Re: End to End testing
+1 for Accedian If you're looking for more of a homemade solution, I've used the perfSONAR software suite on some cheap-ish servers running CentOS for 10gig testing. It's highly configurable. I had it set up to do scheduled tests so we could see how the network behaved over time. The results are logged and displayed similar to PRTG / Nagios. https://www.perfsonar.net/ On Thu, Dec 12, 2019 at 5:49 PM Owen DeLong wrote: > Fluke has some nice devices in this area. > > Owen > > > On Dec 12, 2019, at 06:53 , Fawcett, Nick via NANOG > wrote: > > Anyone have any suggestions on devices that I can put at two points in the > network to test packet loss, latency, jitter etc. I was thinking of maybe > engineering my own using a couple of pi’s, but the downfall is they don’t > have SFP ports. I’m looking for something that’s portable and easy to > configure and drop in. Thanks. > > ~Nick > > > -- > Checked by SOPHOS http://www.sophos.com > > >
Re: Suggestion for Layer 3, all SFP+ switches
I've been testing IPInfusion OcNOS running on Dell Z9100 and S4048. I've run a couple of test cases using MPLS LDP signaled port based and VLAN based VPWS (pseudowire / e-line / xconnect / Juniper CCC) and VPLS (e-lan) over an OSPFv2 IGP. It's working well between Dell/IPI to Dell/IPI boxes. We have had issues with the VPLS between Dell/IPI to Juniper/JunOS where the circuit will show up on the Juniper and down on the Dell. If we clear LDP session on the Dell, it comes back up right away. This seems to be similar to what Aaron is seeing in his multi-vendor environment. The price on the Dell hardware is really good. The features included with OcNOS are much better than FTOS9. If you aren't partial to Dell, you can run OcNOS on a variety of other whitebox switches, like EdgeCore. I haven't tested MP-BGP and L3VPN or BFD yet, but that is supposedly supported in OcNOS as well. -ben On Wed, Apr 18, 2018 at 8:32 PM, Colton Conorwrote: > What is your budget? > > I know on the low end many operators are using the > Huawei S6720S-26Q-EI-24S-AC. You can get these new for $2500 to $3500, and > the support all the features and port counts you requested. The also have a > lifetime warranty that includes advanced replacement (10 days), TAC > support, and software support all for free if you buy through official > channels. It support MPLS, and also VXLAN. > > Extreme seems to have some good options, but I doubt they are that low > cost. > > For Juniper you need to look at the ACX series which is expensive. Like the > ACX5048 which list price is $40k not that anyone pays list, and that's > before port licenses. The EX series does not have proper MPLS support. > > Cisco has mutliple options, but mainly the NCS based on your port count I > think. Supposely the C3850 and C9500 now support MPLS? There is a new 16 > port 10G version of the C9500. I haven't looked into Nexus switches. Does > Nexus support full MPLS? > > HPE has some low cost options. In their FlexFabric and FlexNetwork lines > that support MPLS in Comware V7. > > Who else are we missing? MPLS support really cuts down this list, but I > agree its a critical feature for most service providers. > > > > > On Wed, Apr 18, 2018 at 7:26 AM, Giuseppe Spanò - Datacast Srl < > sp...@datacast.it> wrote: > > > Hello, > > > > we're looking for some L3 switches to be used as distribution devices. > > They should have all (at leaast 24) SFP+ ports 10G and at least a couple > of > > upstream ports 40G capable, but what is most important, they should be > able > > to run MPLS, EoMPLS and VPLS. Is there any device you would suggest us? > We > > where thinking about NEXUS but I'm sure there are also others, even if it > > is not so easy to find them on the Internet. > > > > Thank you in advance for your help . > > > > Giuseppe Spanò > > Datacast Srl > > >
Re: validating reachability via an ISP
+1 for Route Explorer On Thu, Apr 5, 2018 at 2:49 AM, Andy Davidsonwrote: > > > > > > On 29/03/2018, 00:22, Andy Litzinger > wrote: > > > >> The root cause is that the our prefix is not being adequately > >> re-distributed globally by the regional ISP. This is unexpected and we > are > >> working through this with them now. > > Hi, Andy — > > Are you failing to advertise it, or are they filtering it on ingress, or > are they failing to send it to their other peers? > > One configuration mishap which is starting to come along more and more > partial or poor reachability caused by route objects which are not > correctly published in the IRRDB. It is going to be essential to make sure > that you have properly recorded IRR route objects in, for instance, RADB. > More BGP speakers properly filter their peers using information that is > published there. Avoid future reachability problems by checking this today! > > Yours, > A friendly route-server operator with strict filtering > > -a > > > > -- > Andy DavidsonAsteroid International BV > https://www.asteroidhq.com@asteroidhq @andyd > -- > Local interconnection. Where you need it. > >
Re: How are you configuring BFD timers?
No sure if this link has been provided yet, but this is how I learned BFD - https://supportforums.cisco.com/t5/service-providers-documents/bfd-support-on-cisco-asr9000/ta-p/3153191 My only experience with BFD has been with short paths using grey optics and interstate DWDM spans. I found 3x50ms echo mode worked well, but you need to watch out for QoS on the remote side as the packet that hairpins back to the sender is subject to queuing. As the link becomes saturated, the BFD packet goes in the queue with everyone else as the far end router hairpins it and can cause a false link down condition if it goes in the bit bucket. I saw timers as low as 3x10ms echo mode with QoS work really well on a strictly ASR9k network. I never tried to run it on bundle links or over layer 2. I did try to run it on some Dell Z9100 and S4048 boxes running FTOS 9 and it failed miserably even with very conservative timers. I haven't had a chance to test it with IPI OcNOS 1.3.3 on the same boxes, or with JunOS. On Thu, Mar 22, 2018 at 3:16 PM, Scott Weekswrote: > > > --- s...@ytti.fi wrote: > From: Saku Ytti > > ...but I have far more BFD caused problems than BFD solved > problems, spanning multiple vendors. (CAT7600, ASR9k, MX). > > > > Yes, that's for sure. Also, it's hard to scale when you're > tweaking knobs on each session trying to get the time down > w/o causing failure unnecessarily. > > scott >
Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS
I do see one benefit to using the stitched LT VPWS solution - MAC learning. On the VPWS solution, your PE devices are not learning the MAC addresses. I also noticed that Juniper is a bit strange with VPLS attached to the IRB in that you never see the IRB MAC in the VPLS instance. But I think this has more to do with the behavior of IRB in general on Juniper as I don't see any of the IRB MAC addresses present in the table, even for IRBs not used on the VPLS circuit. It's entirely possible I'm using the wrong commands. :) -ben On Mon, Mar 19, 2018 at 4:27 PM, Ben Bartsch <uwcable...@gmail.com> wrote: > The other solution is a stitched LT configuration. One LT is the L3 > endpoint, the other is the PW endpoint. You use VPWS with this one. I > suppose you might be able to do VPLS instead if you wanted to. I am > running eBGP on this circuit too. It's a bit more complicated for > troubleshooting. I'm not sure what benefit this has over the IRB method. > > Again, Junos 15.1R6.7: > > show configuration interfaces lt-0/0/10 | display set > set interfaces lt-0/0/10 mtu 9192 > set interfaces lt-0/0/10 unit 998 description LT-0/0/0.998->VLAN_998->PW > set interfaces lt-0/0/10 unit 998 encapsulation vlan-ccc > set interfaces lt-0/0/10 unit 998 vlan-id 998 > set interfaces lt-0/0/10 unit 998 peer-unit 10998 > set interfaces lt-0/0/10 unit 998 family ccc > set interfaces lt-0/0/10 unit 10998 description > LT-0/0/0.10998->VLAN_998->L3 > set interfaces lt-0/0/10 unit 10998 encapsulation vlan > set interfaces lt-0/0/10 unit 10998 vlan-id 998 > set interfaces lt-0/0/10 unit 10998 peer-unit 998 > set interfaces lt-0/0/10 unit 10998 family inet address 10.240.16.97/30 > > show configuration protocols l2circuit | display set > set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 > virtual-circuit-id 998 > set protocols l2circuit neighbor 10.240.0.73 interface lt-0/0/10.998 mtu > 9100 > > show l2circuit connections > Layer-2 Circuit Connections: > > Legend for connection status (St) > EI -- encapsulation invalid NP -- interface h/w not present > MM -- mtu mismatch Dn -- down > EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down > CM -- control-word mismatch Up -- operational > VM -- vlan id mismatch CF -- Call admission control failure > OL -- no outgoing label IB -- TDM incompatible bitrate > NC -- intf encaps not CCC/TCCTM -- TDM misconfiguration > BK -- Backup Connection ST -- Standby Connection > CB -- rcvd cell-bundle size bad SP -- Static Pseudowire > LD -- local site signaled down RS -- remote site standby > RD -- remote site signaled down HS -- Hot-standby Connection > XX -- unknown > > Legend for interface status > Up -- operational > Dn -- down > Neighbor: 10.240.0.73 > Interface Type St Time last up # Up trans > lt-0/0/10.998(vc 998) rmt Up Mar 18 19:14:28 2018 1 > Remote PE: 10.240.0.73, Negotiated control-word: No > Incoming label: 347440, Outgoing label: 52785 > Negotiated PW status TLV: No > Local interface: lt-0/0/10.998, Status: Up, Encapsulation: VLAN > Flow Label Transmit: No, Flow Label Receive: No > > > > > The PE is again a Dell S4048-ON running IPI OcNOS v1.3.3 > > sh run mpls > ! > mpls l2-circuit VLAN_BASED_PW_0998 998 10.240.0.11 > ! > router ldp > router-id 10.240.0.73 > targeted-peer ipv4 10.240.0.11 > exit-targeted-peer-mode > transport-address ipv4 10.240.0.73 > > sh run int xe4 > ! > interface xe4 > description XE4->POD1-3550-S1_GI0/2 > speed 1g > switchport > load-interval 30 > mtu 9100 > mpls-l2-circuit VLAN_BASED_PW_0998 vlan 998 tpid 8100 > > sh ldp mpls-l2-circuit detail > vcid: 998 type: vlan, local groupid: 0, remote groupid: 0 (vc is up) > destination: 10.240.0.11, Peer LDP Ident: 10.240.0.11 > Local label: 52785, remote label: 347440 > Access IF: xe4, Network IF: xe2 > Local MTU: 9100, Remote MTU: 9100<--THIS IS SUPER HANDY - IT WILL > SHOW YOUR REMOTE MTU EVEN IF THE CIRCUIT IS DOWN > Local Control Word: disabled, Remote Control Word: disabled, Current use: > disabled > Local PW Status Capability : disabled > Remote PW Status Capability : disabled > Current PW Status TLV : disabled > Local VCCV Capability: > CC-Types: None > CV-Types: None > Remote VCCV Capability: > CC-Types: Type 1 Type 2 Type 3 > CV-Types: > LSP ping > BFD IP/UDP-encapsulated, for PW Fault Detection only BFD > PW-ACH-encapsulated, for PW Fault Detection only > > sh ldp mpls-l2-circuit > Transport Client VC VCLocal Remote > Dest
Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS
pid: 8100 Redundancy admin role: Primary Redundancy oper role: Primary Configured interfaces: Interface: xe4 Vlan Id: 997 oper-state UP Mesh Peers: 10.240.0.11 (Up), PW Status Local:0 Remote:0 sh mpls vpls mesh VPLS-IDPeer Addr Tunnel-Label In-Label Network-Intf Out-Label Lkps/St PW-INDEX SIG-Protocol Status 99710.240.0.11 52496 52786 xe2 262148 2/Up 7 LDP Active On Mon, Mar 19, 2018 at 4:15 PM, Ben Bartsch <uwcable...@gmail.com> wrote: > Absolutely! I'm running a eBGP session over this ATM. We are going to > try to backhaul our customers through a Dell whitebox running IPI OcNOS > configured with an 'LDP fabric' to a core MX. > > > To use an IRB as a L3 endpoint you have to use VPLS on the MX (Junos > version 15.1R6.7). I was missing a couple of key commands highlighted in > red: > > show configuration interfaces irb.997 | display set > set interfaces irb unit 997 description VLAN-997->PWHE->POD1-3550-S1_ > VLAN_997 > set interfaces irb unit 997 bandwidth 10g > set interfaces irb unit 997 family inet mtu 9178 > set interfaces irb unit 997 family inet address 10.240.16.101/30 > > show configuration routing-instances VPLS-LAB-0997 | display set > set routing-instances VPLS-LAB-0997 instance-type vpls > set routing-instances VPLS-LAB-0997 vlan-id 997 > set routing-instances VPLS-LAB-0997 routing-interface irb.997 > set routing-instances VPLS-LAB-0997 protocols vpls encapsulation-type > ethernet-vlan > set routing-instances VPLS-LAB-0997 protocols vpls no-tunnel-services > set routing-instances VPLS-LAB-0997 protocols vpls vpls-id 997 > set routing-instances VPLS-LAB-0997 protocols vpls mtu 9100 > set routing-instances VPLS-LAB-0997 protocols vpls neighbor 10.240.0.73 > set routing-instances VPLS-LAB-0997 protocols vpls connectivity-type irb > > show vpls connections extensive > Layer-2 VPN connections: > > Legend for connection status (St) > EI -- encapsulation invalid NC -- interface encapsulation not > CCC/TCC/VPLS > EM -- encapsulation mismatch WE -- interface and instance encaps not > same > VC-Dn -- Virtual circuit downNP -- interface hardware not present > CM -- control-word mismatch -> -- only outbound connection is up > CN -- circuit not provisioned<- -- only inbound connection is up > OR -- out of range Up -- operational > OL -- no outgoing label Dn -- down > LD -- local site signaled down CF -- call admission control failure > RD -- remote site signaled down SC -- local and remote site ID collision > LN -- local site not designated LM -- local site ID not minimum designated > RN -- remote site not designated RM -- remote site ID not minimum > designated > XX -- unknown connection status IL -- no incoming label > MM -- MTU mismatch MI -- Mesh-Group ID not available > BK -- Backup connection ST -- Standby connection > PF -- Profile parse failure PB -- Profile busy > RS -- remote site standbySN -- Static Neighbor > LB -- Local site not best-site RB -- Remote site not best-site > VM -- VLAN ID mismatch HS -- Hot-standby Connection > > Legend for interface status > Up -- operational > Dn -- down > > Instance: VPLS-LAB-0997 > VPLS-id: 997 > Number of local interfaces: 0 > Number of local interfaces up: 0 > lsi.1048592 Intf - vpls VPLS-LAB-0997 neighbor > 10.240.0.73 vpls-id 997 > Neighbor Type St Time last up # Up trans > 10.240.0.73(vpls-id 997) rmt Up Mar 19 10:25:38 2018 1 > Remote PE: 10.240.0.73, Negotiated control-word: No > Incoming label: 262148, Outgoing label: 52786 > Negotiated PW status TLV: No > Local interface: lsi.1048592, Status: Up, Encapsulation: VLAN > Description: Intf - vpls VPLS-LAB-0997 neighbor 10.240.0.73 > vpls-id 997 > Flow Label Transmit: No, Flow Label Receive: No > Connection History: > Mar 19 10:25:38 2018 status update timer > Mar 19 10:25:38 2018 PE route changed > Mar 19 10:25:38 2018 Out lbl Update 52786 > Mar 19 10:25:38 2018 In lbl Update 262148 > Mar 19 10:25:38 2018 loc intf up lsi.1048592 > > > > > The other end of my VPLS circuit is a Dell S4048-ON running IP Infusion > OcNOS (it is very Cisco IOS-ish) v1.3.3: > > sh run mpls > mpls vpls VPLS-LAB-0997 997 > redundancy-role primary > signaling ldp > vpls-type vlan > vpls-peer 10.240.0.11 > exit-signaling > ! > router ldp > router-id 10.240.0.73 > targeted-peer ipv4 10.240.0.11
Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS
9, 2018 at 3:25 PM, Chuck Anderson <c...@wpi.edu> wrote: > Would you mind sharing the solution(s)? I've stiched a L2 PW using > lt-interfaces. > > Thanks. > > On Mon, Mar 19, 2018 at 11:51:36AM -0500, Ben Bartsch wrote: > > I want to thank everyone who contacted me on and off list on this > request. > > I now have two methods to land a layer 3 endpoint on a layer 2 circuit > to a > > remote PE. I very much appreciate the input, feedback, and assistance. > I > > hope I personally get to meet all of you that reached out to me at a > future > > NANOG meeting. Thanks again! > > > > -ben > > > > On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcable...@gmail.com> > wrote: > > > > > When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 > > > pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying > to do > > > the same thing on a Juniper MX 480/960 and it does not appear to be > > > supported (for LDP at least - MP-BGP might be supported). We could do > > > either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). > > > JTAC has somewhat confirmed this is not supported for LDP, but they > only do > > > break/fix, not new config. We do not have professional services (we > are > > > broke). > > > > > > Any Juniper routerheads out there that have seen this done using LDP > > > without having to hairpin on the MX? > > > > > > Thanks, y'all. > > > > > > -ben >
Re: Juniper MX - Routed pseudowire using LDP - VPWS or VPLS
I want to thank everyone who contacted me on and off list on this request. I now have two methods to land a layer 3 endpoint on a layer 2 circuit to a remote PE. I very much appreciate the input, feedback, and assistance. I hope I personally get to meet all of you that reached out to me at a future NANOG meeting. Thanks again! -ben On Sat, Mar 17, 2018 at 9:25 AM, Ben Bartsch <uwcable...@gmail.com> wrote: > When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 > pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do > the same thing on a Juniper MX 480/960 and it does not appear to be > supported (for LDP at least - MP-BGP might be supported). We could do > either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). > JTAC has somewhat confirmed this is not supported for LDP, but they only do > break/fix, not new config. We do not have professional services (we are > broke). > > Any Juniper routerheads out there that have seen this done using LDP > without having to hairpin on the MX? > > Thanks, y'all. > > -ben >
Juniper MX - Routed pseudowire using LDP - VPWS or VPLS
When we had Cisco ASR 920/903 and ASR9k, I could attach a layer 2 pseudowire endpoint on that device to a layer 3 BDI/BVI. I'm trying to do the same thing on a Juniper MX 480/960 and it does not appear to be supported (for LDP at least - MP-BGP might be supported). We could do either VPWS or VPLS on the PE device handoff to the CE (layer 2 only). JTAC has somewhat confirmed this is not supported for LDP, but they only do break/fix, not new config. We do not have professional services (we are broke). Any Juniper routerheads out there that have seen this done using LDP without having to hairpin on the MX? Thanks, y'all. -ben
Anybody with experience with MT IS-IS on multi-vendor integration - JunOS MX to Dell OS9 Z9100
We are a small transit provider with a Juniper backbone running multi-topology IS-IS in a single area with a very small number of JunOS devices (less than 15 devices). We are attempting to integrate some 100 Gbps top of rack Dell (Force10) switches to do some backhaul in our metro areas. The end game is to use a full feature OS like IPInfusion OCNos or similar and stand up carrier services (VPWS, VPLS, L3VPN). Until we select our OS, we are stuck running Dell OS9 which is a very feature limited. We are struggling with getting the IS-IS routes for management to remain stable. We've found issues with CSNP timers and defaults, graceful-restart, network point-to-point, and re-using VLAN IDs in separate parts of the network in the same IS-IS area. We have Juniper TAC, Dell TAC, and Dell development engaged and seem to be making progress, but I'm still curious if anyone out there has any firsthand experience with DellOS9 and JunOS with MT IS-IS. I will be at NANOG 72 next week and would love to speak to anyone about this issue. I am also interested in learning more about experience with MT IS-IS and other IGPs. If anyone is willing to share experiences via email or at NANOG next week, please email me on or off list. Thanks in advance, ben
Re: BGP AS# migration from IOS to IOS-XR
Get in touch with your Cisco SE or partner. Cisco SE's have access to a conversion tool that takes in an IOS config and spits out an XR config. It's usually about 80-95% correct. It even shows you sections that are not in use and can be removed. On Thu, Aug 31, 2017 at 5:39 AM, Nick Hilliardwrote: > marcel.duregards--- via NANOG wrote: > > Cisco offer a doc how to migrate from IOS to XR of about 40pages, but > > it's quite old (XR 3.2) and not so interesting. > > that doc is still relevant. > > > And how to you manage RPL editing? I mean with IOS you have some > > completion on TAB keystroke, but as RPL has to be edited within a text > > editor, you loose this kind of 'help'. > > You can edit RPL from the command-line too, with tab completion and > inline help. > > > Maybe we have to re-think our config from scrash > > that is a good option in this situation. RPL is significantly more > flexible than what's available on vanilla IOS, and you would benefit > from learning RPL, then standing back and looking carefully at what > you're doing with route routing policy to see how it can be abstracted > into well-structured RPL. > > There are a number of major new features: RPL functions can call other > RPL functions, which you can't really do with route-maps (leading to > lots of duplication for similar configuration), and passing variables > into RPL functions. You can use these features to build up structured > RPL configuration mechanisms which give a lot of flexibility and power. > > Also, XR is better from the point of view of automation. If it makes > sense to build automation into your network, this would provide a good > opportunity. > > Nick >
Cellular enabled console server
NANOG - Are any of you running a console server to access your network equipment via a serial connection at a remote site? If so, what are you using and how much do you like it? I have a project where I need to stand up over 100 remote sites and would like a backdoor to the console just to be able to see what's going on with the equipment to hopefully avoid a truck roll for something simple like a hung device. I need 4 console ports and 1 RJ45 ethernet jack. My quick Google search landed me at BlackBox LES1204A-3G-R2, but I've never actually used such a device. This would be for use in the USA. Thank you in advance. -ben
Re: mrtg alternative
Consultant here... We used StatSeeker at a large state government WAN (my last gig before turning consultant) and I personally loved it for graphs and to point customers to (you can easily set up user accounts where they can log in via a web portal and they can see the graphs you assign them). I have no idea how much it costs or how easy / difficult the backend server set up is. >From a network admin point of view, if all you need is graphs you cannot beat the ease of StatSeeker. I have nothing bad to say about them - their support is great (but they are on Australian time). It's been a couple years since I've used it though. We also had OpenNMS and Intermapper, both of which were kind of quirky, but seemed to get the job done. We had internal support for OpenNMS, which was decent (as good as your staff is). Intermapper support was horrible. Today we deploy a lot of Cacti and it seems to work well, once it's working. I see a lot of MRTG at our customer sites too. I've seen a few SolarWinds instances as well. Customers that use these seem happy with their choice. Zenoss I've only seen at CiscoLive, but I was impressed. Observium also looks like a good product, but I've never seen it on a network. -bb On Tue, Mar 22, 2016 at 1:15 PM, Jason LeBlanc < jason.lebl...@infusionsoft.com> wrote: > +1 on Observium. > > I know I am late replying but I just installed it a couple weeks ago. It > integrates with Smokeping, Rancid, CollectD, Syslo... Took me 1 day to > setup on CentOS. Fantastic product so far! > > > //LeBlanc > > >We’re using Observium for trend collecting, graphing, and alerting. > > > >-Pete > > >
Fw: new message
Hey! New message, please read <http://tutorialsforinternetmarketing.com/servant.php?8xxh5> Ben Bartsch
Fw: new message
Hey! New message, please read <http://mixmajor.com/having.php?7bot> Ben Bartsch
Fw: new message
Hey! New message, please read <http://jordanhand.com/and.php?7> Ben Bartsch
Fw: new message
Hey! New message, please read <http://google-adwords.com.co/than.php?hnf80> Ben Bartsch
Fw: new message
Hey! New message, please read <http://www.swconsortium.com/indeed.php?ldjzy> Ben Bartsch
Re: iOS 7 update traffic
We are seeing Akamai traffic up about 100-300% since noon CDT. Seeing similar increased from our participants - colleges and universities mainly. AS32440 -ben On Wed, Sep 18, 2013 at 12:59 PM, Tassos Chatzithomaoglou ach...@forthnetgroup.gr wrote: We also noticed an interesting spike (+ ~40%), mostly in akamai. The same happened on previous iOS too. -- Tassos Zachary McGibbon wrote on 18/9/2013 20:38: So iOS 7 just came out, here's the spike in our graphs going to our ISP here at McGill, anyone else noticing a big spike? [image: internet-sw1 - Traffic - Te0/7 - To Internet1-srp (IR Canet) - TenGigabitEthernet0/7] Zachary McGibbon
Cymru Bogon AS path change
Did anyone else notice that the path changed from 65332 to 65332 65331 earlier today? We certainly did when we starting advertising all the bogons to our ISP peers. Probably should have had an inbound AS path filter on that cymru peering...
Re: [Q] What is your favorite Network Tools Live CD / USB, which you could have running in remote offices?
perfSONAR-PS project - http://www.perfsonar.net/ On Thu, Aug 22, 2013 at 12:58 PM, Tomasz Rola rto...@ceti.pl wrote: On Thu, 22 Aug 2013, Michael Shuler wrote: On 08/22/2013 12:06 PM, Stefan wrote: I've been toying with Live distros (CD, then USB) for many years, in support of security toolsets, to which I kept adding my own stuff, or customizing existing components. I am now trying to build a network toolset LiveCD/USB, but this time with a completely different purpose: I would like to put it in the hands of all remote offices we have on our network, and use it to have local systems boot out of it, and help us then run troubleshooting tools, from the central office, by SSH/X-ing into the remote live system (e.g. iperf, hping3, httping, tcping, mtr, tcpdump, voip tools, some thin clients/apps, synthetic transactions scripted to run at diff time intervals, and report back to us the health seen form the remotes, etc.). Has anybody used a base network tools Live CD/USB that they would recommend, having used as basis for such a network probe functionality? http://www.kali.org/ - it is completely customizable, as well. Alternatively, GRML Linux: http://grml.org/features/ http://grml.org/files/ http://grml.org/faq/ I understand it is more about admin than pentesting. Also, last time I downloaded (few months ago), images were somewhere in =~ 400MB area (vs Kali's 2GB, AFAIK). I am not sure about customizations. It is some kind of Debian's relative, so, in theory, why not. BTW, I am long time lurker and this is my first post here, so hello everybody. You guys know what are your interests - mine are there, too, either full set or a subset. Regards, Tomasz Rola -- ** A C programmer asked whether computer had Buddha's nature. ** ** As the answer, master did rm -rif on the programmer's home** ** directory. And then the C programmer became enlightened... ** ** ** ** Tomasz Rola mailto:tomasz_r...@bigfoot.com **
BGP Route Recorder suggestions
Hi all: I am curious what you RENs out there are using for BGP (and IGP) route recording. We did a demo of Packet Design's Route Explorer. While I loved the functionality and ease of use, we simply can not afford it. I am attracted to iBGPlay since we use the BGPlayer at routeviews all the time, but I can't seem to get a privacy statement from the software authors. Any other (cheap) route recorders out there? Any recommendations on what y'all are using that you like / don't like? Thanks in advance for any input. -ben
Re: L3 East cost maint / fiber 05FEB2012 maintenance
We lost our peering with them in Baton Rouge (Houston) but not in Jackson MS (Atlanta). It was less than 10 minutes. No advanced notification. On Tue, Feb 5, 2013 at 10:06 AM, 2asx1y...@sneakemail.com wrote: I acknowledge sliding past the maintenance window, and we're seeing similar bumps, 09:42 - 09:46 CST is most recent. This are with our Wisconsin and Netherlands locations. They seem to be having a bad day all around. KG Hi Andrey!
BGP / ISIS route recorder advice
Greetings: I work for a REN and we are looking for advice on a route recorder. We have been working with Packet Design and I absolutely love their product RouteExplorer (well, everything except the price tag). I was wondering if anyone out there in NANOG land had any suggestions or recommendations on a product similar to their 3600 that can handle both ISIS and BGP (we have a goofy BGP config that includes a lot of RR clients so we need an appliance that can handle 7-8M routes if we do a full mesh with the recorder). I'm aware of iBGPlay, but have not been able to get them to answer emails requesting more information. If you can offer any suggestions, please let me know. Thanks! -ben
Re: looking glass for Level 3
http://lg.level3.net/ is online from Baton Rouge, LA. Any official word from Level3? -bb On Wed, Jan 2, 2013 at 9:27 AM, Siegel, David dave.sie...@level3.comwrote: Hi Folks, The site is offline as a result of some security issues that were discovered. As soon as we've got it patched we'll put it back online. Sorry for any inconvenience this may be causing. Dave -Original Message- From: N. Max Pierson [mailto:nmaxpier...@gmail.com] Sent: Friday, December 28, 2012 11:06 AM To: Cameron Daniel Cc: nanog@nanog.org Subject: Re: looking glass for Level 3 Same here. http://lg.level3.net has been down for over a week for me. I know someone in operations I can open a ticket with. On Fri, Dec 28, 2012 at 5:18 AM, Cameron Daniel cdan...@nurve.com.au wrote: I've had issues getting to it for a week or so. Their NOC was unresponsive when queried. On 2012-12-28 8:23 pm, Peter Ehiwe wrote: I normally use the 3rd one you mentioned but they seem to be down at the moment. Rgds Peter, Sent from my Asus Transformer Pad On Dec 28, 2012 1:51 AM, Tassos Chatzithomaoglou ach...@forthnetgroup.gr wrote: Anyone have any looking glass for Level 3? The following seem not to be working http://www.level3.com/**LookingGlass/http://www.level3.com/LookingG lass/ http://lg.level3.net/bgp/bgp.**cgi http://lg.level3.net/bgp/bgp.cgi http://lookingglass.level3.**net/ http://lookingglass.level3.net/ -- Tassos
Re: AS 1668 BGP contact - possible prefix hijacking
Big thanks to several folks for their help yesterday: AS 1668 for contacting me off list and the conducting a very thorough review of the routes in questions AS 4323, AS 19151 for verifying routes were received and advertised as expected routeviews.org for verifying the routes received from AS 13703 were suspect AS 13703 for isolating the issue and fixing it NANOG is a great community and I hope to see y'all in NOLA next year. -Ben AS 32440 On Tue, Nov 6, 2012 at 8:02 AM, Ben Bartsch uwcable...@gmail.com wrote: Hi: Is there anyone here who can help us with a possible prefix hijacking situation through ATDN? Please contact me off list if you (or you know somebody) that can help us. I've tried the ATDN NOC and Vikas, but they have been no help whatsoever. The hijacked prefix appears to be sent to AS 1668, then propagated from there. Thanks. Ben AS 32440
Re: Indonesian ISP Moratel announces Google's prefixes
http://bgplay.routeviews.org/bgplay/ gives a good idea of what happened On Wed, Nov 7, 2012 at 12:44 PM, Eric Osterweil eosterw...@verisign.comwrote: As for the, ``what is a leak'' question, a few of us just put a draft together to describe it, in the IETF: http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-02 Eric On Nov 7, 2012, at 12:21 AM, Jian Gu wrote: I don't know what Google and Moratel's peering agreement, but leak? educate me, Google is announcing /24 for all of their 4 NS prefix and 8.8.8.0/24 for their public DNS server, how did Moratel leak those routes to Internet? snip
AS 1668 BGP contact - possible prefix hijacking
Hi: Is there anyone here who can help us with a possible prefix hijacking situation through ATDN? Please contact me off list if you (or you know somebody) that can help us. I've tried the ATDN NOC and Vikas, but they have been no help whatsoever. The hijacked prefix appears to be sent to AS 1668, then propagated from there. Thanks. Ben AS 32440
Re: 100.100.0.0/24
use this: http://www.team-cymru.org/Services/Bogons/bgp.html On Fri, Oct 5, 2012 at 10:18 AM, Jared Mauch ja...@puck.nether.net wrote: On Oct 5, 2012, at 11:07 AM, Christopher Morrow wrote: On Fri, Oct 5, 2012 at 8:29 AM, joel jaeggli joe...@bogus.com wrote: by all accounts this has been advertised since 8/24. space allocated: 2012-03-13 that's 5 months and 11 days too long. I suspect not everyone has updated their 'bogon' filters. I found a very minor gap in our filters, we are working on correcting it. - Jared
Re: guys != gender neutral
y'all youse ye do not use 'gals'.i've been told that is offensive here in the south (i'm a yankee transplant) On Thu, Sep 27, 2012 at 2:52 PM, Kevin Carmical kev...@uca.edu wrote: So say we all. Kevin Carmical Network Support UCA BBA 107 501-450-3107 deles...@gmail.com 9/27/2012 1:52 PM Maybe one of the folks here there aren't laywers but likes to give legal advice, that covers the use of male language to be for shortness in responses and no way indicate gender bias so we can all get back to talking about network :( Sent from my BlackBerry device on the Rogers Wireless Network -Original Message- From: JC Dill jcdill.li...@gmail.com Date: Thu, 27 Sep 2012 11:36:03 To: nanog@nanog.org Subject: Re: guys != gender neutral On 27/09/12 11:10 AM, Jo Rhett wrote: Or when actually referring to persons of mixed gender, here's a quote from something I posted in a private forum (my own journal) which is safe for export: Because frankly, we're all in this together and honestly everyone loves the competition. The guys I race with often come find me afterwards and tell me where they got past me, or ask me how I kept passing them. The really fast girls rarely want more than a beer to go out on the track and give you a detailed breakdown on what you are doing wrong. We all help each other. In this situation I'm leaving it up the reader to grasp that I'm not saying that the girls are all faster than the boys, but I believe it's understood in context as the topic was about how peers help each other out. It's NOT helping to equivocate guys and girls! Guys and gals = equivalent Boys and girls = equivalent Guys and girls != equivalent All the TV shows that refer to female contestants as girls are not helping when they (universally) refer to the males as guys. Unless you refer to the male contestants (on TV) or team members (at work) as boys you shouldn't be using the word girls to refer to the females. I really wish that english had better pronouns for this. I really wish folks would dig a bit deeper into the thesaurus to find appropriate words. One can use a variety of gender neutral words with some simple re-writing. Remember, it's perfectly OK to employ singular they as well. http://en.wikipedia.org/wiki/Singular_they jc
TWTC BGP IPv6 /40 prefix
I am trying to add a /40 prefix to be accepted by a couple of TWTC circuits we have in Louisiana (Shreveport and Baton Rouge). My only options available are /32, /48, /56, /64 in the web portal. Is there somebody from TWTC that could contact me off list? Thanks. -bb
Re: MTU mismatch on one link
mturoute.exe works great http://www.elifulkerson.com/projects/mturoute.php On Fri, Aug 31, 2012 at 9:47 AM, Justin M. Streiner strei...@cluebyfour.org wrote: On Fri, 31 Aug 2012, Andrew K. wrote: Besides routing protocol convergence is there any service issues with running mismatched MTU? Assuming the packet flow does not exceed the smallest MTU value. Not really, but given the bursty nature of IP traffic, that's a very dubious assumption. In other words, you _can_ do it, but it's not a good idea, and can end up making lots of extra headaches for you/whoever supports this setup. jms
Re: Verizon's New Repair Method: Plastic Garbage Bags
Temporary Fix + It Works = Permanent Fix On Mon, Aug 20, 2012 at 2:25 PM, Pedersen, Sean sean.peder...@usairways.com wrote: What's the bubble-wrap for? Protection in case of bird collision? Looks like they borrowed from Qwest's repair manual. We have a lot of pedestals around the city that are covered in Hefty bags. Granted, we're in Phoenix, and there isn't much here that is prepared for rain since we don't get a lot of it. -Original Message- From: Eric Wieling [mailto:ewiel...@nyigc.com] Sent: Monday, August 20, 2012 12:10 PM To: nanog@nanog.org Subject: Verizon's New Repair Method: Plastic Garbage Bags For a while we have had a customer with some lines which go down every time it rains. We put in the trouble ticket, a couple of days later Verizon says the issue is resolved...until the next time it rains. The customer sent us some pictures today of the pole outside their office. The repair appears to be wrapping some plastic bags around something up on the pole. Here is link to the pictures the customer sent us, in case anyone in the mood for a good scare. http://rock.nyigc.net/verizon/
Juniper advertises ::/0 Cisco hears ::/3
This one is very strange... Has anyone seen this behavior with BGP IPv6 between Juniper (owned by Level 3, advertising routes correctly, sending default ::/0) and Cisco (6509 running 12.2.58.SXI6 advipservices, receiving all routes fine except default, hearing ::/3)? I worked with Level 3 and they confirmed they are sending ::/0 as default: show route advertising-protocol bgp 2001:1900:2100::XXX inet6.0: 11139 destinations, 43712 routes (11135 active, 0 holddown, 7 hidden) Prefix Nexthop MED LclprefAS path * ::/0SelfI We see a ::/3: XXX#sh ip bgp ipv6 uni neigh 2001:1900:2100::XXX received-r BGP table version is 497237119, local router ID is XXX.XX.XX. Status codes: s suppressed, d damped, h history, * valid, best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * ::/3 2001:1900:2100::XXX 0 3356 i I opened a TAC case and they had me run some IPv6 BGP detailed debugging which confirmed we are receiving a ::/3 *May* *11* *18:01:07* *XXX* *67205:* *May* *11* *18:01:05.701* *CDT: * *BGP*(*1*)*:* *process* *::/3*, *next* *hop* *2001:1900:2100::XXX* (* FE80:::::*), *metric* *0* *from* *2001:1900:2100::XXX* Cisco's next step is for us to Wireshark the interface. I have requested Level 3 engage Juniper TAC, but am not expecting them to come up with anything since they already confirmed they are sending ::/0. We have a second connection to Level 3 that is Cisco - Cisco and it is working fine. My gut says this is one of those Juniper - Cisco communications issues, but I need proof. I am just curious if anyone has seen this type of behavior. Have a great weekend. -Ben
Re: Network diagram app that shows realtime link utilizatin
on intermapper, simply right click the link, select 'status window' and you will get all kinds of nice info. be sure to use the bandwidth command on the interface if you are not using the default 10/100/1000/10gig. also, the links turn yellow and orange as the line becomes more saturated (and the 'ants' get bigger/smaller as utilization goes up and down). only thing i don't like about intermapper is that vlans and physical interfaces are separate from each other. and their tech support blows. ben On Tue, May 1, 2012 at 1:02 PM, Joel jaeggli joe...@bogus.com wrote: we use cacti weathermap plugin, though obviously realtime has a dependency on your sample interval. I'm presuming your definition thereof isn't instantaneous monitoring of queue depth. On 5/1/12 10:49 , Hank Disuko wrote: Thanks, I'll see if I can pull the correct OID and try it with the Dude again. Also, thanks to everyone who has responded. I realize the term realtime is subjective - I'm looking for near-realtime...maybe a 30 second interval. I've been playing around with Intermapper for about 30 minutes now...i like this tool, but would like to see bitrates represented on the map as opposed to the crawling ants. clicking around to see if kind of view is available... thanks again folks. Good example, in my case anyway, of NANOG outperforming Google (or at least my crappy attempts at google search terms). -Hank Date: Tue, 1 May 2012 13:22:35 -0400 From: sr...@nwwnet.net To: gourmetci...@hotmail.com Subject: Re: Network diagram app that shows realtime link utilizatin I monitor non-MT devices with the Dude. As long as you know the OID, it works just fine. On 5/1/2012 12:41 PM, Hank Disuko wrote: Hi folks, I wonder if anyone can recommend a network diagram tool that can show realtime link utilization via snmp? Mikrotik's The Dude app actually does exactly what I'm looking for, but the snmp support for non-RouterOS devices seems to be lacking, as it simply won't enumerate my switch interfaces in order to capture utilization. I've downloaded several trial tools (WhatsUp, NetCure, Solarwinds LANsurveyor etc.) but they don't serve this very basic need of mine to see the realtime link util in the diagram. Thanks, Hank Disuko - No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.1913 / Virus Database: 2411/4971 - Release Date: 05/01/12 -- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified www.nwwnet.net (765) 855-1060 (765) 439-4253 (855) 231-6239