Re: Low density Juniper (or alternative) Edge

2016-02-27 Thread Mark Tinka 


On 3/Feb/16 09:58, Nick Hilliard wrote:

> Typically the features that fall by the wayside first are: reasonable
> port buffers, qos knobs and decent lag/ecmp hashing support for mpls
> packets.

Cisco, in general, are suffering here, i.e., QoS on LAG's.

IOS, IOS XE and IOS XR suffer massively.

We find that Junos does a better job here.

Mark.

Re: Low density Juniper (or alternative) Edge

2016-02-27 Thread Mark Tinka 


On 2/Feb/16 23:03, David Bass wrote:

> Looking to see what others are using out there as an alternative to a Cisco 
> ME3600X? Also, what other vendors out there are playing in this space?
>
> Need a full MPLS stack. .

Cisco ASR920 - an evolution of the ME3600X, cheaper, more featured and
simpler to operate.

Juniper's ACX5000 is an option, but that Broadcom chipset scares me.

Mark.

RE: DOS Attack

2016-02-27 Thread Frank Bulk 
Here are some threads:
http://markmail.org/message/4hkuymimt54snpyi
http://markmail.org/message/qc67dfw2zi224ciu
http://markmail.org/message/2pqnaoru5gvxwyn5

Frank

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of K MEKKAOUI
Sent: Saturday, February 27, 2016 10:41 PM
To: 'NANOG' 
Subject: DOS Attack

Hi

 

Do you know about a DOS attack protection provider that you can recommend to
me please?

 

Thank you

 

KARIM M.

RE: Southwest Airlines captive portal

2016-02-27 Thread Frank Bulk 
I was MITMed, but not maliciously, but by Southwest Airline’s system (which 
uses Row44).   The site doesn’t have to be pinned for a browser to throw up a 
warning about the SSL certificate not matching the URL.

 

I did connect with an SWA employee.

 

Frank

 

From: Paras Jha [mailto:pa...@protrafsolutions.com] 
Sent: Saturday, February 27, 2016 5:09 PM
To: Damien Burke 
Cc: Frank Bulk ; nanog@nanog.org
Subject: Re: Southwest Airlines captive portal

 

You got MITM'd

 

On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke mailto:dam...@supremebytes.com> > wrote:

You should change your paypal password.


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org  ] 
On Behalf Of Frank Bulk
Sent: Saturday, February 27, 2016 10:27 AM
To: nanog@nanog.org  
Subject: Southwest Airlines captive portal

Anyone from Southwest Airlines on this list?

On a recent flight I discovered I couldn't complete payment through PayPal 
because my web browsers properly noticed that the Southwest Airlines SSL 
certificate that the captive portal was giving for PayPal didn't match up.
=)  I had to create an exception for PayPal just to complete payment.

Frank

SoftLayer DAL05/DAL09 Public Network Issues

2016-02-27 Thread Raymond Beaudoin 
Has anyone else experienced intermittent packet loss out of SoftLayer's
DAL05/DAL09 facilities this evening?

Re: mrtg alternative

2016-02-27 Thread Roberto Alvarado 
Zabbix works for me



> On 27-02-2016, at 18:12, Rafael Ganascim  wrote:
> 
> I like cacti:
> 
> http://www.cacti.net
> 
> 
> 
> 2016-02-26 20:18 GMT-03:00 Baldur Norddahl :
> 
>> Hi
>> 
>> I am currently using MRTG and RRD to make traffic graphs. I am searching
>> for more modern alternatives that allows the user to dynamically zoom and
>> scroll the timeline.
>> 
>> Bonus points if the user can customize the graphs directly in the
>> webbrowse. For example he might be able to add or remove individual peers
>> from the graph by simply clicking a checkbox.
>> 
>> What is the 2016 tool for this?
>> 
>> Regards,
>> 
>> Baldur
>>

Re: mrtg alternative

2016-02-27 Thread Peter Phaal 
InfluxDB + Grafana are a modern alternative from the DevOps space:

http://lkhill.com/using-influxdb-grafana-to-display-network-statistics/

On Fri, Feb 26, 2016 at 3:18 PM, Baldur Norddahl
 wrote:
> Hi
>
> I am currently using MRTG and RRD to make traffic graphs. I am searching
> for more modern alternatives that allows the user to dynamically zoom and
> scroll the timeline.
>
> Bonus points if the user can customize the graphs directly in the
> webbrowse. For example he might be able to add or remove individual peers
> from the graph by simply clicking a checkbox.
>
> What is the 2016 tool for this?
>
> Regards,
>
> Baldur

DOS Attack

2016-02-27 Thread K MEKKAOUI 
Hi

 

Do you know about a DOS attack protection provider that you can recommend to
me please?

 

Thank you

 

KARIM M.

Re: Sprint Wireless DNS server not resolving ietf.org

2016-02-27 Thread joel jaeggli 
On 2/26/16 5:42 PM, Yang Yu wrote:
> ietf.org and its subdomains such as tools.ietf.org are not accessible
> on Sprint 3G/LTE (DNS timeout). From what I gathered this is affecting
> Sprint wireless customers nationwide. I created a DNS measurement on
> ripe atlas and no signs of other carriers experiencing the same issue.

ietf.org has physically diverse secondaries so it strikes me as unlikely
that this problem is outside sprint

ietf.org.   86400   IN  NS  ns0.amsl.com.
ietf.org.   86400   IN  NS  ns1.ams1.afilias-nst.info.
ietf.org.   86400   IN  NS  ns1.mia1.afilias-nst.info.
ietf.org.   86400   IN  NS  ns1.sea1.afilias-nst.info.
ietf.org.   86400   IN  NS  ns1.hkg1.afilias-nst.info.
ietf.org.   86400   IN  NS  ns1.yyz1.afilias-nst.info.


> Emailed Sprint NOC and opened a ticket via support channel, got no
> update. Is there someone from Sprint Wireless on this list?
> 
> DNS servers
> 68.28.169.132
> 68.28.168.132
> 
> Thanks.
> 
> 
> Yang
> 




signature.asc
Description: OpenPGP digital signature

Re: mrtg alternative

2016-02-27 Thread Jason Canady 
A friend was just showing me grafana this morning. I use rtg for a lot of 
bandwidth data / graphs, but I also have observium for a lot of extra stuff. 

Kicked cacti to the curb a long time ago.  rtg is really flexible, but the 
graphing isn't pretty. 

Sent from my iPhone

> On Feb 27, 2016, at 20:42, B  wrote:
> 
> Welcome to the future.
> Graphite/grafana.
> 
>> On Fri, Feb 26, 2016 at 06:30:02PM -0500, Shawn L wrote:
>> 
>> We use observium.  It has most of what you're looking for.   Used to use 
>> cacti but switched a couple of months ago
>> 
>> 
>> -Original Message-
>> From: "Baldur Norddahl" 
>> Sent: Friday, February 26, 2016 6:18pm
>> To: "nanog@nanog.org" 
>> Subject: mrtg alternative
>> 
>> 
>> 
>> Hi
>> 
>> I am currently using MRTG and RRD to make traffic graphs. I am searching
>> for more modern alternatives that allows the user to dynamically zoom and
>> scroll the timeline.
>> 
>> Bonus points if the user can customize the graphs directly in the
>> webbrowse. For example he might be able to add or remove individual peers
>> from the graph by simply clicking a checkbox.
>> 
>> What is the 2016 tool for this?
>> 
>> Regards,
>> 
>> Baldur

Re: mrtg alternative

2016-02-27 Thread B 
Welcome to the future.
Graphite/grafana.

On Fri, Feb 26, 2016 at 06:30:02PM -0500, Shawn L wrote:
> 
> We use observium.  It has most of what you're looking for.   Used to use 
> cacti but switched a couple of months ago
> 
> 
> -Original Message-
> From: "Baldur Norddahl" 
> Sent: Friday, February 26, 2016 6:18pm
> To: "nanog@nanog.org" 
> Subject: mrtg alternative
> 
> 
> 
> Hi
> 
> I am currently using MRTG and RRD to make traffic graphs. I am searching
> for more modern alternatives that allows the user to dynamically zoom and
> scroll the timeline.
> 
> Bonus points if the user can customize the graphs directly in the
> webbrowse. For example he might be able to add or remove individual peers
> from the graph by simply clicking a checkbox.
> 
> What is the 2016 tool for this?
> 
> Regards,
> 
> Baldur

Re: Southwest Airlines captive portal

2016-02-27 Thread Yang Yu 
On Sat, Feb 27, 2016 at 5:40 PM, Rubens Kuhl  wrote:

> Since many commonly used web properties are moving to HSTS + HPKP + CT it
> will become increasingly difficult to balance performance and security in
> high latency connections, but when it comes to a payment gateway, that
> airline should probably turn off acceleration for paypal.com and 3-D Secure
> bank pages.


Paypal's certificate is not pinned in Chrome/Firefox. imo a hard error
is desirable in this kind of scenario.
https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json?view=markup
https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#New_sites_pinned_in_Firefox_32

FWIW Southwest uses Row 44 (GEE Media) for inflight wifi.
http://www.geemedia.com/products/connectivity

Re: Southwest Airlines captive portal

2016-02-27 Thread Marcin Cieslak 
On Sat, 27 Feb 2016, Constantine A. Murenin wrote:

> On 27 February 2016 at 10:26, Frank Bulk  wrote:
> > Anyone from Southwest Airlines on this list?
> >
> > On a recent flight I discovered I couldn't complete payment through PayPal
> > because my web browsers properly noticed that the Southwest Airlines SSL
> > certificate that the captive portal was giving for PayPal didn't match up.
> > =)  I had to create an exception for PayPal just to complete payment.
> >
> > Frank
> 
> I think it is PayPal you should be contacting instead.
> 
> PayPal User Agreement requires that you maintain adequate security of
> your account credentials, and immediately notify PayPal that your
> password has been compromised.
> 
> https://www.paypal.com/webapps/mpp/ua/useragreement-full
> 
> > 1.6 Password Security and Keeping Your Email and Address Current. You are 
> > responsible for maintaining adequate security and control of any and all 
> > IDs, passwords, personal identification numbers (PINs), or any other codes 
> > that you use to access the Services.
> ...

in theory

I suspected I was almost mit'med once, I have notified them immediately
and got a standard blurb about keeping my anti virus software up to date...

Marcin

Re: Southwest Airlines captive portal

2016-02-27 Thread Rubens Kuhl 
On Sat, Feb 27, 2016 at 3:26 PM, Frank Bulk  wrote:

> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
>
Perhaps not a captive portal but a TLS accelerator that is sometimes used
in satellite connections, that does act as MITM like corporate security
products but with a performance focus.

Since many commonly used web properties are moving to HSTS + HPKP + CT it
will become increasingly difficult to balance performance and security in
high latency connections, but when it comes to a payment gateway, that
airline should probably turn off acceleration for paypal.com and 3-D Secure
bank pages.


Rubens

Re: Southwest Airlines captive portal

2016-02-27 Thread Peter Loron 
Likely. Let Southwest know, and as others have said, change your password. 
Hopefully it was unique to PayPal. 

-Pete




On 2/27/16, 15:09, "NANOG on behalf of Paras Jha"  wrote:

>You got MITM'd
>
>On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke 
>wrote:
>
>> You should change your paypal password.
>>
>> -Original Message-
>> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Frank Bulk
>> Sent: Saturday, February 27, 2016 10:27 AM
>> To: nanog@nanog.org
>> Subject: Southwest Airlines captive portal
>>
>> Anyone from Southwest Airlines on this list?
>>
>> On a recent flight I discovered I couldn't complete payment through PayPal
>> because my web browsers properly noticed that the Southwest Airlines SSL
>> certificate that the captive portal was giving for PayPal didn't match up.
>> =)  I had to create an exception for PayPal just to complete payment.
>>
>> Frank
>>
>>
>

Re: mrtg alternative

2016-02-27 Thread Peter Loron 
We’re using Observium for trend collecting, graphing, and alerting.

-Pete




On 2/27/16, 13:12, "NANOG on behalf of Rafael Ganascim" 
 wrote:

>I like cacti:
>
>http://www.cacti.net
>
>
>
>2016-02-26 20:18 GMT-03:00 Baldur Norddahl :
>
>> Hi
>>
>> I am currently using MRTG and RRD to make traffic graphs. I am searching
>> for more modern alternatives that allows the user to dynamically zoom and
>> scroll the timeline.
>>
>> Bonus points if the user can customize the graphs directly in the
>> webbrowse. For example he might be able to add or remove individual peers
>> from the graph by simply clicking a checkbox.
>>
>> What is the 2016 tool for this?
>>
>> Regards,
>>
>> Baldur
>>
>

Re: Southwest Airlines captive portal

2016-02-27 Thread Constantine A. Murenin 
On 27 February 2016 at 10:26, Frank Bulk  wrote:
> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
> Frank

I think it is PayPal you should be contacting instead.

PayPal User Agreement requires that you maintain adequate security of
your account credentials, and immediately notify PayPal that your
password has been compromised.

https://www.paypal.com/webapps/mpp/ua/useragreement-full

> 1.6 Password Security and Keeping Your Email and Address Current. You are 
> responsible for maintaining adequate security and control of any and all IDs, 
> passwords, personal identification numbers (PINs), or any other codes that 
> you use to access the Services.
...

> 12.2 Notification Requirements.
>
> You should immediately notify PayPal if you believe:
> there has been an unauthorized transaction or unauthorized access to 
> your Account;
> there is an error in your Account Profile or activity or transaction 
> confirmation sent to you by email;
> your password or PIN has been compromised;
...

C.

Re: Southwest Airlines captive portal

2016-02-27 Thread Paras Jha 
You got MITM'd

On Sat, Feb 27, 2016 at 1:57 PM, Damien Burke 
wrote:

> You should change your paypal password.
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Frank Bulk
> Sent: Saturday, February 27, 2016 10:27 AM
> To: nanog@nanog.org
> Subject: Southwest Airlines captive portal
>
> Anyone from Southwest Airlines on this list?
>
> On a recent flight I discovered I couldn't complete payment through PayPal
> because my web browsers properly noticed that the Southwest Airlines SSL
> certificate that the captive portal was giving for PayPal didn't match up.
> =)  I had to create an exception for PayPal just to complete payment.
>
> Frank
>
>

Re: mrtg alternative

2016-02-27 Thread Rafael Ganascim 
I like cacti:

http://www.cacti.net



2016-02-26 20:18 GMT-03:00 Baldur Norddahl :

> Hi
>
> I am currently using MRTG and RRD to make traffic graphs. I am searching
> for more modern alternatives that allows the user to dynamically zoom and
> scroll the timeline.
>
> Bonus points if the user can customize the graphs directly in the
> webbrowse. For example he might be able to add or remove individual peers
> from the graph by simply clicking a checkbox.
>
> What is the 2016 tool for this?
>
> Regards,
>
> Baldur
>

Re: mrtg alternative

2016-02-27 Thread Mohamed Kamal 

We use Zenoss, pretty awesome and do the job.

Mohamed Kamal
Core Network Sr. Engineer

On 2/27/2016 1:18 AM, Baldur Norddahl wrote:

Hi

I am currently using MRTG and RRD to make traffic graphs. I am searching
for more modern alternatives that allows the user to dynamically zoom and
scroll the timeline.

Bonus points if the user can customize the graphs directly in the
webbrowse. For example he might be able to add or remove individual peers
from the graph by simply clicking a checkbox.

What is the 2016 tool for this?

Regards,

Baldur

RE: Southwest Airlines captive portal

2016-02-27 Thread Damien Burke 
You should change your paypal password.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Frank Bulk
Sent: Saturday, February 27, 2016 10:27 AM
To: nanog@nanog.org
Subject: Southwest Airlines captive portal

Anyone from Southwest Airlines on this list?

On a recent flight I discovered I couldn't complete payment through PayPal 
because my web browsers properly noticed that the Southwest Airlines SSL 
certificate that the captive portal was giving for PayPal didn't match up.
=)  I had to create an exception for PayPal just to complete payment.

Frank

Southwest Airlines captive portal

2016-02-27 Thread Frank Bulk 
Anyone from Southwest Airlines on this list?

On a recent flight I discovered I couldn't complete payment through PayPal
because my web browsers properly noticed that the Southwest Airlines SSL
certificate that the captive portal was giving for PayPal didn't match up.
=)  I had to create an exception for PayPal just to complete payment.

Frank

Re: Thank you, Comcast.

2016-02-27 Thread Mike Hammett 
I'm fairly certainly we'll never agree., so might as well end it now. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Rich Kulawiec"  
To: nanog@nanog.org 
Sent: Saturday, February 27, 2016 7:07:04 AM 
Subject: Re: Thank you, Comcast. 

On Fri, Feb 26, 2016 at 07:21:04PM -0600, Mike Hammett wrote: 
> So we have people saying that blocking residential users from hosting 
> DNS servers is not really providing Internet service. Now we have people 
> saying it isn't service if it doesn't (more or less) completely work 
> in lynx. 

Actually, nobody is saying that, but: there is zero reason why that page 
shouldn't work in a text-only browser like lynx or w3m. It conveys technical 
information of importance to current and prospective users of the service. 
It *should* comply with the ADA and other accessability standards, and one 
well-known baseline way to (at minimum) take a vague step in that direction 
is to ensure that it's reasable (and navigable) in a text-only browser. 

There's also zero reason why that page should require Javascript, 
plugins (especially obsolete and dangerous plugins like Flash), or why 
it should utilize advertising, trackers, and malicious third-party sites, 
or why it should be horribly bloated with useless junk. 

The problem here is not the people who choose to use browsers and browser 
configurations set for security and privacy. The problem is the 
jerks who published important information in a cesspool. 

---rsk

Re: Thank you, Comcast.

2016-02-27 Thread Rich Kulawiec 
On Fri, Feb 26, 2016 at 07:21:04PM -0600, Mike Hammett wrote:
> So we have people saying that blocking residential users from hosting
> DNS servers is not really providing Internet service. Now we have people
> saying it isn't service if it doesn't (more or less) completely work
> in lynx.

Actually, nobody is saying that, but: there is zero reason why that page
shouldn't work in a text-only browser like lynx or w3m.  It conveys technical
information of importance to current and prospective users of the service.
It *should* comply with the ADA and other accessability standards, and one
well-known baseline way to (at minimum) take a vague step in that direction
is to ensure that it's reasable (and navigable) in a text-only browser.

There's also zero reason why that page should require Javascript,
plugins (especially obsolete and dangerous plugins like Flash), or why
it should utilize advertising, trackers, and malicious third-party sites,
or why it should be horribly bloated with useless junk.

The problem here is not the people who choose to use browsers and browser
configurations set for security and privacy.   The problem is the
jerks who published important information in a cesspool.

---rsk