Hi Fooler and Dan, I am now trying my luck in configuring Netscreen 25 as BGP only. I am not using any of its features since this is what I need for now. Will keep you posted once successful or not.
Thanks! On Fri, Jul 8, 2011 at 5:39 AM, <[email protected]> wrote: > Send PLUG mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.linux.org.ph/mailman/listinfo/plug > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of PLUG digest..." > > > Today's Topics: > > 1. Software routers and VIX and BGP (Dan Sweeney) > 2. Re: NTP alias migration (philip morales) > 3. Re: NTP alias migration (philip morales) > 4. Re: NTP alias migration (fooler mail) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 8 Jul 2011 00:55:24 +0800 > From: Dan Sweeney <[email protected]> > Subject: [plug] Software routers and VIX and BGP > To: "Philippine Linux Users' Group \(PLUG\) Technical Discussion List" > <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > Again. this thread should move to PHNOG. > > Ahh but... > > Most of Cisco IOS is developed on VXR 7200 NG-1 and NG-2 platforms.. and > those are basically an intel boxes (software routers).. > > I run two 7200's doing some heavy duty lifting BGP wise and CPU utilization > averages less than 4% (Full feeds, metric buttload of community strings, > route-maps and some nifty pearl scripts). > > Even though the NG-1's and NG-2'a are dual and quad core boxes Cisco in > their benevolence has not implemented code for using any secondary cores.. > Might as well be a Pentium. > > And in Marlon's situation or anybodys installed in Vitro you basically have > three links.. > > eth0 goes thru packeteer to either Samuel or Judges (layer two switches) > and from there too Igate - > PLDT - > the world.. > > eth1 goes to VIX and out to > VIX Peers > > VIX peers include Globe, Digitel, ETPI, IPVG, Bayantel, SkyInternet, > Tri-Isys, Comclark, Subic Tel etc etc etc > > eth2 goes to your stuff in the racks at Vitro > > Since Vitro controls "who" can connect to you in their data center the > option of peering with anybody directly is NOT really an option. > > So the maximum prefixes you might see could top at about 2000 or so.. > > No real need for high performance CEF hardware.. > > Go figure.. > > Do good stuff > Dan > > On Jul 7, 2011, at 11:49 PM, fooler mail wrote: > > > just do note that real routers have dedicated hardware for fast > > routing and forwarding (feg. data plane in cisco)... you will see the > > difference between software based router versus to hardware based > > router for routing and forwarding speed and latency... > > > > ASN 56xxx is a public ASN as private ASN range from 64512 to 65535... > > > > dont put all your eggs into one basket... in your case.. your > > netscreen 25 is rich in features but dont use all the features in > > there including BGP... you overloaded your hardware due to its limited > > processing power and resources... > > > > you need a separate license (advance software license aside from > > baseline software license) to activate BGP in netscreen 25... > > > > as hosting provider.. you have to invest good hardware... > > > > fooler. > > > > > > On Tue, Jul 5, 2011 at 1:12 PM, Marlon Guzman <[email protected]> > wrote: > >> Hi Jan, > >> I have read quagga and thinking of using it but am afraid I have no idea > in > >> setting up. I have a spare 1U that I can use for quagga. Will you be > able to > >> help me with this? > >> Our ASN is 56xxx so I think this is a public ASN. > >> Hope to hear from you the soones possible. > >> Thanks! > >> > >> On Tue, Jul 5, 2011 at 12:00 PM, <[email protected]> > wrote: > >>> > >>> Send PLUG mailing list submissions to > >>> [email protected] > >>> > >>> To subscribe or unsubscribe via the World Wide Web, visit > >>> http://lists.linux.org.ph/mailman/listinfo/plug > >>> or, via email, send a message with subject or body 'help' to > >>> [email protected] > >>> > >>> You can reach the person managing the list at > >>> [email protected] > >>> > >>> When replying, please edit your Subject line so it is more specific > >>> than "Re: Contents of PLUG digest..." > >>> > >>> > >>> Today's Topics: > >>> > >>> 1. Re: BGP (Jan Amcil Chaves) > >>> 2. Re: favorite open source netflow analysis software? (Zak Elep) > >>> > >>> > >>> ---------------------------------------------------------------------- > >>> > >>> Message: 1 > >>> Date: Mon, 4 Jul 2011 12:01:05 +0800 > >>> From: Jan Amcil Chaves <[email protected]> > >>> Subject: Re: [plug] BGP > >>> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > >>> <[email protected]> > >>> Message-ID: > >>> > >>> <CAAeaCeW6k2aaj3sL1Q36pbkT1rPbcfeNOpNTM=a5dev3wbz...@mail.gmail.com> > >>> Content-Type: text/plain; charset="iso-8859-1" > >>> > >>> Hi Marlon, > >>> > >>> Sorry it took a while to reply, I was busy with a couple of storage > >>> migrations over the weekend. > >>> > >>> I think the guys have made some excellent suggestions in this thread. > I'd > >>> like to add a couple more: > >>> > >>> 1. I don't think the NetScreen 25 can handle the full routing tables > >>> (believe me, I've tried on an appliance with similar specs) so this may > >>> pose > >>> a problem if you plan on receiving all prefixes from your ISP, or plan > on > >>> peering with multiple ISPs. > >>> > >>> 1.1. If you have one, use a "real" router. If you have an old Cisco > 2xxx > >>> or 3xxx lying around, you can beef it up a bit with more RAM and serial > >>> modules and you should be good. > >>> > >>> 1.2. A good alternative to "real" routers would be to use a good Linux > >>> box > >>> and run quagga on it. I've personally implemented this for AS9254 and > it > >>> works well enough. The nice thing is you can do all sorts of cool > stuff > >>> (e.g. HA failover, tcpdump, ntop, snort, etc. etc.). The only caveat > is > >>> you > >>> will have trouble with the traditional v.35 serial modems that telcos > use. > >>> The easiest way would be to have them supply Ethernet-capable CPEs or > get > >>> a > >>> smallish router (e.g. Cisco 16xx/17xx/18xx) to route between your Linux > >>> router and the telco modem. > >>> > >>> > >>> I'm just curious but did you get a "real" AS number or a "private" one? > >>> Private AS numbers are in the range 64512 through 65534. > >>> > >>> > >>> Kind regards, > >>> jan > >>> > >>> > >>> > >>> On Sun, Jul 3, 2011 at 6:43 AM, Marlon Guzman > >>> <[email protected]>wrote: > >>> > >>>> Hi Jan, > >>>> > >>>> I am not sure how to start. We are setting up a dedicated local > >>>> bandwidth > >>>> from ePLDT which is their VIX. Part of that, you need to get your own > >>>> ASN > >>>> and a BGP capable router/switch. > >>>> > >>>> We now have an ASN courtesy of ePLDT for our dedicated 100mbps VIX and > >>>> Juniper NetScreen 25 which is a Firewall/Router capable of BGP. Though > >>>> ePLDT > >>>> hasn't given us the next step of the implementation. I need some > >>>> assistance > >>>> in creating BGP instances for our setup. Our client needs peering with > >>>> PLDT > >>>> DSL users and since the shared VIX of ePLDT doesn't have one, the only > >>>> way > >>>> is to get a dedicated VIX so that PLDT will allow peering with PLDT > DSL > >>>> users. > >>>> > >>>> Thanks! > >>>> > >>>> > >>> -------------- next part -------------- > >>> An HTML attachment was scrubbed... > >>> URL: > >>> > http://lists.linux.org.ph/mailman/private/plug/attachments/20110704/51d9e332/attachment.html > >>> > >>> ------------------------------ > >>> > >>> Message: 2 > >>> Date: Mon, 4 Jul 2011 14:03:30 +0800 > >>> From: Zak Elep <[email protected]> > >>> Subject: Re: [plug] favorite open source netflow analysis software? > >>> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > >>> <[email protected]> > >>> Message-ID: > >>> > >>> <CAMOAmLxc-NzMmvvY1b=kpphxh0nHTL6-wYsEDQBM=yj06hn...@mail.gmail.com> > >>> Content-Type: text/plain; charset=UTF-8 > >>> > >>> On Sun, Jul 3, 2011 at 9:28 PM, Dan Sweeney <[email protected]> > wrote: > >>>> Anybody out there clueful as to whats the best, most current, least > >>>> flawed build ? > >>>> > >>>> Debian? > >>>> FreeBSD? > >>>> Redhat? > >>>> and ugh.. Centos ? > >>> > >>> Not in the list above, but there's the pflow(4) device in OpenBSD. > >>> > >>> http://www.undeadly.org/cgi?action=article&sid=20080909151202 > >>> > >>> -- > >>> Zak B. Elep? ||? zakame.net > >>> 1486 7957 454D E529 E4F1? F75E 5787 B1FD FA53 851D > >>> > >>> > >>> ------------------------------ > >>> > >>> _________________________________________________ > >>> Philippine Linux Users' Group (PLUG) Mailing List > >>> http://lists.linux.org.ph/mailman/listinfo/plug > >>> Searchable Archives: http://archives.free.net.ph > >>> > >>> End of PLUG Digest, Vol 76, Issue 12 > >>> ************************************ > >> > >> > >> > >> -- > >> Marlon D. Guzman > >> Solid Hosting > >> Systems Administrator > >> 24/7 Support Hotline: 632.937.4091 and 632.697.5450 > >> Smart: 0908.876.0226 > >> Globe: 0915.205.4922 > >> Sun: 0922.885.1362 > >> > >> _________________________________________________ > >> Philippine Linux Users' Group (PLUG) Mailing List > >> http://lists.linux.org.ph/mailman/listinfo/plug > >> Searchable Archives: http://archives.free.net.ph > >> > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > > > > ------------------------------ > > Message: 2 > Date: Fri, 8 Jul 2011 02:04:46 +0800 > From: philip morales <[email protected]> > Subject: Re: [plug] NTP alias migration > To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > <[email protected]> > Message-ID: > <ca+pcu3dty0fm3cyfomq17txza4tiivtyiqjkfu6r_qms+yg...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > thanks mate. Ive done automated installation across the fleet before but > it > went a lot of technical and process approvals before transition. This > migration could encounter the same thing. It seems there is really no other > way but do automated restart. > Im not sure about running 3 old and 3 new ntp servers in parallel cause I > may need to modify clients ntp.conf to add new ntp servers? > > > On Thu, Jul 7, 2011 at 10:19 PM, andrelst <[email protected]> wrote: > > > Greek, > > I think you are referring to TZ or zoneinfo on Solaris and Linux. And > yes, > > Solaris needs a reboot since TZ information is stored in memory and > Linux, > > specifically RHEL, you just run redhat-config-date... no restart needed. > > > > Philip, > > Last time i look at the NTP code, it does a simple call to get the FQDN > > first ip address (if there are multiple IP to 1 FQDN) and does not even > > bother checking or obey DNS TTL which is I think you are hoping to > achieve. > > these means no choice but to restart the NTP daemon, which is not a big > > deal. > > > > As you mention 2000 servers, would be very conservative in changing the > > aliases on the fly, as variations on each servers for /etc/hosts, > > resolv.conf and nsswitch.conf can pretty much guarantee outages. And > because > > of the variations, it's not certified that new ip address of the aliases > > will be picked up. Example, ntp1 has a specific ip address on > /etc/hosts. > > > > Personally, would add server ntp1..6. where you have 3 old NTP and 3 new > > NTP running in parallel and do a restart on the NTP daemon. These > guarantee > > 100% no outage, as you just fix the issues in your leisure time even in > > PROD. > > > > regards, > > Andre | http://www.varon.ca > > > > > > On Thu, Jul 7, 2011 at 5:16 AM, Greek Ordono <[email protected]> wrote: > > > > For Solaris 8/9/10 requires restart and Redhat/Linux reload/SIGHUP > > works:P > > > > -- > > Greek Ordono > > vmlinuz|genunix|vmkernel admin > > myppa: launchpad.net/~grexk/+archive/ppa > > From: philip morales <[email protected]> > > To: [email protected] > > Sent: Thursday, July 7, 2011 4:22:42 PM > > Subject: [plug] NTP alias migration > > im into migrating very old ntp servers by migrating their aliases > into > > the new ntp servers. ntp.conf of the clients just points to aliases > > let say > > server ntp1 > > server ntp2 > > server ntp3 > > Im simulating how long will it take for the clients to pickup the new > > ntp servers hostname but my tests using solaris 10 an rhel 5.6. show > clients > > are still pointing to old ntp servers even if I have migrated aliases but > > nslookup is ok on all clients. > > > > But when I restarted ntpd on the client of course they immediately > > showed the correct new ntp servers. > > > > But its not a good idea to restart ntpd on clients across the fleet. > Is > > there a way to make clients discover new ntp servers without restarting > > their deamon? > > > > Thanks! > > > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > > > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.linux.org.ph/mailman/private/plug/attachments/20110708/34e1b105/attachment.htm > > ------------------------------ > > Message: 3 > Date: Fri, 8 Jul 2011 02:08:03 +0800 > From: philip morales <[email protected]> > Subject: Re: [plug] NTP alias migration > To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > <[email protected]> > Message-ID: > <ca+pcu3fu2pup99-kwk8sz3kcjxjjy9ya99jajjiggqeh13v...@mail.gmail.com > > > Content-Type: text/plain; charset="iso-8859-1" > > thanks fooler well explained. Im convinced. will create script to automate > restart. > > On Thu, Jul 7, 2011 at 11:21 PM, fooler mail <[email protected]> > wrote: > > > On Thu, Jul 7, 2011 at 6:18 PM, philip morales <[email protected]> > > wrote: > > > But is there a way to force ntp to re-discover new host without > > restarting? > > > I have more than 2000 unix servers global. > > > > nope... application normally called gethostbyname(3) to get the IP > > address of hostname pass to that function call... it just return IP > > address(es) without TTL value... once got the IP address... it creates > > a socket and return a filedescriptor.. that filedescriptor is used for > > connection with IP address it got from gethostbyname... > > > > for continous communication using the same filedescriptor and the IP > > address it got.. it will never call gethostbyname(3) again... normally > > programmers do that not to call gethostbyname again by assumption that > > hostname IP addresss is fixed... unless otherwise they need to call it > > again for a given reason... > > > > only to do it is to restart that NTPd process again... > > > > restarting wont cause a downtime and not even affected your host's > > clock... your only problem is that you have 2000 servers globally... > > way to do it is to create a script and automate it for you... > > otherwise... condition yourself and prepare for a long battle doing > > the manual way :-> > > > > fooler. > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://lists.linux.org.ph/mailman/private/plug/attachments/20110708/a356ac79/attachment.htm > > ------------------------------ > > Message: 4 > Date: Fri, 8 Jul 2011 05:39:34 +0800 > From: fooler mail <[email protected]> > Subject: Re: [plug] NTP alias migration > To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > <[email protected]> > Message-ID: > <CAKPk3KRY=7xzak2j0s39s6x3o87evyucqpszhlmamfp3lco...@mail.gmail.com > > > Content-Type: text/plain; charset=ISO-8859-1 > > On Fri, Jul 8, 2011 at 2:04 AM, philip morales <[email protected]> > wrote: > > thanks mate. Ive done automated installation across the fleet before but > it > > went a lot of technical and process approvals before transition. This > > migration could encounter the same thing. It seems there is really no > other > > way but do automated restart. > > Im not sure about running 3 old and 3 new ntp servers in parallel cause I > > may need to modify clients ntp.conf to add new ntp servers? > > doing that you you leave 3 non-workable old ntp servers and you need > another round of 2000 servers cleaning up... > > as i said... restarting your ntpd process wont cause downtime and wont > affect even your host's clock... > > just proceed to restart and you will be fine... man ntpd as it > explains there how ntpd process update your host clock and its polling > interval... > > fooler. > > > ------------------------------ > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > > End of PLUG Digest, Vol 76, Issue 17 > ************************************ > -- Marlon D. Guzman Solid Hosting <http://www.solidhosting.ph> Systems Administrator 24/7 Support Hotline: 632.937.4091 and 632.697.5450 Smart: 0908.876.0226 Globe: 0915.205.4922 Sun: 0922.885.1362
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
