XO outage in minneapolis?
Anyone having XO problems in Minneapolis? We have an OC-3 down, all services. - Erik
Fiber maps of Minnesota
I work for a company that hosts services out of a datacenter in Minnesota. We're starting to plan the location of our next-generation data center, and we want to know if there is a place where we can get maps of local fiber-optic routes? We would like to see maps from several providers so we can ensure redundant connectivity. Does anyone have any hints as to how I can obtain such information? - Erik Amundson
RE: MLPPP over MPLS
I've used MLPPP before with T1s...not the hardest thing to do...in fact, MLFR is a little bigt nastier, but still nothing that the average CCNA couldn't wrap their brain around... Erik Amundson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon R. Kibler Sent: Friday, February 17, 2006 1:37 PM To: [EMAIL PROTECTED] Subject: MLPPP over MPLS Greetings all, Would anyone who has every done MLPPP over MPLS care to share their experiences with this type of network? We have a customer that is implementing an MPLS network that will have 2 to 6 T1 feeds at some locations that will be using MLPPP for channel bonding. This is a telco provided network that will be customer managed. The routers will be customer managed because the same equipment will have interfaces to another telco's network as a backup to the MPLS network. Needless to say, no telco will support equipment that interfaces competitors networks. The customer is being told by their router vendor that an MLPPP/MPLS network is 'too complex' to be managed by anyone except for the router vendor's VARs or the telco. They indicated that it would be impossible for the customer's router vendor certified network person to come up to speed on MLPPP/MPLS configurations and manage such a network -- that it takes years to adequately learn how to manage that type of network configuration. This doesn't sound like rocket science to me -- it should be simple and rather straight forward, I would think: The telco specifies its requirements for the router configuration, the customer implements that configuration on the required router interfaces, the telco monitors line quality, and the customer does basic router monitoring. Am I missing something here, or is the router vendor just blowing a lot of smoke to try to provide business for some of his clients that provide managed services? Thanks in advance for your feedback! Jon Kibler -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
RE: West Coast broken?
Yes, we have connections through Sprint, and they are having issues. They've told us it was a mud slide and a major fiber cut... Erik Amundson A+, N+, CCNA, CCNP IT and Network Manager Open Access Technology Int'l, Inc. Phone (763) 201-2005 Fax (763) 553-2813 mailto:[EMAIL PROTECTED] CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic. -Original Message- From: Nine, Jason [mailto:[EMAIL PROTECTED] Sent: Monday, January 09, 2006 4:14 PM To: Steve Sobol; Erik Amundson Cc: nanog@merit.edu Subject: RE: West Coast broken? Wouldn't happen to be a sprint backbone would it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Sobol Sent: Monday, January 09, 2006 4:09 PM To: Erik Amundson Cc: nanog@merit.edu Subject: Re: West Coast broken? On Mon, 9 Jan 2006, Erik Amundson wrote: > Mud slides? Fiber cuts? What the heck? All my west-coast lines went > splat a while ago... I'm on the west coast and have seen no issues from the DSL line I'm using to most places today. -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307
West Coast broken?
Mud slides? Fiber cuts? What the heck? All my west-coast lines went splat a while ago... Erik AmundsonA+, N+, CCNA, CCNPIT and Network ManagerOpen Access Technology Int'l, Inc.Phone (763) 201-2005Fax (763) 553-2813 mailto:[EMAIL PROTECTED] CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic.
RE: zotob - blocking tcp/445
I've always been kind of conflicted with this issue. I mean, providers blocking traffic at all. On the one hand, I'm a corporate customer, and if I'm being DOSed or infected, I would want to be able to call my ISP and have it blocked. On the other hand, I truly feel that I pay my ISPs to pass traffic, not block it. I guess it only bugs me when something is blocked and I didn't even ask for it to be blocked...and then other stupid things are seeping through, but are not blocked even when I ask! If ISPs really wanted to make the Internet better for Corporate America, I guess they'd unplug most of Asia...not block a port here and there (but that isn't exactly acceptable). Anways, like I said, I'm conflicted...I change my mind every now and then because both arguments make logical sense. - Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: Tuesday, August 16, 2005 12:58 AM To: Christopher L. Morrow Cc: nanog@merit.edu Subject: Re: zotob - blocking tcp/445 [snip arguments] > Do not become the internet firewall for your large customer base... > it's bad. > Okay, so please allow me to alter the argument a bit. Say we agreed on: 1. Security is THEIR (customers') problems, not yours. 2. You are not the Internet's firewall. That would mean you would still care about: 1. You being able to provide service. 2. Your own network being secure (?) In a big outbreak, not for the WHOLE Internet, I'd use whatever I can. It can easily become an issue of my network staying alive. Blocking that one port then might be a viable solution to get a handle on things and calm things down. Naturally though you are right again, it is a case-by-case issue and can not be discussed in generalities. Gadi.
UUNET connectivity in Minneapolis, MN
Anyone else having issues with UUNET connectivity in MSP? We were seeing slowness, now we see no traffic flow at all...we make it one hop, then nothin'. Erik AmundsonA+, N+, CCNA, CCNPIT and Network ManagerOpen Access Technology Int'l, Inc.mailto:[EMAIL PROTECTED] CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic.
RE: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
Windows definitely caches DNS entries...but as far as I've seen, it does honor TTLs... Erik Amundson A+, N+, CCNA, CCNP IT and Network Manager Open Access Technology Int'l, Inc. Phone (763) 201-2005 Fax (763) 553-2813 mailto:[EMAIL PROTECTED] CONFIDENTIAL INFORMATION: This email and any attachment(s) contain confidential and/or proprietary information of Open Access Technology International, Inc. Do not copy or distribute without the prior written consent of OATI. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic. -Original Message- From: Chris Adams [mailto:[EMAIL PROTECTED] Sent: Monday, April 18, 2005 12:35 PM To: nanog@merit.edu Subject: Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Once upon a time, Patrick W. Gilmore <[EMAIL PROTECTED]> said: > Depends on what you call "caching". Does honoring a TTL qualify as > caching? What other kind of DNS caching is there? > Can you imagine what would happen if every time anyone ever looked up > any hostname they sent out a DNS query? That's what most Unix/Linux/*BSD boxes do unless they are running a local caching name service of some time (BIND, nscd, etc.). I wasn't actually aware that Windows had a DNS cache service. -- Chris Adams <[EMAIL PROTECTED]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
RE: Why do so few mail providers support Port 587?
I just get sick of providers blocking traffic...their job is to PASS TRAFFIC. There must be a better solution, but laziness is getting the better of us all, as usual. We've had so many problems with "IP Providers" blocking various "IP PROTOCOLS" that we've just ended up forcing all of our users to use VPN tunnels for everything...except when the providers block that!!! Then we're just screwed. Anyways, just my two cents... Please don't flame me, I'm just a lowly network guy:) - Erik -Original Message- From: Sean Donelan [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 8:00 PM To: nanog@merit.edu Subject: Why do so few mail providers support Port 587? Although RFC2476 was published in December 1998, its amazing how few mail providers support the Message Submission protocol for e-mail on Port 587. Even odder, some mail providers use other ports such as 26 or 2525, but not the RFC recommended Port 587 for remote authenticated mail access for users. Large mail providers like AOL, GMAIL and Yahoo support authenticated mail on port 587; and some also support Port 465 for legacy SMTP/SSL. But a lot of universities and smaller mail providers don't. They still use SMTP Port 25 for roaming users. With AT&T, Earthlink, COX, Netzero and other ISPs filtering port 25 for years, I would have thought most mail providers would have started supporting Port 587 by now. What can be done to encourage universities and other mail providers with large roaming user populations to support RFC2476/Port 587? What can be done to encourage the mail client software programers (i.e. Outlook, Eudora, etc) to make Port 587 the default (or at least the first try) and let the user change it back to port 25 (or automatically fallback) if they are still using a legacy mail server. Sendmail now includes Port 587, although some people disagree how its done. But Exchange and other mail servers are still difficult for system administrators to configure Port 587 (if it doesn't say click here for Port 587 during the Windows installer, its too complicated).
RE: minimum requirements for a full bgp feed
Well, In my experience it depends on the model of router. I had a 3640 (granted, it's old) with 128MB that was just fine until a couple of months ago, now it's not enough. For one BGP table you will have to have at least 256MB in a 36xx router. Our 720xVXR routers currently have 256MB in them as well, but we've already ordered upgrades to 1GB with new NPE-G1s... - Erik From: Mark Bojara [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 8:23 AMTo: nanog@merit.eduSubject: minimum requirements for a full bgp feed Hello All,If I wish to purchase a Cisco router that handles a full internet BGP feed what are the minimum specs I should be looking at?RegardsMark Bojara
Peering point speed publicly available?
NANOG, I have a question regarding information on my ISP’s peering relationships. Are the speeds of some or all peering relationships public knowledge, and if so, where can I find this? By speed, I mean bandwidth (DS3, OC3, 100Mbps, 1Gbps, etc.). I am trying to transfer large stuff from my AS, through my ISP, through another ISP, to another AS, and I’m wondering how fast the peering point is between the ISPs. I’m working with my provider to get this information as we speak, but I’m wondering if it’s available publicly anywhere. If it were, this could be one way to evaluate providers in the future, I guess… Erik Amundson A+, N+, CCNA, CCNP IT and Network Manager Open Access Technology Int'l, Inc. Phone (763) 201-2005 Fax (763) 553-2813 mailto:[EMAIL PROTECTED]
MCU/UUNet routing issues / packet loss this morning?
Hello NANOG! Is anyone having routing issues or packet loss with MCI/UUNet today? I have an AS701 connection at my orginization, and we've had thousands of customer calls starting at about 2:13AM CDT. We've shutdown 701 as a peer because traceroutes seem to expose some packet loss and delay as soon as you enter UUNet's network. We're going to open a trouble ticket with MCI/UUNet, but I am wondering if other people are seeing the same issue? - Erik
RE: Strange behavior of Catalyst4006
It is possible that this issue is being cause by the customer's firewall as well. Every Ethernet cable has two ends. :) I would check and see if the customer's firewall log says anything. I believe doing a shut/no shut on the Cat 4006 causes the Ethernet link to 'flap' on the port, causing the interface to totally reset on both ends. This could be clearing errored conditions on both sides. Is there anything interesting in the 4006 log? Have you done a 'show interface fa4/41' when the interface in broken to see if it has any reasoning for the failure? One other thing you could do it a 'no cdp enable' on the interface. You really won't get any cdp information from a firewall anyways...at least you shouldn't* get any. :) - Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Shen Sent: Monday, June 28, 2004 8:01 PM To: [EMAIL PROTECTED] Subject: Strange behavior of Catalyst4006 Hi, We met a strange problem with Catalyst 4006 when provideing leased line service to one of our customers. Catalyst4006 Customer's firewall ---Customer's Intranet The customer is allocated a Class C address block 192.168.5/24. And , they connect their network to our network by using a firewall. The Interface on Cata4006 is set up as "no switchport", and inter-connecting subnet is configured between Cata4006 and firewall interface(10.10.1.122/30). Static route is used on Catalyst4006 to designate route to customer's intranet address. ( ip route 192.168.5.0 255.255.255.0 10.10.1.124 ). Customer setup their email server at 192.168.5.7, dns server at 192.168.5.1, web server at 192.168.5.9. At the very begining all system works fine. After sometime they said they could not acces their email/web/dns server from host outside their company's network. But, when we telnet to Cata4006, we could 'ping' 192.168.5.7, but if we move to host in NOC ping failed all the time. ( ping to server is allowed on firewall). At the same time, their intranet host could access our network. We restart ( shut; noshut) the fastethernet interface on Catalyst4006, and then servers' network access recovered. The phenomon comes up frequently, and our customer said this is a bug with catalyst4006. But, to my understanding, if this is a bug to catos, it should not only affact only three servers. But, why it could be solved by restart catalyst interface? Would you please do some help? ( I attach system info below) Joe Shen ==-= 4006#sh version Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(12c)EW1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24- Oct-02 23:05 by eaarmas Image text-base: 0x, data-base: 0x00CA7368 ROM: 12.1(12r)EW Dagobah Revision 63, Swamp Revision 24 4006-wulin uptime is 41 weeks, 12 hours, 34 minutes System returned to ROM by power-on System restarted at 05:40:46 RPC Mon Sep 15 2003 System image file is "bootflash:cat4000-is-mz.121-12c.EW1.bin" cisco WS-C4006 (XPC8245) processor (revision 5) with 524288K bytes of memory. Processor board ID FOX05200BRH Last reset from PowerUp 144 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 403K bytes of non- volatile configuration memory. Configuration register is 0x2102 4006# 4006-wulin#sh run int f4/41 Building configuration... Current configuration : 141 bytes ! interface FastEthernet4/41 no switchport ip address 10.10.1.213 255.255.255.252 duplex full speed 100 end 4006# === Cool Things Happen When Mac Users Meet! Join the community in Boston this July: www.macworldexpo.com
RE: WLAN shielding
I have been looking into the Cisco Aironet solution recently for a project I'm working on. They seem to have some great security features, if you want to take the time to configure it. Oh, another caveat is that you have to use Cisco's wireless adapter as well, otherwise, good ol' WEP for you! I haven't thought of the VPN idea that others have spoken of on the NANOG list yet...that's a good idea too...hmm - Erik -Original Message- From: Andy Grosser [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 11:02 AM To: [EMAIL PROTECTED] Subject: WLAN shielding Apologies in advance if this may not quite be the proper list for such a question... My company is investigating the use of wireless in a couple of our conference rooms. Aside from limiting the scope of reception with various directional antennae, does anyone have any suggestions or pointers for other ways to limit the propagation of signals (i.e. special shielding paint, panels or other wall coatings)? Feel free to reply off-list. Thanks! Andy --- Andy Grosser, CCNP andy at meniscus dot org ---