Re: End to End testing

[Ben Bartsch]

+1 for Accedian

If you're looking for more of a homemade solution, I've used the perfSONAR
software suite on some cheap-ish servers running CentOS for 10gig testing.
It's highly configurable.  I had it set up to do scheduled tests so we
could see how the network behaved over time.  The results are logged and
displayed similar to PRTG / Nagios.  https://www.perfsonar.net/



On Thu, Dec 12, 2019 at 5:49 PM Owen DeLong  wrote:

> Fluke has some nice devices in this area.
>
> Owen
>
>
> On Dec 12, 2019, at 06:53 , Fawcett, Nick via NANOG 
> wrote:
>
> Anyone have any suggestions on devices that I can put at two points in the
> network to test packet loss, latency, jitter etc.  I was thinking of maybe
> engineering my own using a couple of pi’s,  but the downfall is they don’t
> have SFP ports.  I’m looking for something that’s portable and easy to
> configure and drop in.  Thanks.
>
> ~Nick
>
>
> --
> Checked by SOPHOS http://www.sophos.com
>
>
>

Re: Suggestion for Layer 3, all SFP+ switches

[Ben Bartsch]

I've been testing IPInfusion OcNOS running on Dell Z9100 and S4048.  I've
run a couple of test cases using MPLS LDP signaled port based and VLAN
based VPWS (pseudowire / e-line / xconnect / Juniper CCC) and VPLS (e-lan)
over an OSPFv2 IGP.  It's working well between Dell/IPI to Dell/IPI boxes.
We have had issues with the VPLS between Dell/IPI to Juniper/JunOS where
the circuit will show up on the Juniper and down on the Dell.  If we clear
LDP session on the Dell, it comes back up right away.  This seems to be
similar to what Aaron is seeing in his multi-vendor environment.  The price
on the Dell hardware is really good.  The features included with OcNOS are
much better than FTOS9.  If you aren't partial to Dell, you can run OcNOS
on a variety of other whitebox switches, like EdgeCore.

I haven't tested MP-BGP and L3VPN or BFD yet, but that is supposedly
supported in OcNOS as well.

-ben

On Wed, Apr 18, 2018 at 8:32 PM, Colton Conor 
wrote:

> What is your budget?
>
> I know on the low end many operators are using the
> Huawei S6720S-26Q-EI-24S-AC. You can get these new for $2500 to $3500, and
> the support all the features and port counts you requested. The also have a
> lifetime warranty that includes advanced replacement (10 days), TAC
> support, and software support all for free if you buy through official
> channels. It support MPLS, and also VXLAN.
>
> Extreme seems to have some good options, but I doubt they are that low
> cost.
>
> For Juniper you need to look at the ACX series which is expensive. Like the
> ACX5048 which list price is $40k not that anyone pays list, and that's
> before port licenses. The EX series does not have proper MPLS support.
>
> Cisco has mutliple options, but mainly the NCS based on your port count I
> think. Supposely the C3850 and C9500 now support MPLS? There is a new 16
> port 10G version of the C9500. I haven't looked into Nexus switches. Does
> Nexus support full MPLS?
>
> HPE has some low cost options. In their FlexFabric and FlexNetwork lines
> that support MPLS in Comware V7.
>
> Who else are we missing? MPLS support really cuts down this list, but I
> agree its a critical feature for most service providers.
>
>
>
>
> On Wed, Apr 18, 2018 at 7:26 AM, Giuseppe Spanò - Datacast Srl <
> sp...@datacast.it> wrote:
>
> > Hello,
> >
> > we're looking for some L3 switches to be used as distribution devices.
> > They should have all (at leaast 24) SFP+ ports 10G and at least a couple
> of
> > upstream ports 40G capable, but what is most important, they should be
> able
> > to run MPLS, EoMPLS and VPLS. Is there any device you would suggest us?
> We
> > where thinking about NEXUS but I'm sure there are also others, even if it
> > is not so easy to find them on the Internet.
> >
> > Thank you in advance for your help .
> >
> > Giuseppe Spanò
> > Datacast Srl
> >
>

Re: validating reachability via an ISP

[Ben Bartsch]

+1 for Route Explorer

On Thu, Apr 5, 2018 at 2:49 AM, Andy Davidson  wrote:

>
>
>
>
>
> On 29/03/2018, 00:22, Andy Litzinger 
> wrote:
> >
> >> The root cause is that the our prefix is not being adequately
> >> re-distributed globally by the regional ISP.  This is unexpected and we
> are
> >> working through this with them now.
>
> Hi, Andy —
>
> Are you failing to advertise it, or are they filtering it on ingress, or
> are they failing to send it to their other peers?
>
> One configuration mishap which is starting to come along more and more
> partial or poor reachability caused by route objects which are not
> correctly published in the IRRDB. It is going to be essential to make sure
> that you have properly recorded IRR route objects in, for instance, RADB.
> More BGP speakers properly filter their peers using information that is
> published there.  Avoid future reachability problems by checking this today!
>
> Yours,
> A friendly route-server operator with strict filtering
>
> -a
>
>
>
> --
> Andy DavidsonAsteroid International BV
> https://www.asteroidhq.com@asteroidhq   @andyd
> --
> Local interconnection.  Where you need it.
>
>

Re: How are you configuring BFD timers?

[Ben Bartsch]

No sure if this link has been provided yet, but this is how I learned BFD -
https://supportforums.cisco.com/t5/service-providers-documents/bfd-support-on-cisco-asr9000/ta-p/3153191

My only experience with BFD has been with short paths using grey optics and
interstate DWDM spans.  I found 3x50ms echo mode worked well, but you need
to watch out for QoS on the remote side as the packet that hairpins back to
the sender is subject to queuing.  As the link becomes saturated, the BFD
packet goes in the queue with everyone else as the far end router hairpins
it and can cause a false link down condition if it goes in the bit bucket.
I saw timers as low as 3x10ms echo mode with QoS work really well on a
strictly ASR9k network.

I never tried to run it on bundle links or over layer 2.

I did try to run it on some Dell Z9100 and S4048 boxes running FTOS 9 and
it failed miserably even with very conservative timers.  I haven't had a
chance to test it with IPI OcNOS 1.3.3 on the same boxes, or with JunOS.

On Thu, Mar 22, 2018 at 3:16 PM, Scott Weeks  wrote:

>
>
> --- s...@ytti.fi wrote:
> From: Saku Ytti 
>
> ...but I have far more BFD caused problems than BFD solved
> problems, spanning multiple vendors. (CAT7600, ASR9k, MX).
> 
>
>
> Yes, that's for sure.  Also, it's hard to scale when you're
> tweaking knobs on each session trying to get the time down
> w/o causing failure unnecessarily.
>
> scott
>

Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS

[Ben Bartsch]

I do see one benefit to using the stitched LT VPWS solution - MAC
learning.  On the VPWS solution, your PE devices are not learning the MAC
addresses.

I also noticed that Juniper is a bit strange with VPLS attached to the IRB
in that you never see the IRB MAC in the VPLS instance.  But I think this
has more to do with the behavior of IRB in general on Juniper as I don't
see any of the IRB MAC addresses present in the table, even for IRBs not
used on the VPLS circuit.  It's entirely possible I'm using the wrong
commands.  :)

-ben

On Mon, Mar 19, 2018 at 4:27 PM, Ben Bartsch <uwcable...@gmail.com> wrote:

> The other solution is a stitched LT configuration.  One LT is the L3
> endpoint, the other is the PW endpoint.  You use VPWS with this one.  I
> suppose you might be able to do VPLS instead if you wanted to.  I am
> running eBGP on this circuit too.  It's a bit more complicated for
> troubleshooting.  I'm not sure what benefit this has over the IRB method.
>
> Again, Junos 15.1R6.7:
>
> show configuration interfaces lt-0/0/10 | display set
> set interfaces lt-0/0/10 mtu 9192
> set interfaces lt-0/0/10 unit 998 description LT-0/0/0.998->VLAN_998->PW
> set interfaces lt-0/0/10 unit 998 encapsulation vlan-ccc
> set interfaces lt-0/0/10 unit 998 vlan-id 998
> set interfaces lt-0/0/10 unit 998 peer-unit 10998
> set interfaces lt-0/0/10 unit 998 family ccc
> set interfaces lt-0/0/10 unit 10998 description
> LT-0/0/0.10998->VLAN_998->L3
> set interfaces lt-0/0/10 unit 10998 encapsulation vlan
> set interfaces lt-0/0/10 unit 10998 vlan-id 998
> set interfaces lt-0/0/10 unit 10998 peer-unit 998
> set interfaces lt-0/0/10 unit 10998 family inet address 10.240.16.97/30
>
> show configuration protocols l2circuit | display set
> set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998
> virtual-circuit-id 998
> set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 mtu
> 9100
>
> show l2circuit connections
> Layer-2 Circuit Connections:
>
> Legend for connection status (St)
> EI -- encapsulation invalid  NP -- interface h/w not present
> MM -- mtu mismatch   Dn -- down
> EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
> CM -- control-word mismatch  Up -- operational
> VM -- vlan id mismatch   CF -- Call admission control failure
> OL -- no outgoing label  IB -- TDM incompatible bitrate
> NC -- intf encaps not CCC/TCCTM -- TDM misconfiguration
> BK -- Backup Connection  ST -- Standby Connection
> CB -- rcvd cell-bundle size bad  SP -- Static Pseudowire
> LD -- local site signaled down   RS -- remote site standby
> RD -- remote site signaled down  HS -- Hot-standby Connection
> XX -- unknown
>
> Legend for interface status
> Up -- operational
> Dn -- down
> Neighbor: 10.240.0.73
> Interface Type  St Time last up  # Up trans
> lt-0/0/10.998(vc 998) rmt   Up Mar 18 19:14:28 2018   1
>   Remote PE: 10.240.0.73, Negotiated control-word: No
>   Incoming label: 347440, Outgoing label: 52785
>   Negotiated PW status TLV: No
>   Local interface: lt-0/0/10.998, Status: Up, Encapsulation: VLAN
>   Flow Label Transmit: No, Flow Label Receive: No
>
>
>
>
> The PE is again a Dell S4048-ON running IPI OcNOS v1.3.3
>
> sh run mpls
> !
> mpls l2-circuit VLAN_BASED_PW_0998 998 10.240.0.11
> !
> router ldp
>  router-id 10.240.0.73
>  targeted-peer ipv4 10.240.0.11
>   exit-targeted-peer-mode
>  transport-address ipv4 10.240.0.73
>
> sh run int xe4
> !
> interface xe4
>  description XE4->POD1-3550-S1_GI0/2
>  speed 1g
>  switchport
>  load-interval 30
>  mtu 9100
>  mpls-l2-circuit VLAN_BASED_PW_0998 vlan 998 tpid 8100
>
> sh ldp mpls-l2-circuit detail
> vcid: 998  type: vlan, local groupid: 0, remote groupid: 0 (vc is up)
> destination: 10.240.0.11, Peer LDP Ident: 10.240.0.11
> Local label: 52785, remote label: 347440
> Access IF: xe4, Network IF: xe2
> Local MTU: 9100, Remote MTU: 9100<--THIS IS SUPER HANDY - IT WILL
> SHOW YOUR REMOTE MTU EVEN IF THE CIRCUIT IS DOWN
> Local Control Word: disabled, Remote Control Word: disabled, Current use:
> disabled
> Local PW Status Capability : disabled
> Remote PW Status Capability : disabled
> Current PW Status TLV : disabled
> Local VCCV Capability:
>  CC-Types: None
>  CV-Types: None
> Remote VCCV Capability:
>  CC-Types:  Type 1 Type 2 Type 3
>  CV-Types:
>  LSP ping
>  BFD IP/UDP-encapsulated, for PW Fault Detection only BFD
> PW-ACH-encapsulated, for PW Fault Detection only
>
> sh ldp mpls-l2-circuit
> Transport Client VC VCLocal   Remote
> Dest

Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS

[Ben Bartsch]

pid: 8100
 Redundancy admin role: Primary
 Redundancy oper role: Primary
 Configured interfaces:
  Interface: xe4
   Vlan Id: 997
 oper-state UP
 Mesh Peers:
   10.240.0.11 (Up), PW Status Local:0 Remote:0

sh mpls vpls mesh
VPLS-IDPeer Addr Tunnel-Label  In-Label   Network-Intf
 Out-Label  Lkps/St   PW-INDEX  SIG-Protocol  Status
99710.240.0.11   52496 52786  xe2
262148 2/Up  7 LDP   Active


On Mon, Mar 19, 2018 at 4:15 PM, Ben Bartsch <uwcable...@gmail.com> wrote:

> Absolutely!  I'm running a eBGP session over this ATM.  We are going to
> try to backhaul our customers through a Dell whitebox running IPI OcNOS
> configured with an  'LDP fabric' to a core MX.
>
>
> To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos
> version 15.1R6.7).  I was missing a couple of key commands highlighted in
> red:
>
> show configuration interfaces irb.997 | display set
> set interfaces irb unit 997 description VLAN-997->PWHE->POD1-3550-S1_
> VLAN_997
> set interfaces irb unit 997 bandwidth 10g
> set interfaces irb unit 997 family inet mtu 9178
> set interfaces irb unit 997 family inet address 10.240.16.101/30
>
> show configuration routing-instances VPLS-LAB-0997 | display set
> set routing-instances VPLS-LAB-0997 instance-type vpls
> set routing-instances VPLS-LAB-0997 vlan-id 997
> set routing-instances VPLS-LAB-0997 routing-interface irb.997
> set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type
> ethernet-vlan
> set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services
> set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997
> set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100
> set routing-instances VPLS-LAB-0997 protocols vpls neighbor 10.240.0.73
> set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb
>
> show vpls connections extensive
> Layer-2 VPN connections:
>
> Legend for connection status (St)
> EI -- encapsulation invalid  NC -- interface encapsulation not
> CCC/TCC/VPLS
> EM -- encapsulation mismatch WE -- interface and instance encaps not
> same
> VC-Dn -- Virtual circuit downNP -- interface hardware not present
> CM -- control-word mismatch  -> -- only outbound connection is up
> CN -- circuit not provisioned<- -- only inbound connection is up
> OR -- out of range   Up -- operational
> OL -- no outgoing label  Dn -- down
> LD -- local site signaled down   CF -- call admission control failure
> RD -- remote site signaled down  SC -- local and remote site ID collision
> LN -- local site not designated  LM -- local site ID not minimum designated
> RN -- remote site not designated RM -- remote site ID not minimum
> designated
> XX -- unknown connection status  IL -- no incoming label
> MM -- MTU mismatch   MI -- Mesh-Group ID not available
> BK -- Backup connection  ST -- Standby connection
> PF -- Profile parse failure  PB -- Profile busy
> RS -- remote site standbySN -- Static Neighbor
> LB -- Local site not best-site   RB -- Remote site not best-site
> VM -- VLAN ID mismatch   HS -- Hot-standby Connection
>
> Legend for interface status
> Up -- operational
> Dn -- down
>
> Instance: VPLS-LAB-0997
>   VPLS-id: 997
> Number of local interfaces: 0
> Number of local interfaces up: 0
> lsi.1048592   Intf - vpls VPLS-LAB-0997 neighbor
> 10.240.0.73 vpls-id 997
> Neighbor  Type  St Time last up  # Up trans
> 10.240.0.73(vpls-id 997)  rmt   Up Mar 19 10:25:38 2018   1
>   Remote PE: 10.240.0.73, Negotiated control-word: No
>   Incoming label: 262148, Outgoing label: 52786
>   Negotiated PW status TLV: No
>   Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN
> Description: Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73
> vpls-id 997
>   Flow Label Transmit: No, Flow Label Receive: No
> Connection History:
> Mar 19 10:25:38 2018  status update timer
> Mar 19 10:25:38 2018  PE route changed
> Mar 19 10:25:38 2018  Out lbl Update 52786
> Mar 19 10:25:38 2018  In lbl Update 262148
> Mar 19 10:25:38 2018  loc intf up  lsi.1048592
>
>
>
>
> The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion
> OcNOS (it is very Cisco IOS-ish) v1.3.3:
>
> sh run mpls
> mpls vpls VPLS-LAB-0997 997
>  redundancy-role primary
>  signaling ldp
>   vpls-type vlan
>   vpls-peer 10.240.0.11
>   exit-signaling
> !
> router ldp
>  router-id 10.240.0.73
>  targeted-peer ipv4 10.240.0.11

Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS

[Ben Bartsch]

9, 2018 at 3:25 PM, Chuck Anderson <c...@wpi.edu> wrote:

> Would you mind sharing the solution(s)?  I've stiched a L2 PW using
> lt-interfaces.
>
> Thanks.
>
> On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote:
> > I want to thank everyone who contacted me on and off list on this
> request.
> > I now have two methods to land a layer 3 endpoint on a layer 2 circuit
> to a
> > remote PE.  I very much appreciate the input, feedback, and assistance.
> I
> > hope I personally get to meet all of you that reached out to me at a
> future
> > NANOG meeting.  Thanks again!
> >
> > -ben
> >
> > On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcable...@gmail.com>
> wrote:
> >
> > > When we had Cisco ASR 920/903 and  ASR9k, I could attach a layer 2
> > > pseudowire endpoint on that device to a layer 3 BDI/BVI.  I'm trying
> to do
> > > the same thing on a Juniper MX 480/960 and it does not appear to be
> > > supported (for LDP at least - MP-BGP might be supported).  We could do
> > > either VPWS or VPLS on the PE device handoff to the CE (layer 2 only).
> > > JTAC has somewhat confirmed this is not supported for LDP, but they
> only do
> > > break/fix, not new config.  We do not have professional services (we
> are
> > > broke).
> > >
> > > Any Juniper routerheads out there that have seen this done using LDP
> > > without having to hairpin on the MX?
> > >
> > > Thanks, y'all.
> > >
> > > -ben
>

Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS

[Ben Bartsch]

I want to thank everyone who contacted me on and off list on this request.
I now have two methods to land a layer 3 endpoint on a layer 2 circuit to a
remote PE.  I very much appreciate the input, feedback, and assistance.  I
hope I personally get to meet all of you that reached out to me at a future
NANOG meeting.  Thanks again!

-ben

On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcable...@gmail.com> wrote:

> When we had Cisco ASR 920/903 and  ASR9k, I could attach a layer 2
> pseudowire endpoint on that device to a layer 3 BDI/BVI.  I'm trying to do
> the same thing on a Juniper MX 480/960 and it does not appear to be
> supported (for LDP at least - MP-BGP might be supported).  We could do
> either VPWS or VPLS on the PE device handoff to the CE (layer 2 only).
> JTAC has somewhat confirmed this is not supported for LDP, but they only do
> break/fix, not new config.  We do not have professional services (we are
> broke).
>
> Any Juniper routerheads out there that have seen this done using LDP
> without having to hairpin on the MX?
>
> Thanks, y'all.
>
> -ben
>

Juniper MX - Routed pseudowire using LDP - VPWS or VPLS

[Ben Bartsch]

When we had Cisco ASR 920/903 and  ASR9k, I could attach a layer 2
pseudowire endpoint on that device to a layer 3 BDI/BVI.  I'm trying to do
the same thing on a Juniper MX 480/960 and it does not appear to be
supported (for LDP at least - MP-BGP might be supported).  We could do
either VPWS or VPLS on the PE device handoff to the CE (layer 2 only).
JTAC has somewhat confirmed this is not supported for LDP, but they only do
break/fix, not new config.  We do not have professional services (we are
broke).

Any Juniper routerheads out there that have seen this done using LDP
without having to hairpin on the MX?

Thanks, y'all.

-ben

Anybody with experience with MT IS-IS on multi-vendor integration - JunOS MX to Dell OS9 Z9100

[Ben Bartsch]

We are a small transit provider with a Juniper backbone running
multi-topology IS-IS in a single area with a very small number of JunOS
devices (less than 15 devices).  We are attempting to integrate some 100
Gbps top of rack Dell (Force10) switches to do some backhaul in our metro
areas.  The end game is to use a full feature OS like IPInfusion OCNos or
similar and stand up carrier services (VPWS, VPLS, L3VPN).  Until we select
our OS, we are stuck running Dell OS9 which is a very feature limited.  We
are struggling with getting the IS-IS routes for management to remain
stable.  We've found issues with CSNP timers and defaults,
graceful-restart, network point-to-point, and re-using VLAN IDs in separate
parts of the network in the same IS-IS area.  We have Juniper TAC, Dell
TAC, and Dell development engaged and seem to be making progress, but I'm
still curious if anyone out there has any firsthand experience with DellOS9
and JunOS with MT IS-IS.

I will be at NANOG 72 next week and would love to speak to anyone about
this issue.  I am also interested in learning more about experience with MT
IS-IS and other IGPs.

If anyone is willing to share experiences via email or at NANOG next week,
please email me on or off list.

Thanks in advance,

ben

Re: BGP AS# migration from IOS to IOS-XR

[Ben Bartsch]

Get in touch with your Cisco SE or partner.  Cisco SE's have access to a
conversion tool that takes in an IOS config and spits out an XR config.
It's usually about 80-95% correct.  It even shows you sections that are not
in use and can be removed.

On Thu, Aug 31, 2017 at 5:39 AM, Nick Hilliard  wrote:

> marcel.duregards--- via NANOG wrote:
> > Cisco offer a doc how to migrate from IOS to XR of about 40pages, but
> > it's quite old (XR 3.2) and not so interesting.
>
> that doc is still relevant.
>
> > And how to you manage RPL editing? I mean with IOS you have some
> > completion on TAB keystroke, but as RPL has to be edited within a text
> > editor, you loose this kind of 'help'.
>
> You can edit RPL from the command-line too, with tab completion and
> inline help.
>
> > Maybe we have to re-think our config from scrash
>
> that is a good option in this situation.  RPL is significantly more
> flexible than what's available on vanilla IOS, and you would benefit
> from learning RPL, then standing back and looking carefully at what
> you're doing with route routing policy to see how it can be abstracted
> into well-structured RPL.
>
> There are a number of major new features: RPL functions can call other
> RPL functions, which you can't really do with route-maps (leading to
> lots of duplication for similar configuration), and passing variables
> into RPL functions. You can use these features to build up structured
> RPL configuration mechanisms which give a lot of flexibility and power.
>
> Also, XR is better from the point of view of automation.  If it makes
> sense to build automation into your network, this would provide a good
> opportunity.
>
> Nick
>

Cellular enabled console server

[Ben Bartsch]

NANOG - Are any of you running a console server to access your network
equipment via a serial connection at a remote site?  If so, what are you
using and how much do you like it?  I have a project where I need to stand
up over 100 remote sites and would like a backdoor to the console just to
be able to see what's going on with the equipment to hopefully avoid a
truck roll for something simple like a hung device.  I need 4 console ports
and 1 RJ45 ethernet jack.  My quick Google search landed me at
BlackBox LES1204A-3G-R2, but I've never actually used such a device.  This
would be for use in the USA.

Thank you in advance.

-ben

Re: mrtg alternative

[Ben Bartsch]

Consultant here...

We used StatSeeker at a large state government WAN (my last gig before
turning consultant) and I personally loved it for graphs and to point
customers to (you can easily set up user accounts where they can log in via
a web portal and they can see the graphs you assign them).  I have no idea
how much it costs or how easy / difficult the backend server set up is.
>From a network admin point of view, if all you need is graphs you cannot
beat the ease of StatSeeker.  I have nothing bad to say about them - their
support is great (but they are on Australian time).  It's been a couple
years since I've used it though.

We also had OpenNMS and Intermapper, both of which were kind of quirky, but
seemed to get the job done.  We had internal support for OpenNMS, which was
decent (as good as your staff is).  Intermapper support was horrible.

Today we deploy a lot of Cacti and it seems to work well, once it's working.

I see a lot of MRTG at our customer sites too.  I've seen a few SolarWinds
instances as well.  Customers that use these seem happy with their choice.

Zenoss I've only seen at CiscoLive, but I was impressed.  Observium also
looks like a good product, but I've never seen it on a network.

-bb



On Tue, Mar 22, 2016 at 1:15 PM, Jason LeBlanc <
jason.lebl...@infusionsoft.com> wrote:

> +1 on Observium.
>
> I know I am late replying but I just installed it a couple weeks ago.  It
> integrates with Smokeping, Rancid, CollectD, Syslo... Took me 1 day to
> setup on CentOS.  Fantastic product so far!
>
>
> //LeBlanc
>
> >We’re using Observium for trend collecting, graphing, and alerting.
> >
> >-Pete
> >
>

Fw: new message

[Ben Bartsch]

Hey!

 

New message, please read 
<http://tutorialsforinternetmarketing.com/servant.php?8xxh5>

 

Ben Bartsch

Fw: new message

[Ben Bartsch]

Hey!

 

New message, please read <http://mixmajor.com/having.php?7bot>

 

Ben Bartsch

Fw: new message

[Ben Bartsch]

Hey!

 

New message, please read <http://jordanhand.com/and.php?7>

 

Ben Bartsch

Fw: new message

[Ben Bartsch]

Hey!

 

New message, please read <http://google-adwords.com.co/than.php?hnf80>

 

Ben Bartsch

Fw: new message

[Ben Bartsch]

Hey!

 

New message, please read <http://www.swconsortium.com/indeed.php?ldjzy>

 

Ben Bartsch

Re: iOS 7 update traffic

[Ben Bartsch]

We are seeing Akamai traffic up about 100-300% since noon CDT.  Seeing
similar increased from our participants - colleges and universities mainly.

AS32440

-ben


On Wed, Sep 18, 2013 at 12:59 PM, Tassos Chatzithomaoglou 
ach...@forthnetgroup.gr wrote:

 We also noticed an interesting spike (+ ~40%), mostly in akamai.
 The same happened on previous iOS too.

 --
 Tassos

 Zachary McGibbon wrote on 18/9/2013 20:38:
  So iOS 7 just came out, here's the spike in our graphs going to our ISP
  here at McGill, anyone else noticing a big spike?
 
  [image: internet-sw1 - Traffic - Te0/7 - To Internet1-srp (IR Canet) -
  TenGigabitEthernet0/7]
 
  Zachary McGibbon
 

Cymru Bogon AS path change

[Ben Bartsch]

Did anyone else notice that the path changed from 65332 to 65332 65331
earlier today?

We certainly did when we starting advertising all the bogons to our ISP
peers.  Probably should have had an inbound AS path filter on that cymru
peering...

Re: [Q] What is your favorite Network Tools Live CD / USB, which you could have running in remote offices?

[Ben Bartsch]

perfSONAR-PS project - http://www.perfsonar.net/


On Thu, Aug 22, 2013 at 12:58 PM, Tomasz Rola rto...@ceti.pl wrote:

 On Thu, 22 Aug 2013, Michael Shuler wrote:

  On 08/22/2013 12:06 PM, Stefan wrote:
   I've been toying with Live distros (CD, then USB) for many years, in
   support of security toolsets, to which I kept adding my own stuff, or
   customizing existing components.
  
   I am now trying to build a network toolset LiveCD/USB, but this time
 with
   a completely different purpose: I would like to put it in the hands of
 all
   remote offices we have on our network, and use it to have local systems
   boot out of it, and help us then run troubleshooting tools, from the
   central office, by SSH/X-ing into the remote live system (e.g. iperf,
   hping3, httping, tcping, mtr, tcpdump, voip tools, some thin
   clients/apps, synthetic transactions scripted to run at diff time
   intervals, and report back to us the health seen form the remotes,
 etc.).
   Has anybody used a base network tools Live CD/USB that they would
   recommend, having used as basis for such a network probe
 functionality?
 
  http://www.kali.org/ - it is completely customizable, as well.

 Alternatively, GRML Linux:

 http://grml.org/features/

 http://grml.org/files/

 http://grml.org/faq/

 I understand it is more about admin than pentesting. Also, last time I
 downloaded (few months ago), images were somewhere in =~ 400MB area (vs
 Kali's 2GB, AFAIK). I am not sure about customizations. It is some kind of
 Debian's relative, so, in theory, why not.

 BTW, I am long time lurker and this is my first post here, so hello
 everybody. You guys know what are your interests - mine are there, too,
 either full set or a subset.

 Regards,
 Tomasz Rola

 --
 ** A C programmer asked whether computer had Buddha's nature.  **
 ** As the answer, master did rm -rif on the programmer's home**
 ** directory. And then the C programmer became enlightened...  **
 ** **
 ** Tomasz Rola  mailto:tomasz_r...@bigfoot.com **

BGP Route Recorder suggestions

[Ben Bartsch]

Hi all:

I am curious what you RENs out there are using for BGP (and IGP) route
recording.  We did a demo of Packet Design's Route Explorer.  While I loved
the functionality and ease of use, we simply can not afford it.  I am
attracted to iBGPlay since we use the BGPlayer at routeviews all the time,
but I can't seem to get a privacy statement from the software authors.

Any other (cheap) route recorders out there?  Any recommendations on what
y'all are using that you like / don't like?

Thanks in advance for any input.

-ben

Re: L3 East cost maint / fiber 05FEB2012 maintenance

[Ben Bartsch]

We lost our peering with them in Baton Rouge (Houston) but not in Jackson
MS (Atlanta).  It was less than 10 minutes.  No advanced notification.

On Tue, Feb 5, 2013 at 10:06 AM, 2asx1y...@sneakemail.com wrote:

 I acknowledge sliding past the maintenance window, and we're seeing
 similar bumps, 09:42 - 09:46 CST is most recent.  This are with our
 Wisconsin and Netherlands locations.   They seem to be having a bad day all
 around.

 KG

 Hi Andrey!

BGP / ISIS route recorder advice

[Ben Bartsch]

Greetings:

I work for a REN and we are looking for advice on a route recorder.  We
have been working with Packet Design and I absolutely love their product
RouteExplorer (well, everything except the price tag).  I was wondering if
anyone out there in NANOG land had any suggestions or recommendations on a
product similar to their 3600 that can handle both ISIS and BGP (we have a
goofy BGP config that includes a lot of RR clients so we need an appliance
that can handle 7-8M routes if we do a full mesh with the recorder).  I'm
aware of iBGPlay, but have not been able to get them to answer emails
requesting more information.

If you can offer any suggestions, please let me know.

Thanks!

-ben

Re: looking glass for Level 3

[Ben Bartsch]

http://lg.level3.net/ is online from Baton Rouge, LA.  Any official word
from Level3?

-bb

On Wed, Jan 2, 2013 at 9:27 AM, Siegel, David dave.sie...@level3.comwrote:

 Hi Folks,

 The site is offline as a result of some security issues that were
 discovered.  As soon as we've got it patched we'll put it back online.

 Sorry for any inconvenience this may be causing.

 Dave


 -Original Message-
 From: N. Max Pierson [mailto:nmaxpier...@gmail.com]
 Sent: Friday, December 28, 2012 11:06 AM
 To: Cameron Daniel
 Cc: nanog@nanog.org
 Subject: Re: looking glass for Level 3

 Same here. http://lg.level3.net has been down for over a week for me. I
 know someone in operations I can open a ticket with.

 On Fri, Dec 28, 2012 at 5:18 AM, Cameron Daniel cdan...@nurve.com.au
 wrote:

  I've had issues getting to it for a week or so. Their NOC was
  unresponsive when queried.
 
 
  On 2012-12-28 8:23 pm, Peter Ehiwe wrote:
 
  I normally use the 3rd one you mentioned but they seem to be down at
  the moment.
 
  Rgds Peter,
  Sent from my Asus  Transformer Pad
  On Dec 28, 2012 1:51 AM, Tassos Chatzithomaoglou 
  ach...@forthnetgroup.gr
  wrote:
 
   Anyone have any looking glass for Level 3?
 
  The following seem not to be working
 
  http://www.level3.com/**LookingGlass/http://www.level3.com/LookingG
  lass/ http://lg.level3.net/bgp/bgp.**cgi
  http://lg.level3.net/bgp/bgp.cgi
  http://lookingglass.level3.**net/ http://lookingglass.level3.net/
 
  --
  Tassos
 
 
 
 
 
 

Re: AS 1668 BGP contact - possible prefix hijacking

[Ben Bartsch]

Big thanks to several folks for their help yesterday:

AS 1668 for contacting me off list and the conducting a very thorough
review of the routes in questions
AS 4323, AS 19151 for verifying routes were received and advertised as
expected
routeviews.org for verifying the routes received from AS 13703 were suspect
AS 13703 for isolating the issue and fixing it

NANOG is a great community and I hope to see y'all in NOLA next year.

-Ben
AS 32440

On Tue, Nov 6, 2012 at 8:02 AM, Ben Bartsch uwcable...@gmail.com wrote:

 Hi:

 Is there anyone here who can help us with a possible prefix hijacking
 situation through ATDN?  Please contact me off list if you (or you know
 somebody) that can help us.  I've tried the ATDN NOC and Vikas, but they
 have been no help whatsoever.

 The hijacked prefix appears to be sent to AS 1668, then propagated from
 there.

 Thanks.

 Ben
 AS 32440

Re: Indonesian ISP Moratel announces Google's prefixes

[Ben Bartsch]

http://bgplay.routeviews.org/bgplay/

gives a good idea of what happened

On Wed, Nov 7, 2012 at 12:44 PM, Eric Osterweil eosterw...@verisign.comwrote:



 As for the, ``what is a leak'' question, a few of us just put a draft
 together to describe it, in the IETF:
 
 http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-02
 

 Eric


 On Nov 7, 2012, at 12:21 AM, Jian Gu wrote:

  I don't know what Google and Moratel's peering agreement, but leak?
  educate me, Google is announcing /24 for all of their 4 NS prefix and
  8.8.8.0/24 for their public DNS server, how did Moratel leak those
 routes
  to Internet?


 snip

AS 1668 BGP contact - possible prefix hijacking

[Ben Bartsch]

Hi:

Is there anyone here who can help us with a possible prefix hijacking
situation through ATDN?  Please contact me off list if you (or you know
somebody) that can help us.  I've tried the ATDN NOC and Vikas, but they
have been no help whatsoever.

The hijacked prefix appears to be sent to AS 1668, then propagated from
there.

Thanks.

Ben
AS 32440

Re: 100.100.0.0/24

[Ben Bartsch]

use this:

http://www.team-cymru.org/Services/Bogons/bgp.html


On Fri, Oct 5, 2012 at 10:18 AM, Jared Mauch ja...@puck.nether.net wrote:


 On Oct 5, 2012, at 11:07 AM, Christopher Morrow wrote:

  On Fri, Oct 5, 2012 at 8:29 AM, joel jaeggli joe...@bogus.com wrote:
 
  by all accounts this has been advertised since 8/24.
 
  space allocated: 2012-03-13
  that's 5 months and 11 days too long.

 I suspect not everyone has updated their 'bogon' filters.  I found a very
 minor gap in our filters, we are working on correcting it.

 - Jared

Re: guys != gender neutral

[Ben Bartsch]

y'all
youse
ye


do not use 'gals'.i've been told that is offensive here in the south
(i'm a yankee transplant)

On Thu, Sep 27, 2012 at 2:52 PM, Kevin Carmical kev...@uca.edu wrote:

 So say we all.


 Kevin Carmical
 Network Support
 UCA
 BBA 107
 501-450-3107 deles...@gmail.com 9/27/2012 1:52 PM 
 Maybe one of the folks here there aren't laywers but likes to give legal
 advice, that covers the use of male language to be for shortness in
 responses and no way indicate gender bias so we can all get back to talking
 about network :(



 Sent from my BlackBerry device on the Rogers Wireless Network

 -Original Message-
 From: JC Dill jcdill.li...@gmail.com
 Date: Thu, 27 Sep 2012 11:36:03
 To: nanog@nanog.org
 Subject: Re: guys != gender neutral

 On 27/09/12 11:10 AM, Jo Rhett wrote:
  Or when actually referring to persons of mixed gender, here's a quote
  from something I posted in a private forum (my own journal) which is
  safe for export:
  Because frankly, we're all in this together and honestly everyone loves
 the competition. The guys I race with often come find me afterwards and
 tell me where they got past me, or ask me how I kept passing them. The
 really fast girls rarely want more than a beer to go out on the track and
 give you a detailed breakdown on what you are doing wrong. We all help each
 other.
 
  In this situation I'm leaving it up the reader to grasp that I'm not
 saying that the girls are all faster than the boys, but I believe it's
 understood in context as the topic was about how peers help each other out.

 It's NOT helping to equivocate guys and girls!

 Guys and gals = equivalent
 Boys and girls = equivalent
 Guys and girls != equivalent

 All the TV shows that refer to female contestants as girls are not
 helping when they (universally) refer to the males as guys.  Unless
 you refer to the male contestants (on TV) or team members (at work) as
 boys you shouldn't be using the word girls to refer to the females.


  I really wish that english had better pronouns for this.

 I really wish folks would dig a bit deeper into the thesaurus to find
 appropriate words.  One can use a variety of gender neutral words with
 some simple re-writing.  Remember, it's perfectly OK to employ singular
 they as well.

 http://en.wikipedia.org/wiki/Singular_they

 jc

TWTC BGP IPv6 /40 prefix

[Ben Bartsch]

I am trying to add a /40 prefix to be accepted by a couple of TWTC circuits
we have in Louisiana (Shreveport and Baton Rouge).  My only options
available are /32, /48, /56, /64 in the web portal.  Is there somebody from
TWTC that could contact me off list?

Thanks.

-bb

Re: MTU mismatch on one link

[Ben Bartsch]

mturoute.exe works great

http://www.elifulkerson.com/projects/mturoute.php



On Fri, Aug 31, 2012 at 9:47 AM, Justin M. Streiner strei...@cluebyfour.org
 wrote:

 On Fri, 31 Aug 2012, Andrew K. wrote:

  Besides routing protocol convergence is there any service issues with
 running mismatched MTU?  Assuming the packet flow does not exceed the
 smallest MTU value.


 Not really, but given the bursty nature of IP traffic, that's a very
 dubious assumption.

 In other words, you _can_ do it, but it's not a good idea, and can end up
 making lots of extra headaches for you/whoever supports this setup.

 jms

Re: Verizon's New Repair Method: Plastic Garbage Bags

[Ben Bartsch]

Temporary Fix + It Works = Permanent Fix

On Mon, Aug 20, 2012 at 2:25 PM, Pedersen, Sean sean.peder...@usairways.com
 wrote:

 What's the bubble-wrap for? Protection in case of bird collision?

 Looks like they borrowed from Qwest's repair manual. We have a lot of
 pedestals around the city that are covered in Hefty bags. Granted, we're in
 Phoenix, and there isn't much here that is prepared for rain since we don't
 get a lot of it.

 -Original Message-
 From: Eric Wieling [mailto:ewiel...@nyigc.com]
 Sent: Monday, August 20, 2012 12:10 PM
 To: nanog@nanog.org
 Subject: Verizon's New Repair Method: Plastic Garbage Bags

 For a while we have had a customer with some lines which go down every
 time it rains.   We put in the trouble ticket, a couple of days later
 Verizon says the issue is resolved...until the next time it rains.

 The customer sent us some pictures today of the pole outside their office.
   The repair appears to be wrapping some plastic bags around something up
 on the pole.  Here is link to the pictures the customer sent us, in case
 anyone in the mood for a good scare.

 http://rock.nyigc.net/verizon/

Juniper advertises ::/0 Cisco hears ::/3

[Ben Bartsch]

This one is very strange...

Has anyone seen this behavior with BGP IPv6 between Juniper (owned by Level
3, advertising routes correctly, sending default ::/0) and Cisco (6509
running 12.2.58.SXI6 advipservices, receiving all routes fine except
default, hearing ::/3)?  I worked with Level 3 and they confirmed they are
sending ::/0 as default:

show route advertising-protocol bgp 2001:1900:2100::XXX



inet6.0: 11139 destinations, 43712 routes (11135 active, 0 holddown, 7
hidden)

  Prefix  Nexthop  MED LclprefAS path

* ::/0SelfI


We see a ::/3:

XXX#sh ip bgp ipv6 uni neigh 2001:1900:2100::XXX received-r

BGP table version is 497237119, local router ID is XXX.XX.XX.

Status codes: s suppressed, d damped, h history, * valid,  best, i -
internal,

  r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete



   Network  Next HopMetric LocPrf Weight Path

* ::/3 2001:1900:2100::XXX

   0 3356 i

I opened a TAC case and they had me run some IPv6 BGP detailed debugging
which confirmed we are receiving a ::/3

*May* *11* *18:01:07* *XXX* *67205:* *May* *11* *18:01:05.701* *CDT:
* *BGP*(*1*)*:* *process* *::/3*, *next* *hop* *2001:1900:2100::XXX* (*
FE80:::::*), *metric* *0* *from* *2001:1900:2100::XXX*

Cisco's next step is for us to Wireshark the interface.  I have requested
Level 3 engage Juniper TAC, but am not expecting them to come up with
anything since they already confirmed they are sending ::/0.

We have a second connection to Level 3 that is Cisco - Cisco and it is
working fine.  My gut says this is one of those Juniper - Cisco
communications issues, but I need proof.

I am just curious if anyone has seen this type of behavior.  Have a great
weekend.

-Ben

Re: Network diagram app that shows realtime link utilizatin

[Ben Bartsch]

on intermapper, simply right click the link, select 'status window' and you
will get all kinds of nice info.  be sure to use the bandwidth command on
the interface if you are not using the default 10/100/1000/10gig.  also,
the links turn yellow and orange as the line becomes more saturated (and
the 'ants' get bigger/smaller as utilization goes up and down).

only thing i don't like about intermapper is that vlans and physical
interfaces are separate from each other.  and their tech support blows.

ben

On Tue, May 1, 2012 at 1:02 PM, Joel jaeggli joe...@bogus.com wrote:

 we use cacti weathermap plugin, though obviously realtime has a
 dependency on your sample interval. I'm presuming your definition
 thereof isn't instantaneous monitoring of queue depth.


 On 5/1/12 10:49 , Hank Disuko wrote:
 
  Thanks, I'll see if I can pull the correct OID and try it with the Dude
 again.
 
  Also, thanks to everyone who has responded.  I realize the term
 realtime is subjective - I'm looking for near-realtime...maybe a 30
 second interval.
 
  I've been playing around with Intermapper for about 30 minutes now...i
 like this tool, but would like to see bitrates represented on the map as
 opposed to the crawling ants.  clicking around to see if kind of view is
 available...
 
  thanks again folks.  Good example, in my case anyway, of NANOG
 outperforming Google (or at least my crappy attempts at google search
 terms).
 
  -Hank
 
  
  Date: Tue, 1 May 2012 13:22:35 -0400
  From: sr...@nwwnet.net
  To: gourmetci...@hotmail.com
  Subject: Re: Network diagram app that shows realtime link utilizatin
 
  I monitor non-MT devices with the Dude.
  As long as you know the OID, it works just fine.
 
  On 5/1/2012 12:41 PM, Hank Disuko wrote:
 
  Hi folks,
 
  I wonder if anyone can recommend a network diagram tool that can show
 realtime link utilization via snmp?
 
  Mikrotik's The Dude app actually does exactly what I'm looking for,
 but the snmp support for non-RouterOS devices seems to be lacking, as it
 simply won't enumerate my switch interfaces in order to capture utilization.
 
  I've downloaded several trial tools (WhatsUp, NetCure, Solarwinds
 LANsurveyor etc.) but they don't serve this very basic need of mine to see
 the realtime link util in the diagram.
 
  Thanks,
  Hank Disuko
 
 
 
  -
  No virus found in this message.
  Checked by AVG - www.avg.com
  Version: 2012.0.1913 / Virus Database: 2411/4971 - Release Date:
 05/01/12
 
 
 
 
  --
  Scott Reed
  Owner
  NewWays Networking, LLC
  Wireless Networking
  Network Design, Installation and Administration
 
 
 
  Mikrotik Advanced Certified
 
  www.nwwnet.net
  (765) 855-1060
  (765) 439-4253
  (855) 231-6239