Re: Shaping on a large scale

[Nuno Vieira - nfsi telecom]

Check Ipoque solutions.

http://www.ipoque.com/

regards,
---
Nuno Vieira
nfsi telecom, lda.

nuno.vie...@nfsi.pt
Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301
http://www.nfsi.pt/



- "Bruce Grobler"  wrote:

> Hi,
> 
> Does anyone know of  any Shaping appliances to shape customers based
> on 
> IP, allow for a quota per IP and qos mechanisms like LLQ?,  This is 
> should be something that can sit in between two border router's and 
> support a small ISP (2 customers), also an opensource solution
> would 
> be great!
> 
> Regards,
> 
> Bruce

BGP Update Report

[cidr-report]

BGP Update Report
Interval: 29-Dec-08 -to- 29-Jan-09 (32 days)
Observation Point: BGP Peering with AS131072

TOP 20 Unstable Origin AS
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS764388011  1.2% 146.2 -- VNN-AS-AP Vietnam Posts and 
Telecommunications (VNPT)
 2 - AS958384992  1.2%  57.3 -- SIFY-AS-IN Sify Limited
 3 - AS432369146  0.9%  16.1 -- TWTC - tw telecom holdings, inc.
 4 - AS638968757  0.9%  15.6 -- BELLSOUTH-NET-BLK - 
BellSouth.net Inc.
 5 - AS662952216  0.7% 791.2 -- NOAA-AS - NOAA
 6 - AS209 51988  0.7%  18.0 -- ASN-QWEST - Qwest 
Communications Corporation
 7 - AS35805   50222  0.7% 141.1 -- UTG-AS United Telecom AS
 8 - AS20115   43116  0.6%  20.4 -- CHARTER-NET-HKY-NC - Charter 
Communications
 9 - AS815139308  0.5%  26.3 -- Uninet S.A. de C.V.
10 - AS178536937  0.5%  20.0 -- AS-PAETEC-NET - PaeTec 
Communications, Inc.
11 - AS17974   35121  0.5%  70.5 -- TELKOMNET-AS2-AP PT 
Telekomunikasi Indonesia
12 - AS17488   34805  0.5%  23.0 -- HATHWAY-NET-AP Hathway IP Over 
Cable Internet
13 - AS982933611  0.5%  39.6 -- BSNL-NIB National Internet 
Backbone
14 - AS701828934  0.4%  19.5 -- ATT-INTERNET4 - AT&T WorldNet 
Services
15 - AS238627997  0.4%  17.3 -- INS-AS - AT&T Data 
Communications Services
16 - AS14420   27808  0.4% 112.6 -- ANDINATEL S.A.
17 - AS476627066  0.4%  15.1 -- KIXS-AS-KR Korea Telecom
18 - AS645827005  0.4%  55.6 -- Telgua
19 - AS21433   25762  0.4% 196.7 -- ACCENTUREFSSC Accenture London 
Delivery Centre
20 - AS24863   25397  0.3%  40.9 -- LINKdotNET-AS


TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS302876015  0.1%6015.0 -- ALON-USA - ALON USA, LP
 2 - AS481294829  0.1%4829.0 -- IRBIS-TELECOMMUNICATIONS-AS 
IRBIS Telecommunications Ltd.
 3 - AS30306   18237  0.2%3647.4 -- AfOL-Sz-AS
 4 - AS327533180  0.0%3180.0 -- GLOBEOP-FINANCIAL-SERVICES-NYC1 
- GlobeOp Financial Services
 5 - AS12500   12180  0.2%3045.0 -- RCS-AS RCS Autonomus System
 6 - AS30969   24339  0.3%3042.4 -- TAN-NET TransAfrica Networks
 7 - AS239172792  0.0%2792.0 -- BRIBIE-NET-AS-AP Bribie Island 
Net Multihomed, Brisbane
 8 - AS281947093  0.1%2364.3 -- 
 9 - AS190171990  0.0%1990.0 -- QUALCOMM-QWBS-LV - Qualcomm, 
Inc.
10 - AS32398   13362  0.2%1670.2 -- REALNET-ASN-1
11 - AS451221572  0.0%1572.0 -- JASPACE-AS-ID-AP PT. JASPACE NET
12 - AS410074615  0.1%1538.3 -- CTCASTANA CTC ASTANA, KZ
13 - AS108066138  0.1%1534.5 -- AFP-NET - AGENCE FRANCE PRESSE
14 - AS24228   10091  0.1%1441.6 -- BARNETWORK-AP BarNetwork Pty 
Limited
15 - AS503313137  0.2%1313.7 -- ISW - Internet Specialties West 
Inc.
16 - AS300952523  0.0%1261.5 -- AS-30095 - Group M Worldwide, 
Inc.
17 - AS259707511  0.1%1251.8 -- IAC - IAC Services LLC
18 - AS294272456  0.0%1228.0 -- AZM-AS Mercury Telecom
19 - AS44265   13244  0.2%1204.0 -- SMOLTELECOM-NET Smoltelecom Ltd 
AS peering
20 - AS292242052  0.0%1026.0 -- HELLMANN Hellmann Worldwide 
Logistics GmbH & Co KG


TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
 1 - 210.214.151.0/24  22738  0.3%   AS9583  -- SIFY-AS-IN Sify Limited
 2 - 124.7.201.0/2421287  0.3%   AS9583  -- SIFY-AS-IN Sify Limited
 3 - 144.36.245.0/24   21258  0.3%   AS21433 -- ACCENTUREFSSC Accenture London 
Delivery Centre
 4 - 72.23.246.0/2418307  0.2%   AS5050  -- PSC-EXT - Pittsburgh 
Supercomputing Center
 5 - 192.35.129.0/24   17259  0.2%   AS6629  -- NOAA-AS - NOAA
 6 - 192.102.88.0/24   17030  0.2%   AS6629  -- NOAA-AS - NOAA
 7 - 198.77.177.0/24   16984  0.2%   AS6629  -- NOAA-AS - NOAA
 8 - 41.204.2.0/24 13199  0.2%   AS32398 -- REALNET-ASN-1
 9 - 64.162.116.0/24   13016  0.2%   AS5033  -- ISW - Internet Specialties West 
Inc.
10 - 196.27.104.0/21   11897  0.2%   AS30969 -- TAN-NET TransAfrica Networks
11 - 196.27.108.0/22   11819  0.2%   AS30969 -- TAN-NET TransAfrica Networks
12 - 222.255.51.64/26  10834  0.1%   AS7643  -- VNN-AS-AP Vietnam Posts and 
Telecommunications (VNPT)
13 - 192.12.120.0/24   10506  0.1%   AS5691  -- MITRE-AS-5 - The MITRE 
Corporation
14 - 202.83.176.0/219977  0.1%   AS24228 -- BARNETWORK-AP BarNetwork Pty 
Limited
15 - 221.135.80.0/249100  0.1%   AS9583  -- SIFY-AS-IN Sify Limited
16 - 212.85.220.0/248932  0.1%   AS30306 -- AfOL-Sz-AS
17 - 212.85.223.0/248920  0.1%   AS30306 -- AfOL-Sz-AS
18 - 199.2.119.0/24 7055  0.1%   AS11816 -- SetarNet
19 - 89.4.131

The Cidr Report

[cidr-report]

This report has been generated at Fri Jan 30 21:13:57 2009 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
23-01-09286053  177941
24-01-09286089  178446
25-01-09286547  178462
26-01-09286835  178564
27-01-09287083  178066
28-01-09286198  178147
29-01-09286289  177870
30-01-09286408  178004


AS Summary
 30507  Number of ASes in routing system
 12982  Number of ASes announcing only one prefix
  4379  Largest number of prefixes announced by an AS
AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc.
  89881344  Largest address span announced by an AS (/32s)
AS27064: DDN-ASNBLK1 - DoD Network Information Center


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 30Jan09 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 286397   178149   10824837.8%   All ASes

AS6389  4379  356 402391.9%   BELLSOUTH-NET-BLK -
   BellSouth.net Inc.
AS4323  4216 1741 247558.7%   TWTC - tw telecom holdings,
   inc.
AS209   2828 1264 156455.3%   ASN-QWEST - Qwest
   Communications Corporation
AS4766  1771  499 127271.8%   KIXS-AS-KR Korea Telecom
AS17488 1507  345 116277.1%   HATHWAY-NET-AP Hathway IP Over
   Cable Internet
AS4755  1200  231  96980.8%   TATACOMM-AS TATA
   Communications formerly VSNL
   is Leading ISP
AS22773 1007   62  94593.8%   ASN-CXA-ALL-CCI-22773-RDC -
   Cox Communications Inc.
AS8151  1476  615  86158.3%   Uninet S.A. de C.V.
AS1785  1803 1036  76742.5%   AS-PAETEC-NET - PaeTec
   Communications, Inc.
AS11492 1218  458  76062.4%   CABLEONE - CABLE ONE, INC.
AS8452  1021  283  73872.3%   TEDATA TEDATA
AS19262  944  243  70174.3%   VZGNI-TRANSIT - Verizon
   Internet Services Inc.
AS2386  1566  899  66742.6%   INS-AS - AT&T Data
   Communications Services
AS3356  1143  489  65457.2%   LEVEL3 Level 3 Communications
AS18101  766  143  62381.3%   RIL-IDC Reliance Infocom Ltd
   Internet Data Centre,
AS18566 1061  466  59556.1%   COVAD - Covad Communications
   Co.
AS6478  1204  660  54445.2%   ATT-INTERNET3 - AT&T WorldNet
   Services
AS7545   690  158  53277.1%   TPG-INTERNET-AP TPG Internet
   Pty Ltd
AS2706   545   25  52095.4%   HKSUPER-HK-AP Pacific Internet
   (Hong Kong) Limited
AS22047  623  114  50981.7%   VTR BANDA ANCHA S.A.
AS17908  602  111  49181.6%   TCISL Tata Communications
AS855602  146  45675.7%   CANET-ASN-4 - Bell Aliant
AS4808   612  158  45474.2%   CHINA169-BJ CNCGROUP IP
   network China169 Beijing
   Province Network
AS7018  1438 1003  43530.3%   ATT-INTERNET4 - AT&T WorldNet
   Services
AS4134   902  475  42747.3%   CHINANET-BACKBONE
   No.31,Jin-rong Street
AS24560  661  239  42263.8%   AIRTELBROADBAND-AS-AP Bharti
   Airtel Ltd., Telemedia
   Services
AS4668   699  283  41659.5%   LGNET-AS-KR LG CNS
AS9443   504   92  41281.7%   INTERNETPRIMUS-AS-AP Primus
   Telecommunications
AS17676  527  115  41278.2%   GIGAINFRA BB TECHNOLOGY Corp.
AS7011   958  550  40842.6%   FRONTIER-AND-CITIZENS -
   Fron

Re: Shaping on a large scale

[Arie Vayner]

Take a look here:
http://www.cisco.com/en/US/products/ps6151/index.html

Arie

On Fri, Jan 30, 2009 at 7:33 AM, Bruce Grobler  wrote:

> Hi,
>
> Does anyone know of  any Shaping appliances to shape customers based on IP,
> allow for a quota per IP and qos mechanisms like LLQ?,  This is should be
> something that can sit in between two border router's and support a small
> ISP (2 customers), also an opensource solution would be great!
>
> Regards,
>
> Bruce
>
>

RE: Shaping on a large scale

[Scott Berkman]

Check out Packeteer.  I used to work somewhere about that size and this
was the product we used:

http://www.bluecoat.com/products/packetshaper/

Open source you can do a custom setup with IPTables and iproute2, but it
will take some work to get the same kind of features and management
interface.  LARTC is a good reference for this kind of topic:
http://lartc.org/.  Also I'm not sure if someone has built this into any
of the firewall specific linux distros yet, so you may want to explore
those a little.

Good luck,

-Scott

-Original Message-
From: Bruce Grobler [mailto:br...@yoafrica.com] 
Sent: Friday, January 30, 2009 12:34 AM
To: nanog@nanog.org
Subject: Shaping on a large scale 

Hi,

Does anyone know of  any Shaping appliances to shape customers based on 
IP, allow for a quota per IP and qos mechanisms like LLQ?,  This is 
should be something that can sit in between two border router's and 
support a small ISP (2 customers), also an opensource solution would 
be great!

Regards,

Bruce

RE: Shaping on a large scale

[C. Jon Larsen]

Open source you can do a custom setup with IPTables and iproute2, but it
will take some work to get the same kind of features and management
interface.  LARTC is a good reference for this kind of topic:
http://lartc.org/.  Also I'm not sure if someone has built this into any
of the firewall specific linux distros yet, so you may want to explore
those a little.


The scripts below will set max bandwidth on an interface to 60mbit, and 
setup a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used 
on a physical server to limit bandwidth to a virtual server(s) on the physical 
server. Should work just as well on a dual-armed router/firewall shaping 
devices behind it.  You would just create more classes (1:11, 1:12, 
etc) for more clients/ips to shape and you might want to knock the 
ceiling on the default (1:30) class down to guarantee the bandwidth to the 
1:10, 1:11...classes.


tc qdisc add dev eth0 root handle 1: htb default 30

tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst 
150k

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

## limit a.b.c.d to 3mbit/sec:
U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32"
$U32 match ip src  a.b.c.d/32 flowid 1:10
$U32 match ip dst  a.b.c.d/32 flowid 1:10

tc -s -d qdisc show dev eth0


-Original Message-
From: Bruce Grobler [mailto:br...@yoafrica.com]
Sent: Friday, January 30, 2009 12:34 AM
To: nanog@nanog.org
Subject: Shaping on a large scale

Hi,

Does anyone know of  any Shaping appliances to shape customers based on
IP, allow for a quota per IP and qos mechanisms like LLQ?,  This is
should be something that can sit in between two border router's and
support a small ISP (2 customers), also an opensource solution would
be great!

Re: Shaping on a large scale

[bert hubert]

On Fri, Jan 30, 2009 at 10:25:49AM -0500, Scott Berkman wrote:

> http://lartc.org/.  Also I'm not sure if someone has built this into any
> of the firewall specific linux distros yet, so you may want to explore
> those a little.

They have. Many Linux appliances come with a 'Linux Wonder Shaper'
http://lartc.org/wondershaper/ or an equivalent.

In general, the Linux packet shaping infrastructure is overly powerful, if
very weakly documented - despite the LARTC efforts.

I do have to add that shaping is rarely an exact science, and that achieving
very high accuracies may prove impossible on general (timer interrupt based)
hardware & operating systems.

Stochastic results will be good however.

Bert

-- 
http://www.PowerDNS.com  Open source, database driven DNS Software 
http://netherlabs.nl  Open and Closed source services

can I ask mtu question

[adrian kok]

Hi

What is max mtu in jumbo frame? 
ls it 9000?

Do I need to reboot the switch to take effect after
setting up it?

if it doesn't need to reboot, How can I know the
switch is running fine in this mtu 9000? eg: cisco
any tools to check?

Thank you for your help



Send instant messages to your online friends http://uk.messenger.yahoo.com 

RE: can I ask mtu question

[Paul Stewart]

Depends on the hardware - GSR's have different MTU's than 7600's for
example (and dependant on linecard too).  We use 9216 between 7206VXR
and 7606 for example.

No, the change is immediate - "show interface" will tell you among other
commands...

Paul


-Original Message-
From: adrian kok [mailto:adriankok2...@yahoo.com.hk]
Sent: January 30, 2009 12:57 PM
To: nanog@nanog.org
Subject: can I ask mtu question

Hi

What is max mtu in jumbo frame?
ls it 9000?

Do I need to reboot the switch to take effect after
setting up it?

if it doesn't need to reboot, How can I know the
switch is running fine in this mtu 9000? eg: cisco
any tools to check?

Thank you for your help



Send instant messages to your online friends
http://uk.messenger.yahoo.com







"The information transmitted is intended only for the person or entity to which 
it is addressed and contains confidential and/or privileged material. If you 
received this in error, please contact the sender immediately and then destroy 
this transmission, including all attachments, without copying, distributing or 
disclosing same. Thank you."

RE: can I ask mtu question

[Michael Smith]

http://www.google.com/search?source=ig&hl=en&rlz=&=&q=What+is+max+mtu+in
+jumbo+frame%3F+&btnG=Google+Search&aq=f


>-Original Message-
>From: adrian kok [mailto:adriankok2...@yahoo.com.hk]
>Sent: Friday, January 30, 2009 12:57 PM
>To: nanog@nanog.org
>Subject: can I ask mtu question
>
>Hi
>
>What is max mtu in jumbo frame?
>ls it 9000?
>
>Do I need to reboot the switch to take effect after
>setting up it?
>
>if it doesn't need to reboot, How can I know the
>switch is running fine in this mtu 9000? eg: cisco
>any tools to check?
>
>Thank you for your help
>
>
>
>Send instant messages to your online friends
>http://uk.messenger.yahoo.com

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 31 Jan, 2009

Report Website: http://thyme.apnic.net
Detailed Analysis:  http://thyme.apnic.net/current/


Complete listing at http://thyme.apnic.net/current/data-ASnet-APNIC


Complete listing at http://thyme.apnic.net/current/data-ASnet-ARIN


Complete listing at http://thyme.apnic.net/current/data-ASnet-RIPE


Complete listing at http://thyme.apnic.net/current/data-ASnet-LACNIC


Complete listing at http://thyme.apnic.net/current/data-ASnet-AFRINIC


Complete listing at http://thyme.apnic.net/current/data-ASnet


Complete listing at http://thyme.apnic.net/current/data-CIDRnet


Complete listing at http://thyme.apnic.net/current/data-badAS


Complete listing at http://thyme.apnic.net/current/data-dsua


Complete listing at http://thyme.apnic.net/current/data-add-IANA



Complete listing at http://thyme.apnic.net/current/data/sXXas-nos


End of report

clueful yahoo admin?

[goemon]

Can a yahoo mail admin with clue pleae contact me? I'm going around in 
circles with your support staff who are unable to read headers.


-Dan

-48VDC summary of responses

[Deepak Jain]

Lots of folks provided very good suggestions and information. Here is a brief 
attempt at a summary. 
I only got a few sales folks hitting me up, so you are probably on your own to 
get in touch
with most of these guys.


Top recommendation:
* Eltek/Valere seemed to be the top recommendation (3:1 or 4:1), though 
customer svc is rumored to have gone downhill since the acquisition).

Large Plants: (1000A and more)
** C&C & Sageon (sageon: stand alone, not rack mount, C&C scales in 100A 
increments)

Small plants:
Argus (re: Cordex unit- management UI only works in IE, emails just fine, good 
chassis based expandability) [2:1 recommendation here]
Tyco in the lower range
Telect for unmanaged supplies/PDUs

Lorain/Realtec makes nice equipment.

Thanks to everyone for their input, I don't have much more detail from most of 
the responses
so if you want a contact who is using this gear, I can try to make the 
introduction.

Deepak Jain
AiNET

Re: can I ask mtu question

[Brad Fleming]

KanREN runs Foundry (Brocade) NetIron XMR 4000's as our primary core  
infrastructure with an MTU of 9216. To make the change (this is  
Foundry-specific), we have to change some system-max settings which  
only take effect once the device has been rebooted (or at least it DID  
require a reboot in the IronWare 3.3.x days). It does NOT reboot  
immediately so you're free to make the change then perform a reboot at  
a convenient time.

--
Brad Fleming
Network Engineer
Kansas Research and Education Network
Office:785-856-9800 x.222
Moblie:  785-865-7231
NOC: 866-984-3662

On Jan 30, 2009, at 11:57 AM, adrian kok wrote:


Hi

What is max mtu in jumbo frame?
ls it 9000?

Do I need to reboot the switch to take effect after
setting up it?

if it doesn't need to reboot, How can I know the
switch is running fine in this mtu 9000? eg: cisco
any tools to check?

Thank you for your help



Send instant messages to your online friends http://uk.messenger.yahoo.com

RE: Shaping on a large scale

[Chris Caputo]

On Fri, 30 Jan 2009, C. Jon Larsen wrote:
> > Open source you can do a custom setup with IPTables and iproute2, but it
> > will take some work to get the same kind of features and management
> > interface.  LARTC is a good reference for this kind of topic:
> > http://lartc.org/.  Also I'm not sure if someone has built this into any
> > of the firewall specific linux distros yet, so you may want to explore
> > those a little.
> 
> The scripts below will set max bandwidth on an interface to 60mbit, and setup
> a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a
> physical server to limit bandwidth to a virtual server(s) on the physical
> server. Should work just as well on a dual-armed router/firewall shaping
> devices behind it.  You would just create more classes (1:11, 1:12, etc) for
> more clients/ips to shape and you might want to knock the ceiling on the
> default (1:30) class down to guarantee the bandwidth to the 1:10,
> 1:11...classes.
> 
> tc qdisc add dev eth0 root handle 1: htb default 30
> 
> tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k
> tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k
> tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit burst
> 150k
> 
> tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
> 
> ## limit a.b.c.d to 3mbit/sec:
> U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32"
> $U32 match ip src  a.b.c.d/32 flowid 1:10
> $U32 match ip dst  a.b.c.d/32 flowid 1:10
> 
> tc -s -d qdisc show dev eth0

tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/) 
provides a configuration language that abstracts the gnarliness above.

Chris

Re: can I ask mtu question

[Ricky Beam]

On Fri, 30 Jan 2009 12:57:25 -0500, adrian kok  
 wrote:

What is max mtu in jumbo frame?


That depends on the hardware.  I've seen gear running as low as ~8k.  I'd  
have to consult standard, but I think the max is 10k (10240).


Keep in mind the switch is not the only device on the network with jumbo  
frame limits.  The NICs in your servers will also have limits.



Do I need to reboot the switch to take effect after
setting up it?


Again, this depends on the system.  Many accept the change immediately,  
while others have to rebooted or interfaces reset to effect the change.



if it doesn't need to reboot, How can I know the
switch is running fine in this mtu 9000? eg: cisco
any tools to check?


"ping" will do.  Set the packet size larger than the normal MTU (1500) and  
see if it crosses the network intact.  If it's not working, A) the packets  
will be dropped, and B) the "oversized frame" counter (among others)  
should be clocking errors.


--Ricky

Re: can I ask mtu question

[Justin M. Streiner]

On Fri, 30 Jan 2009, Ricky Beam wrote:

On Fri, 30 Jan 2009 12:57:25 -0500, adrian kok  
wrote:

What is max mtu in jumbo frame?


That depends on the hardware.  I've seen gear running as low as ~8k.  I'd 
have to consult standard, but I think the max is 10k (10240).


Keep in mind the switch is not the only device on the network with jumbo 
frame limits.  The NICs in your servers will also have limits.



Do I need to reboot the switch to take effect after
setting up it?


Again, this depends on the system.  Many accept the change immediately, while 
others have to rebooted or interfaces reset to effect the change.



if it doesn't need to reboot, How can I know the
switch is running fine in this mtu 9000? eg: cisco
any tools to check?


"ping" will do.  Set the packet size larger than the normal MTU (1500) and 
see if it crosses the network intact.  If it's not working, A) the packets 
will be dropped, and B) the "oversized frame" counter (among others) should 
be clocking errors.


If you're sourcing the pings from a device that supports it, you can also 
send the large pings with the Do Not Fragment bit set.


jms

Re: can I ask mtu question

[sthaug]

> That depends on the hardware.  I've seen gear running as low as ~8k.  I'd  
> have to consult standard, but I think the max is 10k (10240).

There *is* no standard for jumbo MTU. IEEE has steadfastly refused to
standardize anything bigger than 1500 bytes.

Steinar Haug, Nethelp consulting, sth...@nethelp.no

Re: can I ask mtu question

[Saku Ytti]

On (2009-01-30 16:33 -0500), Ricky Beam wrote:

> That depends on the hardware.  I've seen gear running as low as ~8k.  I'd 
> have to consult standard, but I think the max is 10k (10240).

Which standard are you referring to? AFAIK, nothing above 1500 is
standardised

-- 
  ++ytti

RE: Shaping on a large scale

[Bruce Grobler]

Hi,

Thanks for all the comments!, do you know of any web frontends for these
apps? (don't want to go reinventing the wheel) Something that preferably
uses a mysql backend.

Regards,

Bruce Grobler
Yo! Africa - Network Engineer
Cell : 0912364532 Skype: bruce.grobler 

-Original Message-
From: Chris Caputo [mailto:ccap...@alt.net] 
Sent: Friday, January 30, 2009 9:54 PM
To: C. Jon Larsen
Cc: Scott Berkman; nanog@nanog.org
Subject: RE: Shaping on a large scale 

On Fri, 30 Jan 2009, C. Jon Larsen wrote:
> > Open source you can do a custom setup with IPTables and iproute2, but it
> > will take some work to get the same kind of features and management
> > interface.  LARTC is a good reference for this kind of topic:
> > http://lartc.org/.  Also I'm not sure if someone has built this into any
> > of the firewall specific linux distros yet, so you may want to explore
> > those a little.
> 
> The scripts below will set max bandwidth on an interface to 60mbit, and
setup
> a queue to shape a.b.c.d to 3Mbit. Seems to work ok for me. Its used on a
> physical server to limit bandwidth to a virtual server(s) on the physical
> server. Should work just as well on a dual-armed router/firewall shaping
> devices behind it.  You would just create more classes (1:11, 1:12, etc)
for
> more clients/ips to shape and you might want to knock the ceiling on the
> default (1:30) class down to guarantee the bandwidth to the 1:10,
> 1:11...classes.
> 
> tc qdisc add dev eth0 root handle 1: htb default 30
> 
> tc class add dev eth0 parent 1: classid 1:1 htb rate 60mbit burst 150k
> tc class add dev eth0 parent 1:1 classid 1:10 htb rate 3mbit burst 15k
> tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1kbit ceil 60mbit
burst
> 150k
> 
> tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
> tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10
> 
> ## limit a.b.c.d to 3mbit/sec:
> U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32"
> $U32 match ip src  a.b.c.d/32 flowid 1:10
> $U32 match ip dst  a.b.c.d/32 flowid 1:10
> 
> tc -s -d qdisc show dev eth0

tcng - Traffic Control Next Generation (http://tcng.sourceforge.net/) 
provides a configuration language that abstracts the gnarliness above.

Chris

Towerstream outage/intermittency?

[askthelist]

anyone using towerstream in the la area and experiencing an outage?

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

[Crist Clark]

>>> On 1/24/2009 at 4:50 PM, Brian Keefer  wrote:
> Caveat:  my PERL is _terrible_.
> 
> http://www.smtps.net/pub/dns-amp-watch.pl 
> 
> This assumes you're using BIND.  My logs roll on the hour, so I run it  
> from cron at 1 minute before the hour.  Depending on how long it takes  
> to process your logs, you might need to tweak.

FWIW, I find it easier to track this using tcpdump. I don't like
running BIND with query logging. Here's a filter that catches these,

  port 53 && (udp[10:4] == 0x0101) && (udp[20:2] == 0x)

How it works is left as an exercise for the reader.

When I sniff the link to a server authorative for several domains,

  17:29:55.792127 IP 72.249.127.168.3966 > 206.220.220.100.53: 18501+ NS? . (17)
  17:29:57.116367 IP 69.64.87.156.58419 > 206.220.220.100.53: 62419+ NS? . (17)
  17:29:57.804987 IP 72.249.127.168.33108 > 206.220.220.100.53: 4637+ NS? . (17)
  17:29:58.959680 IP 72.20.3.82.23084 > 206.220.220.100.53: 14310+ NS? . (17)
  17:29:59.818994 IP 72.249.127.168.60876 > 206.220.220.100.53: 22791+ NS? . 
(17)
  17:30:01.622728 IP 69.64.87.156.30151 > 206.220.220.100.53: 13557+ NS? . (17)
  17:30:01.628899 IP 72.20.3.82.49015 > 206.220.220.100.53: 14250+ NS? . (17)
  17:30:01.821214 IP 72.249.127.168.13831 > 206.220.220.100.53: 51065+ NS? . 
(17)
  17:30:03.342856 IP 69.64.87.156.1926 > 206.220.220.100.53: 38768+ NS? . (17)
  17:30:03.818706 IP 72.249.127.168.33663 > 206.220.220.100.53: 12720+ NS? . 
(17)
  17:30:05.186647 IP 72.20.3.82.7649 > 206.220.220.100.53: 52079+ NS? . (17)
  17:30:05.815718 IP 72.249.127.168.37241 > 206.220.220.100.53: 345+ NS? . (17)
  17:30:07.816144 IP 72.249.127.168.23784 > 206.220.220.100.53: 56874+ NS? . 
(17)
  17:30:07.849503 IP 69.64.87.156.33190 > 206.220.220.100.53: 20113+ NS? . (17)

Re: Shaping on a large scale

[Matthew Moyle-Croft]

Bruce,
Are these broadband customer using PPPoE or L2TP?   If so, I suggest  
looking at the capabilities of your BRAS to do the work.


Per user bandwidth quotas are the nature of the game here in Australia  
and doing it at the BRAS is the way we do it.   RADIUS gives you byte  
counts and gives you the ability to pass back rate limits etc.


MMC

On 30/01/2009, at 4:03 PM, Bruce Grobler wrote:


Hi,

Does anyone know of  any Shaping appliances to shape customers based  
on IP, allow for a quota per IP and qos mechanisms like LLQ?,  This  
is should be something that can sit in between two border router's  
and support a small ISP (2 customers), also an opensource  
solution would be great!


Regards,

Bruce



--
Matthew Moyle-Croft Internode/Agile Peering and Core Networks
Level 5, 162 Grenfell Street, Adelaide, SA 5000 Australia
Email: m...@internode.com.auWeb: http://www.on.net
Direct: +61-8-8228-2909  Mobile: +61-419-900-366
Reception: +61-8-8228-2999Fax: +61-8-8235-6909

Re: can I ask mtu question

[Ricky Beam]

On Fri, 30 Jan 2009 16:51:00 -0500, Justin M. Streiner  
 wrote:
If you're sourcing the pings from a device that supports it, you can  
also send the large pings with the Do Not Fragment bit set.


Most modern systems do that already (part of path MTU discovery.)  And if  
there are no routers in the path (only the switch in question), then  
there's nothing to fragment it anyway.


--Ricky

Re: can I ask mtu question

[Ricky Beam]

On Fri, 30 Jan 2009 17:00:00 -0500, Saku Ytti  wrote:

Which standard are you referring to? AFAIK, nothing above 1500 is
standardised


None that have ever been accepted.  From a quick google for manufacturer  
support, 9216 looks like the most popular number.  But, as I said, it  
boils down to the largest frame *every* device on the LAN will accept.  If  
there is a single device that only supports "9000", then that's your  
limit.  And if there's a single non-JF device in the LAN, it throws a  
wrench into the whole thing. (This appears to be one of the sticking  
points as to why IEEE won't accept the addition of JF to any specs.)


--Ricky

PS: The topic pops up again with super-jumbo frames in 10G networks.

Re: Shaping on a large scale

[Adrian Chadd]

On Sat, Jan 31, 2009, Matthew Moyle-Croft wrote:
> Bruce,
> Are these broadband customer using PPPoE or L2TP?   If so, I suggest  
> looking at the capabilities of your BRAS to do the work.
> 
> Per user bandwidth quotas are the nature of the game here in Australia  
> and doing it at the BRAS is the way we do it.   RADIUS gives you byte  
> counts and gives you the ability to pass back rate limits etc.

What you didn't tell him is that the kind of shaping you can do
on the BRAS heavily depends on features used and platform. :)

64k policing mostly works everywhere, for example, but isn't
all that crash hot for your clients. :)

Doing more complicated hierarchical QoS on software platforms is
doable but complicated.

Others take a multi-tiered approach - they'll buy some kit to do
P2P identification/shaping, and per-user hard shaping in case they
go over quota.

Lots of cute stuff. :)


Adrian

> 
> MMC
> 
> On 30/01/2009, at 4:03 PM, Bruce Grobler wrote:
> 
> >Hi,
> >
> >Does anyone know of  any Shaping appliances to shape customers based  
> >on IP, allow for a quota per IP and qos mechanisms like LLQ?,  This  
> >is should be something that can sit in between two border router's  
> >and support a small ISP (2 customers), also an opensource  
> >solution would be great!
> >
> >Regards,
> >
> >Bruce
> >
> 
> -- 
> Matthew Moyle-Croft Internode/Agile Peering and Core Networks
> Level 5, 162 Grenfell Street, Adelaide, SA 5000 Australia
> Email: m...@internode.com.auWeb: http://www.on.net
> Direct: +61-8-8228-2909Mobile: +61-419-900-366
> Reception: +61-8-8228-2999Fax: +61-8-8235-6909

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

Re: ISP Unbundling circuits

[Chris Hills]

Wayne E. Bouchard wrote:

I've never been happy with 'deinstall' fees of any sort. To me, this
is just a cost of doing business. The time necessary to remove such is
just accepted. It is assumed that the terms of the contract are long
enough that such costs become insignificant and should not be
something that gets passed along. Besides, if you turn right around
and reuse this for someone else, you haven't done a deinstall and are
therefore charging the customer for work that you did not actually
perform.

There are several different ways to argue both for and against such
fees but they always rub me the wrong way whenever I see them.


Perversely these fees have gotten as far as residential broadband 
subscribers in the UK. BT Wholesale now charge a line disconnection fee, 
which is being applied retrospectively to all contracts.


On the flip side, the new WEEE (Waste Electrical and Electronic 
Equipment) regulations make disposal of electronic equipment the 
responsibility of the manufacturer.

OT: After dozents of spam reportings , still spam from

[marc]

i still get spam from ualadys.com hosted at

ServerBeach PEER1-SERVERBEACH-08A (NET-76-74-166-0-1)

I mentioned that some isps in .cz npt even allow me to send Abuse mail  
to them, because the block the  complette ip range , rediculous , huh ?


what else can i do  ?

thanks


marc


Anfang der weitergeleiteten E-Mail:

Von: ualadys mailing 
Datum: 31. Januar 2009 08:30:04 MEZ
An: marc 
Betreff: Weekly Special
Return-Path: 
Received: from mx1.mail.vrmd.de ([10.0.1.20]) by vm42.mail.vrmd.de  
(Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA; Sat, 31 Jan  
2009 08:30:06 +0100
Received: from mx3.iispp.com ([76.74.167.190]) by mx1.mail.vrmd.de  
with esmtp (Exim 4.69) (envelope-from ) id  
1LTAIo-0005l7-DA for m...@let.de; Sat, 31 Jan 2009 08:30:06 +0100
Received: by mail.iispp.com (Postfix, from userid 1003) id  
A9CC5B7BF05; Sat, 31 Jan 2009 02:30:04 -0500 (EST)

X-Sieve: CMU Sieve 2.2
Envelope-To: m...@let.de
Delivery-Date: Sat, 31 Jan 2009 08:30:06 +0100
Message-Id: <2d1440035a3dcbfc66693621daf32...@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.codeworxtech.com) [version 2.2]
Mime-Version: 1.0
Content-Type: multipart/alternative;  
boundary="b1_2d1440035a3dcbfc66693621daf32f78"

X-Spam-Suspicion: No
X-Purgate: Clean X-purgate-ID: 150741::090131083006-569C86C0- 
ACFC0CF4/2502755973-0/0-1 X-purgate-Ad: For more information about  
eXpurgate please visit http://www.expurgate.net/





Weekly Special!

Thank you for using our services! We would like to make a special  
price offer for our services:


Please choose one of our weekly special offers and get 1 video  
credit for free


This Special Offer will be available for 1 week ONLY! Don’t miss  
your chance to urchase our service for better price!


Ladies' New Videos






--
Les Enfants Terribles - WWW.LET.DE
Marc Manthey 50672 Köln - Germany
Hildeboldplatz 1a
Tel.:0049-221-3558032
Mobil:0049-1577-3329231
mail: m...@let.de
jabber :m...@kgraff.net
IRC: #opencu  freenode.net
PGP/GnuPG: 0x1ac02f3296b12b4d
twitter: http://twitter.com/macbroadcast
web: http://www.let.de

Opinions expressed may not even be mine by the time you read them, and  
certainly don't reflect those of any other entity (legal or otherwise).


Please note that according to the German law on data retention,  
information on every electronic information exchange with me is  
retained for a period of six months.