Re: Brocade Fabric Help

2016-06-30 Thread TJ McCleve 
I would suggest opening a TAC to get the full details on why it’s happening if 
the root cause not readily apparent. Typically remediating a these types of 
mismatches entails copying the default config to startup (triggers a reload) 
and rejoining the fabric.

On 6/30/16, 1:41 PM, "NANOG on behalf of Mike Hammett"  wrote:

>I asked on the Brocade forum, but it's largely been crickets there. I hoped 
>someone here would have an idea. 
>
>One switch says: 23 Te 12/0/24 Up ISL segmented,(ESC mismatch, Distributed 
>Config DB)(Trunk Primary) 
>The other switch says: 23 Te 54/0/24 Up ISL segmented,(ESC mismatch, 
>Distributed Config DB)(Trunk Primary) 
>
>I saw that means, "The DCM Configuration DB is different on both the ends of 
>ISL," but I have no idea how to resolve that. 
>
>
>VDX-6720s running 4.1.3b. 
>
>
>
>
>- 
>Mike Hammett 
>Intelligent Computing Solutions 
>http://www.ics-il.com 
>
>
>
>Midwest Internet Exchange 
>http://www.midwest-ix.com 
>
>

Re: NANOG67 - Tipping point of community and sponsor bashing?

2016-06-30 Thread Rick Astley 
I have to agree with Dan in that even if you disagreed with the talk you
have to agree that it probably spawned relevant discussion and reflection
(both on and off list). I would hate to see a move to ideas and discussions
that are chosen simply for offending the fewest people. Another sort of
similar critique aimed at large routing vendors was "Help! My big expensive
router is really expensive" at NANOG 60 in Atlanta. Perhaps the critiques
were seen as more constructive and I don't remember the same backlash after
the talk but I found both talks and various discussions that followed
insightful.

On Fri, Jun 17, 2016 at 4:53 PM, Daniel Golding  wrote:

> Hmm - as far as whether this was a good or bad NANOG presentation...this is
> some of the best discussion I've seen on list in a while. There is a frank
> exchange of views between many different parties. This may result in some
> follow-up presentations at future NANOGs by IXP operators (please!).
>
> Seems that, whether you agree with Dave or not, it was successful. It also
> seems that the IXP operators who came under the most criticism have reacted
> with a lot of professionalism and maturity. Other IXP operators have
> reacted pretty poorly, which is ironic.
>
> Dan
>

Re: automated site to site vpn recommendations

2016-06-30 Thread Geoff Wolf AB3LS 
I have a feeling that most if not all of the requirements you have could be
achieved with a Cisco ISR router running some kind of FlexVPN/DMVPN setup
back to a network VPN hub. The ISR G3 series has the option of enabling a
built in firewall/IPS. You'd need a RADIUS solution to authenticate the VPN
from the spoke router in the field to the hub and also for 802.1X port
authentication. Depending upon the number of port's you'd need, a
downstream switch may be needed (ISR4331 has optional 4-port PoE switch
module).
http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-architecture-implementation/200031-Zero-Touch-Deployment-ZTD-of-VPN-Remot.html

That said, I think this would be a huge headache compared to what can be
done with Meraki. It would also involve a TON of R time (believe me).

On Wed, Jun 29, 2016 at 7:38 PM, Tim Raphael 
wrote:

> There is a downside to subscription pricing for the vendor: they don't get
> the instant cashflow they're used to. I know Cisco seems to be taking a
> tactic where only some product lines use subscriptions and the others are
> on a typical enterprise 3-5 year replacements cycle to provide Cisco with
> the  large cash injections upon upgrade.
>
> Tim
>
> > On 30 Jun 2016, at 7:00 AM, Seth Mattinen  wrote:
> >
> >> On 6/29/16 15:33, Eric Kuhnke wrote:
> >> My biggest issue with Meraki is the fundamentally flawed business model,
> >> biased in favor of vendor lock in and endlessly recurring payments to
> the
> >> equipment vendor rather than the ISP or enterprise end user.
> >>
> >> You should not have to pay a yearly subscription fee to keep your
> in-house
> >> 802.11(abgn/ac) wifi access points operating. The very idea that the
> >> equipment you purchased which worked flawlessly on day one will stop
> >> working not because it's broken, or obsolete, but because your
> >> *subscription* expired...
> >
> >
> > I'm sure most hardware makers would love to lock in a revenue stream of
> "keep me working" subscriptions if they could get away with it. From the
> company's perspective what's not to love about that kind of guaranteed
> revenue?
> >
> > I often wonder if Microsoft will someday make Office365 the only way to
> get Office, which if you don't maintain a subscription your locally
> installed copy of Word will cease to function.
> >
> > ~Seth
>



-- 
Geoffrey Wolf

Malware/ransomware current live distribution points

2016-06-30 Thread Ronald F. Guilmette 

The various domains and IP address listed in the following file
are, as we speak, acting as distribution/infection points for
some sort of Javascript malware which is almost certainly a
flavor of ransomware.

** FAIR WARNING *** Please use exceptional caution when browsing
to any of the domains listed within the following file.  Doing so
with a vlunerable browser and/or from a vulnerable platform is
likely to cause encryption of your entire harddrive.  Such encryption
may perhaps be irreversable without paying a ransom.

ftp://ftp.tristatelogic.com/pub/cases/295165/20160629-0.txt

I am including below the same information as is present within the
above referenced file, but without the associated domain names.  I do
this in order to avoid having this message improperly filtered, as
it might be, by some of the spam filters being used by some of the
people who really should see this message.  (But the domain names
are all readily available in the above file.)

Note that the domain names involved in this particular set of malware
distributors are all third-level .COM domains, and that in all cases,
the actual text of the first (leftmost) of the three domain name labels
is irrelevant and can be replaced by any other valid domain name label
because the second level domains have all been wildcarded in the DNS.

The following list has been sorted numerically, based on the AS number.

RIR  ASN   IP address
--
RIPE 16276 188.165.62.14
RIPE 16276 5.196.36.42
ARIN 19531 155.94.69.167
ARIN 19757 107.155.188.126
ARIN 33182 184.171.243.123
ARIN 33182 184.171.243.81
ARIN 33182 198.136.53.210
ARIN 46562 107.181.174.10
RIPE 47583 195.110.58.82
RIPE 50673 217.12.208.160
RIPE 50979 195.123.209.55
RIPE 51852 141.255.161.67
RIPE 52048 46.183.216.167
RIPE 56322 91.219.237.211
RIPE 56577 31.41.44.155
RIPE 59432 5.134.117.190
RIPE 59729 185.82.216.204
RIPE 62240 185.120.20.107
APNIC 63912 111.221.44.152
RIPE 201133 82.118.226.13

If you are an administrator of one of the above listed ASNs, or if you
know someone who is, please spend a few minutes and help get this hostile
trash off the Internet.

Thank you.


Regards,
rfg


P.S.  Those who do elect to browse to the domains listed in the file
cited above, and so do so without getting infected, will notice that
the underyling actual web sites are all identical, and are all selling
a completely bogus diet supplement called "CLA Safflower Oil".  It is
unclear at this time whether the criminals behind these IPs and domains
are making more money from their ransomware extortion racket, or from
selling this bogus diet supplement to naive idiots.

[NANOG-announce] NANOG 68 Dallas, TX - Call for Presentations is Open!

2016-06-30 Thread L Sean Kennedy 
NANOG Community,

The NANOG Program Committee is excited to announce that we are accepting
proposals for all sessions at NANOG 68 in Dallas, TX on October 17-19.  I
have included key points from the Call for Presentations and the complete
text is available on the NANOG website:

https://www.nanog.org/meetings/nanog68/callforpresentations

Early bird registration is open for NANOG 68 and hotel rooms in the NANOG
block at the Fairmont Dallas can be reserved by those interested in making
advance travel plans.  We look forward to seeing all of you in Dallas!

https://www.nanog.org/meetings/nanog68/home

Sincerely,
 Sean
NANOG Program Committee


NANOG 68 Call for Presentations

The North American Network Operators' Group (NANOG) will hold its 68th
conference in Dallas, TX on October 17-19, 2016.  CyrusOne will be the
Local Host at NANOG 68.

The NANOG Program Committee seeks proposals for presentations, panels,
tutorials, and tracks sessions for the NANOG 68 program. We welcome
suggestions of keynote speakers or topic ideas. Presentations may cover
current technologies already deployed or soon-to-be deployed in the
Internet. Vendors are welcome to submit talks which cover relevant
technologies and capabilities, but presentations must not be promotional or
discuss proprietary solutions. NANOG 68 submissions can be entered on the
NANOG Program Committee Tool .


How To Submit

The primary speaker, moderator, or author should submit a presentation
proposal and an abstract on the Program Committee Tool
.  Please upload draft slides as soon as possible so
the Program Committee can understand the intended structure and level of
detail covered by the talk.  Draft slides are not required for a proposal
to be initiated,  but they are usually expected before the Program
Committee can definitively accept a submission.  The following information
should be included in the proposal:

   -

   Author's name(s)
   -

   Professional or Educational Affiliation
   -

   A preferred contact email address
   -

   A preferred phone number for contact
   -

   Submission category (General Session, Panel, Tutorial, or Track)
   -

   Presentation Title
   -

   Abstract
   -

   Slides (attachment), in PowerPoint (preferred), Keynote, or PDF format

Timeline for submission and proposal review

   -

   Submitter enters Abstract (and draft slides if possible) in Program
   Committee Tool .
   -

  Any time following Call for Presentations and before deadline for
  Abstracts
  -

   PC performs initial review and assigns a “Shepherd”, who will contact
   you to help develop the submission.
   -

  Within 2 weeks
  -

   Submitter develops draft slides of talk
   -

  Please submit initial draft slides early
  -

  Panels and Track submissions should provide topic list and
  intended/confirmed participants
  -

   PC reviews slides and continues to work with Submitter as needed to
   develop topic
   -

  Draft presentation slides should be submitted prior to published
  deadline for slides
  -

   PC accepts or declines submission
   -

   Agenda assembled and posted
   -

   Submitters notified


If you think you have an interesting topic but want feedback or suggestions
for developing an idea into a presentation, please email the Program
Committee , and a representative of the Program
Committee will respond. Otherwise, submit your talk, keynote, track, or
panel proposal to the Program Committee Tool  without
delay!  We look forward to reviewing your submission.

Key Dates For NANOG 68

Event/Deadline

Date

Registration for NANOG 68 Opens

Monday, 6/27/2016

Agenda Outline for NANOG 68 Posted

Monday, 6/27/2016

CFP Deadline #1: Presentation Abstracts Due

Monday, 7/25/2016

CFP Deadline #2: Draft Presentation Slides Due

Monday, 8/15/2016

CFP Topic List and NANOG Meeting Highlights Page

Friday, 8/19/2016

Speaker Final presentation Slides to PC Tool 

Monday, 10/10/2016

On-site Registration

Monday, 10/17/2016

Lightning Talk Submissions Open (Abstracts Only)

Sunday, 10/16/2016

Further Presentation Guidelines can be found under "Present at a NANOG"
 and some general advice is
available in Tips on Giving a Talk
.

The NANOG Program Committee seeks proposals for presentations, panels,
tutorial sessions, and tracks in all areas of network operations, such as:


   -

   Network Connectivity, Interconnection, and Architecture
   -

   Network Management and Configuration including Automation
   -

   Network Performance, Measurement, and Telemetry
   -

   Data Center and Physical Plant including Cooling and Power Efficiency
   -

   Network Research
   -

   Internet Governance
   -

   Routing and Switching Protocols
   -

Re: Brocade Fabric Help

2016-06-30 Thread Fred Hollis 

Hello Mike,

Running a few larger Brocade VDX fabrics here...

In case of that message, there is no other option not to reset that 
specific new switch and then re-join the device. I had that a few times, 
too.


It happens when you already did some configuration changes on the new 
switch and the older fabric members weren't aware of that.


On 30.06.2016 at 21:41 Mike Hammett wrote:

I asked on the Brocade forum, but it's largely been crickets there. I hoped 
someone here would have an idea.

One switch says: 23 Te 12/0/24 Up ISL segmented,(ESC mismatch, Distributed 
Config DB)(Trunk Primary)
The other switch says: 23 Te 54/0/24 Up ISL segmented,(ESC mismatch, 
Distributed Config DB)(Trunk Primary)

I saw that means, "The DCM Configuration DB is different on both the ends of 
ISL," but I have no idea how to resolve that.


VDX-6720s running 4.1.3b.




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



Midwest Internet Exchange
http://www.midwest-ix.com

Re: Brocade Fabric Help

2016-06-30 Thread Youssef Bengelloun-Zahr 
Dear Mike,

Are you running fabric with logical-chassis mode. Did you set priorities on the 
rbridges to select selection order of the principal switch ? Did you make any 
configuration changes from anywhere else than on the principal switch (using 
cluster VIP to connect) ?

IF so, then message seems to point to a configuration difference between nodes 
hence a possible DB corruption.

When that happens, the switchs would rather not join the fabric then try merge 
and possibly cause configuration alterations and instabilities.

You should try to dig that message out on the net or in NOS guides. Maybe open 
a case with BTAC ?

But ultimately, I think you'll probably end up disabling one of the switchs, 
reset the config and rejoin it in the fabric.

HTH.

Y.



> Le 30 juin 2016 à 21:41, Mike Hammett  a écrit :
> 
> I asked on the Brocade forum, but it's largely been crickets there. I hoped 
> someone here would have an idea. 
> 
> One switch says: 23 Te 12/0/24 Up ISL segmented,(ESC mismatch, Distributed 
> Config DB)(Trunk Primary) 
> The other switch says: 23 Te 54/0/24 Up ISL segmented,(ESC mismatch, 
> Distributed Config DB)(Trunk Primary) 
> 
> I saw that means, "The DCM Configuration DB is different on both the ends of 
> ISL," but I have no idea how to resolve that. 
> 
> 
> VDX-6720s running 4.1.3b. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> 
> 
> Midwest Internet Exchange 
> http://www.midwest-ix.com 
> 
>

Brocade Fabric Help

2016-06-30 Thread Mike Hammett 
I asked on the Brocade forum, but it's largely been crickets there. I hoped 
someone here would have an idea. 

One switch says: 23 Te 12/0/24 Up ISL segmented,(ESC mismatch, Distributed 
Config DB)(Trunk Primary) 
The other switch says: 23 Te 54/0/24 Up ISL segmented,(ESC mismatch, 
Distributed Config DB)(Trunk Primary) 

I saw that means, "The DCM Configuration DB is different on both the ends of 
ISL," but I have no idea how to resolve that. 


VDX-6720s running 4.1.3b. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com

Re: AT/Bellsouth Fiber Gear

2016-06-30 Thread Javier J 
Haha, I would have done the same thing.


If it is important, someone will show up.

On Tue, Jun 28, 2016 at 5:58 PM, Carlos Alcantar  wrote:

> We had a similar situation a couple years ago we went around for weeks
> trying to find someone that could help us with the equipment.  We ended up
> pulling the power on the gear someone showed up 2 hours later.  That
> finally got us someone we could actually talk with about re locating the
> equipment in the building.
>
>
> ​
> Carlos Alcantar
> Race Communications / Race Team Member
> 1325 Howard Ave. #604, Burlingame, CA. 94010
> Phone: +1 415 376 3314 / car...@race.com / http://www.race.com
>
>
> 
> From: NANOG  on behalf of Morgan A. Miskell <
> morgan.misk...@caro.net>
> Sent: Tuesday, June 28, 2016 9:47:17 AM
> To: nanog@nanog.org
> Subject: AT/Bellsouth Fiber Gear
>
> Anyone on this list that can put me in touch with a contact in the
> division within AT that manages their fiber equipment deployed in the
> field?
>
> I need to speak with someone regarding some AT gear in our data center
> that is on old Bellsouth Sonet rings.. thanks!
>
> You can contact me off list via e-mail please!
>
> --
> Morgan A. Miskell
> CaroNet Data Centers
> 704-643-8330 x206
>
> 
> The information contained in this e-mail is confidential and is intended
> only for the named recipient(s). If you are not the intended recipient
> you must not copy, distribute, or take any action or reliance on it. If
> you have received this e-mail in error, please notify the sender. Any
> unauthorized disclosure of the information contained in this e-mail is
> strictly prohibited.
>
> 
>
>
>

route-views.chicago.routeviews.org

2016-06-30 Thread John Kemp 

As mentioned at the peering personals...
route-views.chicago.routeviews.org is now up and running.

New peers are welcomed.  We request full
tables if possible.  We send zero back in your direction.
Peers should minimally filter default/null/rfc1918 from
their view.  Our side is:

AS6447
206.223.119.187
2001:504:0:4::6447:1

telnet://route-views.chicago.routeviews.org
{http/ftp/rsync}://archive.routeviews.org/route-views.chicago

A huge thanks to our host, CTS Telecom.  Those guys really
made it happen.  And as always, a huge thanks to Equinix.  We
could not make this all happen without the help of our hosts
and the exchanges, so thanks to all.

-- 
John Kemp
RouteViews Network Engineer
h...@routeviews.org