Re: Cisco 7200 + NPE-G1 / 7301
"Ben Butler" <[EMAIL PROTECTED]> writes: > Anyone got any comments about how good or otherwise the Cisco 7200 + > NPE-G1 or 7301, both with 1GB of RAM, is as a eBGP router + L2TP > terminator for DSL subs, in terms of scalability for bandwidth through > put & the number of VPDN sessions it can terminate before it dies. Are > the two solutions effectively the same box or are there more technical > differences beyond the obvious number of slots. Well, the number of vpdn sessions that you can put on a VXR or a 7301 is going to have a lot more to do with your average customer's bandwidth use profile (ie, pps) than anything else. Right now, I'm looking at a 7206VXR/NPE300 in the US/Eastern time zone (so mid afternoon; all the gamer kids are home from school) that is serving as an LNS. 1811 callers, 52.5 Mbit/sec (10.5kpps) down, 33 Mbit/sec (9600 Kpps) up. 79% CPU. We offer an "unlimited" program, so there are some pretty heavy users in there - the hockey stick is pretty sharp. We did a side by side bakeoff several months ago of the 7301 vs. the 7206VXR/NPE300, and discovered that as a rule of thumb, the Kpps/1%cpu ratio was 3.8x as good as the VXR/NPE300. The used market for the 7301 is practically nonexistant, and new prices are about 3.2x the price of a used VXR loaded up with the interface complement we need. The interfaces on the VXR are fast ethernet not gige, but then again we weren't going to be able to saturate the faste anyway. Anyway, the sweet spot in the price/performance curve seems to be the 7206VXR with NPE-G1, if you can shop around and get the NPE for a good price. Junipers are as a rule more pricey, bigger physically, and more scaleable. Assuming you can share the traffic around via multiple tunnels, a farm of 7206VXRs with NPE300s offers box-level redundancy at a reasonable price. L2TPNS (http://sourceforge.net/projects/l2tpns) to which I was directed some time ago, shows promise but was lacking some critical features that we needed, and I was left coordinating an office move rather than writing software. Such is life. :( Anyway, it turned out that in our case, having a lot of box-level redundancy was more important than saving space, so we ended up staying with the VXR platform even with the NPE-300. The eval 7301 was in production use for several months and was completely trouble-free, so I agree with Woody's assessment that these are nice boxes. Regardless of what your users' usage is like, you're going to have an awfully tough time going over 2 users on one box because of the IDB limit that Cisco imposes in their software for that platform. ---Rob
Call for Presentations - NANOG 36, Feb. 2006
The North American Network Operators' Group (NANOG) will hold its 36th meeting February 12-15, in Dallas, Texas. The meeting will be hosted by Yahoo. NANOG conferences provide a forum for information exchange among network operators, engineers, and researchers. Meetings are held three times each year, and include presentations, tutorial sessions, and BOFs. NANOG solicits presentations highlighting issues relating to technology already deployed or soon to be deployed in the Internet. Vendors are encouraged to work with operators to present deployment experiences with the vendor's products and interoperability. Suggested topics include: * Network Operations o Everyday life in the NOC o Present-day operational case studies o Exchange point technologies and implementation o Peering/colocation coordination issues o Content provider issues o Security attacks/mitigation, tools, and analysis o State of OAM tools for IP and MPLS networks o Network and data center redundancy * Deployment Experience o Alternative last-mile technologies (metro/rural, broadband, radio, optical, etc.) o VoIP deployment, peering and interconnect o Anycast o IPTV o Large-scale wireless o Fiber and Wavelength use by enterprises * Research, Policy, and New Technology o Approaches to securing the global routing system (e.g., s*BGP and/or other tools) o Inter-provider MPLS/QoS/PCE o RIR policy (e.g., implications of HD ratio) o Currently active standards organizations and their topic areas o IPv6 economics: why is deployment so slow? o Approaches to IPv6 scalability, e.g., SHIM6 If time permits, topics for short (10-20 minute) lightning talks will be solicited on-site. "Technologies to Watch" topics will be appropriate for this session. Researchers are invited to present short (10-minute) summaries of their work for operator feedback. Topics include routing, network performance, statistical measurement and analysis, and protocol development and implementation. Studies presented may be works in progress. Researchers from academia, government, and industry are encouraged to present. Proposals are also invited for tutorial sessions. Previous topics have included: * Troubleshooting BGP * Best Practices for Determining Traffic Matrices * Options for Blackhole and Discard Routing * BGP/MPLS Layer 3 VPNs How to Present Submit an abstract and draft slides for the presentation in email to [EMAIL PROTECTED] See http://www.nanog.org/presentations.html for submission guidelines. We are also developing an online submission system, and hope to have it available by early December. Check the NANOG main page (http://www.nanog.org) for updates. The deadline for proposals is December 15, 2005. While the majority of speaking slots will be filled by December 15, a limited number of slots may be available after that date for topics that are exceptionally timely, important, or critical to the operations of the Internet. Submissions will be reviewed by the NANOG Program Committee, and presenters will be notified of acceptance by January 2. Final drafts of presentation slides are due by February 1, and final versions February 8. Steve Feldman Chair, NANOG Program Committee
RE: Cisco 7200 + NPE-G1 / 7301
> The two platforms are similar but 7301 is relatively new. Anything > new from cisco I recommend to avoid for at least a year. Yeah, I'd agree with the principle here, but the 7301 has been out for several years, I've got a bunch of them in the field, and they're the most stable router I've ever used. They're essentially just a NPE-G1 with a fixed hardware configuration in a 1U box. Can't get simpler than that. -Bill
Re: westin, the serial
Possibly, other than cisco users have serial laptops at the westin? randy ___ sent from a handheld, so even more terse than usual :-)
Re: westin, the serial
On Nov 18, 2005, at 10:11 AM, Niels Bakker wrote: Dear Randy: * [EMAIL PROTECTED] (Randy Bush) [Fri 18 Nov 2005, 18:40 CET]: anyone at seattle westin have something that talks serial so i can deal with a freaked 2511 oob through its console? Don't you agree that this would be more appropriate on cisco-nsp@ ? The Westin building being in Seattle, USA, North America is the relevant piece of info for Randy's request. Not that it's a freaked 2511. -david Best regards, -- Niels. -- "Calling religion a drug is an insult to drugs everywhere. Religion is more like the placebo of the masses." -- MeFi user boaz
Re: westin, the serial
Dear Randy: * [EMAIL PROTECTED] (Randy Bush) [Fri 18 Nov 2005, 18:40 CET]: anyone at seattle westin have something that talks serial so i can deal with a freaked 2511 oob through its console? Don't you agree that this would be more appropriate on cisco-nsp@ ? Best regards, -- Niels. -- "Calling religion a drug is an insult to drugs everywhere. Religion is more like the placebo of the masses." -- MeFi user boaz
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith <[EMAIL PROTECTED]>. Routing Table Report 04:00 +10GMT Sat 19 Nov, 2005 Analysis Summary BGP routing table entries examined: 175261 Prefixes after maximum aggregation: 98860 Unique aggregates announced to Internet: 84806 Total ASes present in the Internet Routing Table: 20928 Origin-only ASes present in the Internet Routing Table: 18220 Origin ASes announcing only one prefix:8614 Transit ASes present in the Internet Routing Table:2708 Transit-only ASes present in the Internet Routing Table: 74 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 21 Prefixes from unregistered ASNs in the Routing Table: 2 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 12 Number of addresses announced to Internet: 1462078080 Equivalent to 87 /8s, 37 /16s and 138 /24s Percentage of available address space announced: 39.4 Percentage of allocated address space announced: 59.4 Percentage of available address space allocated: 66.4 Total number of prefixes smaller than registry allocations: 84115 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:36623 Total APNIC prefixes after maximum aggregation: 15833 Prefixes being announced from the APNIC address blocks: 34396 Unique aggregates announced from the APNIC address blocks:16829 APNIC Region origin ASes present in the Internet Routing Table:2404 APNIC Region origin ASes announcing only one prefix:699 APNIC Region transit ASes present in the Internet Routing Table:366 Average APNIC Region AS path length visible:4.4 Max APNIC Region AS path length visible: 17 Number of APNIC addresses announced to Internet: 206407616 Equivalent to 12 /8s, 77 /16s and 135 /24s Percentage of available APNIC address space announced: 76.6 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911 APNIC Address Blocks 58/7, 60/7, 124/7, 126/8, 202/7, 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 92846 Total ARIN prefixes after maximum aggregation:55846 Prefixes being announced from the ARIN address blocks:72314 Unique aggregates announced from the ARIN address blocks: 27466 ARIN Region origin ASes present in the Internet Routing Table:10355 ARIN Region origin ASes announcing only one prefix:3835 ARIN Region transit ASes present in the Internet Routing Table: 968 Average ARIN Region AS path length visible: 4.3 Max ARIN Region AS path length visible: 17 Number of ARIN addresses announced to Internet: 276171520 Equivalent to 16 /8s, 118 /16s and 11 /24s Percentage of available ARIN address space announced: 68.6 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/6, 74/7, 76/8, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 34088 Total RIPE prefixes after maximum aggregation:23049 Prefixes being announced from the RIPE address blocks:31082 Unique aggregates announced from the RIPE address blocks: 20835 RIPE Region origin ASes present in the Internet Routing Table: 7304 RIPE Region origin ASes announcing only one prefix:3827 RIPE Region transit ASes present in the Internet Routing Table:1194 Average RIPE Region AS path length visible: 5.0 Max RIPE Region AS path length visible: 20 Number of RIPE addresses announced to Int
RE: Cisco 7200 + NPE-G1 / 7301
On Fri, 18 Nov 2005, Neil J. McRae wrote: I'd stick with what you know unless you plan to terminate hundreds of thousands of things in which case cisco isn't a great choice. They two platforms are similar but 7301 is relatively new. Anything new from cisco I recommend to avoid for atleast a year so that you aren't an alpha tester. The npe-g1 is not exactly a new product, it was introduced in early 2003 if I'm not mistaken. The 7301 was introduced later that year. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Butler Sent: 18 November 2005 17:20 To: [EMAIL PROTECTED] Subject: Cisco 7200 + NPE-G1 / 7301 Hi, Anyone got any comments about how good or otherwise the Cisco 7200 + NPE-G1 or 7301, both with 1GB of RAM, is as a eBGP router + L2TP terminator for DSL subs, in terms of scalability for bandwidth through put & the number of VPDN sessions it can terminate before it dies. Are the two solutions effectively the same box or are there more technical differences beyond the obvious number of slots. Without wanting to start one of those sorts of threads is it time to look at something else, i.e. Juniper, for cost / performance, or should I stick with the heard and what I know in Cisco. Kind Regards Ben Butler ++ C2 Internet Ltd Globe House The Gullet Nantwich Cheshire CW5 5RL W http://www.c2internet.net/ T +44-(0)845-658-0020 F +44-(0)845-658-0070 All quotes & services from C2 are bound by our standard terms and conditions which are available on our website at: http://www.c2internet.net/legal/main.htm#tandc -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 17/11/2005 -- -- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
RE: Cisco 7200 + NPE-G1 / 7301
> Anything new from cisco I recommend to avoid > for atleast a year so that you aren't an alpha tester. Or any vendor actually :-) Neil. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 17/11/2005
RE: Cisco 7200 + NPE-G1 / 7301
I'd stick with what you know unless you plan to terminate hundreds of thousands of things in which case cisco isn't a great choice. They two platforms are similar but 7301 is relatively new. Anything new from cisco I recommend to avoid for atleast a year so that you aren't an alpha tester. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Ben Butler > Sent: 18 November 2005 17:20 > To: [EMAIL PROTECTED] > Subject: Cisco 7200 + NPE-G1 / 7301 > > > Hi, > > Anyone got any comments about how good or otherwise the Cisco 7200 + > NPE-G1 or 7301, both with 1GB of RAM, is as a eBGP router + > L2TP terminator for DSL subs, in terms of scalability for > bandwidth through put & the number of VPDN sessions it can > terminate before it dies. Are the two solutions effectively > the same box or are there more technical differences beyond > the obvious number of slots. > > Without wanting to start one of those sorts of threads is it > time to look at something else, i.e. Juniper, for cost / > performance, or should I stick with the heard and what I know > in Cisco. > > > Kind Regards > > Ben Butler > ++ > C2 Internet Ltd > Globe House > The Gullet > Nantwich > Cheshire > CW5 5RL > W http://www.c2internet.net/ > T +44-(0)845-658-0020 > F +44-(0)845-658-0070 > > All quotes & services from C2 are bound by our standard terms > and conditions which are available on our website at: > > http://www.c2internet.net/legal/main.htm#tandc > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.362 / Virus Database: 267.13.3/174 - Release > Date: 17/11/2005 > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.3/174 - Release Date: 17/11/2005
westin, the serial
anyone at seattle westin have something that talks serial so i can deal with a freaked 2511 oob through its console? randy
Cisco 7200 + NPE-G1 / 7301
Hi, Anyone got any comments about how good or otherwise the Cisco 7200 + NPE-G1 or 7301, both with 1GB of RAM, is as a eBGP router + L2TP terminator for DSL subs, in terms of scalability for bandwidth through put & the number of VPDN sessions it can terminate before it dies. Are the two solutions effectively the same box or are there more technical differences beyond the obvious number of slots. Without wanting to start one of those sorts of threads is it time to look at something else, i.e. Juniper, for cost / performance, or should I stick with the heard and what I know in Cisco. Kind Regards Ben Butler ++ C2 Internet Ltd Globe House The Gullet Nantwich Cheshire CW5 5RL W http://www.c2internet.net/ T +44-(0)845-658-0020 F +44-(0)845-658-0070 All quotes & services from C2 are bound by our standard terms and conditions which are available on our website at: http://www.c2internet.net/legal/main.htm#tandc
Re: [Latest draft of Internet regulation bill]
On Thu, 17 Nov 2005, Stephen Sprunk wrote: > I'm curious what would happen if an ISP tried blocking P2P apps under that > section, however. Sure, a lot of it's illegal, but not all of it. Could > "gross overuse of bandwidth" be considered a threat to the network's > reliability, or would the statement of minimum capacity required in Sec > 104(b)(1)(A) mean the ISP can't complain about how the customer uses their > bandwidth? The courts will have fun with that one. Cable providers in particular will have a very big problem with that interpretation. While the asymmetry of cable downstream/upstream traffic levels is good (insofar that the structure of radio channels more or less requires it), cable providers have been massively overbooking their downstream bandwidth lately. $CableVendor in my market now pushes its "6Mb/s" service quite hard in advertising. I have written proof in hand from its "Abuse Department" that it will not honor its downstream rate for any sustained amount of time -- though none of its ToU, AUP, nor this document states what its criteria are for service interruption under this guise. Funny, that: $CableVendor is deaf to spam and DDoS complaints, but it certainly sits up and listens closely when someone has a reason to make use of its consumer offering at full capacity. (And I got this letter at a time when $CableVendor's maximum downstream rate was a mere 1.5Mb/s.) In any case, the letter I received would make an interesting litmus test to your theory about guaranteed service speeds. > Preempting state prohibitions on public carriers is interesting -- hopefully > we'll see a lot of those emerge in states (like mine) that currently ban them. This sort of preemption is becoming somewhat commonplace and is an attempt by legislators to pacify telecom operators doing local business in multiple states (as otherwise the Constitution's Amendment 10 would relegate near total power back to the states -- where it should be IMHO ;). There was a similar clause in [YOU-]CAN-SPAM, because the DMA wanted it. But then, the DMA got a lot of wishes granted in that piece-of-cr^Wlaw. -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Re: a record?
Matthew Sullivan <[EMAIL PROTECTED]> writes: > John Levine wrote: > Moving sshd from port 22 to port 137, 138 or 139. Nasty eh? >>>don't do that! Lots of (access) isps around the world (esp here in >>>Europe) block those ports >>> >> >>If you're going to move sshd somewhere else, port 443 is a fine >>choice. Rarely blocked, rarely probed by ssh kiddies. It's probed >>all the time by malicious web spiders, but since you're not a web >>server, you don't care. >> > > Except if you're running a version of OpenSSL that has a > vulnerability, you could be inviting trouble - particularly with > kiddies scanning for Apache with vulnerable versions of OpenSSL > attached by way of mod_ssl etc... It's worth noting that while OpenSSH uses OpenSSL for crypto, most of the recent vulnerabilities in OpenSSL do not extend to OpenSSH, because they're in the SSL state machine, not the crypto. -Ekr
SMS etc
Hello all, I apologize if this is deemed off topic, but I think there is enough content to warrant the question. Some time ago there was a lively discussion about SMS paging and the providers for that in relation to emergency operations NMS paging etc. Who can point me in the direction of the still serving providers and maybe give some color commentary on the SMS to SMTP or other paging methods many of you use to provide the paging of engineers? Please reply off list and if there is any interest I will summerize back to the list. Thanks, Jim
The Cidr Report
This report has been generated at Fri Nov 18 21:46:21 2005 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
11-11-05175515 114822
12-11-05172203 114836
13-11-05172290 114870
14-11-05172345 114990
15-11-05172408 114745
16-11-05172231 114790
17-11-05172458 114872
18-11-05172374 115063
AS Summary
20851 Number of ASes in routing system
8654 Number of ASes announcing only one prefix
1464 Largest number of prefixes announced by an AS
AS7018 : ATT-INTERNET4 - AT&T WorldNet Services
91322624 Largest address span announced by an AS (/32s)
AS721 : DLA-ASNBLOCK-AS - DoD Network Information Center
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 18Nov05 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 172494 1149955749933.3% All ASes
AS4323 1187 236 95180.1% TWTC - Time Warner Telecom
AS18566 877 11 86698.7% COVAD - Covad Communications
AS721 1071 313 75870.8% DLA-ASNBLOCK-AS - DoD Network
Information Center
AS4134 1021 275 74673.1% CHINANET-BACKBONE
No.31,Jin-rong Street
AS22773 557 26 53195.3% CCINET-2 - Cox Communications
Inc.
AS7018 1464 954 51034.8% ATT-INTERNET4 - AT&T WorldNet
Services
AS19916 563 65 49888.5% ASTRUM-0001 - OLM LLC
AS855558 65 49388.4% CANET-ASN-4 - Canadian
Research Network
AS3602 542 104 43880.8% SPRINT-CA-AS - Sprint Canada
Inc.
AS6197 960 561 39941.6% BATI-ATL - BellSouth Network
Solutions, Inc
AS17676 470 101 36978.5% JPNIC-JP-ASN-BLOCK Japan
Network Information Center
AS11492 604 249 35558.8% CABLEONE - CABLE ONE
AS812367 30 33791.8% ROGERS-CABLE - Rogers Cable
Inc.
AS6467 389 56 33385.6% ESPIRECOMM - e.spire
Communications, Inc.
AS4755 607 275 33254.7% VSNL-AS Videsh Sanchar Nigam
Ltd. Autonomous System
AS4766 610 287 32353.0% KIXS-AS-KR Korea Telecom
AS15270 338 25 31392.6% AS-PAETEC-NET - PaeTec.net -a
division of
PaeTecCommunications, Inc.
AS9583 827 520 30737.1% SIFY-AS-IN Sify Limited
AS14654 2926 28697.9% WAYPORT - Wayport
AS17488 366 83 28377.3% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS9498 395 117 27870.4% BBIL-AP BHARTI BT INTERNET
LTD.
AS5668 476 211 26555.7% AS-5668 - CenturyTel Internet
Holdings, Inc.
AS9929 315 53 26283.2% CNCNET-CN China Netcom Corp.
AS6167 324 63 26180.6% CELLCO-PART - Cellco
Partnership
AS1239 845 600 24529.0% SPRINTLINK - Sprint
AS18101 268 23 24591.4% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS2386 926 694 23225.1% INS-AS - AT&T Data
Communications Services
AS6140 423 192 23154.6% IMPSAT-USA - ImpSat
AS19115 258 27 23189.5% CHARTER-LEBANON - Charter
Communications
AS16852 278 50 22882.0% FOCAL-CHICAGO - Focal Data
Communications of Illinois
Total 18178 62721190665.5% Top 30 total
Possible Bogus Routes
24.246.0
Re: a record?
John Levine wrote: Moving sshd from port 22 to port 137, 138 or 139. Nasty eh? don't do that! Lots of (access) isps around the world (esp here in Europe) block those ports If you're going to move sshd somewhere else, port 443 is a fine choice. Rarely blocked, rarely probed by ssh kiddies. It's probed all the time by malicious web spiders, but since you're not a web server, you don't care. Except if you're running a version of OpenSSL that has a vulnerability, you could be inviting trouble - particularly with kiddies scanning for Apache with vulnerable versions of OpenSSL attached by way of mod_ssl etc... Regards, Mat
