody have the community strings for Reliance Globalcom You might check to see if they left the default public read-only string in place, but I highly doubt it. Most people are pretty careful to pick at least somewhat hard to guess community strings, and to ACL them off from external querying. Matt
RE: Linux Centralized Administration
Hey folks. just curious what people are using for automating updates to Linux boxes? Today, we manually do YUM updates to all the CentOS servers . just an example but a good one. I have heard there are some open source solutions similar to that of Red Hat Network? We did create our own solution and are still expanding it. Currently we set what a server should look like at the servers, we want to change it to the central system. This would make it easier to deploy extra servers (only entering a MAC address, selecting software and starting a server should be enough to auto-deploy it). Our current solution is designed for Debian/Ubuntu, but should also work on other Linux distributions. A working copy might be available; please contact me offlist and I'll look what I can do. Kind regards, Mark
Re: Linux Centralized Administration
Sounds like a poorly designed package. Wordpress does a good job of allowing back end updates without impacting the services provided, even with database changes. Part of a well designed and maintained system is the ability to do painless upgrades. Jared Mauch On Jan 12, 2012, at 7:43 PM, Jimmy Hess mysi...@gmail.com wrote: Cacti/OpenNMS are good examples -- after a yum update to a new version, you must manually invoke, a potentially dangerous installer program or web page has to be used, after a new update, config files, or database schema have to be edited or patched by hand; until you manually take some action to fix the config, the application is broken after update. As soon as you attempt to restart the application it will shutdown OK, but not come back up.
Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address. The only common link was / is terminal services port 3389 is open to the public. Obviously someone (Mr 133t dude) scanned an allocation within our network, and like a worm was able to simultaneously control every Microsoft Windows Server to send outbound traffic. Microsoft Windows Servers within the 1.x.x.x/16 allocation which were behind a firewall or VPN and did not have public 3389 access did not send the unknown traffic Would be very interested if anyone else has seen this behavior before ! Or is this the start of a lovely new Zero Day Vulnerability with Windows RDP, if so I name it ohDeer-RDP A sample of the traffic is as per below, collected from netflow Source Destination Application Src Port Dst x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51534TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 52699TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 60824TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51669TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 49215TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 62099TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 65429TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51965TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 50381TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59379TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58103TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59514TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58298TCP This occurred around 10:30pm AEST Friday the 13th of January 2012 We had many other Microsoft Windows Servers in other 2.x.x.x/16 IP ranges which were totally unaffected. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616 E: james.braun...@micron21.commailto:james.braun...@micron21.com | ABN: 12 109 977 666 [Description: Description: Description: M21.jpg] This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer. inline: image001.jpg
RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Wouldn't this just be an indication of that block being scanned for open 3389 ports from that IP? You're just looking at the return traffic to the scanning host. -Original Message- From: James Braunegg [mailto:james.braun...@micron21.com] Sent: Friday, January 13, 2012 7:37 AM To: nanog@nanog.org Subject: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address. The only common link was / is terminal services port 3389 is open to the public. Obviously someone (Mr 133t dude) scanned an allocation within our network, and like a worm was able to simultaneously control every Microsoft Windows Server to send outbound traffic. Microsoft Windows Servers within the 1.x.x.x/16 allocation which were behind a firewall or VPN and did not have public 3389 access did not send the unknown traffic Would be very interested if anyone else has seen this behavior before ! Or is this the start of a lovely new Zero Day Vulnerability with Windows RDP, if so I name it ohDeer-RDP A sample of the traffic is as per below, collected from netflow Source Destination Application Src Port Dst x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51534 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 52699 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 60824 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51669 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 49215 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 62099 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 65429 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51965 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 50381 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59379 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58103 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59514 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58298 TCP This occurred around 10:30pm AEST Friday the 13th of January 2012 We had many other Microsoft Windows Servers in other 2.x.x.x/16 IP ranges which were totally unaffected. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616 E: james.braun...@micron21.commailto:james.braun...@micron21.com | ABN: 12 109 977 666 [Description: Description: Description: M21.jpg] This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.
RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Dear Erik 2mbits to 4mbits of outbound traffic is a fair bit for just a port scan.. We saw around 100ks of inbound traffic to each server and around 2mbits to 4mbits outbound traffic from the servers to the same destination 58.162.67.45 The traffic pattern occurred for around 30 minutes and then simultaneously every host (server) stopped sending traffic. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616 E: james.braun...@micron21.com | ABN: 12 109 977 666 This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer. -Original Message- From: Erik Soosalu [mailto:erik.soos...@calyxinc.com] Sent: Saturday, January 14, 2012 12:17 AM To: James Braunegg; nanog@nanog.org Subject: RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Wouldn't this just be an indication of that block being scanned for open 3389 ports from that IP? You're just looking at the return traffic to the scanning host. -Original Message- From: James Braunegg [mailto:james.braun...@micron21.com] Sent: Friday, January 13, 2012 7:37 AM To: nanog@nanog.org Subject: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address. The only common link was / is terminal services port 3389 is open to the public. Obviously someone (Mr 133t dude) scanned an allocation within our network, and like a worm was able to simultaneously control every Microsoft Windows Server to send outbound traffic. Microsoft Windows Servers within the 1.x.x.x/16 allocation which were behind a firewall or VPN and did not have public 3389 access did not send the unknown traffic Would be very interested if anyone else has seen this behavior before ! Or is this the start of a lovely new Zero Day Vulnerability with Windows RDP, if so I name it ohDeer-RDP A sample of the traffic is as per below, collected from netflow Source Destination Application Src Port Dst x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51534 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 52699 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 60824 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51669 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 49215 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 62099 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 65429 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51965 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 50381 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59379 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58103 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59514 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58298 TCP This occurred around 10:30pm AEST Friday the 13th of January 2012 We had many other Microsoft Windows Servers in other 2.x.x.x/16 IP ranges which were totally unaffected. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616 E: james.braun...@micron21.commailto:james.braun...@micron21.com | ABN: 12 109 977 666 [Description: Description: Description: M21.jpg] This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.
RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
I would agree that it is a large stream. The other thing would be a password crack attempt. There was tool out a couple of years, and I've forgotten the name of it now, that worked at brute forcing RDP passwords. It worked without ending up in the Windows logs, because at the time Windows would only log incorrect RDP password attempts on the 5th try. So it would try 4 passwords, disconnect and then connect again. If it was such a program, trying as fast as it could, there would be a lot of initial screen renders being sent to the attack IP with very little traffic coming back - just the login attempts. Thanks, Erik -Original Message- From: James Braunegg [mailto:james.braun...@micron21.com] Sent: Friday, January 13, 2012 8:29 AM To: Erik Soosalu; nanog@nanog.org Subject: RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Dear Erik 2mbits to 4mbits of outbound traffic is a fair bit for just a port scan.. We saw around 100ks of inbound traffic to each server and around 2mbits to 4mbits outbound traffic from the servers to the same destination 58.162.67.45 The traffic pattern occurred for around 30 minutes and then simultaneously every host (server) stopped sending traffic. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616 E: james.braun...@micron21.com | ABN: 12 109 977 666 This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer. -Original Message- From: Erik Soosalu [mailto:erik.soos...@calyxinc.com] Sent: Saturday, January 14, 2012 12:17 AM To: James Braunegg; nanog@nanog.org Subject: RE: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Wouldn't this just be an indication of that block being scanned for open 3389 ports from that IP? You're just looking at the return traffic to the scanning host. -Original Message- From: James Braunegg [mailto:james.braun...@micron21.com] Sent: Friday, January 13, 2012 7:37 AM To: nanog@nanog.org Subject: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389 Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address. The only common link was / is terminal services port 3389 is open to the public. Obviously someone (Mr 133t dude) scanned an allocation within our network, and like a worm was able to simultaneously control every Microsoft Windows Server to send outbound traffic. Microsoft Windows Servers within the 1.x.x.x/16 allocation which were behind a firewall or VPN and did not have public 3389 access did not send the unknown traffic Would be very interested if anyone else has seen this behavior before ! Or is this the start of a lovely new Zero Day Vulnerability with Windows RDP, if so I name it ohDeer-RDP A sample of the traffic is as per below, collected from netflow Source Destination Application Src Port Dst x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51534 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 52699 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 60824 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51669 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 49215 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 62099 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 65429 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51965 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 50381 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59379 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58103 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59514 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58298 TCP This occurred around 10:30pm AEST Friday the 13th of January 2012 We had many other Microsoft Windows Servers in other 2.x.x.x/16 IP ranges which were totally unaffected. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488
Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Hello, On Fri, Jan 13, 2012 at 12:36 PM, James Braunegg james.braun...@micron21.com wrote: Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address. Have you contacted Microsoft yet? https://support.microsoft.com/oas/default.aspx?gprid=1163st=1wfxredirect=1sd=gn If you have a support contract (which you probably do) you'll get a very quick response if you choose the security option. Whatever you do, do let everyone know what the problem turns out to be. Alex
Re: community strings for Reliance Globalcom
Additionally, http://ubs.flagtel.com/lg Their looking glass. You can do basic traceroute and BGP from here. On Fri, Jan 13, 2012 at 4:36 AM, Matthew Petach mpet...@netflight.comwrote: On Thu, Jan 12, 2012 at 2:57 PM, Philip Lavine source_ro...@yahoo.com wrote: does anybody have the community strings for Reliance Globalcom You might check to see if they left the default public read-only string in place, but I highly doubt it. Most people are pretty careful to pick at least somewhat hard to guess community strings, and to ACL them off from external querying. Matt -- Anurag Bhatia anuragbhatia.com or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected network! Twitter: @anurag_bhatia https://twitter.com/#!/anurag_bhatia
Re: community strings for Reliance Globalcom
I could be wrong, but I think OP was requesting for BGP communities. I don't think he was asking for their SNMP community strings - I've never heard of a situation where a provider would allow their customers to poll their routers via SNMP. Or did I miss something? Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI Technical Trainer, Juniper Networks Follow us on Twitter @JuniperEducate Sent from my iPad On Jan 12, 2012, at 6:06 PM, Matthew Petach mpet...@netflight.com wrote: On Thu, Jan 12, 2012 at 2:57 PM, Philip Lavine source_ro...@yahoo.com wrote: does anybody have the community strings for Reliance Globalcom You might check to see if they left the default public read-only string in place, but I highly doubt it. Most people are pretty careful to pick at least somewhat hard to guess community strings, and to ACL them off from external querying. Matt
Re: community strings for Reliance Globalcom
nail on the head. I need the : notation for the BGP preference. I need to be able to set a provider as a backup, for example: qwest would be 209:70 From: Stefan Fouant sfou...@shortestpathfirst.net To: Matthew Petach mpet...@netflight.com Cc: Philip Lavine source_ro...@yahoo.com; nanog@nanog.org nanog@nanog.org Sent: Friday, January 13, 2012 6:41 AM Subject: Re: community strings for Reliance Globalcom I could be wrong, but I think OP was requesting for BGP communities. I don't think he was asking for their SNMP community strings - I've never heard of a situation where a provider would allow their customers to poll their routers via SNMP. Or did I miss something? Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI Technical Trainer, Juniper Networks Follow us on Twitter @JuniperEducate Sent from my iPad On Jan 12, 2012, at 6:06 PM, Matthew Petach mpet...@netflight.com wrote: On Thu, Jan 12, 2012 at 2:57 PM, Philip Lavine source_ro...@yahoo.com wrote: does anybody have the community strings for Reliance Globalcom You might check to see if they left the default public read-only string in place, but I highly doubt it. Most people are pretty careful to pick at least somewhat hard to guess community strings, and to ACL them off from external querying. Matt
Re: community strings for Reliance Globalcom
Here's the info from their IRR: remarks: Communities applied at ingress remarks: === remarks: 15412:1xxx PoP remarks: 15412:1101 New York remarks: 15412:1201 Los Angeles remarks: 15412:1202 Palo Alto remarks: 15412:1301 Tokyo remarks: 15412:1311 Hong Kong remarks: 15412:1316 Singapore remarks: 15412:1321 Seoul remarks: 15412:1331 Singapore remarks: 15412:1341 Taipei remarks: 15412:1401 Cairo remarks: 15412:1411 Bahrain remarks: 15412:1402 Alexandria remarks: 15412:1412 Jeddah remarks: 15412:1413 Al Khobar remarks: 15412:1414 Dubai remarks: 15412:1415 Doha remarks: 15412:1431 Mumbai remarks: 15412:1432 Chennai remarks: 15412:1501 London remarks: 15412:1511 Paris remarks: 15412:1521 Madrid remarks: 15412:1531 Frankfurt remarks: 15412:1514 Amsterdam remarks: === remarks: 15412:7xx Customer remarks: 15412:701 Aggregate remarks: 15412:702 Statically Routed remarks: 15412:703 BGP Routed remarks: 15412:705 BGP Routed (Suppress MED to upstreams) remarks: === remarks: 15412:8xx Peer remarks: 15412:800 PRIVATE PEER remarks: 15412:801 PAIX remarks: 15412:802 NYIIX remarks: 15412:803 JPIX remarks: 15412:804 KINX remarks: 15412:805 HKIX remarks: 15412:806 LINX remarks: 15412:807 SFINX remarks: 15412:808 LAIX remarks: 15412:809 AMSIX remarks: 15412:810 DECIX remarks: 15412:813 JPNAP remarks: 15412:814 EQUINIX ASHBURN VA remarks: 15412:815 EQUINIX SINGAPORE remarks: 15412:816 EQUINIX TOKYO remarks: 15412:817 ANY2 remarks: 15412:820 EQUINIX PARIS remarks: 15412:821 EQUINIX HONG KONG remarks: === remarks: 15412:9xx Upstream remarks: 15412:902 LEVEL3 AS3356http://bgp.he.net/AS3356remarks: 15412:903 NTT/VERIO AS2914 http://bgp.he.net/AS2914 remarks: === remarks: BGP Communities available to customers for traffic engineering remarks: === remarks: Modify LocalPref remarks: remarks: 15412:80 = 80 remarks: 15412:200 = 200 (e.g. backup link) remarks: 15412:300 = 300 remarks: Default (Customer/Transit/Peer) = 250/100/100 remarks: === remarks: Suppression/Prepend remarks: === remarks: 15412:4100 Do not announce to any upstream remarks: === remarks: 15412:4120 Do not announce to LEVEL3 AS3356 http://bgp.he.net/AS3356 remarks: 15412:4121 Prepend 15412 to LEVEL3 AS3356 http://bgp.he.net/AS3356remarks: 15412:4122 Prepend 15412 15412 to LEVEL3 AS3356 http://bgp.he.net/AS3356 remarks: === remarks: 15412:4130 Do not announce to NTT/Verio AS2914 http://bgp.he.net/AS2914 remarks: 15412:4131 Prepend 15412 to NTT/Verio AS2914 http://bgp.he.net/AS2914remarks: 15412:4132 Prepend 15412 15412 to NTT/Verio AS2914 http://bgp.he.net/AS2914 remarks: === remarks: 15412:4500 Do not announce to FLAG peers remarks: === remarks: 15412:4510 Do not announce to PAIX Peers remarks: 15412:4511 Prepend 15412 to PAIX Peers remarks: 15412:4512 Prepend 15412 15412 to PAIX Peers remarks: === remarks: 15412:4520 Do not announce to NYIIX Peers remarks: 15412:4521 Prepend 15412 to NYIIX Peers remarks: 15412:4522 Prepend 15412 15412 to NYIIX Peers remarks: === remarks: 15412:4530 Do not announce to JPIX Peers remarks: 15412:4531 Prepend 15412 to JPIX Peers remarks: 15412:4532 Prepend 15412 15412 to JPIX Peers remarks: === remarks: 15412:4540 Do not announce to KINX Peers remarks: 15412:4541 Prepend 15412 to KINX Peers remarks: 15412:4542 Prepend 15412 15412 to KINX Peers remarks: === remarks: 15412:4550 Do not announce to HKIX Peers remarks: 15412:4551 Prepend 15412 to HKIX Peers remarks: 15412:4552 Prepend 15412 15412 to HKIX Peers remarks: === remarks: 15412:4560 Do not announce to LINX Peers remarks: 15412:4561 Prepend 15412 to LINX Peers remarks: 15412:4562 Prepend 15412 15412 to LINX Peers remarks: === remarks: 15412:4570 Do not announce to SFINX Peers remarks: 15412:4571 Prepend 15412 to SFINX Peers remarks: 15412:4572 Prepend 15412 15412 to SFINX Peers remarks: === remarks: 15412:4580 Do not announce to LAIX Peers remarks: 15412:4581 Prepend 15412 to LAIX Peers remarks: 15412:4582 Prepend 15412 15412 to LAIX Peers remarks: === remarks:
Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Hi, We have had 2 of the below hit us this week. First time was apx 11:20am 1/10/2012 (PST). The 2nd was 1/12/2012 (Yesterday) 4:45pm. We had done some research and had already planed to switch to Network Level Authentication (NLA) as it looks like that would help with the screen not getting dumped. Unfortunately we had not done the change to that yet as we were getting looking for and found a new RDP client on linux that would support it. However last night we did start doing the changes to NLA. I am not saying NLA is a fix or that it is the best option. Just one of the things we are trying. When we can, locking down access to the RDP port I think would be best. Ohh, as for the destination. The first day was to 221.251.194.42. Yesterday was for 115.236.185.167. Sincerely, Mark Keymer On 1/13/2012 4:36 AM, James Braunegg wrote: Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address. The only common link was / is terminal services port 3389 is open to the public. Obviously someone (Mr 133t dude) scanned an allocation within our network, and like a worm was able to simultaneously control every Microsoft Windows Server to send outbound traffic. Microsoft Windows Servers within the 1.x.x.x/16 allocation which were behind a firewall or VPN and did not have public 3389 access did not send the unknown traffic Would be very interested if anyone else has seen this behavior before ! Or is this the start of a lovely new Zero Day Vulnerability with Windows RDP, if so I name it ohDeer-RDP A sample of the traffic is as per below, collected from netflow Source Destination Application Src Port Dst x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51534TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 52699TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 60824TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51669TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 49215TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 62099TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 65429TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51965TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 50381TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59379TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58103TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59514TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58298TCP This occurred around 10:30pm AEST Friday the 13th of January 2012 We had many other Microsoft Windows Servers in other 2.x.x.x/16 IP ranges which were totally unaffected. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616 E: james.braun...@micron21.commailto:james.braun...@micron21.com | ABN: 12 109 977 666 [Description: Description: Description: M21.jpg] This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.
Re: Possible New Zero Day Microsoft Windows 3389 vulnerability - outbound traffic 3389
Another possibility is the use of this tool as well: http://www.sensepost.com/labs/tools/pentest/reduh (Reduh) Jerry je...@jdixon.com On Fri, Jan 13, 2012 at 12:02 PM, Mark Keymer m...@viviotech.net wrote: Hi, We have had 2 of the below hit us this week. First time was apx 11:20am 1/10/2012 (PST). The 2nd was 1/12/2012 (Yesterday) 4:45pm. We had done some research and had already planed to switch to Network Level Authentication (NLA) as it looks like that would help with the screen not getting dumped. Unfortunately we had not done the change to that yet as we were getting looking for and found a new RDP client on linux that would support it. However last night we did start doing the changes to NLA. I am not saying NLA is a fix or that it is the best option. Just one of the things we are trying. When we can, locking down access to the RDP port I think would be best. Ohh, as for the destination. The first day was to 221.251.194.42. Yesterday was for 115.236.185.167. Sincerely, Mark Keymer On 1/13/2012 4:36 AM, James Braunegg wrote: Hey All, Just posting to see if anyone has seen any strange outbound traffic on port 3389 from Microsoft Windows Server over the last few hours. We witnessed an alarming amount of completely independent Microsoft Windows Servers, each on separate vlan and subnets (ie all /30 and /29 allocations) with separate gateways on and completely separate customers, but all services were within the same 1.x.x.x/16 allocation all simultaneously send around 2mbit or so data to a specific target IP address. The only common link was / is terminal services port 3389 is open to the public. Obviously someone (Mr 133t dude) scanned an allocation within our network, and like a worm was able to simultaneously control every Microsoft Windows Server to send outbound traffic. Microsoft Windows Servers within the 1.x.x.x/16 allocation which were behind a firewall or VPN and did not have public 3389 access did not send the unknown traffic Would be very interested if anyone else has seen this behavior before ! Or is this the start of a lovely new Zero Day Vulnerability with Windows RDP, if so I name it ohDeer-RDP A sample of the traffic is as per below, collected from netflow Source Destination Application Src Port Dst x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51534 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 52699 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 60824 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51669 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 49215 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 62099 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 65429 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 51965 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 50381 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59379 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58103 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 59514 TCP x.x.x.x/1658.162.67.45 ms-wbt-server 3389 58298 TCP This occurred around 10:30pm AEST Friday the 13th of January 2012 We had many other Microsoft Windows Servers in other 2.x.x.x/16 IP ranges which were totally unaffected. Kindest Regards James Braunegg W: 1300 769 972 | M: 0488 997 207 | D: (03) 9751 7616 E: james.braun...@micron21.com**mailto:james.braunegg@**micron21.comjames.braun...@micron21.com | ABN: 12 109 977 666 [Description: Description: Description: M21.jpg] This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer. -- Jerry je...@jdixon.com
Re: community strings for Reliance Globalcom
On Fri, Jan 13, 2012 at 6:41 AM, Stefan Fouant sfou...@shortestpathfirst.net wrote: I could be wrong, but I think OP was requesting for BGP communities. I don't think he was asking for their SNMP community strings - I've never heard of a situation where a provider would allow their customers to poll their routers via SNMP. Or did I miss something? Sorry--I was knee-deep in digging through IPv6 OIDs, so my brain was all awash with SNMP community strings when I saw the post. You're right, in retrospect BGP communities made more sense. Apologies for the confusion. Matt Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI Technical Trainer, Juniper Networks Follow us on Twitter @JuniperEducate Sent from my iPad On Jan 12, 2012, at 6:06 PM, Matthew Petach mpet...@netflight.com wrote: On Thu, Jan 12, 2012 at 2:57 PM, Philip Lavine source_ro...@yahoo.com wrote: does anybody have the community strings for Reliance Globalcom You might check to see if they left the default public read-only string in place, but I highly doubt it. Most people are pretty careful to pick at least somewhat hard to guess community strings, and to ACL them off from external querying. Matt
Re: Linux Centralized Administration
On Fri, 13 Jan 2012, Daniel Ankers wrote: I looked into Puppet and though I've got it managing parts of our infrastructure it seems quite difficult to bolt on to an existing setup. There are also some things that I can't see how to do easily with Puppet (Don't upgrade packages on the live environment until we've tested them in staging being a big one.) Has anyone mentioned cluster ssh yet? Depending on your scale, cluster ssh and a really big screen may be a suitable way to manage N servers and do things like apply updates or make identical changes to all at once (or in groups). It also gives you the flexibility to apply commands to all or single out a system and do things just in the one window, then to back to talking to all. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Verizon FIOS/DSL - Southern California DNS Issues
Hi, Has anyone been experiencing Verizon FIOS/DSL DNS issues for the past 72 hours? Looks like Verizon FIOS/DSL is blocking legitimate sites, ours being one of them. We have over 300 of our members throughout California on Verizon FIOS/DSL experiencing issues getting to sites. One of the big ones is Bank of America. I have started a post on Verizon's site and directed our members to post their issues there. http://forums.verizon.com/t5/FiOS-Internet/DNS-issues-in-SoCal/td-p/393781/highlight/true I can't seem to get the issue escalated. Thought I would get the opinion of the group to see how to get this issue to the actually engineers that have access to Verizon's DNS servers. Thanks in advance. David Siegrist IT Systems Manager da...@crmls.org
Address-based Route Reflection
Dear all, The document below may be of interest: Address-based Route Reflection at http://bgp.mpi-sws.org/papers/abrr-CoNEXT11.pdf by Ruichuan Chen (MPI-SWS), Aman Shaikh (ATT Labs Research), Jia Wang (ATT Labs Research), Paul Francis (MPI-SWS) Abstract This work presents Address-Based Route Reflection (ABRR): the first iBGP solution that completely solves all oscillation and looping problems, has no path inefficiencies, and puts no constraints on RR placement. ABRR does this by emulating the semantics of full-mesh iBGP, and thereby adopting the correctness and path efficiency properties of full-mesh iBGP. Both traditional Topology-Based Route Reflection (TBRR) and ABRR take a divide-and-conquer approach. While TBRR scales by making each RR responsible for all prefixes from some fraction of routers, ABRR scales by making each RR responsible for some fraction of prefixes from all routers. Best regards, --Ruichuan
Re: Verizon FIOS/DSL - Southern California DNS Issues
Hello David Can you share dig result along with +trace ? Something like: dig store.steampowered.com +trace This will give exact idea of where DNS resolution is failing. It might be that one of these servers failed: ns3.valvesoftware.com. ns1.valvesoftware.com. ns2.valvesoftware.com. or something like that. On Fri, Jan 13, 2012 at 11:31 PM, David Siegrist da...@crmls.org wrote: Hi, Has anyone been experiencing Verizon FIOS/DSL DNS issues for the past 72 hours? Looks like Verizon FIOS/DSL is blocking legitimate sites, ours being one of them. We have over 300 of our members throughout California on Verizon FIOS/DSL experiencing issues getting to sites. One of the big ones is Bank of America. I have started a post on Verizon's site and directed our members to post their issues there. http://forums.verizon.com/t5/FiOS-Internet/DNS-issues-in-SoCal/td-p/393781/highlight/true I can't seem to get the issue escalated. Thought I would get the opinion of the group to see how to get this issue to the actually engineers that have access to Verizon's DNS servers. Thanks in advance. David Siegrist IT Systems Manager da...@crmls.org -- Anurag Bhatia anuragbhatia.com or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected network! Twitter: @anurag_bhatia https://twitter.com/#!/anurag_bhatia
RE: Verizon FIOS/DSL - Southern California DNS Issues
Has anyone been experiencing Verizon FIOS/DSL DNS issues for the past 72 hours? Looks like Verizon FIOS/DSL is blocking legitimate sites, ours being one of them. We have over 300 of our members throughout California on Verizon FIOS/DSL experiencing issues getting to sites. One of the big ones is Bank of America. I have started a post on Verizon's site and directed our members to post their issues there. http://forums.verizon.com/t5/FiOS-Internet/DNS-issues-in-SoCal/td-p/393781/highlight/true I can't seem to get the issue escalated. Thought I would get the opinion of the group to see how to get this issue to the actually engineers that have access to Verizon's DNS servers. Thanks in advance. David Siegrist IT Systems Manager da...@crmls.org We are seeing all kinds of oddities through Verizon FIOS for a ton of our customers in the Riverside County area as well. Looks like HTTP / HTTPS filtering or something. Some sites can get to places that others (right next door) cant. Pings and traceroutes work, but HTTP / HTTPS connections fail to various places. We are also seeing HORRIBLE performance of VOIP to multiple providers for every one of our FIOS customers. We have been unable to get any support from Verizon ourselves... If anyone knows anyone who knows anything at Verizon, please pass the information along! Thanks, James Laszko Mythos Technology Inc jam...@mythostech.com
RE: Verizon FIOS/DSL - Southern California DNS Issues
Hi James, Can you do me a favor and post what you are seeing on the link I provided. http://forums.verizon.com/t5/FiOS-Internet/DNS-issues-in-SoCal/td-p/393781/highlight/true Maybe enough of the community post it may get Verizon's attention. David Siegrist IT Systems Manager da...@crmls.org -Original Message- From: James Laszko [mailto:jam...@mythostech.com] Sent: Friday, January 13, 2012 10:22 AM To: David Siegrist; nanog@nanog.org Subject: RE: Verizon FIOS/DSL - Southern California DNS Issues Has anyone been experiencing Verizon FIOS/DSL DNS issues for the past 72 hours? Looks like Verizon FIOS/DSL is blocking legitimate sites, ours being one of them. We have over 300 of our members throughout California on Verizon FIOS/DSL experiencing issues getting to sites. One of the big ones is Bank of America. I have started a post on Verizon's site and directed our members to post their issues there. http://forums.verizon.com/t5/FiOS-Internet/DNS-issues-in-SoCal/td-p/393781/highlight/true I can't seem to get the issue escalated. Thought I would get the opinion of the group to see how to get this issue to the actually engineers that have access to Verizon's DNS servers. Thanks in advance. David Siegrist IT Systems Manager da...@crmls.org We are seeing all kinds of oddities through Verizon FIOS for a ton of our customers in the Riverside County area as well. Looks like HTTP / HTTPS filtering or something. Some sites can get to places that others (right next door) cant. Pings and traceroutes work, but HTTP / HTTPS connections fail to various places. We are also seeing HORRIBLE performance of VOIP to multiple providers for every one of our FIOS customers. We have been unable to get any support from Verizon ourselves... If anyone knows anyone who knows anything at Verizon, please pass the information along! Thanks, James Laszko Mythos Technology Inc jam...@mythostech.com
VPC=S/MLT?
OK, So I'm doing a lot of reading lately on Nexus as we are about to get into the 7k/5k game and of course a lot of the marketing revolves around VPC. Every time I see it referenced, I keep remembering a reasonably reliable Nortel implementation called Split MLT (Multi Link Trunk). Is there something fancy here that I'm missing in the docs or am I wrong in equating the two? Isn't VPC just S/MLT? It's just that Cisco has shown up 8 years late and is trying to hype it up to compensate? -- -Hammer- I was a normal American nerd -Jack Herer
Re: Linux Centralized Administration
Hello, On Fri, 13 Jan 2012 12:42:30 -0500 (EST) Jon Lewis jle...@lewis.org wrote: On Fri, 13 Jan 2012, Daniel Ankers wrote: I looked into Puppet and though I've got it managing parts of our infrastructure it seems quite difficult to bolt on to an existing setup. There are also some things that I can't see how to do easily with Puppet (Don't upgrade packages on the live environment until we've tested them in staging being a big one.) Has anyone mentioned cluster ssh yet? Depending on your scale, cluster ssh and a really big screen may be a suitable way to manage N servers and do things like apply updates or make identical changes to all at once (or in groups). It also gives you the flexibility to apply commands to all or single out a system and do things just in the one window, then to back to talking to all. Continuing that line of tools, I'm using parallel-ssh (http://code.google.com/p/parallel-ssh/) with great success for managing several hundred servers, spread all over the world. -- Best regards, Nickola Kolev
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 14 Jan, 2012 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 390792 Prefixes after maximum aggregation: 168714 Deaggregation factor: 2.32 Unique aggregates announced to Internet: 190828 Total ASes present in the Internet Routing Table: 39823 Prefixes per ASN: 9.81 Origin-only ASes present in the Internet Routing Table: 32590 Origin ASes announcing only one prefix: 15510 Transit ASes present in the Internet Routing Table:5382 Transit-only ASes present in the Internet Routing Table:143 Average AS path length visible in the Internet Routing Table: 4.3 Max AS path length visible: 33 Max AS path prepend of ASN (48687) 24 Prefixes from unregistered ASNs in the Routing Table: 2098 Unregistered ASNs in the Routing Table:1058 Number of 32-bit ASNs allocated by the RIRs: 2178 Number of 32-bit ASNs visible in the Routing Table:1851 Prefixes from 32-bit ASNs in the Routing Table:4455 Special use prefixes present in the Routing Table:2 Prefixes being announced from unallocated address space:120 Number of addresses announced to Internet: 2509165880 Equivalent to 149 /8s, 142 /16s and 213 /24s Percentage of available address space announced: 67.7 Percentage of allocated address space announced: 67.7 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 91.9 Total number of prefixes smaller than registry allocations: 165725 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:96436 Total APNIC prefixes after maximum aggregation: 31482 APNIC Deaggregation factor:3.06 Prefixes being announced from the APNIC address blocks: 92792 Unique aggregates announced from the APNIC address blocks:38873 APNIC Region origin ASes present in the Internet Routing Table:4636 APNIC Prefixes per ASN: 20.02 APNIC Region origin ASes announcing only one prefix: 1249 APNIC Region transit ASes present in the Internet Routing Table:731 Average APNIC Region AS path length visible:4.3 Max APNIC Region AS path length visible: 18 Number of APNIC region 32-bit ASNs visible in the Routing Table:133 Number of APNIC addresses announced to Internet: 634071944 Equivalent to 37 /8s, 203 /16s and 43 /24s Percentage of available APNIC address space announced: 80.4 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-132095, 132096-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:147469 Total ARIN prefixes after maximum aggregation:75118 ARIN Deaggregation factor: 1.96 Prefixes being announced from the ARIN address blocks: 119452 Unique aggregates announced from the ARIN address blocks: 49103 ARIN Region origin ASes present in the Internet Routing Table:14847 ARIN Prefixes per ASN: 8.05 ARIN Region origin ASes announcing only one prefix:
Re: VPC=S/MLT?
On 1/13/12 11:19 , -Hammer- wrote: OK, So I'm doing a lot of reading lately on Nexus as we are about to get into the 7k/5k game and of course a lot of the marketing revolves around VPC. Every time I see it referenced, I keep remembering a reasonably reliable Nortel implementation called Split MLT (Multi Link Trunk). Is there something fancy here that I'm missing in the docs or am I wrong in equating the two? Isn't VPC just S/MLT? It's just that Cisco has shown up 8 years late and is trying to hype it up to compensate? vpc/vlt/mlag/s/mlt
Re: VPC=S/MLT?
Wow. A fellow greybeard. OK. That's what I needed to know. I'm trying to understand if VPC has any more recent enhancements that weren't around for some older multi-chassis channel methods but I don't see anything specific in the docs other than some FHRP (HSRP only it appears) and PIM tweaks. If anyone has some really deep docs on VPC I'd appreciate the links. Thanks. -Hammer- I was a normal American nerd -Jack Herer On 1/13/2012 1:31 PM, Joel jaeggli wrote: On 1/13/12 11:19 , -Hammer- wrote: OK, So I'm doing a lot of reading lately on Nexus as we are about to get into the 7k/5k game and of course a lot of the marketing revolves around VPC. Every time I see it referenced, I keep remembering a reasonably reliable Nortel implementation called Split MLT (Multi Link Trunk). Is there something fancy here that I'm missing in the docs or am I wrong in equating the two? Isn't VPC just S/MLT? It's just that Cisco has shown up 8 years late and is trying to hype it up to compensate? vpc/vlt/mlag/s/mlt
Re: VPC=S/MLT?
On 13 Jan 2012, at 19:35, Joel jaeggli joe...@bogus.com wrote: On 1/13/12 11:19 , -Hammer- wrote: OK, So I'm doing a lot of reading lately on Nexus as we are about to get into the 7k/5k game and of course a lot of the marketing revolves around VPC. Every time I see it referenced, I keep remembering a reasonably reliable Nortel implementation called Split MLT (Multi Link Trunk). Is there something fancy here that I'm missing in the docs or am I wrong in equating the two? Isn't VPC just S/MLT? It's just that Cisco has shown up 8 years late and is trying to hype it up to compensate? vpc/vlt/mlag/s/mlt I am using the Brocade version, Multi Chassis Trunking (MCT), and it really does make things a lot nicer. -- Leigh Porter __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __
Re: VPC=S/MLT?
On Fri, Jan 13, 2012 at 01:38:26PM -0600, -Hammer- wrote: Wow. A fellow greybeard. OK. That's what I needed to know. I'm trying to understand if VPC has any more recent enhancements that weren't around for some older multi-chassis channel methods but I don't see anything specific in the docs other than some FHRP (HSRP only it appears) and PIM tweaks. If anyone has some really deep docs on VPC I'd appreciate the links. Thanks. These two docs provide a lot of details: vPC fundamental concepts: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf Data Center Access Design with Cisco Nexus 5000 Series Switches and 2000 Series Fabric Extenders and Virtual PortChannels Updated to Cisco NX-OS Software Release 5.1(3)N1(1): http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572829-01_Design_N5K_N2K_vPC_DG.pdf -Charles Charles E. Spurgeon / UTnet UT Austin ITS / Networking c.spurg...@its.utexas.edu / 512.475.9265
Re: VPC=S/MLT?
Thanks Charles. Good stuff. -Hammer- I was a normal American nerd -Jack Herer On 1/13/2012 2:10 PM, Charles Spurgeon wrote: On Fri, Jan 13, 2012 at 01:38:26PM -0600, -Hammer- wrote: Wow. A fellow greybeard. OK. That's what I needed to know. I'm trying to understand if VPC has any more recent enhancements that weren't around for some older multi-chassis channel methods but I don't see anything specific in the docs other than some FHRP (HSRP only it appears) and PIM tweaks. If anyone has some really deep docs on VPC I'd appreciate the links. Thanks. These two docs provide a lot of details: vPC fundamental concepts: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf Data Center Access Design with Cisco Nexus 5000 Series Switches and 2000 Series Fabric Extenders and Virtual PortChannels Updated to Cisco NX-OS Software Release 5.1(3)N1(1): http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572829-01_Design_N5K_N2K_vPC_DG.pdf -Charles Charles E. Spurgeon / UTnet UT Austin ITS / Networking c.spurg...@its.utexas.edu / 512.475.9265
ANNOUNCE: bgptables.merit.edu - understanding visibility of your prefix/AS
All, We would like to announce the availability of the bgpTables Project at Merit at: http://bgptables.merit.edu bgpTables allows users to easily navigate global routing table data collected via routviews.org. bgptables essentially processes the data collected at routeviews and makes is available in a somewhat easier to use interface. The goal of bgpTables is to represent global prefix and AS visibility information from the vantage point of the various bgp table views as seen at routeviews. The data is currently updated nightly (EST) but we hope to improve this over time. Please see the FAQ (http://bgptables.merit.edu/faq.php) for some simple examples of how you can use bgpTables. Some examples: - You can query for a specific ASN by entering the text 'as' followed by the AS number into the search box. For example to query for information about AS 237 you would enter 'as237' [without quotation marks] into the search box and then click 'search'. You can then use the view navigator map to switch to different routing table views for this ASN - You can query for a specific prefix by directly entering the prefix into the search box. For example to query for information about prefix 12.0.0.0/8 you would simply enter '12.0.0.0/8' [without quotation marks] into the search box and then click 'search'. You can then use the view navigator map to switch to different routing table views for the prefix. - You can find a particular prefix that you might be interested in by running a 'contained within' query via the search box. For example to quickly browse a list of prefixes contained within 1.0.0.0/8 to find the particular prefix you might be interested in, you can enter the text 'cw1.0.0.0/8' [without quotation marks] into the search box and click 'search'. You can then browse the resulting table to select the particular prefix you might be interested in. - You can simply enter the text 'as' followed by the company name into the search box then click search to view a list of possible matches for that text. For example, to view all matching google ASNs you can simply enter 'asgoogle' into the search box and click search. A list of possible matching ASNs that reference Google by name will be returned from which you an then select the particular ASN that is of interest to you. Comments, corrections, and suggestions are very welcome. Please send them to mka...@merit.edu. Hopefully folks will find this useful. Thanks. -The Merit Network Research and Development Team
Re: VPC=S/MLT?
Charles, The first link references chapter 3. I found chapter 5 as well but I can't find the full index. Do you have that link by any chance? -Hammer- I was a normal American nerd -Jack Herer On 1/13/2012 2:10 PM, Charles Spurgeon wrote: On Fri, Jan 13, 2012 at 01:38:26PM -0600, -Hammer- wrote: Wow. A fellow greybeard. OK. That's what I needed to know. I'm trying to understand if VPC has any more recent enhancements that weren't around for some older multi-chassis channel methods but I don't see anything specific in the docs other than some FHRP (HSRP only it appears) and PIM tweaks. If anyone has some really deep docs on VPC I'd appreciate the links. Thanks. These two docs provide a lot of details: vPC fundamental concepts: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf Data Center Access Design with Cisco Nexus 5000 Series Switches and 2000 Series Fabric Extenders and Virtual PortChannels Updated to Cisco NX-OS Software Release 5.1(3)N1(1): http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572829-01_Design_N5K_N2K_vPC_DG.pdf -Charles Charles E. Spurgeon / UTnet UT Austin ITS / Networking c.spurg...@its.utexas.edu / 512.475.9265
Re: IP Management Software
Hi, Would you please tell me what is the advantages of noc-project? It takes hours to install it and it looks like a software with lots of bugs? I have it now but many problems in their scripts, Isn't it? Thanks On Fri, Dec 16, 2011 at 7:46 PM, Payam Poursaied m...@payam124.com wrote: Try noc project On Friday, December 16, 2011, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi everybody, Can anybody share his/her experience with IP Management software's? Which I can use it managing near 100K IP Address? IPPlan is not good enough, I think its -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: IP Management Software
We use Men Mice, but it is a commercial product. Solarwinds andInfoblox also have commercial offerings that are worth looking at. Ifyou looking at an IPAM platform with emphasis on IPv6, check outwww.6connect.com. They offer a free product that is prettycomprehensive. Josh On Fri, Jan 13, 2012 at 4:24 PM, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi, Would you please tell me what is the advantages of noc-project? It takes hours to install it and it looks like a software with lots of bugs? I have it now but many problems in their scripts, Isn't it? Thanks On Fri, Dec 16, 2011 at 7:46 PM, Payam Poursaied m...@payam124.com wrote: Try noc project On Friday, December 16, 2011, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi everybody, Can anybody share his/her experience with IP Management software's? Which I can use it managing near 100K IP Address? IPPlan is not good enough, I think its -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: IP Management Software
I am looking for an open source one, nocproject.org is good but it need lots of patches to be normal, I think they are not developing it too much because its internal project for them. On Sat, Jan 14, 2012 at 1:20 AM, Josh Baird joshba...@gmail.com wrote: We use Men Mice, but it is a commercial product. Solarwinds andInfoblox also have commercial offerings that are worth looking at. Ifyou looking at an IPAM platform with emphasis on IPv6, check outwww.6connect.com. They offer a free product that is prettycomprehensive. Josh On Fri, Jan 13, 2012 at 4:24 PM, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi, Would you please tell me what is the advantages of noc-project? It takes hours to install it and it looks like a software with lots of bugs? I have it now but many problems in their scripts, Isn't it? Thanks On Fri, Dec 16, 2011 at 7:46 PM, Payam Poursaied m...@payam124.com wrote: Try noc project On Friday, December 16, 2011, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi everybody, Can anybody share his/her experience with IP Management software's? Which I can use it managing near 100K IP Address? IPPlan is not good enough, I think its -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
BGP Update Report
BGP Update Report Interval: 05-Jan-12 -to- 12-Jan-12 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS42116 102673 6.3%1711.2 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 2 - AS15706 62272 3.8% 322.7 -- Sudatel 3 - AS982943384 2.7% 65.2 -- BSNL-NIB National Internet Backbone 4 - AS840238569 2.4% 46.6 -- CORBINA-AS OJSC Vimpelcom 5 - AS32528 24044 1.5%6011.0 -- ABBOTT Abbot Labs 6 - AS755223372 1.4% 16.5 -- VIETEL-AS-AP Vietel Corporation 7 - AS24560 22324 1.4% 52.4 -- AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 8 - AS580021762 1.3% 81.8 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 9 - AS607220608 1.3%1472.0 -- UNISYS-6072 For routing issues, email hostmas...@unisys.com 10 - AS20632 20374 1.2% 20374.0 -- PETERSTAR-AS PeterStar 11 - AS27738 14226 0.9% 41.6 -- Ecuadortelecom S.A. 12 - AS27947 14084 0.9% 27.1 -- Telconet S.A 13 - AS19223 12795 0.8% 12795.0 -- NTEGRATED-SOLUTIONS - Ntegrated Solutions 14 - AS17639 12159 0.8%2026.5 -- COMCLARK-AS ComClark Network Technology Corp. 15 - AS321511844 0.7% 3.0 -- AS3215 France Telecom - Orange 16 - AS12479 11527 0.7% 72.5 -- UNI2-AS France Telecom Espana SA 17 - AS14522 10593 0.7% 38.5 -- Satnet 18 - AS9498 8907 0.6% 15.2 -- BBIL-AP BHARTI Airtel Ltd. 19 - AS256208587 0.5% 53.0 -- COTAS LTDA. 20 - AS286837966 0.5% 137.3 -- BENINTELECOM TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS20632 20374 1.2% 20374.0 -- PETERSTAR-AS PeterStar 2 - AS19223 12795 0.8% 12795.0 -- NTEGRATED-SOLUTIONS - Ntegrated Solutions 3 - AS32528 24044 1.5%6011.0 -- ABBOTT Abbot Labs 4 - AS102094808 0.3%4808.0 -- SYNOPSYS-AS-JP-AP Japan HUB and Data Center 5 - AS496483507 0.2%3507.0 -- SVTEL-AS SvyazTelecom LTD 6 - AS174083191 0.2%3191.0 -- ABOVE-AS-AP AboveNet Communications Taiwan 7 - AS17639 12159 0.8%2026.5 -- COMCLARK-AS ComClark Network Technology Corp. 8 - AS263411904 0.1%1904.0 -- OSI-ASP - Open Solutions Inc. 9 - AS42116 102673 6.3%1711.2 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 10 - AS607220608 1.3%1472.0 -- UNISYS-6072 For routing issues, email hostmas...@unisys.com 11 - AS652731329 0.1%1329.0 -- -Private Use AS- 12 - AS457231031 0.1%1031.0 -- OMADATA-AS-ID Omadata Indonesia, PT 13 - AS53362 852 0.1% 852.0 -- MIXIT-AS - Mixit, Inc. 14 - AS344803348 0.2% 837.0 -- GSC-AS GrandService PP. 15 - AS3 720 0.0%1587.0 -- BANKPERSHIY-AS PJSC Bank Pershyi 16 - AS56915 702 0.0% 702.0 -- ASELITTELECOM Elit Telecom Ltd. 17 - AS52849 584 0.0% 584.0 -- 18 - AS21271 557 0.0% 557.0 -- SOTELMABGP 19 - AS6719 535 0.0% 535.0 -- KNOPP-AS Limited Liability Company KNOPP 20 - AS104451966 0.1% 491.5 -- HTG - Huntleigh Telcom TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 84.204.132.0/24 20374 1.2% AS20632 -- PETERSTAR-AS PeterStar 2 - 67.97.156.0/2412795 0.7% AS19223 -- NTEGRATED-SOLUTIONS - Ntegrated Solutions 3 - 130.36.34.0/2412015 0.7% AS32528 -- ABBOTT Abbot Labs 4 - 130.36.35.0/2412015 0.7% AS32528 -- ABBOTT Abbot Labs 5 - 122.161.0.0/16 7240 0.4% AS24560 -- AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 6 - 202.92.235.0/246706 0.4% AS9498 -- BBIL-AP BHARTI Airtel Ltd. 7 - 202.56.215.0/246597 0.4% AS24560 -- AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 8 - 111.125.126.0/24 6489 0.4% AS17639 -- COMCLARK-AS ComClark Network Technology Corp. 9 - 95.78.4.0/22 6342 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 10 - 46.147.88.0/22 6341 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 11 - 46.147.120.0/226333 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 12 - 95.78.96.0/22 6325 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 13 - 95.78.88.0/22 6323 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 14 - 46.147.124.0/226321 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 15 - 46.147.108.0/226319 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 16 - 95.78.116.0/22 6314 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 17 - 95.78.84.0/22 6311 0.4% AS42116 -- ERTH-NCHLN-AS CJSC ER-Telecom
The Cidr Report
This report has been generated at Fri Jan 13 21:12:24 2012 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date PrefixesCIDR Agg 06-01-12391121 227929 07-01-12390649 228024 08-01-12391004 228100 09-01-12390964 228214 10-01-12391281 228081 11-01-12391432 228387 12-01-12391955 228706 13-01-12392583 228745 AS Summary 39939 Number of ASes in routing system 16759 Number of ASes announcing only one prefix 3454 Largest number of prefixes announced by an AS AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc. 109424128 Largest address span announced by an AS (/32s) AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 13Jan12 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 392867 228759 16410841.8% All ASes AS6389 3454 209 324593.9% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS7029 3204 1488 171653.6% WINDSTREAM - Windstream Communications Inc AS18566 2093 413 168080.3% COVAD - Covad Communications Co. AS4766 2477 994 148359.9% KIXS-AS-KR Korea Telecom AS22773 1517 117 140092.3% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc. AS4755 1512 196 131687.0% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP AS4323 1605 384 122176.1% TWTC - tw telecom holdings, inc. AS28573 1579 398 118174.8% NET Servicos de Comunicao S.A. AS1785 1867 783 108458.1% AS-PAETEC-NET - PaeTec Communications, Inc. AS7552 1425 391 103472.6% VIETEL-AS-AP Vietel Corporation AS19262 1388 402 98671.0% VZGNI-TRANSIT - Verizon Online LLC AS10620 1738 759 97956.3% Telmex Colombia S.A. AS7303 1256 368 88870.7% Telecom Argentina S.A. AS8402 1600 741 85953.7% CORBINA-AS OJSC Vimpelcom AS2118 927 77 85091.7% RELCOM-AS OOO NPO Relcom AS8151 1464 662 80254.8% Uninet S.A. de C.V. AS18101 946 155 79183.6% RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI AS30036 1489 704 78552.7% MEDIACOM-ENTERPRISE-BUSINESS - Mediacom Communications Corp AS4808 1103 345 75868.7% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS15557 1096 368 72866.4% LDCOMNET Societe Francaise du Radiotelephone S.A AS24560 1010 290 72071.3% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services AS7545 1597 923 67442.2% TPG-INTERNET-AP TPG Internet Pty Ltd AS3356 1105 459 64658.5% LEVEL3 Level 3 Communications AS17676 677 74 60389.1% GIGAINFRA Softbank BB Corp. AS17974 1716 1132 58434.0% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia AS4804 661 95 56685.6% MPX-AS Microplex PTY LTD AS9498 867 302 56565.2% BBIL-AP BHARTI Airtel Ltd. AS4780 785 227 55871.1% SEEDNET Digital United Inc. AS20115 1618 1061 55734.4% CHARTER-NET-HKY-NC - Charter Communications AS3549 977 424 55356.6% GBLX Global Crossing Ltd. Total 44753149412981266.6% Top 30 total Possible Bogus Routes
Re: IP Management Software
Infoblox is pretty nice but not a stand-alone IPAM solution. It's bundled DNS, DHCP, and IPAM. 6Connect definitely has a nice IPAM solution, right now more tailored for service providers but it's linked to the regional registries and helps you do requests for address space, etc. I think they're working on an enterprise-based version as well. -b On Jan 13, 2012, at 2:50 PM, Josh Baird wrote: We use Men Mice, but it is a commercial product. Solarwinds andInfoblox also have commercial offerings that are worth looking at. Ifyou looking at an IPAM platform with emphasis on IPv6, check outwww.6connect.com. They offer a free product that is prettycomprehensive. Josh On Fri, Jan 13, 2012 at 4:24 PM, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi, Would you please tell me what is the advantages of noc-project? It takes hours to install it and it looks like a software with lots of bugs? I have it now but many problems in their scripts, Isn't it? Thanks On Fri, Dec 16, 2011 at 7:46 PM, Payam Poursaied m...@payam124.com wrote: Try noc project On Friday, December 16, 2011, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi everybody, Can anybody share his/her experience with IP Management software's? Which I can use it managing near 100K IP Address? IPPlan is not good enough, I think its -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: IP Management Software
In that case, there aren't too many options. I have used IPPLAN in the past, and I have found it difficult to use and manage. Most of the other open source IPAM packages are now vaporware. Josh On Fri, Jan 13, 2012 at 4:51 PM, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: I am looking for an open source one, nocproject.org is good but it need lots of patches to be normal, I think they are not developing it too much because its internal project for them. On Sat, Jan 14, 2012 at 1:20 AM, Josh Baird joshba...@gmail.com wrote: We use Men Mice, but it is a commercial product. Solarwinds andInfoblox also have commercial offerings that are worth looking at. Ifyou looking at an IPAM platform with emphasis on IPv6, check outwww.6connect.com. They offer a free product that is prettycomprehensive. Josh On Fri, Jan 13, 2012 at 4:24 PM, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi, Would you please tell me what is the advantages of noc-project? It takes hours to install it and it looks like a software with lots of bugs? I have it now but many problems in their scripts, Isn't it? Thanks On Fri, Dec 16, 2011 at 7:46 PM, Payam Poursaied m...@payam124.com wrote: Try noc project On Friday, December 16, 2011, Shahab Vahabzadeh sh.vahabza...@gmail.com wrote: Hi everybody, Can anybody share his/her experience with IP Management software's? Which I can use it managing near 100K IP Address? IPPlan is not good enough, I think its -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90 -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: IP Management Software
Josh Baird (joshbaird) writes: In that case, there aren't too many options. I have used IPPLAN in the past, and I have found it difficult to use and manage. Most of the other open source IPAM packages are now vaporware. Like, TIPP or Netdot ? http://tipp.tobez.org/ http://netdot.uoregon.edu/
Re: IP Management Software
On 13/01/2012 22:31, Phil Regnauld wrote: Like, TIPP or Netdot ? http://tipp.tobez.org/ http://netdot.uoregon.edu/ Unfortunately, netdot is a complete curse to install. It's not necessarily a bad idea to use the preinstalled VM image, although I don't know how they intend to deal with upgrade. Once it's up and running, it actually works quite well. Certainly a lot better than nocproject (which looks like it could be awesome in lots of other ways, if only I could figure out how on earth to use it...). I built myself a freebsd Port for netdot 0.99, which I really ought to do something about like getting it put into the ports tree. The dependency list is pretty astounding, but it does work. When some copious free time appears (any day now), I'll get around do doing something with it.. Nick
Re: IP Management Software
On Fri, Jan 13, 2012 at 17:18, Brett Watson br...@the-watsons.org wrote: 6Connect definitely has a nice IPAM solution, right now more tailored for service providers but it's linked to the regional registries and helps you do requests for address space, etc. I think they're working on an enterprise-based version as well. I'd love 6connect if they supported VRF in some fashion. The only decent tool (in the foss/inexpensive corner of the market) I've found so far which supports multiple overlapping address space for VRF management (and enforcing uniqueness within VRF) is nocproject which has it's own set of quirks/problems. I can kind of fake it in 6connect with tags and adding duplicate blocks, but then I'm doing a lot of legwork on the human side to make sure the blocks are actually unique within VRF.
Verizon FIOS MTU issues in Southern California
Can anyone from the Verizon FiOS NOC contact me off-list. We believe we've identified a network issue in the Southern California FiOS network impacting your residential subscribers. Brent Bowers Director, CB/Network/Transport Engineering CCIE #13530 Cox Communications, Inc.
[NANOG-announce] NANOG 54 Agenda and Reminders
Colleagues: A short NANOG 54 reminder and update. NANOG 54 will be held in San Diego, CA February 5 - 8, 2012. NANOG 54 will begin with tutorials starting early Sunday afternoon, February 5. The meeting will adjourn approximately 12 noon on Wednesday, February 8. Thank you to our NANOG 54 Speakers and to the NANOG Program Committee. Attendees are sure to enjoy another fantastic program! The posted agenda continues to be updated, however, the largest part of the NANOG 54 program is now posted. Do not delay, register for NANOG 54 now as the registration rate will increase on Monday, January 30, 2012. http://www.nanog.org/meetings/nanog54/agenda.html http://www.nanog.org/meetings/nanog54/nanog54_registration.html Please note the Westin Gaslamp Hotel Group Rate Expires on Friday, January 20, 2012. Make your reservation as soon as possible. http://www.nanog.org/meetings/nanog54/hotel.php In addition to a wonderful program, attendees will be treated to our famous Sponsor Socials. NANOG 54 Attendees will have ample social networking opportunities during each day and through out the evening. After 16 years, NANOG is pleased to return to San Diego. There are a number of local activities and attractions for all to take advantage of. Make your travel plans, become a NANOG member, register for NANOG 54 and become be a part of the NANOG experience. Should you have any questions or concerns regarding your reservation, the hotel, or NANOG 54 in general, please be sure to send a note to nanog-supp...@nanog.org or phone us at +1 510 492 4030. Betty -- Betty Burke NewNOG/NANOG Executive Director Office (810) 214-1218 NANOG Office (510) 492-4030 ___ NANOG-announce mailing list nanog-annou...@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: ANNOUNCE: bgptables.merit.edu - understanding visibility of your prefix/AS
Hello Manish Nice work on bgptables.merit.edu Couple of things: 1. It doesn't recognizes individual IP directly but needs complete block in CIDR to get info about it like e.g search for 8.8.8.8 gives nothing but 8.8.8.0/24 gives information about Google. It would be worth it to have it looking at block to which an IP belongs to. 2. You might consider adding graphs on AS connections - those are best for easy quick reading. Something like for Google (AS15169) - http://bgp.he.net/AS15169#_graph4 Nice work, keep it going! On Sat, Jan 14, 2012 at 1:49 AM, Manish Karir mka...@merit.edu wrote: All, We would like to announce the availability of the bgpTables Project at Merit at: http://bgptables.merit.edu bgpTables allows users to easily navigate global routing table data collected via routviews.org. bgptables essentially processes the data collected at routeviews and makes is available in a somewhat easier to use interface. The goal of bgpTables is to represent global prefix and AS visibility information from the vantage point of the various bgp table views as seen at routeviews. The data is currently updated nightly (EST) but we hope to improve this over time. Please see the FAQ (http://bgptables.merit.edu/faq.php) for some simple examples of how you can use bgpTables. Some examples: - You can query for a specific ASN by entering the text 'as' followed by the AS number into the search box. For example to query for information about AS 237 you would enter 'as237' [without quotation marks] into the search box and then click 'search'. You can then use the view navigator map to switch to different routing table views for this ASN - You can query for a specific prefix by directly entering the prefix into the search box. For example to query for information about prefix 12.0.0.0/8 you would simply enter '12.0.0.0/8' [without quotation marks] into the search box and then click 'search'. You can then use the view navigator map to switch to different routing table views for the prefix. - You can find a particular prefix that you might be interested in by running a 'contained within' query via the search box. For example to quickly browse a list of prefixes contained within 1.0.0.0/8 to find the particular prefix you might be interested in, you can enter the text 'cw1.0.0.0/8' [without quotation marks] into the search box and click 'search'. You can then browse the resulting table to select the particular prefix you might be interested in. - You can simply enter the text 'as' followed by the company name into the search box then click search to view a list of possible matches for that text. For example, to view all matching google ASNs you can simply enter 'asgoogle' into the search box and click search. A list of possible matching ASNs that reference Google by name will be returned from which you an then select the particular ASN that is of interest to you. Comments, corrections, and suggestions are very welcome. Please send them to mka...@merit.edu. Hopefully folks will find this useful. Thanks. -The Merit Network Research and Development Team -- Anurag Bhatia anuragbhatia.com or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected network! Twitter: @anurag_bhatia https://twitter.com/#!/anurag_bhatia