[AusNOG] Fiber splicing and testing equipment

[Mike Everest]

Hello,

As a favour to a deceased estate liquidator, if there is anyone interested
to consider purchse of some fiber splicing and testing gear to please
contact me off-list.  Apologies to those who might consider such a post
'inappropriate' here (those folks are welcome to let me know off-list also
;) but finding a buyer will be very helpful to the young family :-}

Thanks!

Mike.

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik SwOS Port mirroring and VLAN Filtering

[Mike Everest]

G'day Andres, and all - perhaps this topic would be better to take elsewhere
(e.g. https://talk.mikrotik.com.au ?) but, to make it quick, this suggests
the answer is 'yes'? :)

https://wiki.mikrotik.com/wiki/SwOS/CRS3xx#:~:text=Mirror%20(yes%20%7C%20no%
3B%20Default%3A%20no)

 

Cheers!

Mike.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Andres
Miedzowicz
Sent: Friday, 22 October 2021 3:52 PM
To: ausnog@lists.ausnog.net
Subject: [AusNOG] Mikrotik SwOS Port mirroring and VLAN Filtering

 

Hello all,

 

Does anyone know if the Mikrotik switches running SwOS can do port mirroring
in combination with VLAN filtering so that the only packets with a specific
VLAN ID tag are mirrored?

 

Thanks

 

Andres

 

 

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] FS.com for temporary 10G switch?

[Mike Everest]

All,

 

As much as I hate to post this kind of reply to the list, since we’ve been 
‘outed’ already by others (thank you for your generous comments, I’ll pay you 
later ; ) I’ll offer just this comment:

 

RouterOS is very stable lately – has been for a while now, since they moved to 
a three tier software release structure: “testing, stable, long term” (ordered 
from least stable to most) – ‘long term’ is essentially a ‘bugfix’ stream which 
includes only ‘fixed bugs’ from the prior build and so not affected by ‘new 
features’ that may introduce unknown bugs.

 

But for just L2 switching including vlan and bonding, 300 series switches can 
do it all in hardware – so super ‘wire speed’ fast and virtually no chance of 
software bug : )

 

(btw – MikroTik is suffering massive components shortage too, so many models 
are somewhat scarce at the moment ):

 

Cheers!

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Rhys Hanrahan
Sent: Thursday, 21 October 2021 10:01 PM
To: Jeremy Chequer ; Evan Dent 
;  
Subject: Re: [AusNOG] FS.com for temporary 10G switch?

 

Thanks guys! Appreciate the quick feedback. I honestly didn’t realise Mikrotik 
did switches, but it sounds like this is a more popular option, and probably 
the route I’d go with.

 

I don’t think I’ll end up using any L3 features honestly, but would RouterOS 
instead of SwOS be considered the more established path, and more stable? 

 

It’s been a long time since I’ve used Mikrotik and I’ve known the routers at 
least to have some crash bugs/stability issues in the past? (Though that may 
have been due to a particular feature mix – I’m hoping just VLANs would be rock 
solid).

 

Thanks,

Rhys.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Jeremy 
Chequer
Sent: Thursday, 21 October 2021 9:48 PM
To: Evan Dent mailto:e...@evandent.com> >; 
mailto:ausnog@lists.ausnog.net> > 
mailto:ausnog@lists.ausnog.net> >
Subject: Re: [AusNOG] FS.com for temporary 10G switch?

 

Ubiquiti is having some pretty intense stock issues. If you truly only need for 
a short period FS could be okay but honestly would be toward the bottom of the 
list, with a few alternatives doing much better and being easier to obtain - 
such as the Mikrotiks.

 

Get Outlook for Android  

  _  

From: AusNOG mailto:ausnog-boun...@lists.ausnog.net> > on behalf of Evan Dent 
mailto:e...@evandent.com> >
Sent: Thursday, October 21, 2021 8:41:33 PM
To: mailto:ausnog@lists.ausnog.net> > 
mailto:ausnog@lists.ausnog.net> >
Subject: Re: [AusNOG] FS.com for temporary 10G switch? 

 


[External Sender] Be cautious of any links or attachments within this email as 
it has come from an External Sender.

While I cannot comment on fs.com  , this could be another 
option. In stock now and cheap. 

 

 https://store.duxtel.com/crs326_24s_2q_rm 

 

On Thu, 21 Oct 2021, 9:04 pm Rhys Hanrahan, mailto:r...@nexusone.com.au> > wrote:

Hi Everyone,

 

I am considering using FS.com for a temporary 10G switch as they seem cheap and 
I should be able to get my hands on it in a week or two. Does anyone have any 
experience with FS switches? Or any other recommendations? 

 

This isn’t something I wanted to resort to but timing has meant I need 
something cheap that can act as a largely dumb switch with 8 or so 1/10G SFP+ 
ports, till I can sort out the Juniper QFX boxes I am intending to get. All I 
need it for is the ports, and some basic VLAN tagging and trunking. And I just 
need it to not fail for a couple of months :-) Thanks!

 

I am considering:

* https://www.fs.com/au/products/122280.html 

* https://www.fs.com/au/products/122281.html 

* https://www.fs.com/au/products/108710.html 

 

Also considering a Ubuiquiti ES‑16‑XG however an admittedly brief search 
suggests this would be hard to find in stock anywhere.

 

Appreciate any suggestions/feedback. Thanks!

 

Rhys Hanrahan | Chief Information Officer
e:   r...@nexusone.com.au

   

NEXUS ONE
p: 1800 NEXUS1 (1800 639 871) | a: Suite 12.03 Level 12, 227 Elizabeth Street, 
Sydney NSW 2000
  www.nexusone.com.au

The information in this email and any accompanying attachments may contain; a. 
Confidential information of Nexus One Pty Ltd or third parties; b. Legally 
privileged information of Nexus One Pty Ltd or third parties; and or c. 
Copyright material Nexus One Pty Ltd or third parties. If you have received 
this email in error, please notify the sender immediately and delete this 
message. Nexus One Pty Ltd does not accept any responsibility for loss or 
damage arising from the use or distribution of this email.

Please consider the environment before printing this email

 

 

___
AusNOG mailing list
AusNOG@lists.ausnog.net  
http://lists.ausnog.net/mailman/l

Re: [AusNOG] 5G Router recommendations

[Mike Everest]

G'day,

 

How many is 'a number'?  For larger volumes, with branding opportunity
(external enclosure and software) this one might be of interest?



https://twitter.com/DuxTel/status/1409376102447869955

 

Cheers!

Mike.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Darren
Moss
Sent: Tuesday, 29 June 2021 9:50 AM
To: AusNOG Mailing List 
Subject: [AusNOG] 5G Router recommendations

 

Hi All,

 

We have a number of sites with NBN connections, some of which are not very
reliable, so the plan is to combine 5G alongside copper connectivity.

 

These are office workers who are now working from home. They typically run
office productivity, email, etc, maybe watch a little YouTube. not
multimedia or streaming users.

 

I would like to know what 5G routers others are using.

 

Needs to be decent with a proper PSU, feature a UTP port for LAN
connectivity and external antenna capability would be good.

 

We would prefer not to use dongles / USB port routers.

 

Many thanks

 

 

Darren.

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Seeking contact with someone in netflix NOC who can help to diagnose a perplexing service issue

[Mike Everest]

Hello,

Just want to offer a huge thank you to all those who responded to my recent
plea :-}

You helped us to get through to the right folks and the problem is now
solved :)

Happy to share more detail for those who asked (or anyone with an interest)

Cheers!

Mike.

> -Original Message-
> From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Mike
> Everest
> Sent: Monday, 15 March 2021 4:28 PM
> To: ausnog@lists.ausnog.net
> Subject: [AusNOG] Seeking contact with someone in netflix NOC who can help
> to diagnose a perplexing service issue
> 
> Hello All!
> 
> I'm trying to get in touch with someone from Netflix NOC or technical
> operations who can assist with a crazy service availability problem
> experienced by one of our WA based ISP clients.  If such a person could be
able
> to drop me an off-list reply, or anyone who is able to suggest an avenue
to
> make contact, I'll be most obliged indeed :-}
> 
> Thank you!
> 
> Cheers,  Mike Everest.
> 
> 
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] Seeking contact with someone in netflix NOC who can help to diagnose a perplexing service issue

[Mike Everest]

Hello All!

I'm trying to get in touch with someone from Netflix NOC or technical
operations who can assist with a crazy service availability problem
experienced by one of our WA based ISP clients.  If such a person could be
able to drop me an off-list reply, or anyone who is able to suggest an
avenue to make contact, I'll be most obliged indeed :-}

Thank you!

Cheers,  Mike Everest.


___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] IX contact?

[Mike Everest]

Big thanks to everyone who responded - I think we have things largely under
control now :-}

Still a few mysteries, and deciding whether to follow that rabbit hole or
leave it be ;)

Cheers!

Mike.

> -Original Message-
> From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Mike
> Everest
> Sent: Thursday, 5 November 2020 4:37 PM
> To: ausnog@lists.ausnog.net
> Subject: [AusNOG] IX contact?
> 
> Hello!
> 
> Is anyone able to offer me a good point of contact in IX who could assist
with
> some routing weirdness?
> 
> Thanks!  Mike.
> 
> 
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] IX contact?

[Mike Everest]

Hi Nathan, thanks for your response!  Appreciate that :)

 

I’ve been in touch with a few people who have been very helpful to work this 
out – I’m not convinced that it is totally solved, but we’re closing on the 
issue :-J

Cheers!

Mike.

 

From: Nathan Brookfield [mailto:nathan.brookfi...@iperium.co] 
Sent: Thursday, 5 November 2020 4:39 PM
To: Mike Everest 
Cc: ausnog@lists.ausnog.net
Subject: Re: [AusNOG] IX contact?

 

Mike, 

 

If you mean IX Australia, shoot an email to supp...@ix.and.au 
<mailto:supp...@ix.and.au>  and someone will reply within a few minutes

Kindest Regards,





Nathan Brookfield

Network Manager

 

Local: (02) 4749 4949   | Fax: (02) 4749 4950 
 

Web: https://Iperium.co |E-mail: nathan.brookfield@ 
<mailto:nathan.brookfi...@simtronic.com.au> intercom.co


CONFIDENTIALITY & PRIVILEGE NOTICE

The information contained in this email and any attached files is strictly 
private and confidential. The intended recipient of this email may only use, 
reproduce, disclose or distribute the information contained in this email and 
any attached files with Simtronic Technologies Pty Ltd’s permission. If you are 
not the intended recipient, you are strictly prohibited from using, 
reproducing, adapting, disclosing or distributing the information contained in 
this email and any attached files or taking any action in reliance on it. If 
you have received this email in error, please email the sender by replying to 
this message, promptly delete and destroy any copies of this email and any 
attachments.

It is your responsibility to scan this communication and any files attached for 
computer viruses and other defects and recommend that you subject these to your 
virus checking procedures prior to use. Simtronic Technologies Pty Ltd does NOT 
accept liability for any loss or damage (whether direct, indirect, 
consequential, economic or other) however caused, whether by negligence or 
otherwise, which may result directly or indirectly from this communication or 
any files attached.


On 5 Nov 2020, at 16:37, Mike Everest mailto:m...@duxtel.com> 
> wrote:

Hello!

Is anyone able to offer me a good point of contact in IX who could assist
with some routing weirdness?

Thanks!  Mike.


___
AusNOG mailing list
AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net> 
http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] IX contact?

[Mike Everest]

Hello!

Is anyone able to offer me a good point of contact in IX who could assist
with some routing weirdness?

Thanks!  Mike.


___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] RPKI and MikroTik RouterOS

[Mike Everest]

Hello all,

Since RPKI support by ROS V7.x was raised recently, with reports on
problems/bugs, I thought it timely to seek some update from MikroTik about
it :-}

First up, it is definitely worth remembering that any beta version should be
used for testing only - it is released as 'beta' because bugs are expected,
and the developer is seeking some feedback and assistance to find and
analyse those bugs.  My understanding, from some correspondence with our
technical contacts at MikroTik, is that most (if not all) bugs in RPKI that
were reported to them have already been addressed (perhaps even 'fixed' ;)
and will be included in the next (beta3) release.

There is an open offer for anyone who would like to test those changes prior
to release of beta3 can seek access to a test build by sending a request to
their servicedesk queue via supp...@mikrotik.com - you can mention case
#[SUP-29200] which includes reference to that open offer.

I'm also open to further discussion direct for anyone who wants to! :-)

Cheers,  Mike.


___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] FNN 0352940504

[Mike Everest]

Don't tell me - nailed to its perch?

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Guy Ellis
Sent: Tuesday, 22 September 2020 1:55 PM
To: ausnog@lists.ausnog.net
Subject: Re: [AusNOG] FNN 0352940504

 

Just called them via Skype - it's a hoot.

 

I called to complain about a live Chicken purchased on my ebay account. ;-)

 

On 22/09/2020 1:38 pm, Mark Currie wrote:

They answer..Well...Could be time to have some fun? ;-)

 

 


  _  


From: AusNOG  
 on behalf of Matthew Matters
 
Sent: Tuesday, September 22, 2020 12:39 PM
To: Bradley Amm; AusNOG@lists.ausnog.net  
Subject: Re: [AusNOG] FNN 0352940504 

 

It's a real number - I called it back to check and it was answered by them.

 

From: Bradley Amm    
Sent: Tuesday, 22 September 2020 12:37 PM
To: Matthew Matters  
; AusNOG@lists.ausnog.net
 
Subject: Re: FNN 0352940504

 

It could be a spoofed number. 

 

 


  _  


From: AusNOG mailto:ausnog-boun...@lists.ausnog.net> > on behalf of Matthew Matters
mailto:mmatt...@ausnetservers.net.au> >
Sent: Tuesday, September 22, 2020 10:35:01 AM
To: AusNOG@lists.ausnog.net 
mailto:ausnog@lists.ausnog.net> >
Subject: [AusNOG] FNN 0352940504 

 

Word of warning to everyone on the list, who ever is hosting the sip service
for 03 5294 0504 it is being used for amazon scams. This is a real number

https://www.reverseaustralia.com/lookup/0352940504/ 





___
AusNOG mailing list
AusNOG@lists.ausnog.net  
http://lists.ausnog.net/mailman/listinfo/ausnog

-- 
Guy Ellis
Mobile +61 419 398 234
AU 03 9489 6678
NZ 09 884 9756
www.traverse.com.au  

 

  _  


 
 

This email has been checked for viruses by Avast antivirus software. 
www.avast.com
  





___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra Exchange Access (Break-in's)

[Mike Everest]

Hwawei? Russians? ;)

> -Original Message-
> From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Mark
> Delany
> Sent: Wednesday, 21 August 2019 2:20 PM
> To: ausnog@lists.ausnog.net
> Subject: Re: [AusNOG] Telstra Exchange Access (Break-in's)
> 
> > 26 exchanges, that's absolutely insane, thanks for that Evan!
> 
> The ABC article says 44 exchanges in the Sydney area!
> 
> That suggests something far more organized than a couple of vandals or
> opportunistic copper thieves. (Is copper theft even a thing in
> Australia?)
> 
> What a strange crime to commit considering the travel needed to get to so
> many exchanges. A vendetta?
> 
> 
> Mark.
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

[Mike Everest]

I know - I was being a little bit 'playful' ;)

 

Apologies to all - probably too playful for a serious topic :-}

 

Cheers!  Mike.

 

From: Bevan Slattery [mailto:be...@slattery.net.au] 
Sent: Wednesday, 19 June 2019 12:33 PM
To: Mike Everest ; ausnog@lists.ausnog.net
Subject: Re: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

 

If it was the 400kw of solar we installed on the roof back in the day
wouldn't work too well would it? :)

 

At its closest it's about 40m from the edge so unless you've got a ramp on
Bolte to get over the concrete wall and go all Dukes of Hazard REAL hard in
the three lanes you have to cross and get there and cross the wall, go
airborne over the neighbours property, then over the access/cark park to get
to the building, I reckon you'd deserve a medal.

 

So the answer is "no" :)

 

[b]

 

From: AusNOG mailto:ausnog-boun...@lists.ausnog.net> > on behalf of Mike Everest
mailto:m...@duxtel.com> >
Date: Wednesday, 19 June 2019 at 10:42 am
To: "ausnog@lists.ausnog.net <mailto:ausnog@lists.ausnog.net> "
mailto:ausnog@lists.ausnog.net> >
Subject: Re: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

 

Speaking of which,..

 

Isn't NextDC M1 right underneath a major bridge? ;-)

 

Cheers,  Mike.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Paul
Julian
Sent: Wednesday, 19 June 2019 9:05 AM
To: 'Skeeve Stevens' mailto:ausnog@futurecrime.agency> >; ausnog@lists.ausnog.net
<mailto:ausnog@lists.ausnog.net> 
Subject: Re: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

 

This is interesting information, thanks for thinking outside the square
Skeeve, it's probably something most people never considered but it could be
a potential issue.

 

Regards

Paul

 

From: AusNOG mailto:ausnog-boun...@lists.ausnog.net> > On Behalf Of Skeeve Stevens
Sent: Monday, 17 June 2019 4:31 PM
To: mailto:ausnog@lists.ausnog.net> >
mailto:ausnog@lists.ausnog.net> >
Subject: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

 

Hi all,

 

Most people would have heard about the Mascot building that had to be
evacuated on Friday evening.

 

Until recently lived in Mascot and I realised that it was a building next to
Equinix SY2.

 

It may not be obvious, but this building, which is of risk enough that
everyone has been evacuated, actually, if it fell in the worst way possible
(very unlikely), it would hit Equinix SY2.

 

I've created a video which gives some perspective of the situation.
https://www.youtube.com/watch?v=Jq1whCsf0rc

 

I also attended the site to verify the perspective.

 

Equinix people were onsite Friday night doing risk assessments - but I've
not seen any public comment from them about it and there are no
notifications in the portal or email alerts about it.

 

Here is the video <https://www.youtube.com/watch?v=xrJhkq3wPa4>  of me
onsite at the location. I will put up some pictures later.

 




...Skeeve

--

Skeeve Stevens - Director - Future Crime Agency

Email: skeeve@futurecrime.agency <mailto:skeeve@futurecrime.agency> 

Website: futurecrime.agency <http://futurecrime.agency/>  ; Twitter:
<https://twitter.com/_futurecrime> @_FutureCrime

Linkedin: /in/skeeve <http://www.linkedin.com/in/skeeve>  ; Facebook:
FutureCrimeAgency <https://www.facebook.com/futurecrimeagency> 




...Skeeve

 

--

Skeeve Stevens - Director - Future Crime Agency

Email:  <mailto:skeeve@futurecrime.agency> skeeve@futurecrime.agency ;
Skype: skeeve

Website:  <http://futurecrime.agency/> futurecrime.agency ; Twitter:
<https://twitter.com/_futurecrime> @_FutureCrime

Linkedin:  <http://www.linkedin.com/in/skeeve> /in/skeeve ; Facebook:
<https://www.facebook.com/futurecrimeagency> FutureCrimeAgency

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

[Mike Everest]

Speaking of which,..

 

Isn’t NextDC M1 right underneath a major bridge? ;-)

 

Cheers,  Mike.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Paul Julian
Sent: Wednesday, 19 June 2019 9:05 AM
To: 'Skeeve Stevens' ; ausnog@lists.ausnog.net
Subject: Re: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

 

This is interesting information, thanks for thinking outside the square Skeeve, 
it’s probably something most people never considered but it could be a 
potential issue.

 

Regards

Paul

 

From: AusNOG mailto:ausnog-boun...@lists.ausnog.net> > On Behalf Of Skeeve Stevens
Sent: Monday, 17 June 2019 4:31 PM
To: mailto:ausnog@lists.ausnog.net> > 
mailto:ausnog@lists.ausnog.net> >
Subject: [AusNOG] RISK: Equinix SY2 (SY1?) - Mascot Towers

 

Hi all,

 

Most people would have heard about the Mascot building that had to be evacuated 
on Friday evening.

 

Until recently lived in Mascot and I realised that it was a building next to 
Equinix SY2.

 

It may not be obvious, but this building, which is of risk enough that everyone 
has been evacuated, actually, if it fell in the worst way possible (very 
unlikely), it would hit Equinix SY2.

 

I've created a video which gives some perspective of the situation. 
https://www.youtube.com/watch?v=Jq1whCsf0rc

 

I also attended the site to verify the perspective.

 

Equinix people were onsite Friday night doing risk assessments - but I've not 
seen any public comment from them about it and there are no notifications in 
the portal or email alerts about it.

 

Here is the video   of me onsite 
at the location. I will put up some pictures later.

 




...Skeeve

--

Skeeve Stevens - Director - Future Crime Agency

Email: skeeve@futurecrime.agency  

Website: futurecrime.agency   ; Twitter:  
 @_FutureCrime

Linkedin: /in/skeeve   ; Facebook: 
FutureCrimeAgency  




...Skeeve

 

--

Skeeve Stevens - Director - Future Crime Agency

Email:   skeeve@futurecrime.agency ; Skype: 
skeeve

Website:   futurecrime.agency ; Twitter:  
 @_FutureCrime

Linkedin:   /in/skeeve ; Facebook:  
 FutureCrimeAgency

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Mike Everest]

Apologies to any who consider it noise :-}

 

MikroTik have released patches addressing IPv6 memory depletion bug in 
bugfix/long-term and stable release channels.

 

Our recommendation is to upgrade all routers with IPv6 enabled (whether 
configured or not) to v6.43.14 (bugfix) as soon as possible.

 

Cheers,  Mike.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Mike Everest
Sent: Thursday, 4 April 2019 2:13 PM
To: 'aus...@ausnog.net' 
Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have 
Public IPv6 Facing Mikrotik

 

For those not watching this issue closely…

 

Further information and updates here: 
https://shop.duxtel.com.au/article_info.php?articles_id=89

 

Cheers,  Mike.

 

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Mike Everest]

For those not watching this issue closely…

 

Further information and updates here: 
https://shop.duxtel.com.au/article_info.php?articles_id=89

 

Cheers,  Mike.

 

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have Public IPv6 Facing Mikrotik

[Mike Everest]

On the point of “the fix is in v7”

 

That kind of statement is usually code for “it’s a kernel issue” since the 
major version number of RouterOS has (so far) related to linux kernel revision. 
 Therefore, if that is the official position on this problem, then there may be 
some logical conclusions that might be drawn:

 

1.   Maybe this can’t be fixed in current routerOS v6.xx

2.   Maybe other OS based on linux kernel may also be affected

 

Pure conjecture from me, of course – despite the relatively ‘close’ 
relationship that we have with MikroTik, we are not much better informed than 
everyone else when it comes to this sort of thing :-}

Cheers!

Mike.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Rob Thomas
Sent: Friday, 29 March 2019 10:50 AM
To: Cameron Murray 
Cc:  
Subject: Re: [AusNOG] Mikrotik IPv6 Vulnerability - Must Read if you have 
Public IPv6 Facing Mikrotik

 

Quick summary of the problem:

 

* From the description it appears to be a kernel-level issue - when a MikroTik 
device receives a magic IPv6 packet, it will panic.

* MikroTik have known about it for almost a year, and have not fixed it.

* It is not fixed in the latest 6.44.1 image

* The discoverer has been trying to practice responsible disclosure, but has 
given up

 

Further things:

* MikroTik HAVE acknowledged it in a new thread a couple of hours ago

  https://forum.mikrotik.com/viewtopic.php?f=2 
 
&t=147048#p723696

* Twitter thread from the guy who discovered it:

  https://twitter.com/maznu/status/1110910688623513601

* There's a comment 'The fix is in v7' - theres a long running joke that v7 
will never emerge (it probably never will, they've lost most of their senior 
engineers, and refuse to open source their code to leverage their developers in 
the community)

 

I guess the good thing for me is that Nexium still can't provide us IPv6 so 
we're kinda safe up here 8)

 

--Rob

 

 

On Fri, 29 Mar 2019 at 09:25, Cameron Murray mailto:cameron.mur...@gmail.com> > wrote:

Guys,

 

This has just popped up on the Mikrotik forums that I am sure many on the list 
need to be aware of.

 

If you run Mikrotik in your network and have IPv6 on a Public facing interface 
please check the following link: 
https://forum.mikrotik.com/viewtopic.php?t=147076 

 

Cheers

 

Cameron

___
AusNOG mailing list
AusNOG@lists.ausnog.net  
http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Mikrotik routers in HA environments

[Mike Everest]

Darren,

 

As others have already confirmed, RouterOS is suitable for that kind of
application, but since you mentioned 'Cisco', I wanted to point out a very
significant difference from what you might be used to:  MikroTik do not
offer any kind of support contract

 

Now for some, that may be a good thing ;) but for others, it can constitute
what is essentially a total deal breaker.  The reason for that is that with
a Cisco support contract, if (or perhaps /when/) you encounter a software
bug that causes you some serious problem, you a direct channel to the vendor
engineering team.  In the MikroTik world, you need to either use your own
internal resources or hire a suitable consultant to run full packet level
diagnostics, develop repeatability steps and then go through MikroTik level
1 support channels to try to escalate it to their software engineering team.

 

Please don't take this as encouragement to NOT deploy MikroTik! :-D  As the
largest volume MikroTik distribution in our region, of course I think you
*should* deploy MT, but only when you are aware of the full 'TCO' :-}

 

As the leading MikroTik vendor in Australia, we also offer engineering
support in case your team does need some extra help when things go wrong,
and we also have some inside contacts with MikroTik support team to get
(sometimes slightly) faster escalation of unusual problems.

 

I'd be pleased to discuss further in more detail any time, if you'd like to!
;)

Cheers!  Mike Everest.

 

From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Darren
Moss
Sent: Tuesday, 26 June 2018 11:58 AM
To: ausnog@lists.ausnog.net
Subject: [AusNOG] Mikrotik routers in HA environments

 

Hi All,

 

We are about to deploy a new location, which we normally do with our SOE
around Cisco router kit (2 of them for redundancy).

 

I was talking with another DC customer and they swear by Mikrotik router
gear over Cisco.

 

I've played with Mikrotik in a domestic/home fibre connection scenario, but
not in a DC environment.

 

What's the consensus from others?

 

Can a pair of Mikrotik routers be configured for a *reliable* HA scenario ?

 

Happy to chat offlist or share if this is of interest to others.

 

Cheers

 

 

Darren.

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] MikroTik User Meeting - Melbourne May 18th

[Mike Everest]

Hi Folks,

Apologies to those who might consider this inappropriate in here, but
knowing that a lot of you use (and some even /like/ ;) MikroTik gear, I
thought it may be of some interest for you to know that the next MUM event
for Australia is on next month in Melbourne (Richmond) - some presentation
spots are still open: if interested to speak contact me (or them) to discuss
:)
https://mum.mikrotik.com/2018/AU/info/EN

Cheers,  Mike.


___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] CPU - when to upgrade

[Mike Everest]

Tip for all: use http://talk.mikrotik.com.au for this kind of topic :-}

> -Original Message-
> From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Rhys
> Cuff (Latrobe I.T)
> Sent: Friday, 6 April 2018 1:00 PM
> To: ausnog@lists.ausnog.net
> Subject: Re: [AusNOG] CPU - when to upgrade
> 
> O  setting a rule at the top to fasttrack established connections made a
> huge difference.
> Thanks for the tip
> 
> 
> 
> -Original Message-
> From: Mike Everest [mailto:m...@duxtel.com]
> Sent: Friday, April 6, 2018 12:31 PM
> To: Rhys Cuff (Latrobe I.T); ausnog@lists.ausnog.net
> Subject: RE: [AusNOG] CPU - when to upgrade
> 
> Hi Rys,
> 
> With routerOS, throughput limitation due to cpu really only happens when it
> completely runs out (i.e. 100% utilisation) - when you hit 100, router can't
> keep up with incoming packets and so some packets begin to be dropped.
> That can have a follow-on effect that TCP stream initiators will start to pare
> back the transmit rate accordingly so if your router is CLOSE to 100% but not
> quite, it can still indicate a throughput limit.  But 70% - 80% is not 
> usually a
> problem for throughput.
> 
> Other actions as already suggested, like fastpath and/or review of firewall
> rule order can make a huge difference - even adding a 'permit established' at
> the top of the forward chain can make a massive difference if you don’t
> already have it ;)
> 
> Cheers!
> 
> Mike.
> 
> > -Original Message-
> > From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of
> > Rhys Cuff (Latrobe I.T)
> > Sent: Friday, 6 April 2018 11:44 AM
> > To: ausnog@lists.ausnog.net
> > Subject: Re: [AusNOG] CPU - when to upgrade
> >
> > Hi Guys
> >
> > Thanks very much for the responses.
> > We are a very small wireless ISP (around 2000 customers) and run
> > MikroTik router kit (I know I know...) I can see its normally firewall
> > and routing process's that use most.
> > Running around 300mbps on the routers in question.
> > I can certainly upgrade, just wasn’t sure if it was worth it.
> > MikroTik don’t have much kit that is small and runs 24v.
> >
> > Thanks again
> >
> > Rhys
> >
> >
> >
> >
> > -Original Message-
> > From: Graeme Allen [mailto:m...@graemeallen.com]
> > Sent: Friday, April 6, 2018 11:22 AM
> > To: Rhys Cuff (Latrobe I.T)
> > Cc: ausnog@lists.ausnog.net
> > Subject: Re: [AusNOG] CPU - when to upgrade
> >
> > Hi Rhys,
> >
> > If you are looking at an MRTG style graph, then as Jim points out you
> > are probably looking at a 5 minute rolling average, and the peaks will
> > very likely be much higher and yes possibly impacting performance.
> >
> > For a more instant view of the CPU, do a "show proc cpu history", this
> > will show you the spikes (assuming csco).
> >
> > Assuming the box you are using is not just under-powered, you need to
> > look at what is hitting the cpu and see if you can control/remove it.
> >
> > Chasing "links that don't seem to go as hard as they should", oh man,
> > that's such a can of subjective worms..
> >
> >
> > On Fri, April 6, 2018 10:51 am, Jim Woodward wrote:
> > > On 06-04-2018 10:21, Rhys Cuff (Latrobe I.T) wrote:
> > >
> > >
> > > Hi Rhys,
> > >
> > >
> > > If it's a Cisco I have found that once you start hitting 70% you'll
> > > start to see Latency creep up, this in turn will likely to have an
> > > overall effect on achievable speeds.
> > >
> > > If the 70% figure is an average then peaks may be quite a bit
> > > higher, I would consider working on a plan to upgrade the device(s)
> > > or do the usual process of looking at your configuration to see if
> > > you have any misconfigured/redundant ACL's or or routing policies
> > > that may be eating into your CPU performance.
> > >
> > > Kind Regards,
> > >
> > >
> > > Jim.
> > >
> > >
> > >> FROM: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] ON BEHALF
> OF
> > >> Rhys Cuff (Latrobe I.T)
> > >> SENT: Friday, April 6, 2018 10:19 AM
> > >> TO: ausnog@lists.ausnog.net
> > >> SUBJECT: [AusNOG] CPU - when to upfrade
> > >>
> > >>
> > >> Hi Guys
> > >>
> > >>
> > >> When you have a router and cpu is hitting about 60 - 70% with
> > >> traffic load would that impact speeds?
> > >>
> > >> I've got a few links that don't seem to go as hard as they should,
> > >> but I can't find the
> > >> reason.___
> > >>
> > > AusNOG mailing list
> > > AusNOG@lists.ausnog.net
> > > http://lists.ausnog.net/mailman/listinfo/ausnog
> > >
> > >
> >
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] CPU - when to upgrade

[Mike Everest]

Hi Rys,

With routerOS, throughput limitation due to cpu really only happens when it 
completely runs out (i.e. 100% utilisation) - when you hit 100, router can't 
keep up with incoming packets and so some packets begin to be dropped.  That 
can have a follow-on effect that TCP stream initiators will start to pare back 
the transmit rate accordingly so if your router is CLOSE to 100% but not quite, 
it can still indicate a throughput limit.  But 70% - 80% is not usually a 
problem for throughput.

Other actions as already suggested, like fastpath and/or review of firewall 
rule order can make a huge difference - even adding a 'permit established' at 
the top of the forward chain can make a massive difference if you don’t already 
have it ;)

Cheers!

Mike.

> -Original Message-
> From: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] On Behalf Of Rhys
> Cuff (Latrobe I.T)
> Sent: Friday, 6 April 2018 11:44 AM
> To: ausnog@lists.ausnog.net
> Subject: Re: [AusNOG] CPU - when to upgrade
> 
> Hi Guys
> 
> Thanks very much for the responses.
> We are a very small wireless ISP (around 2000 customers) and run MikroTik
> router kit (I know I know...) I can see its normally firewall and routing
> process's that use most.
> Running around 300mbps on the routers in question.
> I can certainly upgrade, just wasn’t sure if it was worth it.
> MikroTik don’t have much kit that is small and runs 24v.
> 
> Thanks again
> 
> Rhys
> 
> 
> 
> 
> -Original Message-
> From: Graeme Allen [mailto:m...@graemeallen.com]
> Sent: Friday, April 6, 2018 11:22 AM
> To: Rhys Cuff (Latrobe I.T)
> Cc: ausnog@lists.ausnog.net
> Subject: Re: [AusNOG] CPU - when to upgrade
> 
> Hi Rhys,
> 
> If you are looking at an MRTG style graph, then as Jim points out you are
> probably looking at a 5 minute rolling average, and the peaks will very likely
> be much higher and yes possibly impacting performance.
> 
> For a more instant view of the CPU, do a "show proc cpu history", this will
> show you the spikes (assuming csco).
> 
> Assuming the box you are using is not just under-powered, you need to look
> at what is hitting the cpu and see if you can control/remove it.
> 
> Chasing "links that don't seem to go as hard as they should", oh man, that's
> such a can of subjective worms..
> 
> 
> On Fri, April 6, 2018 10:51 am, Jim Woodward wrote:
> > On 06-04-2018 10:21, Rhys Cuff (Latrobe I.T) wrote:
> >
> >
> > Hi Rhys,
> >
> >
> > If it's a Cisco I have found that once you start hitting 70% you'll
> > start to see Latency creep up, this in turn will likely to have an
> > overall effect on achievable speeds.
> >
> > If the 70% figure is an average then peaks may be quite a bit higher,
> > I would consider working on a plan to upgrade the device(s) or do the
> > usual process of looking at your configuration to see if you have any
> > misconfigured/redundant ACL's or or routing policies that may be
> > eating into your CPU performance.
> >
> > Kind Regards,
> >
> >
> > Jim.
> >
> >
> >> FROM: AusNOG [mailto:ausnog-boun...@lists.ausnog.net] ON BEHALF OF
> >> Rhys Cuff (Latrobe I.T)
> >> SENT: Friday, April 6, 2018 10:19 AM
> >> TO: ausnog@lists.ausnog.net
> >> SUBJECT: [AusNOG] CPU - when to upfrade
> >>
> >>
> >> Hi Guys
> >>
> >>
> >> When you have a router and cpu is hitting about 60 - 70% with traffic
> >> load would that impact speeds?
> >>
> >> I've got a few links that don't seem to go as hard as they should,
> >> but I can't find the
> >> reason.___
> >>
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
> 
> 
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog