Re: DPDK and energy efficiency

2021-03-05 Thread Brian Knight via NANOG
On 2021-03-05 15:40, Eric Kuhnke wrote: For comparison purposes, I'm curious about the difference in wattage results between: a) Your R640 at 420W running DPDK b) The same R640 hardware temporarily booted from a Ubuntu server live USB, in which some common CPU stress and memory disk/IO

Re: DPDK and energy efficiency

2021-03-05 Thread Brian Knight via NANOG
On 2021-03-05 12:22, Etienne-Victor Depasquale wrote: Sure, here goes: https://www.surveymonkey.com/results/SM-BJ9FCT6K9/ Thanks for sharing these results. We run DPDK workloads (Cisco nee Viptela vEdge Cloud) on ESXI. Fwiw, a quick survey of a few of our Dell R640s running mostly vEdge

Re: Famous operational issues

2021-02-18 Thread Brian Knight via NANOG
On 2021-02-17 13:28, John Kristoff wrote: On Wed, 17 Feb 2021 14:07:54 -0500 John Curran wrote: I have no idea what outages were most memorable for others, but the Stanford transfer switch explosion in October 1996 resulted in a much of the Internet in the Bay Area simply not being reachable

Re: Ingress filtering on transits, peers, and IX ports

2020-11-20 Thread Brian Knight via NANOG
As a final update to this thread, we started blocking spoofed and invalid traffic as of early Thursday morning Nov 19th. So far, knock on wood, no reports of issues from our customer base. In addition, I've been able to verify with the security research team's test tool that we are no longer

Re: Ingress filtering on transits, peers, and IX ports

2020-10-22 Thread Brian Knight via NANOG
Randy, thank you for the reminder to look also at what services (L4 ports) should be generally blocked. As I was implementing a similar rule for logging purposes, I discovered an oddity with $VENDOR_C_XR ACLs. I created the following: object-group port TCPUDP-BLOCKED eq 0 eq sunrpc eq

Re: Ingress filtering on transits, peers, and IX ports

2020-10-19 Thread Brian Knight via NANOG
fe00::/9 fec0::/10 exit Thanks, -Brian On 2020-10-14 17:43, Brian Knight wrote: So I have put together what I think is a reasonable and complete ACL. From my time in the enterprise world, I know that a good ingress ACL filters out traffic sourcing from: * Bogon blocks, like 0.0.0.0/8

Re: Ingress filtering on transits, peers, and IX ports

2020-10-14 Thread Brian Knight via NANOG
CL. I think that's good for an enterprise network, but as an SP, I'm very hesitant to include this. Is this included in anyone else's transit / peer / IX ACL? Is there anything else that I'm not thinking of? Thanks, -Brian On 2020-10-14 09:25, Brian Knight via NANOG wrote: Hi Marcos, T

Re: Ingress filtering on transits, peers, and IX ports

2020-10-14 Thread Brian Knight via NANOG
o DoS a single /32 endpoint IP > being targeted, as in common online gaming disputes? > > What volume of pps or Mbps would appear as spurious traffic as a result of > this attack? > > On Tue, Oct 13, 2020 at 3:14 PM Brian Knight via NANOG > wrote: > >> We recently

Re: Ingress filtering on transits, peers, and IX ports

2020-10-14 Thread Brian Knight via NANOG
-bcp.pdf Regards. El mar., 13 oct. 2020 a las 19:52, Brian Knight via NANOG () escribió: Hi Mel, My understanding of uRPF is: * Strict mode will permit a packet only if there is a route for the source IP in the RIB, and that route points to the interface where the packet was received * Loose

Re: Ingress filtering on transits, peers, and IX ports

2020-10-13 Thread Brian Knight via NANOG
per: > > https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-unicast-rpf.html > > > -mel beckman > >> On Oct 13, 2020, at 3:15 PM, Brian Knight via NANOG wrote: > >> We recently received an email notice from a grou

Ingress filtering on transits, peers, and IX ports

2020-10-13 Thread Brian Knight via NANOG
We recently received an email notice from a group of security researchers who are looking at the feasibility of attacks using spoofed traffic. Their methodology, in broad strokes, was to send traffic to our DNS servers with a source IP that looked like it came from our network. Their attacks

Re: Backup over 4G/LTE

2020-01-30 Thread Brian Knight
In the past couple of years, we deployed CradlePoint IBR650's and IBR600's (with and without wifi respectively). It's a configurable mini-router that can also accept wired access. There is an on-board SIM slot. Downside is that the unit is a bit expensive as a CPE. Lately we have been

Re: RIPE our of IPv4

2019-11-30 Thread Brian Knight
ucceed, really. But the global end game picture looks more and more bleak to me. > > Frankly, I'm surprised anti-IPv6 people still have employment. > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > Midwest-IX > http:/

Re: RIPE our of IPv4

2019-11-29 Thread Brian Knight
> On Nov 27, 2019, at 4:04 PM, Mark Andrews wrote: > >  > >> On 28 Nov 2019, at 06:08, Brian Knight wrote: >> >>> On 2019-11-26 17:11, Ca By wrote: >>> On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha >>> wrote: >>>> - On

Re: RIPE our of IPv4

2019-11-27 Thread Brian Knight
>> On Nov 27, 2019, at 2:54 PM, Brandon Butterworth >> wrote: >> >> On Wed Nov 27, 2019 at 01:08:04PM -0600, Brian Knight wrote: >> None of which matters a damn to almost all of my business eyeball >> customers. They can still get from our networ

Re: RIPE our of IPv4

2019-11-27 Thread Brian Knight
On 2019-11-26 17:11, Ca By wrote: On Tue, Nov 26, 2019 at 12:15 AM Sabri Berisha wrote: - On Nov 26, 2019, at 1:36 AM, Doug Barton do...@dougbarton.us wrote: [snip] there is no ROI at this point. In this kind of environment there needs to be a strong case to invest the capex to

Re: QoS for Office365

2019-07-09 Thread Brian Knight
> On Jul 9, 2019, at 9:19 AM, Mark Tinka wrote: > > > >> On 9/Jul/19 16:18, Ross Tajvar wrote: >> I think the difficulty lies in appropriately marking the traffic. Like >> Joe said, the IPs are always changing. > > Does anyone know if they are reasonably static in an Express Route scenario?

Re: Multicast traffic % in enterprise network ?

2018-08-08 Thread Brian Knight
On 2018-08-08 13:49, Mankamana Mishra (mankamis) via NANOG wrote: Hi Every one, Recently we had good discussion over multicast uses in public internet. From discussion, it was pointed out uses of multicast is more with in enterprise. Wanted to understand how much % multicast traffic present in

Re: 60 Hudson Woes

2018-02-17 Thread Brian Knight
As the engineer working on that Cisco / IBM issue Erik mentioned... ;) I was able to get walk-up, same-day access to the building for myself a few weeks ago (as a customer of DR) and didn’t get my hand slapped for it. DR just created the access ticket with the building and that was enough. It

Re: improving signal to noise ratio from centralized network syslogs

2018-02-05 Thread Brian Knight
On 2018-02-03 15:49, Scott Weeks wrote: Then, you can watch your network in real time like so (below is all one line): tail -f /var/log/router.log /var/log/switch.log | egrep -vi 'term1|term2|termN' 'egrep -v' takes out all the lines you don't want to see while the syslog messages scroll

Re: Templating/automating configuration

2017-06-07 Thread Brian Knight
On Wed, 07 Jun 2017 04:23:33 -0500 t...@pelican.org wrote Hi Brian, On Tuesday, 6 June, 2017 21:48, "Brian Knight" m...@knight-networks.com said: Because we had different sources of truth which were written in-house, we wound up rolling our own template engine

Re: Templating/automating configuration

2017-06-06 Thread Brian Knight
Because we had different sources of truth which were written in-house, we wound up rolling our own template engine in Python. It took about 3 weeks to write the engine and adapt existing templates. Given a circuit ID, it generates the full config for copy and paste into a terminal session. It

Re: DHCPv6 PD & Routing Questions

2015-11-25 Thread Brian Knight
On Tue, Nov 24, 2015 at 6:34 PM, Baldur Norddahl wrote: > > DHCPv6-PD allows multiple PD requests. But did anyone actually implement > that? I am not aware of any device that will hand out sub delegations on > one interface, notice that it is out of address space and