Re: Scanning the Internet for Vulnerabilities

[Matthew Craig]

The intent behind vulnerability scans is good, however the majority of DOS 
attacks that my networks encounter these days are from cybersecurity 
organizations conducting cybersecurity research.

Funding requests for DOS mitigation solutions to protect my networks from 
cybersecurity researchers are not taken seriously.




-
Matt








On Jun 20, 2022, at 12:55 PM, Randy Bush mailto:ra...@psg.com>> 
wrote:

**Warning: This email originated external to the NMSU email system. Do not 
click on links or open attachments unless you are sure the content is safe.

I treat these folk with the same respect they afford me. Not once in
30 years of having a connected network (v4 or v6) has any entity asked
"is it OK if we .. ?".

how strange, considering you are replying to a thread doing so.

fwiw, i appreciate vuln scanners.  i do not have the hubris or tools to
think i run a flawless network or servers.

randy

Re: V6 still not supported

[Matthew Craig]

This huge conversation has been fun to follow.


I like my IPv6 transition plan:

Instead of moving the mountains and breaking my back to migrate (by myself) my 
ENTIRE not-so-small organization to IPv6, I keep things going on IPv4 
relatively burden-less to my organization till I retire.


Then the contractor that comes in after me (certainly a contractor, because the 
pool of clueful people to hire is small and getting smaller) can execute the 
transition and make a killing by causing more problems, and draining budgets to 
fix those problems, which cause more problems, etc... in a nice vicious cycle.  
I could even decide to be said contractor!


My CISO is on my side.  He DEMANDS as critical components of his Security 
Posture: IPv4 NAT, and easier-to-type IPv4 ACL segmentation (clueful people to 
hire is small)!  :)




This plan continues to be self-validating.  I like my plan.




-
Matt








On Mar 24, 2022, at 5:44 AM, Mark Delany 
mailto:k...@november.emu.st>> wrote:


On 24Mar22, Pascal Thubert (pthubert) allegedly wrote:
Hello Mark:

Any such "transition plan" whether "working" or "straightforward" is
logically impossible. Why anyone thinks such a mythical plan might yet be
formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is
absurd.

This is dishonest

My point is that if there was a real transition plan it would have been 
invented and
executed by now and we'd all be on ipv6. Yet the reality is that here we are 
some 20 years
later with no plan and no ubiquitous ipv6. How is that observation dishonest?

considering that I just proved on this very thread that such ideas existed

I don't know why you're conflating an idea with a plan - they are about as far 
away from
each other as is possible. Frankly no one cares about ideas, they're a dime a 
dozen.

A plan is an actionable, compelling and logical set of steps towards an end 
result. Do you
have such a thing for moving everyone on the planet to ipv6?

Here's a simple test of whether you have a plan or not. I'm connected via my 
legacy ipv4
ISP router completely oblivous to ipv6. How does your plan incentivise me to 
upgrade my
router to support ipv6?

When you have an answer to that, you might have a glimmer of a plan.


Mark.

Re: 40G QSFP+ to 4 SFP+ on MX960

[Craig]

40G modules/ports are a waste from a design perspective.

Agree  I have many cards of 40G laying around used them for 6 months and
swapped them out

On Thu, Feb 24, 2022 at 4:47 PM Paschal Masha 
wrote:

> Hello,
>
>
>
> Has anyone managed to get the 40G QSFP+ to 4 SFP+ breakout cable to work
> on the 2X40GE QSFPP Juniper MICs?
>
> Which commands did you use to channelize the port under the "chassis fpc"
> mode to get it to channelize to 4x10g at least for one 40G port on that MIC?
>
> My device : MX960.
>
> On a side note, 40G modules/ports are a waste from a design perspective.
>
> Thanks in advance
>
>
>
> Regards
> Paschal Masha | Engineering
> Skype ID: paschal.masha
>
>
>

Microsoft express routes contact

[Craig]

Could someone from Microsoft please contact me off line please. We have had
tickets opened for quite a while now but the ticket seems to be not getting
to the correct team.

We have a customer who has been trying to get their app working, we have an
express route peering directly to MS, however we are NOT receiving the more
specific prefix over express routes. This is creating issues w/ the app
working due to the FW involved.

The Azure Host IPv4 is:
52.158.246.45



and here are the networks we are learning over express routes:

52.158.0.0/17
52.158.160.0/20
52.158.176.0/20
52.158.192.0/19
52.159.64.0/18

However we are receiving a prefix over our ISP where the route is being
used.

I have not been able to find this specific host in the Azure route table
dump that is posted on the MS web site.

cpv

Re: Microsoft problems...

[Craig]

https://status.office365.com/




On Mon, Mar 15, 2021 at 4:49 PM Nathanael Cariaga 
wrote:

> WVD seems to be affected as well...  tak tsk tsk.  I guess this is part of
> Monday blues? :P
>
> On Tue, Mar 16, 2021, 4:39 AM Andrey Khomyakov, <
> khomyakov.and...@gmail.com> wrote:
>
>> I didn't troubleshoot at all (not my job), but yes, we are having all
>> sorts of issues accessing O365/Teams/etc
>>
>> --Andrey
>>
>>
>> On Mon, Mar 15, 2021 at 1:33 PM Justin Streiner 
>> wrote:
>>
>>> Can you be a bit more specific regarding what you're seeing or not
>>> seeing?
>>>
>>> Are you reaching MS through IP transit/peer connections, or are you
>>> having issues reaching MS cloud services over ExpressRoute circuits?
>>>
>>> Thank you
>>> jms
>>>
>>> On Mon, Mar 15, 2021 at 4:04 PM  wrote:
>>>
 Anyone else noticing major MAJOR problems with various MS services?

 Geoff

Re: Half Fibre Pair

[Craig]

single strand / cwdm optics

On Tue, Jan 26, 2021 at 3:52 PM Rod Beck 
wrote:

> Can someone explain to me what is a half fibre pair? I took it literally
> to mean a single fibre strand but someone insisted it was a large quantity
> of spectrum. Please illuminate. On or off list as you please.
>
> Regards,
>
> Roderick.
>
> Roderick Beck
> VP of Business Development
>
> United Cable Company
>
> www.unitedcablecompany.com
>
> New York City & Budapest
>
> rod.b...@unitedcablecompany.com
>
> Budapest: 36-70-605-5144
>
> NJ: 908-452-8183
>
>
> [image: 1467221477350_image005.png]
>

Re: AS 701 ?

[Craig]

yea fast email, details lacking..too much going on tonight w/ changes...

our IPv4 & IPv6 Peers both went down, bounced a few times, now down hard...
have tickets opened with Verizon, but no ETA, not sure if anyone else
experienced this. we are in eastern US



On Thu, Jan 14, 2021 at 9:21 PM Christopher Morrow 
wrote:

> On Thu, Jan 14, 2021 at 7:16 PM Craig  wrote:
> >
> > Anyone else having peering issues problems with AS 701?
>
> meaning:
>   1) "I lost all routes to 701 paths"
>   2) "All my traffic into 701 never returns"
>  3) links to 701 are full, yikes!
>   4) other ?
>
> more info is more better.
>

AS 701 ?

[Craig]

Anyone else having peering issues problems with AS 701?

Re: Hurricane Electric AS6939

[craig washington]

Side note, they don’t support any traffic engineer aside from prepends but no 
complaints Besides that.



On Oct 13, 2020, at 8:25 PM, Mike Hammett 
mailto:na...@ics-il.net>> wrote:

https://bgp.he.net/AS16527

You don't appear to be on any IXes. Definitely join some IXes before buying 
another 100G of transit.

DFW has a couple and there are some more that are starting up.



-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]

From: "Aaron Gould" mailto:aar...@gvtc.com>>
To: nanog@nanog.org
Sent: Tuesday, October 13, 2020 6:29:55 PM
Subject: Hurricane Electric AS6939

Do y’all like HE for Internet uplink?  I’m thinking about using them for 100gig 
in Texas.  It would be for my eyeballs ISP.  We currently have Spectrum, Telia 
and Cogent.

-Aaron

Re: WIKI documentation Software?

[Craig]

Greatly appreciate all these suggestions, we are going to test several of
these packages out and determine which will be best for us.

Thanks!

Then comes the task of getting the legacy wiki pages off the Mac wiki
server over to the new wiki

Argg

More figuring out to do.


On Tue, Mar 17, 2020 at 9:22 PM Billy Crook 
wrote:

> We're a new group and at recommendation of this thread, I set up
> dokuwiki for us and I like it already!
>
> On Tue, Mar 17, 2020 at 1:54 PM Jens Link  wrote:
> >
> > Craig  writes:
> >
> > > Wanted to ask what WIKI software teams are using to save documentation
> to / how to's for staff, etc.
> >
> > On the wiki side: +1 for dokuwiki
> >
> > Given that more and more people are automating stuff and this way ending
> > up git anyway:
> >
> > Write your doku as markdown, put it into git, generate static web
> > pages. For people who like editing via a GUI can use gitlab or something
> > similar.
> >
> > This approach has some advantages:
> >
> > - You always have (a more or less) current version of your documentation
> >   offline
> > - You can just use grep to find stuff
> >
> > Jens
> > --
> >
> 
> > | Delbrueckstr. 41| 12051 Berlin, Germany   |
> +49-151-18721264 |
> > | http://blog.quux.de | jabber: jensl...@quux.de|
> ---  |
> >
> 
>

Re: WIKI documentation Software?

[Craig]

Lol, Sharepoint,,,. Arggg, yea NOT going to happen ,

We’ve managed to avoid using that.




On Sat, Mar 14, 2020 at 10:50 AM Nicholas Oas 
wrote:

> Seconding Confluence. Stay away from Sharepoint.
>
> On Sat, Mar 14, 2020 at 8:09 AM Craig  wrote:
>
>> Wanted to ask what WIKI software teams are using to save documentation to
>> / how to's for staff, etc.
>>
>> pro's
>> con's
>>
>> We have an older wiki bare-metal wiki server, that I want to get replaced
>> before it kicks the bucket and was looking into various ones.
>>
>> thanks;
>>
>> CPV
>>
>>
>>

Re: COVID-19 vs. our Networks

[Craig]

Somewhat of a duplicate reply here to another thread...
We have noticed as the organization has been sending various teams to WFH,
an increase in bandwidth to our various VPN services. It's been creeping up
daily.
we are in process of upgrading our bandwidth to these areas to support this.




On Sat, Mar 14, 2020 at 6:25 AM Radu-Adrian Feurdean <
na...@radu-adrian.feurdean.net> wrote:

> On Sat, Mar 14, 2020, at 04:31, Darin Steffl wrote:
> > Playing games doesn't take much bandwidth. Downloading games does. So
> > as long as everyone already has their games and there's no updates,
> > playing the game is typically under 100 kbps which is negligible
> > compared to streaming video which takes 1 to 25 mbps.
>
> My experience at $job[$now] (IXP) and $job[-1] (ISP with residential
> users) show otherwise. ISP-side traffic comes inbound from ASNs hosting
> gaming platforms, and IXP-side, gaming platforms have no issues taking 100G
> ports and pushing lots of traffic on them. Ratio-wise, they seem very much
> "heavy outbound". When new games are released, we see extra traffic from
> CDNs. Even if a game does not generate much traffic, in a MMO context every
> user pushes one data stream but receives several ones. And there may be
> reasons (avoiding cheats) where traffic pushed from the gaming platform
> contains more then each user's actions.
> IMO, it depends on how game handles inter-player communication. I do
> recall playing some serverless networked games some 15-20 years ago, with 3
> players each on their own ADSL or cable, and the upstream (in the 512-800
> Kbps range) never getting saturated.
>

Re: Work from Home and other dynamics

[Craig]

We have noticed as the organization has been sending various teams to WFH,
an increase in bandwidth to our various VPN services. It's been creeping up
daily.
we are in process of upgrading our bandwidth to these areas to support this.
we are finding support teams are taking steps to finally fix their VPN
services to a more robust nature, (active/active vs active / standby),



On Mon, Mar 9, 2020 at 6:00 PM Payam Poursaied  wrote:

> -Original Message-
> From: NANOG  On Behalf Of Jared
> Mauch
> Sent: Monday, March 9, 2020 6:32 AM
>
> I’m wondering what general trends people have seen with the recent
> reduction in travel and increased work from home activities.
> What interesting dynamics are you seeing?
>
> 
> Evening-peak graphs turned into all-day-peak
> https://ln.sync.com/dl/ded61e820/eqaehqz7-8yfw2vj9-ackq7w46-4zgfv8ru
> This is a sample 9-day graph shows it changes after and before when the
> outbreak hit a region, and people started to consider it more seriously.
>
>
>
>

WIKI documentation Software?

[Craig]

Wanted to ask what WIKI software teams are using to save documentation to /
how to's for staff, etc.

pro's
con's

We have an older wiki bare-metal wiki server, that I want to get replaced
before it kicks the bucket and was looking into various ones.

thanks;

CPV

Re: akamai yesterday - what in the world was that

[craig washington]

Dido


On Feb 11, 2020, at 9:03 PM, Andy Smith 
mailto:telephonetoughgu...@gmail.com>> wrote:

Any word on what the update was for? It caused quite a jump in traffic on our 
network.

On Tue, Feb 11, 2020, 19:06 Jared Mauch 
mailto:ja...@puck.nether.net>> wrote:
Looking good from my perspective. Let me know if we are causing you pain and 
let's see what can be done to improve.

I'm here in SF if you are at nanog.

Sent from my iCar

> On Feb 11, 2020, at 3:42 PM, Tom Deligiannis 
> mailto:tom.deligian...@gmail.com>> wrote:
>
> There is a major update that has released today, how's everything looking for 
> everyone?

Re: Elephant in the room - Akamai

[craig washington]

I don't have any insight but can confirm I am seeing the same thing. (Traffic 
shift back onto transit links)
They did tell me they were having some bandwidth issues and are working on it.
I am currently awaiting a direct PNI with them but haven't heard from them in 
some time.


From: NANOG  on behalf of Kaiser, Erich 

Sent: Thursday, December 5, 2019 3:03 AM
To: NANOG list 
Subject: Elephant in the room - Akamai

Lets talk Akamai

They have shifted 90% of their traffic off IXs and onto our full route DIA, 
anyone else seeing this issue or have insight as to what is going on over 
there?  We have been asking for help on resolution for weeks and all we get is 
we are working on it and now we get no response.  We were even sent an LOA and 
when the DC went to go put in the x-connect their patch panel was full.  How do 
they not know if they have ports open or not?  I have even reached out to an 
engineer who is on this list and he does not even respond.

The last two nights the traffic levels to them has skyrocketed as well.

Any insight?


Erich Kaiser
The Fusion Network

Graphical databases ?

[Craig]

Has anyone used the graphical data base software:
https://neo4j.com/

I looked at this software several years ago, but it will still relatively
new.
We are exploring using this to create dependencies of our network
infrastructure hardware, customer information, etc. etc.

here is an example:
https://neo4j.com/graphgist/network-dependency-graph

For those that have used it:
Has anyone been able to successfully use this for their networks?
pros/cons/good/bad

Is maintaining the data a chore?
Has it helped operationally?

if anyone has any input would appreciate hearing from you;

thanks;

CPV

Re: OT: Tech bag

[Craig]

I switched up to a backpack from this company:
https://missionworkshop.com/collections/backpacks

they have modular packs, so I keep various things in the modules, and they
can go onto their packs.

On Fri, Aug 2, 2019 at 8:41 PM Brian Knight  wrote:

> About a year ago, I switched from a Swissgear to a High Sierra Endeavor
> wheeled backpack and been very happy with it. Most of the time I carry < 15
> lbs of gear when I commute to the office on the train, so I’ll have it on
> my back. But when I head to the colo with a heavy load, it’s handy (and a
> real relief to my neck and shoulders) to be able to switch to wheeled mode.
> It’s held an ASR920 + laptop + hardware + usual load with a bit of room to
> spare.
>
> HTH,
>
> -Brian
>
> > On Aug 2, 2019, at 11:14 AM, Dovid Bender  wrote:
> >
> > Hi,
> >
> > Sorry for the OT email. I travel extensively to DC's and my computer bag
> seems to keep collecting more tools which includes your usual console
> cables, spare everything, two laptops etc. My Swissgear has been taking a
> beating and I was wondering what others who have to lug around 30-35 pounds
> use.
> >
> > TIA.
> >
> >
>
>

Microsoft Peering IPv4 BGP Table

[Craig]

If someone could please send me a IPv4 BGP table for the Microsoft Express
Routes Microsoft Peer for the prefixes you are receiving, I would
appreciate it.

thanks;
CPV

Microsoft Express Routes woes...

[Craig]

This is classic...

We have a direct BGP peering session to Microsoft using Express Routes for
the public peering session for services like Email, one drive, etc. this
uses MS Public. We also have/use MS Azure Public as well as MS Azure
Private in place for a few years now. We have had this happen a few times
already where one team at MS makes a routing change, and the other team is
either not aware of the change, or else doesn't communicate the change
properly.

So late last night, while a change was being made to a completely different
area of our network, they asked that I back out my change due to our entire
organization not being able to access share-point online, or MS One drive.

I had zero evidence it was our change. further investigation on our border
routers, revealed all four (4) of our ISP's were advertising the MS block
as a /24 prefix:

A:MY_NAME_CHANGED# show router 1053 bgp routes 13.107.136.0/24

 BGP Router ID:10.11.0.29   AS:122 Local AS:122

 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * -
valid
 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete


BGP IPv4 Routes

Flag  NetworkLocalPref   MED
  Nexthop (Router)   Path-Id Label
  As-Path
---
u*>? 13.107.136.0/2425010450
  4.49.118.153   None-
  3356 8075 8068
---
Routes : 1

HOWEVER MS Express Routes was advertising this:

A:MY_NAME_CHANGED# show router 1053 bgp routes 13.107.136.0/22

 BGP Router ID:10.11.0.29   AS:122 Local AS:122

 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * -
valid
 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete


BGP IPv4 Routes

Flag  NetworkLocalPref   MED
  Nexthop (Router)   Path-Id Label
  As-Path
---
i  13.107.136.0/22300 0
  157.229.11.66  None-
  12076

So another call to MS support and escalations to get this more specific
prefix fixed or if Express routes can advertise this more specific vs the
/22 block.

*Questions:*
Has anyone else ran into this with MS if you have a direct peering session
to them?
Has anyone did an audit on the route table's received from MS over express
routes, vs what they receive from their ISP's and noticed the differences?

MS needs to seriously think about:
Careful coordination of routing changes
Policies to prevent specific routes being advertised while larger blocks
are advertised over express routes.

Anyway I am tired, as I have not had much sleep, any comments on this,
would like to hear from you.



-Craig

Re: internet - sparkle

[craig washington]

Agree with this  
Traffic engineering is non existent making it a pain to move your traffic 
besides not advertising the prefix to them

Sent from my iPhone

> On May 16, 2018, at 12:33 PM, Ca By  wrote:
> 
>> On Wed, May 16, 2018 at 9:14 AM Michael Crapse  wrote:
>> 
>> Additionally, whilst not "technically" a tier 1 provider, Hurricane
>> electric should be high on that list. Especially as one of the best
>> providers of and proponents for IPv6. We'll see into the future, HE may
>> have one of the most critical infrastructures, and should be a "part-owner"
>> of the internet.
>> 
> 
> Fully disagree.
> 
> 1). HE cant reach cogent on v6. Forget whos fault it is, it is a liability
> for anyone that relies on HE
> 
> 2). They dont support common bgp communities like no-export, so trying to
> do TE is a mess.
> 
> 3). They are at the center of nearly every bgp hijacking fiasco because
> they dont have reasonable route controls.
> 
> HE is a liability to us all until they fix their bgp filters
> 
> https://www.internetsociety.org/blog/2018/04/amazons-route-53-bgp-hijack/
> 
> 
> 
> 
>>> On Wed, May 16, 2018, 8:08 AM Eric Dugas  wrote:
>>> 
>>> Replace Level3 with CenturyLink as they're basically taking over AS33566.
>>> Would add Zayo (AS6461) to the list.
>>> 
>>> I'm not familiar with Sparkle/Seabone to be honest as we're operating an
>>> eyeball network exclusively in the NA.
 On May 16 2018, at 10:54 am, Aaron Gould  wrote:
 
 http://icaruswept.com/2016/06/28/who-owns-the-internet/
 
 
 .written in 12/2015 - do y'all think this is accurate, and, in 2018, is
>>> it
 still accurate ? (asking since my next question is related to Sparkle,
>>> since
 they are listed in that previous article as a significant Internet
>>> presence)
 
 
 
 Also, please tell me your feelings/experiences of Sparkle as an
>> Internet
 uplink provider. like for 10/100 gig.
 
 
 
 My coworker just got back from ITW/Chicago and he is considering
>> Sparkle
>>> as
 an additional Internet provider for the ISP I work for in San Antonio,
>>> TX .
 we would need to uplink to Sparkle in the central Texas area somehow.
>> He
 mentioned that Sparkle may be in McAllen / Dallas and could possibly,
>> in
>>> the
 future be in Austin or San Antonio
 
 
 
 
 
 - Aaron
>>> 
>> 

Hulu Peering

[craig washington]

Hey all,


Just wondering if anyone peers with Hulu at any public exchange.

I don't see anything on them in the peeringdb or anything that stands out from 
a google search besides it looks like they may be doing something with Equinix.


Thanks

Network Services Forms/methods for tracking

[Craig]

Could anyone that operates in a ISP or large enterprise that deals with
many different customers/clients discuss some methods you handle network
service requests.


   - Do you have/use an online form?
   - How is it tracked, IE a service request #, circuit ID, etc?
   - Can the customer look up the info to see if their request is completed?
   - Can engineers reference this info when issues arrise, and customers
   call in for support?
   - Pros/cons about the method you are using now?



once the information is gathered how is it verified? (sometimes
clients/customers don't know what they need)

and finally what information does the engineer receive to complete the
build of the network service?
does the engineer update the information when the network service is build
out so its tracked?

I am looking to get some feedback on some better ways to handle network
requests, service providers would probably have good feedback on this that
can facilitate collecting all the info needed, adding to the info once the
build is completed and then having something that can be accessed when any
t-shooting is required, and also if the service is to be decommissioned.


Any feedback is appreciated;

craig

Re: Amazon peering peeps on the list?

[Craig]

We had to do the same, a ticket and issue moved along quickly and a CO-
worker had the peers up quickly.


On Fri, Mar 9, 2018 at 9:16 AM Jason Kuehl  wrote:

> The better way to go ahead and get a hold of Amazon for peering issues is
> to open a ticket with them via AWS account with business support.
>
> This is how I resolved issues with peering in the past.
>
> On Mar 9, 2018 8:27 AM, "Joe Nelson"  wrote:
>
> > I've all but given up on trying to get a response from
> peer...@amazon.com.
> > If you do end up getting a contact, please share.
> >
> > On Wed, Mar 7, 2018 at 8:19 PM, Mike Lyon  wrote:
> >
> > > Anyone on the list from Amazon peering? Have sent multiple emails to
> > > peer...@amazon.com over the past couple of weeks with no reply.
> > >
> > > Any help would be appreciated.
> > >
> > > Thank You,
> > > Mike
> > >
> > >
> > > --
> > > Mike Lyon
> > > mike.l...@gmail.com
> > > http://www.linkedin.com/in/mlyon
> > >
> >
>

BGP next-hop self benefits

[craig washington]

Hello everyone,


Question, what are the true benefits to using the next-hop self feature, 
doesn't matter what vendor.

Most information I see is just to make sure you have reach-ability for external 
routes via IBGP, but what if all your IBGP knows the eBGP links?

Is there a added benefit to using next hop self in this situation?


Any feedback is much appreciated, either for the question specifically or 
whatever else you got , L3VPN's or underlying technology that has to have that.


Thanks

Re: Physical Layer fiber Software Tools?

[Craig]

We are trying out Patchmanager currently, we are asking them if they offer
any software to speed up the physical install for the fiber techs.



On Mon, Oct 30, 2017 at 7:31 AM, Arien Vijn <ar...@vijn.net> wrote:

> You probably want to look at Patchmanager: https://patchmanager.com
>
> They usually allow you a free testdrive.
>
> — Arien
>
> > On Oct 26, 2017(43), at 17:08, Craig <cvulja...@gmail.com> wrote:
> >
> > I am hoping someone could help me out with some suggestions for any
> > software that is available, for individuals that are doing physical layer
> > wiring in a data center?
> >
> > The idea is the technician is performing the fiber runs from say RACK 111
> > router AAA port 1/1/1 to RACK 222 router BBB port 1/1/1
> >
> > The fiber is connected to a LIU in the TOP of the rack, and then will
> > require various cross connects to get to the other rack. If the various
> > racks and LIU's are pre-populated into the software, and then a standard
> > for the fiber labels is also installed ahead of time into the software
> > tool.
> >
> > The technician has a tablet or laptop to enter the data, and then it will
> > print out a cable label based on the info entered into the tool. The
> > back-end data base is updated for each fiber so the complete path is
> known.
> > This way its a one step process.
> >
> > Maybe my description of this is readily available or have other companies
> > developed a custom software tool to achieve this?
> >
> >
> >
> > Appreciate any feedback.
>
>

Re: Physical Layer fiber Software Tools?

[Craig]

was the link attached?

On Thu, Oct 26, 2017 at 1:31 PM, Jameson, Daniel <
daniel.jame...@tdstelecom.com> wrote:

> Give this a look.  It can track to the cross-connect level,  then provide
> a one-line drawing. Application is web driven and expandable.  It should be
> able to do what you need.
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Craig
> Sent: Thursday, October 26, 2017 9:09 AM
> To: nanog group
> Subject: Physical Layer fiber Software Tools?
>
> I am hoping someone could help me out with some suggestions for any
> software that is available, for individuals that are doing physical layer
> wiring in a data center?
>
> The idea is the technician is performing the fiber runs from say RACK 111
> router AAA port 1/1/1 to RACK 222 router BBB port 1/1/1
>
> The fiber is connected to a LIU in the TOP of the rack, and then will
> require various cross connects to get to the other rack. If the various
> racks and LIU's are pre-populated into the software, and then a standard
> for the fiber labels is also installed ahead of time into the software tool.
>
> The technician has a tablet or laptop to enter the data, and then it will
> print out a cable label based on the info entered into the tool. The
> back-end data base is updated for each fiber so the complete path is known.
> This way its a one step process.
>
> Maybe my description of this is readily available or have other companies
> developed a custom software tool to achieve this?
>
>
>
> Appreciate any feedback.
>

Physical Layer fiber Software Tools?

[Craig]

I am hoping someone could help me out with some suggestions for any
software that is available, for individuals that are doing physical layer
wiring in a data center?

The idea is the technician is performing the fiber runs from say RACK 111
router AAA port 1/1/1 to RACK 222 router BBB port 1/1/1

The fiber is connected to a LIU in the TOP of the rack, and then will
require various cross connects to get to the other rack. If the various
racks and LIU's are pre-populated into the software, and then a standard
for the fiber labels is also installed ahead of time into the software
tool.

The technician has a tablet or laptop to enter the data, and then it will
print out a cable label based on the info entered into the tool. The
back-end data base is updated for each fiber so the complete path is known.
This way its a one step process.

Maybe my description of this is readily available or have other companies
developed a custom software tool to achieve this?



Appreciate any feedback.

Peering at public exchange authentication

[craig washington]

Hello all,


Wondering your views or common practices for using authentication via BGP at 
public exchange locations.

Just for example, lets say you peer with 5 people in the TELX in Atlanta, do 
you require them to all use authentication for the BGP session?

Ive seem some use it and some not use it, is it just a preference?

Regex expression

[craig washington]

Hello all, not sure if this is the right place for this.

I am not the best with Regex and was looking for an expression in a Juniper 
that will match on only so many numbers.

Meaning, I am looking at the mpls lsp statistics "show mpls lsp transit 
statistics" and I only want to see the LSP's that have larger Bytes, for 
instance I only want to see stuff that has at least 12 digits or longer.



Any help would be greatly appreciated, and if this is the wrong thing to ask 
here, I have no qualms with that either 


Thanks again.

Re: AS PATH limits

[craig washington]

Thank you all very much for the feedback.

As always it is much appreciated.



From: Tom Beecher <beec...@beecher.cc>
Sent: Wednesday, September 20, 2017 8:01 PM
To: craig washington
Cc: nanog@nanog.org
Subject: Re: AS PATH limits

Too many prepends = any more than you really need for what you're trying to 
accomplish. :)

I've cutoff paths as short as 4 to as long as 8 before in different jobs for 
different reasons.

On Tue, Sep 19, 2017 at 9:33 AM, craig washington 
<craigwashingto...@hotmail.com<mailto:craigwashingto...@hotmail.com>> wrote:
Hello world.

I was wondering and forgive me if this discussions has already taken place.

How many AS PATHS are too many?

Meaning how do we determine how many to filter on transit links or public 
peering links?


Thanks in advance

AS PATH limits

[craig washington]

Hello world.

I was wondering and forgive me if this discussions has already taken place.

How many AS PATHS are too many?

Meaning how do we determine how many to filter on transit links or public 
peering links?


Thanks in advance

Re: BGP peering question

[craig washington]

Awesome!

Thanks for all of the feedback.

I am going through the links you sent me and I think they will be of very good 
help.

I guess it was a general question but that was kinda the point, get feed back 
from all the pro's 


thank you very much again.



From: Martin Hannigan <hanni...@gmail.com>
Sent: Thursday, July 13, 2017 5:41 PM
To: craig washington
Cc: nanog@nanog.org
Subject: Re: BGP peering question




On Mon, Jul 10, 2017 at 4:12 PM, craig washington 
<craigwashingto...@hotmail.com<mailto:craigwashingto...@hotmail.com>> wrote:
Hello,


Newbie question, what criteria do you look for when you decide that you want to 
peer with someone or if you will accept peering with someone from an ISP point 
of view.


You didn't say what kind of 'peering'. That could mean over an IXP or to be 
directly connected. You do not need to be a member of an IX to peer.

There are at least three types of criteria to evaluate. Technical, business and 
legal.  Take a look here for a few ideas on technical and business criteria:

http://bit.ly/2ue2t0P

"Me too" with the rest of the thread. If peering serves your mutual interests 
(or just yours even), its an easy decision.

The Dr Peering http://drpeering.net/ website is also a resource for folks new 
to peering.

http://drpeering.net/


Best Regards,

-M<

BGP peering question

[craig washington]

Hello,


Newbie question, what criteria do you look for when you decide that you want to 
peer with someone or if you will accept peering with someone from an ISP point 
of view.


Thanks.

Multiple VRFs from provider, IP addressing

[Craig Rivenburg]

Hi Nanog...looking for some advice.  I have a customer who has a large
network...approximately 130 sites across the US.  Each site is fed via two
providers, via two Separate CE Routers.  It's a  L3-VPN service.  Each
provider currently provides connectivity for 6 VRFs, each over a single
service multiplexed UNI.  Ie...there are 6 dot1q interfaces facing each
provider, each sub-interface is in its own VRF.

The network is going through a redesign, and one of my tasks is to
consolidate and "streamline" IP addressing.

Looking for a sanity check...I have this idea to make every dot1q
sub-interface facing the provider the same point-to-point subnet.
Specifically, facing a single provider, I want to use the same /30 subnet
for all 6 VRFs.  I'd use a separate /30 for each of the CE routers per
site, so I could go from 12 /30s to 2 per site.  I should note, PE-CE
protocol is BGP, and behind the CE routers is a small iBGP network.

I know it's technically possible to configure the OPs this way and under
normal circumstances its fine.  But, in this case, there is a whole lot of
route leaking / cross target exchanges happening between VRFs.  I still
think it's okay...but can anyone think of a a failure mode that I may not
have?  Is what I'm thinking common practice?  Is there a best practice for
this sort of thing?

Thanks!

Re: APC vs TrippLite metered PDU's

[Craig Tomkow]

APC PDUs have been good.  Their HTTPS interface moves like molasses iirc,
but as long as you have some SNMP mgmt platform (APC struxureware for us),
then you are good.
On Dec 1, 2015 2:55 PM, "Dovid Bender"  wrote:

> Hello All,
>
> We currently use TrippLite and over all have been very happy with their
> metered PDU's. When we first started out we had some minor issues and their
> support went above and beyond. Lately the their Java web interface has been
> becoming a real pain. More and more browsers lock it by default and it
> takes a lot of work to get it working correctly. Does anyone have any
> experience with APC? How are is management of their devices and over all
> how do they operate?
>
> TIA.
>
> Dovid
>

Re: Alcatel-Lucent 7750 Service Router (SR)

[Craig]

yep.. its way easier and faster to take a look at what is configured:

A:R01configservicevprn# interface to-what-ever-eBGP
A:R01configservicevprnif# info
--
description L3 Ckt ID: 
enable-ingress-stats
cpu-protection 231
address 299.299.299.299/30
cflowd interface
ipv6
address 2001::x::x/126
exit
sap 1/1/2 create
cpu-protection 231
ingress
filter ip 3356
filter ipv6 3356
flowspec
exit
exit
--







On Thu, May 7, 2015 at 12:08 PM, Chris Boyd cb...@gizmopartners.com wrote:


  On May 6, 2015, at 5:24 PM, Colton Conor colton.co...@gmail.com wrote:
 
  I am worried as most tech's know Cisco and Juniper, so going to ALU would
  be a learning curve based on replies I am getting off list.

 It’s not that hard to learn if you know the basics of IP routing.  I just
 did an implementation of A-L 7705 SAR 8s and 18s.  Now I really wish that
 Cisco supported the “info” command.

 —Chris

Re: Alcatel-Lucent 7750 Service Router (SR)

[Craig]

we do cry when we interview people that claim to have advanced
knowledge of BGP and we ask them some very basic BGP questions, and we get
a blank stare.

On Thu, May 7, 2015 at 12:49 PM, Rob Seastrom r...@seastrom.com wrote:


 Josh Reynolds j...@spitwspots.com writes:

  It really bothers me to see that people in this industry are so
  worried about a change of syntax or terminology. If there's one
  thing about the big vendors that bothers me, it's that these
  batteries of vendor specific tests have allowed many techs to get
  lazy. They simply can't seem to operate well, if at all, in a
  non-Cisco (primarily) environment.

 If that bothers you, I recommend you not look at what passes for a
 system administrator these days.  It will make you cry.

 -r

Re: Alcatel-Lucent 7750 Service Router (SR)

[Craig]

If you know Juniper and Cisco, the learning curve isn't so bad to pick up
the ALU CLI, after working with it for a brief time, you catch on quickly.
Their products are quite impressive, and a # of the carriers, are moving to
them and some have already moved to them and are quite happy with their
decision.


On Wed, May 6, 2015 at 6:24 PM, Colton Conor colton.co...@gmail.com wrote:

 I am worried as most tech's know Cisco and Juniper, so going to ALU would
 be a learning curve based on replies I am getting off list.

 On Wed, May 6, 2015 at 5:22 PM, Dan Snyder sliple...@gmail.com wrote:

 
  They are definitely good for that. We use them in part of our network for
  something very similar.
 
  I am not sure why they aren't mentioned that much. I know that they have
  been pretty popular in the past couple years.
 
  We are planning on using 7750 SR-a4's in the future but right now we
  mainly have 7750SR7/12s.
 
  Sent from my iPhone
 
  On May 6, 2015, at 6:00 PM, Colton Conor colton.co...@gmail.com wrote:
 
  Taking full BGP routes from 4+ carriers on 10G connections. Why is ALU
  never mentioned, but Juniper MX and Cisco are all day long?
 
  The new 7750 SR-a4 looks like a Juniper MX80 or MX104 killer.
 
  On Wed, May 6, 2015 at 4:58 PM, Dan Snyder sliple...@gmail.com wrote:
 
  We have been using them for almost 8 years now and have been pretty
  happy. What are you looking to use them for?
 
  Sent from my iPhone
 
   On May 6, 2015, at 5:48 PM, Colton Conor colton.co...@gmail.com
  wrote:
  
   I was wondering if anyone was using a  Alcatel-Lucent 7750 Service
  Router
   (SR) in their network? How does this platform compare the the Cisco
 ASR,
   Brocade MLXe, and Juniper MX line?
 
 
 

Re: Dynamic routing on firewalls.

[Craig]

Setup a multi tenant setup between Nexus 7K and Juniper Net screen 5400 FW
using OSPF.
It went OK and worked. However when under traffic load/ less than.
Desirable results... OSPF peer failure / bounces etc.

However using BGP with Juniper SRX FW has been working great. No issues
thus far.
 On Feb 5, 2015 9:11 AM, David Jansen da...@nines.nl wrote:

 Hi,

 We have used dynamic routing on firewall in the old days. We did
 experience several severe outages due to this setup (OSPF en Cisco). As you
 will understand i’m not eager to go back to this solution but I am curious
 about your point of views.

 Is it advisory to so these days?

 Kind regards,
 David

Re: AS4826 leaking at Any2 LA?

[Craig Spiers]

Hi Randal,

I’m taking a look at this for you right now.

Cheers


Kind regards,

Craig Spiers | Senior Network Engineer

M: +64 21 511 523tel://+64 21 511 523 D: +64 9 913 9672   E: 
craig.spi...@vocus.co.nzmailto:craig.spi...@vocus.co.nz
P: 0800 VOCUS NZ or +64 9 912 8899   W: vocus.co.nzhttp://www.vocus.co.nz/   
A: 7a Parkhead Place, Albany, Auckland 0632, NZ

[Description: http://www.vocus.com.au/esig/Vocus_Email_Signature_Logo.png]


On 14 November 2014 at 12:57:07 pm, randal k 
(na...@data102.commailto:na...@data102.com) wrote:

We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826.

Our traceroutes to Microsoft were going to LA-New Zealand and back O_o. We
filtered them out, but thought other folks should know just in case.

I also did call their NOC  send them a copy of my notes - just thought I'd
throw this out there!

Regards,
Randal


image001.png@01CFACB3.94A9E780
Description: image001.png@01CFACB3.94A9E780

Re: AS4826 leaking at Any2 LA?

[Craig Spiers]

Hi Randal,

I have put an interim solution in place to stop this - a more permanent 
solution requires some customer involvement.

For the time being - you can consider this issue closed.

Cheers


Kind regards,

Craig Spiers | Senior Network Engineer

M: +64 21 511 523tel://+64 21 511 523 D: +64 9 913 9672   E: 
craig.spi...@vocus.co.nzmailto:craig.spi...@vocus.co.nz
P: 0800 VOCUS NZ or +64 9 912 8899   W: vocus.co.nzhttp://www.vocus.co.nz/   
A: 7a Parkhead Place, Albany, Auckland 0632, NZ

[Description: http://www.vocus.com.au/esig/Vocus_Email_Signature_Logo.png]


On 14 November 2014 at 12:57:07 pm, randal k 
(na...@data102.commailto:na...@data102.com) wrote:

We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826.

Our traceroutes to Microsoft were going to LA-New Zealand and back O_o. We
filtered them out, but thought other folks should know just in case.

I also did call their NOC  send them a copy of my notes - just thought I'd
throw this out there!

Regards,
Randal


image001.png@01CFACB3.94A9E780
Description: image001.png@01CFACB3.94A9E780

Re: VZ FIOS SoCo traceroute plea

[Craig]

sorry for no DNS:

traceroute to 96.44.148.54 from 10.10.10.1, 30 hops max, 36 byte packets
 1 0.0 ms  0.0 ms  0.0 ms71.245.189.1   
 2 0.0 ms 16.6 ms 16.6 ms130.81.216.174 
 3 0.0 ms  0.0 ms 33.3 ms130.81.209.76  
 416.6 ms 16.6 ms 33.3 ms152.63.3.125   
 516.6 ms 16.6 ms 16.6 ms129.250.8.37   
 633.3 ms 33.3 ms 16.6 ms129.250.3.16   
 750.0 ms 50.0 ms 50.0 ms129.250.3.51   
 850.0 ms 50.0 ms 50.0 ms129.250.3.67   
 950.0 ms 66.6 ms 50.0 ms69.31.63.168   
1050.0 ms 50.0 ms 50.0 ms69.31.54.194   
1150.0 ms 50.0 ms 50.0 ms96.44.148.54   

Trace complete.



On Tue, Oct 29, 2013 at 12:11 PM, Jim Popovitch jim...@gmail.com wrote:

 Hello,

 A desperate plea, since apparently VZ still doesn't have a public
 routeserver. :-(

 I need a trace from a VZ FIOS connection in Southern California, to
 96.44.148.54 (Quadranet, DFW).

 Private replies are welcome and encouraged.

 Thank you, sorry for the noise.

 -Jim P.

Zero-Touch Deployment Remote Office solution?

[Matthew Craig]

We have a bunch of small remote offices where we deploy cheap routers with VPN 
tunnels back to the central office.  This is a very static process with high 
overhead… we have to manage each remote router separately, and the offices do 
not have tech personnel that can handle local office issues.

We're looking for a more centrally managed and automated zero-touch remote 
office solution, like the Cisco Virtual Office, where the local non-clueful 
people don't have to do much.

http://www.cisco.com/en/US/netsol/ns855/index.html



Does anyone have any experience / feeback for this Cisco Virtual Office 
solution or have recommendations for alternative solutions.



- Matt

Re: DNS issues with tools.ietf.org

[Craig Van Tassle]

On Wed, 4 Apr 2012 22:26:11 +0200 (CEST)
Marco Davids (Prive) mdav...@forfun.net wrote:

 Hi,
 
 Something seems wrong with the DNS of 'tools.ietf.org'.
 
 Can anyone conform?
 
 --
 Marco
 

It works for me.

Re: Hi speed trading - hi speed monitoring

[Craig]

Some longer term players, will use delayed data as they are trading longer
term, and dont care too much so if the orders were delayed a bit more,
these players most likely wouldn't care/notice.

But also you have to consider, there are a large degree of shorter term
players, who are in/out of the market and play both sides, these do have
real-time data feeds, and do care about latency. Some shops go as far as to
only use a certain length patch cables from their trading PC to the switch
port they are connected to. Also consider when news releases are announced,
the markets often do move quite fast, and a LOT of money can be made/lost
in seconds, so delaying the orders, could and would affect the outcome of
the trades.

Also consider that a vast majority of the trades are automated by
computers, and some want their servers setup as close to the exchange as
possible, in fact the CME group released that they will offer/lease data
center space:

One such project is a 428,000-square-foot data center in the western
suburbs of Chicago opened by the CME Group, which owns the Chicago
Mercantile 
Exchangehttp://topics.nytimes.com/top/reference/timestopics/organizations/c/chicago_mercantile_exchange/index.html?inline=nyt-org.
It houses the exchange’s Globex electronic futures and options trading
platform and space for traders to install computers next to the exchange’s
machines, a practice known as co-location — at a cost of about $25,000 a
month per rack of computers.

http://www.nytimes.com/2011/01/02/business/02speed.html?pagewanted=all

http://www.datacenterknowledge.com/archives/2010/08/23/cme-group-opens-chicago-trading-hub/







On Fri, Feb 17, 2012 at 2:47 PM, Kiriki Delany kir...@streamguys.comwrote:

 Why not just simultaneously settle all trades at the same time? Once every
 minute, or every 5 minutes, or per day?

 There are many solutions to the problem. I'm sure those that can take
 advantage of the latency don't want the solution.


 Kiriki Delany

 -Original Message-
 From: Leo Bicknell [mailto:bickn...@ufp.org]
 Sent: Friday, February 17, 2012 10:54 AM
 To: NANOG
 Subject: Re: Hi speed trading - hi speed monitoring

 In a message written on Fri, Feb 17, 2012 at 01:36:35PM -0500,
 valdis.kletni...@vt.edu wrote:
  Am I the only one who thinks that if network jitter can make you fall
  outside the acceptable price window, maybe, just maybe,  the market is
  just too damned volatile for its own good?

 I've had an interesting discussion with some financial heads about a simple
 idea.

 What if the exchange, on every inbound trade, inserted a random delay, say
 between 0 and 60 seconds, before processing it?

 Almost all of this computer based, let's be closer to the exchange stuff
 becomes junk, immediately.  Anyone long (where long is probably more than
 10 minutes, with a 60 second jitter) in a security wouldn't notice.

 I mean, if the general public has to get 15 minute delayed quotes so they
 don't manipulate the market, shouldn't the big guys? :)

 --
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

Re: juniper mx80 vs cisco asr 1000

[Matt Craig]

They are competing in some things.  There are differences that will make you choose ASR1000 over MX 
series, but alot of people are choosing either one of the other for many of the same jobs, mainly 
upgrading to straight-forward L3 1/10 gig aggregation.  I know some people who've had ASR1000s and 
MXs on the plate and chose the MXs.  I've also known some who's chosen the ASR1000s.  It just really 
depends on what you need.



Actually something as an alternative to both I am researching is the Brocade MLX series.  They have 
different, more efficient, and refreshing architecture; and phenomenal cost (half the cost of 
ASR1000/MX or less).  Gonna do a trial shortly to see if it all lives up to the marketing or if its 
too good to be true.  I also know some peer institutions who have dumped both Cisco and Juniper for 
Brocade's Ethernet/IP lines.  Not a single bad word so far.



Matt



On 1/23/12 8:30 AM, Mark Tinka wrote:

On Friday, January 20, 2012 04:14:35 PM Saku Ytti wrote:


MX80 is not competing against ASR1k, and JNPR has no
product to compete with ASR1k.

And this is something I've been telling Juniper for years
(not that they don't already know). The M7i and M10i have
really done all they can - but trying to get an Ethernet box
to do non-Ethernet things, while possible, is simply not
economically viable for operators (FlexWAN's, SIP's, MX
FPC's, anyone?).

They really need to solve this one.

The MX80 had no competition from Cisco, until the ASR9001
came out (and it supports 40Gbps line cards when they come
out).

Juniper are dropping the ball on this one. But hopefully,
they're busy in the lab building a decent ASR1000
challenger.

Mark.

Re: Libya

[Craig Labovitz]

Updated data  on Libya and other Internet traffic issues in the region: 
http://goo.gl/07ONC

- Craig

Re: Libya

[Craig Labovitz]

http://www.monkey.org/~labovit/libya_pulls_plug.png


-C


Sent from my iPhone

On Feb 19, 2011, at 7:23 AM, Randy Bush ra...@psg.com wrote:

 gossip that libya is off net.  any actual data?
 
 randy
 

Re: Connectivity status for Egypt

[Craig V]

Some interesting financial news... Unsure if this is related the outages,
but interesting.

http://www.marketwatch.com/story/egypt-market-slumps-as-mideast-turmoil-spreads-2011-01-27

EGYPT: Stock market stumbles amid nationwide
turbulencehttp://latimesblogs.latimes.com/babylonbeyond/2011/01/egypt-stock-market-stumbles-amidst-nationwide-turbulence.html
http://www.marketwatch.com/story/egypt-market-slumps-as-mideast-turmoil-spreads-2011-01-27
http://latimesblogs.latimes.com/babylonbeyond/2011/01/egypt-stock-market-stumbles-amidst-nationwide-turbulence.html
http://latimesblogs.latimes.com/babylonbeyond/2011/01/egypt-stock-market-stumbles-amidst-nationwide-turbulence.html

On Thu, Jan 27, 2011 at 7:10 PM, Christopher cal...@gmail.com wrote:

 I have a server with CityNet Host in Cairo. The server and ISP are
 completely offline

Re: Connectivity status for Egypt

[Craig Labovitz]

And to add to this thread, an  graph of Egyptian Internet traffic across a 
large number of geographically / topologically diverse providers yesterday (Jan 
27):

http://farm6.static.flickr.com/5291/5395027368_7d97b74c0b_b.jpg

Traffic drops to a handful of megabits following the withdrawal of most 
Egyptian ISP BGP routes.

- Craig


On Jan 27, 2011, at 8:28 PM, Andree Toonk wrote:
 Hi,
 
 Looking at the BGP announcements it seems that the problem started at around 
 22:28 UTC.
 
 Most of the Autonomous systems operating in Egypt are currently not 
 announcing any or at least significantly less prefixes.
 The one exception seems to be AS20928 (Noor Data Networks).
 
 For more details also see: http://bgpmon.net/blog/?p=450
 
 Cheers,
 Andree




Craig Labovitz  |  Chief Scientist, Arbor Networks  
http://www.monkey.org/~labovit

Re: Is Cisco equpiment de facto for you?

[Craig V]

Our core business is not as a service provider, as in selling services to
others, but we act as a service provider providing services for the various
customers in our internal network that we support.

Our core used to be an all Cisco Core. a few years back the decision was
made to replace this with Alcatel-Lucent IPD products. I can say we are
happy that we did replace the Cisco core, and we have had a very good
experience with the IPD product line. I am sure others can attest to this
also.  The features and functionality along with the reliability have been
very good, and in my opinion they have a strong product.

Our edge at this point is a mixture of Cisco access switches, and we also
still have some Cisco Distribution.

On Mon, Jan 10, 2011 at 10:31 AM, Brandon Kim brandon@brandontek.comwrote:


 Hello gents:

 I wanted to put this out there for all of you. Our network consists of a
 mixture of Cisco and Extreme equipment.

 Would you say that it's fair to say that if you are serious at all about
 being a service provider that your core equipment is Cisco based?

 Am I limiting myself by thinking that Cisco is the de facto vendor of
 choice? I'm not looking for so much fanboy responses, but more of a real
 world
 experience of what you guys use that actually work and does the job.

 No technical questions here, just general feedback. I try to follow the
 Tolly Group who compares products, and they continually show that Cisco
 equipment
 is a poor performer in almost any equipment compared to others, I find that
 so hard to believe.

 Thanks!

 Brandon

Re: AltDB?

[Craig Pierantozzi]

On Jan 5, 2011, at 9:26 AM, Jon Lewis wrote:

[snip]

 Can anyone from Level3 say how this will impact customer BGP filters. Will L3 
 keep working with the last data sync they got from altdb?

Yes, Level 3 will continue to use the last data mirrored and archived. New 
filters are not pushed daily, they are only pushed when things change.

Archives are here in case people want to know what the latest was: 
ftp://rr.level3.net/pub/rr/archive.mirror-data/

regards

Re: Some truth about Comcast - WikiLeaks style

[Craig L Uebringer]

On Thu, Dec 16, 2010 at 8:02 AM, Jared Mauch ja...@puck.nether.net wrote:


 On Dec 16, 2010, at 1:16 AM, JC Dill wrote:

  On 15/12/10 9:29 PM, Jay Ashworth wrote:
 
  The underlying problem, of course, is lack of usable last-mile
 competition;
 
  I agree.


It exists where there is an ROI on investment. Capital markets haven't been
friendly
to network build since the dot-bomb, and for some reason localities are more
willing
to give tax-incentive financing to malls and stadiums rather than incenting
over-builders.


  see also my running rant about Verizon-inspired state laws *forbidding*
  municipalities to charter monopoly transport-only fiber providers,
 renting
  to all comers on non-discriminatory terms, which is the only practical
  way I can see to fix any of this.
 
  The problem is that this should have been addressed 5-10 years ago, when

 there *were* alternative ISPs who could have provided competition.  Now
 that

 Comcast has a monopoly on cable, and fiber is so bleeping expensive to
 install,

 at best we might get *one* alternative to Comcast, and a duopoly is really
 no

 better (for consumers, for the marketplace) than a monopoly.


Funny thing about competition is that there are losers as well as winners.
 DSL competition
didn't lose by regulation, it lost (nationally) by cheaper, more elastic
bandwidth available
on other media and JC's previously-noted fickle and lazy consumers.  Where
there is
competition, the little guy gets an easy low percentage (10-25%) of
penetration based
solely on not being the incumbent, but churn is high as soon as sign-up
incentives expire
and they get on a downward spiral of catering to complainers. Magic phrases
are traded
on dslreports and any retention-packages get spread across the entire
customer base.
Where there isn't market- sustainable competition, there is no actual
legislated monopoly
but rather ignorant local boards.


 This is why I suggested it might take regulatory action, or changes in
 state laws.


Also engage locality first, as Jared indicates. The problem in going to the
fed is that power
will be skewed to the larger entities. Competitive providers breathed a sign
of relief when
Verizontal lost their attempts to get statewide television franchising and
had to deal
locality-by-locality, just like the small guys did.  Would be worse if there
was a single
federal entity to buy off now that corporate campaign funding is both
anonymous and
unlimited.



 If I want to start up a coop, or convince my local county/state they should
 be a neutral provider of conduits/dark fiber as roads are rebuilt, etc..
 there are various barriers.  Even if the cost would be nominal.  I scaled-up
 some quotes to be an area-wide effort for fiber down every public road ROW,
 and came back with $100mil.  (you private road types need to shell out your
 own cash for that leg).

 The barriers to doing this as a project are well known.  Even if you don't
 like ars, they have decent articles on these topics:


 http://arstechnica.com/tech-policy/news/2010/01/municipal-fiber-needs-more-fdr-localism-fewer-state-bans.ars


 http://arstechnica.com/tech-policy/news/2009/06/monticello-appeals-court-win.ars


 http://arstechnica.com/old/content/2008/07/telco-wont-install-fiber-sues-to-keep-city-from-doing-it.ars

 Similar to the above, I could not even get Comcast to give me a quote to
 build to my area.  ATT ... good luck getting any data from them.  I can
 tell they are filling in the gaps based on the trenching/boring going on,
 but there's no good way to motivate them.  And even if I decided to drop
 $10k to install a bunch of POTS service for 1 month to force a build, who
 knows if that build would bring the right level of service.  (As the POTS is
 regulated with a low install fee).

 The incentives are clearly skewed here, but without that $100mil, reaching
 the 125k properties (111k residences) in my local area may be tough.  (Note:
 there may be actual cost savings by not running down *every* public road,
 but using public road mileage and property counts seemed like a good method
 without actually designing the final fiber plant).

 My notes are here:

 http://puck.nether.net/~jared/blog/?p=84

 The reply I received from my elected reps:

 Additionally, offering a millage to build a network for the general public
 may violate recent provisions within the Michigan Telecommunication Act.

- Jared


In a country where government-supplied healthcare is viewed as evil, how can
people
honestly expect the less-important telecommunications to be allowed to be
government
run as neutral municipal networks? Any unbundling of local HFC or FTTP
loops will be
slow and problematic.

Re: Some truth about Comcast - WikiLeaks style

[Craig L Uebringer]

On Tue, Dec 14, 2010 at 1:53 AM, Rettke, Brian brian.ret...@cableone.bizwrote:

 I don't see anything listed that indicates operation that is at all
 different from any other service provider network.


Yeah, the 30 day looks like a classic uptick in traffic toward the holidays.
Some bellhead beancounter maybe
took out capacity in the summer lull and ignored the engineers. Or they just
have stupidly-slow install intervals.
Same crap I've seen on loads of provider networks.


 The capacity issue listed is not an issue at all. It's simply inciting
 anger and the same rhetoric that pollutes the legitimate discussion of
 backbone network constraints.

 When you shout conspiracy without offering verifiable facts, and not
 accounting for the cost (and time) it takes to upgrade networks (much less
 the fact that it requires capacity upgrades on both sides, in this case
 between TATA and Comcast), it makes the whole argument invalid in my
 opinion.


If they wanted to be tru to the  claim of wikileaks style in the subject
line, they'd have an actual memo from
some executive stating the policy of purposefully starving traffic. Never
attribute to malice* *that which is
adequately explained by stupidity.


 That and the backdoor santa thing makes me believe the whole thread is
 designed to flame rather than promote the discourse that is the hallmark of
 NANOG. I really hope that there are moderators about to verify this: With
 these kinds of people about I'm less likely to post anything of substance.

 Sincerely,

 Brian

 -Original Message-
 From: Mikael Abrahamsson [mailto:swm...@swm.pp.se]
 Sent: Monday, December 13, 2010 11:45 PM
 To: nanog@nanog.org
 Subject: Re: Some truth about Comcast - WikiLeaks style

 On Mon, 13 Dec 2010, Backdoor Santa wrote:

  Another thing to notice is the ratio of inbound versus outbound. Since
  Comcast is primarily a broadband access network provider, they're going
  to have millions of eyeballs (users) downloading content.

 Actually, there are plenty of access providers with 2:1 ratio (more ul
 than dl). It's not a matter if you're access provider or not, it's a
 matter if you offer decent upstream speed or not.

 In my experience, someone with 10/10 megabit/s ETTH compared to someone
 with 24/1 ADSL will download the same amount of data on average, but the
 10/10 will have four (4) times more upload usage, bringing the ratio from
 2:1 (Dl:Ul) on ADSL to 1:2 (Dl:Ul) on ETTH.

 So because Comcast is offering low upload speeds, they'll have low
 outgoing amount of traffic compared to incoming. With more and more ISPs
 offering more symmetric dl/ul speeds, we'll approach 1:1 ratio more and
 more...

 --
 Mikael Abrahamssonemail: swm...@swm.pp.se

Re: wikileaks unreachable

[Craig Labovitz]

http://asert.arbornetworks.com/2010/11/wikileaks-cablegate-attack/
and http://asert.arbornetworks.com/2010/11/round2-ddos-versus-wikileaks/

- Craig


On Dec 1, 2010, at 4:38 PM, Mike wrote:
 Just on an operational front, does anyone know the nature of the DDoS against 
 wikileaks? eg: spoofed source garbage, http get, synfloods, or ?
 
 Mike-

Re: RIP Justification

[Craig]

We have a design for our wan where we use rip v2 and it works very well, we 
were using ospf but it was additional config, so in our case simple was better, 
and it works well..

I could discuss it more with you off-line if you like. 



On Sep 29, 2010, at 4:20 PM, Jesse Loggins jlogginsc...@gmail.com wrote:

 A group of engineers and I were having a design discussion about routing
 protocols including RIP and static routing and the justifications of use for
 each protocol. One very interesting discussion was surrounding RIP and its
 use versus a protocol like OSPF. It seems that many Network Engineers
 consider RIP an old antiquated protocol that should be thrown in back of a
 closet never to be seen or heard from again. Some even preferred using a
 more complex protocol like OSPF instead of RIP. I am of the opinion that
 every protocol has its place, which seems to be contrary to some engineers
 way of thinking. This leads to my question. What are your views of when and
 where the RIP protocol is useful? Please excuse me if this is the incorrect
 forum for such questions.
 
 -- 
 Jesse Loggins
 CCIE#14661 (RS, Service Provider)

Re: Looking Glass

[Craig Van Tassle]

On Tue, 07 Sep 2010 17:09:21 +0300
Peter Rudasingwa peter.rudasin...@altechstream.rw wrote:

 I have a linux (ubuntu) box and I would like to install a BGP looking 
 glass. Are there any out there for free and how can one go about it?
 Is linux the best OS to use?
 
 Thanks,
 Peter R.

I have used Mult-Router Looking Glass in the past and it's been pretty
good. 

http://freshmeat.net/projects/mrlg4php/


-- 


signature.asc
Description: PGP signature

Re: ALU - 7750 SR-12/7/1

[Craig]

Work with the product. No issues so far, very solid.



On Jun 3, 2010, at 6:30 AM, Uri Joskovitch  
uri.joskovi...@telrad.com wrote:




Hi

Any one working with Alcatel Lucent equipment 7750 SR-12/7/1.

Any issues with it?

Specifically in ATM.

Thanks

Uri

Re: Using private APNIC range in US

[Craig Vuljanic]

Chuck - Very true...
What about the time our old manager (MARTIN) gave your old organization that
Entire Class B 


On Fri, Mar 19, 2010 at 11:06 AM, Charles Mills w3y...@gmail.com wrote:

 I love war stories.  I once got chewed out by a colleague ? from
 another organization because we were using their address space.

 We were using 10.0.0.0/8.  Explanation of NAT and RFC1918 was met with
 a deer in the headlights look.

 On Fri, Mar 19, 2010 at 12:04 AM, Matt Shadbolt matt.shadb...@gmail.com
 wrote:
  I once had a customer who for some reason had all their printers on
 public
  addresses they didn't own. Not advertising them outside, but internally
  whenever a user browsed to a external site that happened to be one of the
  addresses used, they would just receive a HP or Konica login page :)
 
  They didn't mind though. No idea if they've changed it since.
 
 
  On Fri, Mar 19, 2010 at 6:41 AM, Larry Sheldon larryshel...@cox.net
 wrote:
 
  On 3/18/2010 14:30, William Allen Simpson wrote:
   On 3/18/10 2:35 PM, Jared Mauch wrote:
   Does anyone know if the University of Michigan or Cisco are going be
  updating their systems and documentation to no longer use 1.2.3.4 ?
  
   http://www.google.com/search?q=1.2.3.4+site%3Acisco.com
  
   I know that the University of Michigan utilize 1.2.3.4 for their
 captive
  portal login/logout pages as recently as monday when I was on the
 medical
  campus.
  
   Dunno about cisco.
  
   med.umich.edu seems to run their own stuff, separately from umich.edu
 ,
  and
   quite badly.  I've complained about their setup repeatedly over the
 past
   several years.  No traction.
 
  Is it something about Medical Schools?
 
  When we were first putting together the campus network, Surgery was
  running a Token Ring (I thought Vampire Tap was a fitting item for
  their inventory) running in Class D space as I recall.
 
   Should we try again, jointly?  ;-)
 
  Towards the end, there were people who insisted I must rout their net to
  the Internets.
 
  I declined.
  --
  Democracy: Three wolves and a sheep voting on the dinner menu.
  (A republic, using parliamentary law, protects the minority.)
 
  Requiescas in pace o email
  Ex turpi causa non oritur actio
  Eppure si rinfresca
 
  ICBM Targeting Information:  http://tinyurl.com/4sqczs
  http://tinyurl.com/7tp8ml
 
 
 
 
 



 --
 =
 Charles L. Mills
 Westmoreland Co. ARES EC
 Amateur Radio Callsign W3YNI
 Email: w3y...@gmail.com

Re: Alcatel-Lucent

[Craig]

Very good routers. We have been using them for several years now. Very  
solid product, and very easy to setup services: ie vprn/ vpls/ epipe,  
etc.


The qos on the box is very scalable. I could talk more about them off  
line with you or discuss more over phone.






On Mar 4, 2010, at 5:22 PM, Scott Weeks sur...@mauigateway.com  
wrote:





--- li...@iamchriswallace.com wrote:
I am hoping to get some peoples opinions on Alcatel-Lucent routers.   
We are looking at the 7750 SR line and the 7450 ESS line.  We are  
currently a Cisco shop but these would be deployed in a completely  
new network delivering mostly MPLS based services and DIA.  Any  
comments are welcome,  good and bad.

---


We deploy these.  They are very different from cisco (so there will  
be a big learning curve) and kick ass.  Be sure to go to  
7.something as cflowd (their netflow) does not report correctly on  
things like ASN.


scott

Re: dark fiber

[Craig Vuljanic]

http://en.wikipedia.org/wiki/Dark_fibre



On Thu, Feb 11, 2010 at 11:13 AM, Deric Kwok deric.kwok2...@gmail.comwrote:

 Can I have question?

 What is dark fiber?

 Thank you



 On Wed, Feb 10, 2010 at 5:08 PM, James Jones ja...@freedomnet.co.nz
 wrote:
  I am doing some researchis there a way to find out where there is
 dark
  fiber and who own's it?
 
 

Re: Traffic Statistics for Yesterday

[Craig Labovitz]

It was big (flash traffic roughly doubled globally at the peak), but  
not in the same ballpark as Obama inauguration.


A graph of July 7 flash traffic across 97 tier1/2 ISPs compared with  
the daily average:

http://farm3.static.flickr.com/2581/3704208402_34ca00597d.jpg?v=0

- Craig



On Jul 8, 2009, at 11:08 AM, Shon Elliott wrote:
Does anyone have any data on how the memorial event for Michael  
Jackson effected
the global backbones? This was seen as another inaugural type of  
traffic day to

most of the people I've talked to.

Re: Network diagram software

[Craig Holland]

Mathias Wolkert wrote:

 OmniGraffle is the better Visio.

...except I've not found any good networking/systems stencils for
omnigraffle (even on graffletopia).  I tried to import the visio ones in 5.0
but that didn't work too well.  Someone out there have something for
omnigraffle that rivals the visio network stencils?

Thanks,
craig

Re: Comcast DNS

[Craig Holland]

Hi...

 I find your report too specific.  Can you make it a bit more generic,
 perhaps by not including the name of the company that provides a myriad
 of web-based services?

Isn't 'specific' good for operations related stuff?  I mean if you are just
complaining about something for the sake of complaining or are giving
examples I can see where names wouldn't be necessary.

Rgs,
Craig

Re: Comcast DNS

[Craig Holland]

*blush* at missing the original sarcasm.



--Original Message--
From: Craig Holland
To: NANOG
Sent: Dec 8, 2008 5:42 PM
Subject: Re: Comcast DNS

Hi...

 I find your report too specific.  Can you make it a bit more generic,
 perhaps by not including the name of the company that provides a myriad
 of web-based services?

Isn't 'specific' good for operations related stuff?  I mean if you are just
complaining about something for the sake of complaining or are giving
examples I can see where names wouldn't be necessary.

Rgs,
Craig

ARIN Routing Registry vs RADB vs X

[Craig Holland]

Hi,

I recently ran across a situation where a large ISP only accepts IRR
entries generated by RADB to build their path filters.  I use the ARIN
Routing Registry.  Is this a common practice?  Should I convert over to
RADB?

Thanks,
Craig

RE: ARIN Routing Registry vs RADB vs X

[Craig Holland]

They gave no particular reason.  I figured I'd ask ya'all before I
started to push back and use phrases like 'silly', 'ridiculous', and
'pointless' in my argument to them.

Thanks,
Craig

 -Original Message-
 From: Christian Koch [mailto:[EMAIL PROTECTED]
 Sent: Thursday, September 25, 2008 3:53 PM
 To: Craig Holland
 Cc: [EMAIL PROTECTED]
 Subject: Re: ARIN Routing Registry vs RADB vs X
 
 Sounds ridiculous...radb mirrors arins db, I don't see why they are
 trying to force you to use radb.
 
 You can query whois.radb.net and you will be able to see your arin
 objects...
 
 Did they give you a reason on WHY you should have to use RADB?
 
 
 Christian
 
 
 
 On Thu, Sep 25, 2008 at 6:38 PM, Craig Holland [EMAIL PROTECTED]
wrote:
  Hi,
 
  I recently ran across a situation where a large ISP only accepts IRR
  entries generated by RADB to build their path filters.  I use the
ARIN
  Routing Registry.  Is this a common practice?  Should I convert over
to
  RADB?
 
  Thanks,
  Craig
 
 
 

Sprint/Cogent Peering Issue?

[Craig Holland]

Hi,

We are seeing traffic getting dropped between our Cogent and Sprint
connect DC's.  One of them is getting shutdown, so we just have a Cogent
link there :|  Anyone seeing anything similar?

From: 91.102.40.18
traceroute to ops1.scc.rnmd.net (208.91.188.136), 30 hops max, 38 byte
packets
 1  v1-core-sw1 (91.102.40.5)  0.471 ms  0.422 ms  0.431 ms
 2  ge-0-1-0-pat2 (91.102.40.146)  0.376 ms  0.354 ms  0.335 ms
 3  fe-1-3-1-501-pat1 (91.102.40.208)  0.376 ms  0.344 ms  0.407 ms
 4  vl324.mpd01.lon01.atlas.cogentco.com (149.6.147.217)  0.745 ms
0.744 ms  0.740 ms
 5  te3-1.mpd02.lon01.atlas.cogentco.com (130.117.2.26)  0.717 ms
39.037 ms te1-8.ccr01.lon01.atlas.cogentco.com (130.117.3.226)  0.565 ms
 6  gi6-0-0.core01.lon01.atlas.cogentco.com (130.117.1.73)  0.592 ms
0.450 ms  0.483 ms
 7  213.206.131.29 (213.206.131.29)  0.581 ms  0.503 ms  0.483 ms
 8  sl-bb21-lon-3-0.sprintlink.net (213.206.129.152)  1.078 ms  0.905 ms
0.934 ms
 9  *
 
From 208.91.188.138
traceroute to ops2.lnc.rnmd.net (91.102.40.18), 30 hops max, 38 byte
packets
 1  v1-core-sw1 (208.91.188.130)  0.600 ms  0.456 ms  2.105 ms
 2  f0-0-4-0-pat2 (207.0.21.114)  0.416 ms  0.466 ms  0.486 ms
 3  sl-st1-sc-2-6.sprintlink.net (144.228.111.25)  0.455 ms  0.224 ms
0.236 ms
 4  sl-crs2-sj-0-1-0-3.sprintlink.net (144.232.20.196)  1.482 ms  1.477
ms  1.232 ms
 5  sl-st20-sj-12-0-0.sprintlink.net (144.232.20.63)  2.482 ms  2.472 ms
2.485 ms
 6  po5-3.core01.sjc03.atlas.cogentco.com (154.54.13.49)  2.732 ms
2.472 ms  2.485 ms
 7  te3-1.mpd01.sjc03.atlas.cogentco.com (154.54.6.85)  2.705 ms  2.723
ms  2.735 ms
 8  vl3493.ccr02.sjc01.atlas.cogentco.com (154.54.6.109)  3.231 ms
vl3492.mpd01.sjc01.atlas.cogentco.com (154.54.6.105)  3.227 ms
vl3491.ccr02.sjc01.atlas.cogentco.com (154.54.6.101)  2.726 ms
 9  te9-3.mpd01.sfo01.atlas.cogentco.com (154.54.2.53)  3.968 ms  3.722
ms te8-3.ccr02.sfo01.atlas.cogentco.com (154.54.2.137)  3.988 ms
10  te9-2.ccr02.mci01.atlas.cogentco.com (154.54.24.118)  50.943 ms
te7-4.mpd01.mci01.atlas.cogentco.com (154.54.24.106)  50.944 ms  50.720
ms
11  te9-3.ccr02.ord01.atlas.cogentco.com (154.54.25.78)  50.669 ms
63.423 ms te9-3.mpd01.ord01.atlas.cogentco.com (154.54.25.82)  51.206 ms
12  te2-1.ccr02.bos01.atlas.cogentco.com (154.54.7.170)  78.172 ms
te3-3.mpd01.bos01.atlas.cogentco.com (154.54.7.82)  100.666 ms
te2-1.ccr02.bos01.atlas.cogentco.com (154.54.7.170)  78.176 ms
13  * * *

Thanks,
craig
 

Craig Holland
Rhythm NewMedia
Sr. Director Operations  Integration
YIM: cholland

Re: Level 3 TPA routing today?

[Craig Pierantozzi]

Most likely the issue was communication between the NOC and the  
service management center. The NOC deals with the core facing events  
versus the SMC which takes the incoming calls from the customers. In  
this case the issue was identified and resolved in the NOC.


Perhaps the RFO was not posted internally or whomever you talked with  
didn't check the status updates or something. Lot's of things could  
have resulted in a tech not knowing about this type of issue.


Anyway, to tie up loose ends, there was a problem on a core router  
that was isolated and then repaired in Atlanta.


regards
-Craig

On Aug 27, 2008, at 5:02 PM, Jon Lewis wrote:


On Wed, 27 Aug 2008, David Hubbard wrote:


be.  The tech I spoke to this morning said he had no
knowledge of any issues yesterday, of course my ticket
also had none of the information I sent in to them
yesterday or even a clear description of what the
problem was


We opened a ticket for today's event and got the same response.

--
Jon Lewis   |  I route
Senior Network Engineer |  therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Level 3 TPA routing today?

[Craig Pierantozzi]

Some infrastructure blocks are not routed to portions of the network  
but should not affect ultimate reachability as long as the correct  
loopbacks and directly connected networks are advertised properly.


regards

On Aug 27, 2008, at 6:42 PM, William R. Lorenz wrote:


Has anyone noticed significant Level3 transit issues this evening?

[wrl@REDACTED ~]$ traceroute ae-23-52.car3.Chicago1.Level3.net
traceroute to ae-23-52.car3.Chicago1.Level3.net (4.68.101.39), 30  
hops max, 40 byte packets

[...]
4  ge-6-1-101.hsa1.Cleveland1.Level3.net (64.156.66.29)  2.627 ms !H
[wrl@REDACTED ~]$


[wrl@REDACTED ~]$ traceroute vlan79.csw2.Dallas1.Level3.net
traceroute to vlan79.csw2.Dallas1.Level3.net (4.68.19.126), 30 hops  
max, 40 byte packets

[...]
4  ge-6-1-101.hsa1.Cleveland1.Level3.net (64.156.66.29)  3.166 ms !H  
* *

[wrl@REDACTED ~]$

Re: Level3 BGP help

[Craig Pierantozzi]

* Jon Lewis was thought to have said:

 If someone from Level3 could tell me why routes tagged with
 
 65000:0 and/or 65000:1239 don't actually stop those routes from being 
 advertised to 1239, I'd appreciate it.

You should start to see them disappear shortly. On route-views they're
starting to show as history entries. Bad community list on one router 
was the issue.

regards
-Craig

Re: Level3 IPv6 availability?

[Craig Pierantozzi]

Level 3 provides best effort IPv6 support with no SLA to current 
Internet customers. As mentioned IPv6 is currently being provided 
via tunnels to the customer's existing router.

There is a simple service agreement addendum and form to fill 
out for relevant config bits.

Sorry you get such a response from people that should know. *sigh*

regards
-Craig (Level 3 architecture)

* Jay Hennigan was thought to have said:

 Is anyone at Level3 who is familiar with IPv6, or anyone who is a Level3 
 IPv6 customer lurking here?  We are a Level3 BGP customer and our 
 contacts are giving us a deer-in-the-headlights stare when we want to 
 bring up our /32, claiming that they don't do IPv6 at all.  Not native, 
 not tunneled, zip, nada.
 
 Yet, I see lots of AS3356 in the ipv6 routing tables, and there's this 
 from three years ago...