Re: Point to Point Ethernet request
Got 10 GbE service from a data center in Santa Clara to a campus in San Mateo California from Comcast. Been pretty solid. Only blips have been anounced maintenance. When I have contacted support, I really can't complain. It's L2. I see my BPDUs and LLDPDUs come through. So, yeah, it exists. Related, maybe: Has anyone actually seen Comcast's ethernet service? This is advertised as a symmetrical, high-speed (100mb+?) business service not consumer stuff. I called several times out of curiosity. Using the phone number for this service on their website got me switched around several times by people who seemed to barely know what I was talking about. One wanted to engage me in a debate about why asymmetrical 20/7 (whatever it was) isn't good enough I assume because that's all she was involved with so I muttered something about routing net blocks etc so she gave up and switched me again. Fine. Then I'd finally get someone who seemed reasonable, seemed to know what I was asking about, took down my call back info and promised someone would get back to me within one business day. Never got a callback. Tried this a few times, same result. So, does it exist? I suppose if sales won't call you back you have to wonder what support would be like. P.S. Their website for this service invites you to enter your address to see if it's available and assures me it is, that's where you get the phone number to call sales. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Point to Point Ethernet request
Buzz me offline and I'll connect you to them. I used to work there. Cheers, Joshua Sent from my iPad On Oct 23, 2013, at 11:13 PM, Crist Clark cjc+na...@pumpky.net wrote: Got 10 GbE service from a data center in Santa Clara to a campus in San Mateo California from Comcast. Been pretty solid. Only blips have been anounced maintenance. When I have contacted support, I really can't complain. It's L2. I see my BPDUs and LLDPDUs come through. So, yeah, it exists. Related, maybe: Has anyone actually seen Comcast's ethernet service? This is advertised as a symmetrical, high-speed (100mb+?) business service not consumer stuff. I called several times out of curiosity. Using the phone number for this service on their website got me switched around several times by people who seemed to barely know what I was talking about. One wanted to engage me in a debate about why asymmetrical 20/7 (whatever it was) isn't good enough I assume because that's all she was involved with so I muttered something about routing net blocks etc so she gave up and switched me again. Fine. Then I'd finally get someone who seemed reasonable, seemed to know what I was asking about, took down my call back info and promised someone would get back to me within one business day. Never got a callback. Tried this a few times, same result. So, does it exist? I suppose if sales won't call you back you have to wonder what support would be like. P.S. Their website for this service invites you to enter your address to see if it's available and assures me it is, that's where you get the phone number to call sales. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Point to Point Ethernet request
Do they offer an SLA on that? I've got a couple of broadcast sites that could use a 21st century studio to transmitter link... Bandwidth wouldn't be that spicy (just FM stereo here) but reliability is a must!! An att t1 is even starting to drive us nuts by having seconds long dropouts in the afternoons. Tom Morris, Operations Manager, WDNA-FM This message sent from a mobile device. Silly typos provided free of charge. On Oct 24, 2013 2:14 AM, Crist Clark cjc+na...@pumpky.net wrote: Got 10 GbE service from a data center in Santa Clara to a campus in San Mateo California from Comcast. Been pretty solid. Only blips have been anounced maintenance. When I have contacted support, I really can't complain. It's L2. I see my BPDUs and LLDPDUs come through. So, yeah, it exists. Related, maybe: Has anyone actually seen Comcast's ethernet service? This is advertised as a symmetrical, high-speed (100mb+?) business service not consumer stuff. I called several times out of curiosity. Using the phone number for this service on their website got me switched around several times by people who seemed to barely know what I was talking about. One wanted to engage me in a debate about why asymmetrical 20/7 (whatever it was) isn't good enough I assume because that's all she was involved with so I muttered something about routing net blocks etc so she gave up and switched me again. Fine. Then I'd finally get someone who seemed reasonable, seemed to know what I was asking about, took down my call back info and promised someone would get back to me within one business day. Never got a callback. Tried this a few times, same result. So, does it exist? I suppose if sales won't call you back you have to wonder what support would be like. P.S. Their website for this service invites you to enter your address to see if it's available and assures me it is, that's where you get the phone number to call sales. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: BGP failure analysis and recommendations
On Wed, 23 Oct 2013, Christopher Morrow wrote: On Wed, Oct 23, 2013 at 10:40 PM, JRC NOC nospam-na...@jensenresearch.com wrote: Have we/they lost something important in the changeover to converged mutiprotocol networks? Is there a better way for us edge networks to achieve IP resiliency in the current environment? sadly I bet not, aside from active probing and disabling paths that are non-functional. Um, how about, don't buy services from network providers that fail in this way? Since we're not naming names, I won't, but in the past there's been at least one provider that used multi-hop eBGP at their edges because they didn't want to invest in edge gear that could handle a full BGP table. My concern with their network (beyond many other concerns) was that when that router in the middle had a soft failure, how would BGP know to route around it? Answer: it wouldn't, you'd black hole. On the opposite side of the spectrum, there was at least one provider that used custom software to actively probe their upstream providers and route around poor performance. At one time, there was also software, hardware and services that you could install/run on your own network to try to detect these things as well, however I'm not sure how many of them are still on the market. The bottom line, however, is don't buy services from companies that do a poor job of running their network unless you can accept these kinds of failures. -- Brandon Ross Yahoo AIM: BrandonNRoss +1-404-635-6667ICQ: 2269442 Schedule a meeting: https://doodle.com/brossSkype: brandonross
Re: 80 Gbps ?
On Oct 23, 2013, at 9:00 PM, jstuxuhu0816 jstuxuhu0...@gmail.com wrote: Basically, what you can do for the ISP network to pretect the DDOS attacks: https://app.box.com/s/4h2l6f4m8is6jnwk28cg --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Luck is the residue of opportunity and design. -- John Milton
Re: Fundamental questions of backbone design
Hi Valdis Checkout routing table at NIXI and you will get idea what I am referring to w.r.t. prepended routes. http://www.nixi.in/lookingglass.php Thanks! On Sat, Oct 19, 2013 at 3:16 AM, valdis.kletni...@vt.edu wrote: On Fri, 18 Oct 2013 23:33:16 +0530, Anurag Bhatia said: localpref to customer routes then peering and finally transit. Does this works well or you see issues with people who have 10+ prepends on some peering routes calling you to not send traffic via those circuits? OK. I admit being perplexed. Under what conditions will somebody have that many prepends and you *still* end up routing via that path if you have another path available? I guess if they were silly and prepended themselves 10 times and then announced the result to the upstreams of *both* paths you have available... -- Anurag Bhatia anuragbhatia.com Linkedin http://in.linkedin.com/in/anuragbhatia21 | Twitterhttps://twitter.com/anurag_bhatia Skype: anuragbhatia.com
Re: Fundamental questions of backbone design
Hi Matthew
Very cool!
That is exactly I was looking for. I was uncomfortable in using 10+ prepend
routes while ofcourse interested in tweaking localpref as everyone done
based on peers their status (transit/downstream/peering) etc.
Thanks.
On Sun, Oct 20, 2013 at 1:13 AM, Matthew Petach mpet...@netflight.comwrote:
On Fri, Oct 18, 2013 at 2:46 PM, valdis.kletni...@vt.edu wrote:
On Fri, 18 Oct 2013 23:33:16 +0530, Anurag Bhatia said:
localpref to customer routes then peering and finally transit. Does
this
works well or you see issues with people who have 10+ prepends on
some
peering routes calling you to not send traffic via those circuits?
OK. I admit being perplexed. Under what conditions will somebody have
that
many prepends and you *still* end up routing via that path if you have
another path available?
I guess if they were silly and prepended themselves 10 times and then
announced the result to the upstreams of *both* paths you have
available...
Uh...this actually happens a fair amount, to the
point that I have a standard less-than-X-AS-PATH
restriction in my localpref adjustments to explicitly
prevent it.
Think about it; if network A prepends 10x to network B,
and not at all to network C; but network B is a free peer
of mine, and network C is a transit network I pay money
to; following the typical convention of routes learned
from network B get localpref'd to 5000, routes learned
from transit are localpref'd at 1000, you'd end up
pushing the traffic along the 10x prepended pathway.
If you're a network with low splay, it's less likely, as
the more intervening networks there are in the mix,
the less likely the long path is to propagate to you;
but if you're a high-splay network, there's a really
good chance you're going to see both the long path
and the short path across different categories of
links, with different localpref assignments.
A good approach to preventing that is to look
at a histogram of AS-PATH lengths in your
network, and establish a cutoff point, generally
around your 95th percentile; path lenths less
than that are real paths, above that are
backup, non-preferred paths, and then
use that cutoff in your policy arsenal:
replace:
as-path 1-OR-LESS .{0,1};
replace:
as-path 2-OR-LESS .{0,2};
replace:
as-path 3-OR-LESS .{0,3};
replace:
as-path 4-OR-LESS .{0,4};
replace:
as-path 5-OR-LESS .{0,5};
replace:
as-path 6-OR-LESS .{0,6};
replace:
as-path 7-OR-LESS .{0,7};
replace:
as-path 8-OR-LESS .{0,8};
replace:
as-path 200-OR-MORE .{200,};
replace:
policy-statement SET-FREE-PEER {
term AS-DEPTH-5-OR-LESS {
from as-path 5-OR-LESS;
then {
community add C-Y-FREE-PEER;
local-preference 2600;
accept;
}
}
term AS-DEPTH-LONGER-THAN-5 {
then {
community add C-Y-FREE-PEER;
local-preference 100;
accept;
}
}
/* we will never get here, but put for readability/futureproofing */
then reject;
}
(pre-defining a range of potential AS-PATH lengths
in your policy description tree makes it easier to
adjust up or down, as your splay factor increases
or decreases over time.)
And no, you can't quite paste this exactly into your
router directly, but it should give you an idea of
how you might control the impact long AS-PATHs
have on your routing tables.
Matt
--
Anurag Bhatia
anuragbhatia.com
Linkedin http://in.linkedin.com/in/anuragbhatia21 |
Twitterhttps://twitter.com/anurag_bhatia
Skype: anuragbhatia.com
RE: BGP failure analysis and recommendations
We had a similar issue happen and modified our BGP peering to use one BGP session per provider, as we had multiple neighbours for one of our peers. It seems to have resolved this particular issue for us. I would love to hear how others are actively probing their peers networks using an NMS to verify connectivity. Sam Roche - Supervisor of Network Operations - Lakeland Networks sro...@lakelandnetworks.com| Office: 705-640-0086 | Cell: 705-706-2606| www.lakelandnetworks.com IT SOLUTIONS for BUSINESS Fiber Optics, Wireless, DSL Network Provider; I.T. Support; Telephony Hardware and Cabling; SIP Trunks, VoIP; Server Hosting; Disaster Recovery Systems The information contained in this message is directed in confidence solely to the person(s) named above and may not be otherwise distributed, copied or disclosed. The message may contain information that is privileged, proprietary and/or confidential and exempt from disclosure under applicable law. If you have received this message in error, please notify the sender immediately advising of the error and delete the message without making a copy. -Original Message- From: Christopher Morrow [mailto:morrowc.li...@gmail.com] Sent: October-23-13 11:06 PM To: JRC NOC Cc: nanog list Subject: Re: BGP failure analysis and recommendations On Wed, Oct 23, 2013 at 10:40 PM, JRC NOC nospam-na...@jensenresearch.com wrote: Is this just an unavoidable issue with scaling large networks? nope... sounds like (to me at least) the forwarding plane and control plane are non-congruent in your provider's network :( so as you said, if the forwarding-plane is dorked up between you and 'the rest of their netowrk', but the edge device you are connected to thinks next-hops for routes are still valid... oops :( Is it perhaps a known side effect of MPLS? nope. Have we/they lost something important in the changeover to converged mutiprotocol networks? Is there a better way for us edge networks to achieve IP resiliency in the current environment? sadly I bet not, aside from active probing and disabling paths that are non-functional.
Re: BGP failure analysis and recommendations
On Thu, Oct 24, 2013 at 3:07 AM, Brandon Ross br...@pobox.com wrote: On Wed, 23 Oct 2013, Christopher Morrow wrote: On Wed, Oct 23, 2013 at 10:40 PM, JRC NOC nospam-na...@jensenresearch.com wrote: Have we/they lost something important in the changeover to converged mutiprotocol networks? Is there a better way for us edge networks to achieve IP resiliency in the current environment? sadly I bet not, aside from active probing and disabling paths that are non-functional. Um, how about, don't buy services from network providers that fail in this way? I suppose the question is: how would you know that any particular network had this failure mode? until, of course, you run into it... as jrc did...
RE: Point to Point Ethernet request
Hi Tom, Yes Comcast has SLA for their Enterprise Services, see page 5 (Schedule A-2) of http://business.comcast.com/docs/ent-terms-and-conditions/Product-Specific-A ttachment-Ethernet-Dedicated-Internet-120412-PUBLISHED-v3.pdf?sfvrsn=0 Tony Patti CIO S. Walter Packaging Corp. -Original Message- From: Tom Morris [mailto:bluen...@gmail.com] Sent: Thursday, October 24, 2013 2:38 AM To: NANOG list Subject: Re: Point to Point Ethernet request Do they offer an SLA on that? I've got a couple of broadcast sites that could use a 21st century studio to transmitter link... Bandwidth wouldn't be that spicy (just FM stereo here) but reliability is a must!! An att t1 is even starting to drive us nuts by having seconds long dropouts in the afternoons. Tom Morris, Operations Manager, WDNA-FM This message sent from a mobile device. Silly typos provided free of charge. On Oct 24, 2013 2:14 AM, Crist Clark cjc+na...@pumpky.net wrote: Got 10 GbE service from a data center in Santa Clara to a campus in San Mateo California from Comcast. Been pretty solid. Only blips have been anounced maintenance. When I have contacted support, I really can't complain. It's L2. I see my BPDUs and LLDPDUs come through. So, yeah, it exists. Related, maybe: Has anyone actually seen Comcast's ethernet service? This is advertised as a symmetrical, high-speed (100mb+?) business service not consumer stuff. I called several times out of curiosity. Using the phone number for this service on their website got me switched around several times by people who seemed to barely know what I was talking about. One wanted to engage me in a debate about why asymmetrical 20/7 (whatever it was) isn't good enough I assume because that's all she was involved with so I muttered something about routing net blocks etc so she gave up and switched me again. Fine. Then I'd finally get someone who seemed reasonable, seemed to know what I was asking about, took down my call back info and promised someone would get back to me within one business day. Never got a callback. Tried this a few times, same result. So, does it exist? I suppose if sales won't call you back you have to wonder what support would be like. P.S. Their website for this service invites you to enter your address to see if it's available and assures me it is, that's where you get the phone number to call sales. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: BGP failure analysis and recommendations
On Thu, 24 Oct 2013, Christopher Morrow wrote: Um, how about, don't buy services from network providers that fail in this way? I suppose the question is: how would you know that any particular network had this failure mode? Ask detailed questions about how their network is architected. Do they use eBGP multihop anywhere? Do they use BFD on internal Ethernet links? Do they put their peering links in their IGP, or directly into iBGP? until, of course, you run into it... as jrc did... That too. -- Brandon Ross Yahoo AIM: BrandonNRoss +1-404-635-6667ICQ: 2269442 Schedule a meeting: https://doodle.com/brossSkype: brandonross
Looking for Juniper P-1GE-SFP-QPP in NYC area
We had a P-1GE-SFP-QPP card go out today, looking for a source in the NYC area to get it replaced ASAP. Thanks!
Network configuration archiving
Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Some might say it took ages to get rancid to do kinda what we want!, but not all software ages well. One might work in environments where archived configurations are needed to even start provisioning, one might desire a separation between actual config and transcient data. As I am evaluating our path forward, I've compiled a small list of open source projects with some biased highlights. Your feedback is most welcome, maybe I missed some interesting projects or developments. I would also be very interested in what other operators seek in a network config/state archive tool. RANCID - http://www.shrubbery.net/rancid/ * Support for a wild variery of devices and operating systems * complex perl code base [1] * no central developer team, the internet is littered with forks Oxidized - https://github.com/ytti/oxidized * modern sexy approach with queue workers * RESTful API (example: can bump devices to the head of the queue) * small user developer base * written in that ruby language Gerty - https://github.com/ssinyagin/gerty * Seems easier to extend than RANCID * perl... * small user developer base punc - https://code.google.com/p/punc/ * written in python, based on notch [2] * no recent developments (although 2011 was a good wine year) [1] - http://honestnetworker.wordpress.com/2013/06/28/adding-new-device-support-to-rancid/ [2] - https://code.google.com/p/notch/ Kind regards, Job pgplUagqiC3lH.pgp Description: PGP signature
EFF needs your help to stop patent trolls
Hi network operators, Apologies for a non-technical post, but I believe this is an issue of relevance to the NANOG community. EFF is collecting signatures from prominent engineers and technologists for a letter to the US Congress calling for reform of the software patent system to protect inventors and inventive companies against patent trolls, who use patents for extortionate purposes without ever shipping any products. We're doing this now because there is a window of political opportunity to actually get this problem fixed in the next few months. Draft text of the letter is below. If you broadly agree and would like to sign on, please send me a private reply with: - Your name; - A 1-3 line bio that summarizes your main career achievements, which might be a current or past affiliation, RFCs you wrote, networks you built, companies you founded, etc; - Whether you hold US patents; if so, how many you hold, and (if you know them) the patent numbers = Dear Senators and Congressmen, We, the undersigned, are a group of inventors, technologists and entrepreneurs. Many of us have founded technology businesses; we have invented many of the protocols, systems and devices that make the Internet work, and we are collectively listed as the inventors on [n thousand] patents. We write to you today about the U.S. patent system. That system is broken. Based on our experiences building and deploying new digital technologies, we believe that software patents are doing more harm than good. Perhaps it is time to reexamine the idea, dating from the 1980s, that government-issued monopolies on algorithms, protocols and data structures are the best way to promote the advancement of computer science. But that will be a hard task, and one we don't expect to happen quickly. Unfortunately, aspects of the problem have become so acute they must be addressed immediately. Broad, vague patents covering software-type inventions--some of which we ourselves are listed as inventors on--are a malfunctioning component of America's inventive machinery. This is particularly the case when those patents end up in the hands of non-practicing patent trolls. These non-practicing entities do not make or sell anything. Their exploitation of patents as a tool for extortion is undermining America’s technological progress; patent trolls are collecting taxes on innovation by extracting billions of dollars in dubious licensing fees, and wasting the time and management resources of creative businesses. Many of us would have achieved much less in our careers if the trolling problem had been as dire in past decades as it is now. Some legislative proposals under current consideration would fix the trolling problem. These include: - Requiring that patent lawsuits actually explain which patents are infringed by which aspects of a defendant's technology, and how; - Making clear who really owns the patent at issue; - Allowing courts to shift fees to winning parties, making it rational for those threatened with an egregious patent suit to actually fight against the threat rather than paying what amounts to protection money; - Ensuring that those who purchase common, off-the-shelf technologies are shielded if they are sued for using them; and - Increasing opportunities for streamlined patent review at the patent office. While subduing the trolling threat, these proposed changes will not fix the software patent problem. Congress should consider ways to stop software patents from interfering with open standards and open source software; from being claimed on problems, rather than solutions; and from being drafted so obscurely that they teach us nothing and cannot be searched. Congress needs to examine the very question of whether their net impact is positive. But for now, we urge you to implement simple and urgently necessary reforms. We believe in the promise of technology and the power of creation to increase access to information, to create jobs, and to make the world a better place. Please do not let patent trolls continue to frustrate that purpose. -- Peter Eckersleyp...@eff.org Technology Projects Director Tel +1 415 436 9333 x131 Electronic Frontier FoundationFax +1 415 436 9993
Re: BGP failure analysis and recommendations
On Oct 24, 2013, at 2:13 AM, nanog-requ...@nanog.org wrote: Message: 7 Date: Wed, 23 Oct 2013 22:40:34 -0400 From: JRC NOC nospam-na...@jensenresearch.com To: nanog@nanog.org Subject: BGP failure analysis and recommendations Message-ID: 5.1.0.14.0.20131023214304.0396e...@authsmtp.jensenresearch.com Content-Type: text/plain; charset=us-ascii; format=flowed Hello Nanog - On Saturday, October 19th at about 13:00 UTC we experienced an IP failure at one of our sites in the New York area. It was apparently a widespread outage on the East coast, but I haven't seen it discussed here. We are multihomed, using EBGP to three (diverse) upstream providers. One provider experienced a hardware failure in a core component at one POP. Regrettably, during the outage our BGP session remained active and we continued receiving full routes from the affected AS. And our prefixes continued to be advertised at their border. However basically none of the traffic between those prefixes over that provider was delivered. The bogus routes stayed up for hours. We shutdown the BGP peering session when the nature of the problem became clear. This was effective. I believe that all customer BGP routes were similarly affected, including those belonging to some large regional networks and corporations. I have raised the questions below with the provider but haven't received any information or advice. Did you provider provide an official written RFO yet? Courtney Smith courtneysm...@comcast.net () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
RE: Cogent 100M DIA in Denver
I'm in the middle of converting IPV4 to dualstack with Cogent. I was told that they don't have IPV6 in the edge in Tampa yet, so they are VLANing us to a core device to give us v6. So by dualstack, they must mean dualstack only from an OSI Layer 1 approach. Heartburn city. Robert, do you have any advice from working with their ipv6 stuff, yet? Eric Miller, CCNP Network Engineering Consultant (407) 257-5115 -Original Message- From: Robert Glover [mailto:robe...@garlic.com] Sent: Monday, October 14, 2013 4:36 PM To: trit...@cox.net Cc: NANOG Subject: Re: Cogent 100M DIA in Denver We've had them since May 2008. Recently upgraded from 100Mb to 250Mb. Had minor issues here and there (no outages to speak of). I've had some IPv6 issues since moving the link to dual-stack a few months back, but we are not deploying IPv6 to end-users yet, so I'll let them slide on that. On 10/14/2013 12:57 PM, Tri Tran wrote: They're lit in the bulding and have a much faster installation interval. How reliable are they? Tri Tran
Re: Network configuration archiving
On 10/24/13 17:25 , Job Snijders wrote: Some might say it took ages to get rancid to do kinda what we want!, but not all software ages well. One might work in environments where archived configurations are needed to even start provisioning, one might desire a separation between actual config and transcient data. Rancid certainly has its warts, but other than needing to test, pull hair, and patch things for new OS/platform deployments, it still generally Just Works once you have it installed, IME... and references like http://www.shrubbery.net/rancid/SteveSmithFedora15.pdf that are a bit dated still work well as a guide for deployment on more recent server OSes. As I am evaluating our path forward, I've compiled a small list of open source projects with some biased highlights. Your feedback is most welcome, maybe I missed some interesting projects or developments. I would also be very interested in what other operators seek in a network config/state archive tool. I can't claim any knowledge of its actual functionality, but I've also heard of NOC Project - http://nocproject.org/ From the docs, it seems like it's trying to be more of an all-in-one do-everything package than just an archiving tool, but it could be worth investigating. It claims support for a wide array of kit, and seems to have a non-trivial user base. I'm sure I'm not the only one who'd be interested to hear if your evaluation determines that there is a R,RAN*ID out there that we've been overlooking. -e
Re: Network configuration archiving
Rancid is known to crash cisco devices doing config backups. I've seen it on 7200/7500 routers multiple times Tammy Sent from my iPhone On Oct 24, 2013, at 21:05, Erik Muller er...@buh.org wrote: On 10/24/13 17:25 , Job Snijders wrote: Some might say it took ages to get rancid to do kinda what we want!, but not all software ages well. One might work in environments where archived configurations are needed to even start provisioning, one might desire a separation between actual config and transcient data. Rancid certainly has its warts, but other than needing to test, pull hair, and patch things for new OS/platform deployments, it still generally Just Works once you have it installed, IME... and references like http://www.shrubbery.net/rancid/SteveSmithFedora15.pdf that are a bit dated still work well as a guide for deployment on more recent server OSes. As I am evaluating our path forward, I've compiled a small list of open source projects with some biased highlights. Your feedback is most welcome, maybe I missed some interesting projects or developments. I would also be very interested in what other operators seek in a network config/state archive tool. I can't claim any knowledge of its actual functionality, but I've also heard of NOC Project - http://nocproject.org/ From the docs, it seems like it's trying to be more of an all-in-one do-everything package than just an archiving tool, but it could be worth investigating. It claims support for a wide array of kit, and seems to have a non-trivial user base. I'm sure I'm not the only one who'd be interested to hear if your evaluation determines that there is a R,RAN*ID out there that we've been overlooking. -e
Re: BGP failure analysis and recommendations
--- courtneysm...@comcast.net wrote: From: Courtney Smith courtneysm...@comcast.net From: JRC NOC nospam-na...@jensenresearch.com Regrettably, during the outage our BGP session remained active and we continued receiving full routes from the affected AS. And our prefixes continued to be advertised at their border. However basically none of the Did you provider provide an official written RFO yet? When deciding to keep or change providers after a major mistake like this is do they send out an honest description of the mistake and what has been done to stop it from happening again in the future. Corporatespeak reports are grounds for dismissal!;-) scott
Re: Network configuration archiving
On 25/10/2013 11:19, Tammy Firefly wrote: Rancid is known to crash cisco devices doing config backups. I've seen it on 7200/7500 routers multiple times this isn't a rancid problem though. Nick
Re: Network configuration archiving
On Thu, Oct 24, 2013 at 10:19 PM, Tammy Firefly tammy-li...@wiztech.bizwrote: Rancid is known to crash cisco devices doing config backups. I've seen it on 7200/7500 routers multiple times I don't doubt it, but since RANCID only uses show commands; I would suspect that any similar tool that uses similar show commands, could expose the same issue which is obviously a router CLI bug not a RANCID bug. Tammy-- -JH
Re: Network configuration archiving
On Thu, Oct 24, 2013 at 4:25 PM, Job Snijders job.snijd...@hibernianetworks.com wrote: Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Does the nature of the codebase and future development matter all that much?Not to dismiss it as a factor, but I think other criteria should be more important :) Nrmally when I would want to compare software I would be concerned first and foremost, (1) What does it do/what makes it unique -- is something special about package X over package Y?; (2) Does it meet all the minimum needs I have right now to be a viable solution? Does it grab all my configs and put them in a permanent revision control system? :) (3) How reliable is it, can I trust it? Is it very secure and safe to use?It's no good if it breaks, fails, or does something dangerous. How much care and feeding will it need to keep working? If it needs complex repair work every few weeks, I don't like it. (4) How easy is it to get up and running, and to perform any required ongoing maintenance (5) What extra nice to have functionality does it have? (6) Maybe other stuff like what language its written in, if extra features need to be added -- -JH
Re: Network configuration archiving
Yes I 100% agree its a IOS bug. It had something to do with the way it ended a ssh session. That was one reason we got rid of cisco at our edges and use juniper which has config backup built into JunOS (via ssh/FTP) --Tammy Sent from my iPhone On Oct 24, 2013, at 21:29, Jimmy Hess mysi...@gmail.com wrote: On Thu, Oct 24, 2013 at 10:19 PM, Tammy Firefly tammy-li...@wiztech.biz wrote: Rancid is known to crash cisco devices doing config backups. I've seen it on 7200/7500 routers multiple times I don't doubt it, but since RANCID only uses show commands; I would suspect that any similar tool that uses similar show commands, could expose the same issue which is obviously a router CLI bug not a RANCID bug. Tammy-- -JH
Re: Network configuration archiving
No it's not rancids fault :) Sent from my iPhone On Oct 24, 2013, at 21:25, Nick Hilliard n...@foobar.org wrote: On 25/10/2013 11:19, Tammy Firefly wrote: Rancid is known to crash cisco devices doing config backups. I've seen it on 7200/7500 routers multiple times this isn't a rancid problem though. Nick
Re: Network configuration archiving
Hiw about SolarWinds Config Mgmt software? On Oct 24, 2013 8:38 PM, Jimmy Hess mysi...@gmail.com wrote: On Thu, Oct 24, 2013 at 4:25 PM, Job Snijders job.snijd...@hibernianetworks.com wrote: Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Does the nature of the codebase and future development matter all that much?Not to dismiss it as a factor, but I think other criteria should be more important :) Nrmally when I would want to compare software I would be concerned first and foremost, (1) What does it do/what makes it unique -- is something special about package X over package Y?; (2) Does it meet all the minimum needs I have right now to be a viable solution? Does it grab all my configs and put them in a permanent revision control system? :) (3) How reliable is it, can I trust it? Is it very secure and safe to use?It's no good if it breaks, fails, or does something dangerous. How much care and feeding will it need to keep working? If it needs complex repair work every few weeks, I don't like it. (4) How easy is it to get up and running, and to perform any required ongoing maintenance (5) What extra nice to have functionality does it have? (6) Maybe other stuff like what language its written in, if extra features need to be added -- -JH
RE: Network configuration archiving
Puppet, Chef, cfEngine, etc... the list goes on and on, it's a matter of taste (no chef pun intended) and what you're familiar with as well as what works for your device configurations and the management team -Original Message- From: Kenneth McRae [mailto:kenneth.mc...@dreamhost.com] Sent: Thursday, October 24, 2013 11:45 PM To: Jimmy Hess Cc: nanog@nanog.org Subject: Re: Network configuration archiving Hiw about SolarWinds Config Mgmt software? On Oct 24, 2013 8:38 PM, Jimmy Hess mysi...@gmail.com wrote: On Thu, Oct 24, 2013 at 4:25 PM, Job Snijders job.snijd...@hibernianetworks.com wrote: Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Does the nature of the codebase and future development matter all that much?Not to dismiss it as a factor, but I think other criteria should be more important :) Nrmally when I would want to compare software I would be concerned first and foremost, (1) What does it do/what makes it unique -- is something special about package X over package Y?; (2) Does it meet all the minimum needs I have right now to be a viable solution? Does it grab all my configs and put them in a permanent revision control system? :) (3) How reliable is it, can I trust it? Is it very secure and safe to use?It's no good if it breaks, fails, or does something dangerous. How much care and feeding will it need to keep working? If it needs complex repair work every few weeks, I don't like it. (4) How easy is it to get up and running, and to perform any required ongoing maintenance (5) What extra nice to have functionality does it have? (6) Maybe other stuff like what language its written in, if extra features need to be added -- -JH
Re: Network configuration archiving
Is that licensed per device or per user out of curiosity ? Sent from my iPhone On Oct 24, 2013, at 21:45, Kenneth McRae kenneth.mc...@dreamhost.com wrote: Hiw about SolarWinds Config Mgmt software? On Oct 24, 2013 8:38 PM, Jimmy Hess mysi...@gmail.com wrote: On Thu, Oct 24, 2013 at 4:25 PM, Job Snijders job.snijd...@hibernianetworks.com wrote: Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Does the nature of the codebase and future development matter all that much?Not to dismiss it as a factor, but I think other criteria should be more important :) Nrmally when I would want to compare software I would be concerned first and foremost, (1) What does it do/what makes it unique -- is something special about package X over package Y?; (2) Does it meet all the minimum needs I have right now to be a viable solution? Does it grab all my configs and put them in a permanent revision control system? :) (3) How reliable is it, can I trust it? Is it very secure and safe to use?It's no good if it breaks, fails, or does something dangerous. How much care and feeding will it need to keep working? If it needs complex repair work every few weeks, I don't like it. (4) How easy is it to get up and running, and to perform any required ongoing maintenance (5) What extra nice to have functionality does it have? (6) Maybe other stuff like what language its written in, if extra features need to be added -- -JH
Re: Network configuration archiving
By device or you can purchase an unlimited device count.. On Oct 24, 2013 8:59 PM, Tammy Firefly tammy-li...@wiztech.biz wrote: Is that licensed per device or per user out of curiosity ? Sent from my iPhone On Oct 24, 2013, at 21:45, Kenneth McRae kenneth.mc...@dreamhost.com wrote: Hiw about SolarWinds Config Mgmt software? On Oct 24, 2013 8:38 PM, Jimmy Hess mysi...@gmail.com wrote: On Thu, Oct 24, 2013 at 4:25 PM, Job Snijders job.snijd...@hibernianetworks.com wrote: Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Does the nature of the codebase and future development matter all that much?Not to dismiss it as a factor, but I think other criteria should be more important :) Nrmally when I would want to compare software I would be concerned first and foremost, (1) What does it do/what makes it unique -- is something special about package X over package Y?; (2) Does it meet all the minimum needs I have right now to be a viable solution? Does it grab all my configs and put them in a permanent revision control system? :) (3) How reliable is it, can I trust it? Is it very secure and safe to use?It's no good if it breaks, fails, or does something dangerous. How much care and feeding will it need to keep working? If it needs complex repair work every few weeks, I don't like it. (4) How easy is it to get up and running, and to perform any required ongoing maintenance (5) What extra nice to have functionality does it have? (6) Maybe other stuff like what language its written in, if extra features need to be added -- -JH
Re: Network configuration archiving
Or use perfectly good (RANCID + cvsweb) free software. Hmm. On Thu, 24 Oct 2013, Kenneth McRae wrote: By device or you can purchase an unlimited device count.. On Oct 24, 2013 8:59 PM, Tammy Firefly tammy-li...@wiztech.biz wrote: Is that licensed per device or per user out of curiosity ? Sent from my iPhone On Oct 24, 2013, at 21:45, Kenneth McRae kenneth.mc...@dreamhost.com wrote: Hiw about SolarWinds Config Mgmt software? On Oct 24, 2013 8:38 PM, Jimmy Hess mysi...@gmail.com wrote: On Thu, Oct 24, 2013 at 4:25 PM, Job Snijders job.snijd...@hibernianetworks.com wrote: Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Does the nature of the codebase and future development matter all that much?Not to dismiss it as a factor, but I think other criteria should be more important :) Nrmally when I would want to compare software I would be concerned first and foremost, (1) What does it do/what makes it unique -- is something special about package X over package Y?; (2) Does it meet all the minimum needs I have right now to be a viable solution? Does it grab all my configs and put them in a permanent revision control system? :) (3) How reliable is it, can I trust it? Is it very secure and safe to use?It's no good if it breaks, fails, or does something dangerous. How much care and feeding will it need to keep working? If it needs complex repair work every few weeks, I don't like it. (4) How easy is it to get up and running, and to perform any required ongoing maintenance (5) What extra nice to have functionality does it have? (6) Maybe other stuff like what language its written in, if extra features need to be added -- -JH -- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Network configuration archiving
Rancid is great, we use it. It's hard to justify paying money for something that really isn't that complicated, especially stupid licensing fees. One of my problems with rancid though is that many of the commands it runs can be somewhat intrusive, and also smacks of trying to use a configuration management system as an active monitoring tool. Go into the commandtable entries for your various devices, and remove everything except the show running-config bits (or whatever your $vendor uses) and you'll run into a lot less risk of blowing a device up with rancid, also a lot quicker execution times. Or just remove rancid entirely, and just ssh show running-config (using rsa keys) on your devices and dump the output into cvs/svn/whatever. Not everything has ssh though. :( -chris 2013/10/24 Jon Lewis jle...@lewis.org Or use perfectly good (RANCID + cvsweb) free software. Hmm. On Thu, 24 Oct 2013, Kenneth McRae wrote: By device or you can purchase an unlimited device count.. On Oct 24, 2013 8:59 PM, Tammy Firefly tammy-li...@wiztech.biz wrote: Is that licensed per device or per user out of curiosity ? Sent from my iPhone On Oct 24, 2013, at 21:45, Kenneth McRae kenneth.mc...@dreamhost.com wrote: Hiw about SolarWinds Config Mgmt software? On Oct 24, 2013 8:38 PM, Jimmy Hess mysi...@gmail.com wrote: On Thu, Oct 24, 2013 at 4:25 PM, Job Snijders job.snijders@hibernianetworks.**comjob.snijd...@hibernianetworks.com wrote: Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Does the nature of the codebase and future development matter all that much?Not to dismiss it as a factor, but I think other criteria should be more important :) Nrmally when I would want to compare software I would be concerned first and foremost, (1) What does it do/what makes it unique -- is something special about package X over package Y?; (2) Does it meet all the minimum needs I have right now to be a viable solution? Does it grab all my configs and put them in a permanent revision control system? :) (3) How reliable is it, can I trust it? Is it very secure and safe to use?It's no good if it breaks, fails, or does something dangerous. How much care and feeding will it need to keep working? If it needs complex repair work every few weeks, I don't like it. (4) How easy is it to get up and running, and to perform any required ongoing maintenance (5) What extra nice to have functionality does it have? (6) Maybe other stuff like what language its written in, if extra features need to be added -- -JH --**--**-- Jon Lewis, MCP :) | I route | therefore you are _ http://www.lewis.org/~jlewis/**pgphttp://www.lewis.org/~jlewis/pgpfor PGP public key_
Re: Network configuration archiving
I know you said open source, but we're using Solarwinds Cattools with very good results. We also have Rancid running in the background. From: Job Snijders job.snijd...@hibernianetworks.com To: nanog@nanog.org Sent: Thursday, October 24, 2013 2:25 PM Subject: Network configuration archiving Dear all, I am unsure what we as networkers have done in the past, but I am sure we've done our fair share of atonement and don't have to keep using RANCID. Some might say it took ages to get rancid to do kinda what we want!, but not all software ages well. One might work in environments where archived configurations are needed to even start provisioning, one might desire a separation between actual config and transcient data. As I am evaluating our path forward, I've compiled a small list of open source projects with some biased highlights. Your feedback is most welcome, maybe I missed some interesting projects or developments. I would also be very interested in what other operators seek in a network config/state archive tool. RANCID - http://www.shrubbery.net/rancid/ * Support for a wild variery of devices and operating systems * complex perl code base [1] * no central developer team, the internet is littered with forks Oxidized - https://github.com/ytti/oxidized * modern sexy approach with queue workers * RESTful API (example: can bump devices to the head of the queue) * small user developer base * written in that ruby language Gerty - https://github.com/ssinyagin/gerty * Seems easier to extend than RANCID * perl... * small user developer base punc - https://code.google.com/p/punc/ * written in python, based on notch [2] * no recent developments (although 2011 was a good wine year) [1] - http://honestnetworker.wordpress.com/2013/06/28/adding-new-device-support-to-rancid/ [2] - https://code.google.com/p/notch/ Kind regards, Job
