Cox Communications Contact Please
Can someone from Cox Communications Security group contact me off list please. Thanks ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: DACS Equipment
Hi Steve - Overkill for you maybe but we use ONS 15454 and Carrier Access Corps MUXs to do that when we need tothen we plug them into CT3 cards in our Ciscos. On Sun, 7 Aug 2005 14:18:21 -0500 (CDT) sjk [EMAIL PROTECTED] wrote: I have a number of mux DS-3s coming in - right now they drop straight into aggregation routers. What I like to do is drop them into a local DACS and comb them out to DS-1s and then re-mux them back on to internal DS-3s. This will let me move circuits around digitally inside our equipment. Does anyone know what vendors I should speak to about such an application? Or maybe know of a cost-effective solution? TIA -- Steve ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Qwest outage in CA?
Hi Brandon - We had no problems with our Qwest connection at all yesterday. On Mon, 31 Jan 2005 18:30:55 -0700 Brandon Shiers [EMAIL PROTECTED] wrote: Is anybody noticing problems reaching the Qwest network? It appears to me that Qwest is having major issues right now, just wondering if anybody had more details than I've been able to get. Here's a traceroute (partial) with what I'm seeing. I see the same off both my upstream providers: 9 att-gw.sfo.qwest.net (192.205.32.82) 52.809 ms 48.510 ms 47.386 ms 10 svx-core-02.inet.qwest.net (205.171.214.137) 43.872 ms 48.237 ms 43.062 ms 11 svx-core-01.inet.qwest.net (205.171.214.141) 45.100 ms 41.555 ms 47.190 ms 12 svx-core-02.inet.qwest.net (205.171.214.142) 45.743 ms 43.708 ms 50.738 ms 13 svx-core-01.inet.qwest.net (205.171.214.141) 51.182 ms 49.088 ms 52.417 ms 14 svx-core-02.inet.qwest.net (205.171.214.142) 54.275 ms 55.287 ms 48.152 ms 15 svx-core-01.inet.qwest.net (205.171.214.141) 53.801 ms 57.715 ms 50.122 ms 16 svx-core-02.inet.qwest.net (205.171.214.142) 45.526 ms 45.324 ms 54.539 ms 17 svx-core-01.inet.qwest.net (205.171.214.141) 43.281 ms 45.338 ms 46.141 ms 18 svx-core-02.inet.qwest.net (205.171.214.142) 41.324 ms 50.589 ms 42.397 ms 19 svx-core-01.inet.qwest.net (205.171.214.141) 55.421 ms 55.115 ms 48.757 ms 20 svx-core-02.inet.qwest.net (205.171.214.142) 46.072 ms 53.476 ms 50.280 ms 21 svx-core-01.inet.qwest.net (205.171.214.141) 44.127 ms 51.838 ms 50.987 ms 22 svx-core-02.inet.qwest.net (205.171.214.142) 52.952 ms 52.369 ms 41.843 ms 23 svx-core-01.inet.qwest.net (205.171.214.141) 50.093 ms 54.280 ms 64.481 ms 24 svx-core-02.inet.qwest.net (205.171.214.142) 52.143 ms 48.565 ms 45.444 ms 25 svx-core-01.inet.qwest.net (205.171.214.141) 47.978 ms 51.010 ms 57.275 ms 26 svx-core-02.inet.qwest.net (205.171.214.142) 52.550 ms 48.590 ms 53.459 ms 27 svx-core-01.inet.qwest.net (205.171.214.141) 60.545 ms 49.940 ms 50.369 ms 28 svx-core-02.inet.qwest.net (205.171.214.142) 52.378 ms 50.665 ms 47.266 ms 29 svx-core-01.inet.qwest.net (205.171.214.141) 45.451 ms 55.091 ms 50.909 ms 30 svx-core-02.inet.qwest.net (205.171.214.142) 46.745 ms 40.908 ms 48.400 ms Thanks in advance, Brandon ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: GSLB advice
Hi Matt - We use F5 (3DNS) equipment to do this for our customers. On Fri, 21 Jan 2005 10:17:20 -0800 Matt Bazan [EMAIL PROTECTED] wrote: We're looking to dip our toes into the global server load balancing arena and I'd like to get your advice on the following: 1) For those of you running a GLSB solution do you perform this 'in house' or is it outsourced? 2) If running in-house, what gear do you use and how satisfied with it have you been? Thanks group, Matt ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Graphing Peering - Solution
Take a look at http://jffnms.sourceforge.net According to the Author whom I know very well it will do exactly what you need it to do: ---SNIP--- Yes, JFFNMS has a specific system to do this. Using MAC Accounting, we track each MAC address, using ARP its IP, and using BGP Table its ASN (by the IP). So you will get MAC Accounting graphs labeled with the ASN you are peering. SNIP- On Wed, 19 Jan 2005 23:01:11 -0600 Kevin [EMAIL PROTECTED] wrote: On Wed, 19 Jan 2005 14:37:54 -0800, andrew matthews [EMAIL PROTECTED] wrote: no i mean graph bgp sessions... it's a single interface, and i want to graph every bgp session so i can see how much traffic i'm doing between each peer. If you are looking to graph statistics about the BGP peering sessions, (rather than graphing transit router bytes in/out as suggested elsewhere), you might take a look at the sample-config for the Cricket graphing tool, specifically ~cricket/cricket-1.0.4/sample-config/routing Unfortunately this graphs counts of BGP peering messages, not bytes. Cricket can track BGP route announcements, including graphing counts (rates) of peer updates in/out along along with total BGP messages, for each peering session. You could use Cricket itself to view the data, extract the collected data from 'rrdtool', or just look at the sources to get an idea of the requisite Cisco OIDs to use in another tool entirely. More information on Cricket is available from http://cricket.sourceforge.net/ Kevin ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
209.225.34.161 (vsc.gsa.gov)
Can someone from this network contact me offlist - we are having routing issues with your network. Thanks ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
___ From: [EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 9:58 AM To: 'nanog@merit.edu' Subject: BOGON Filtering IP Space? Our NOC is opening a lot of tickets for customers that live on our 72.14.128.0/19 network going towards local and federal government sites in particular. I'm curious if providers / vendors / managed service providers are BOGON filtering this network range as it's relatively new IP space allocated by ARIN that used to be BOGON space. If anyone has these in the BOGON list, please remove - it's real space. :-) I'd appreciate any feedback on ways to notify / check if providers are BOGON filtering this network. Regards, James Laszko Pipeline Communications, Inc. [EMAIL PROTECTED] 760-807-5129 24x7 NOC contact 951-541-9688 office ---BeginMessage--- Can you forward this to the nanog list for me? It doesnt appear to be showing up at all when I send it in. From: [EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 9:58 AM To: 'nanog@merit.edu' Subject: BOGON Filtering IP Space? Our NOC is opening a lot of tickets for customers that live on our 72.14.128.0/19 network going towards local and federal government sites in particular. Im curious if providers / vendors / managed service providers are BOGON filtering this network range as its relatively new IP space allocated by ARIN that used to be BOGON space. If anyone has these in the BOGON list, please remove its real space. J Id appreciate any feedback on ways to notify / check if providers are BOGON filtering this network. Regards, James Laszko Pipeline Communications, Inc. [EMAIL PROTECTED] 760-807-5129 24x7 NOC contact 951-541-9688 office ---End Message---
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
Yes - the space in question was allocated last January - it looks like not everyone has updated their bogon access lists to remove this space from the bogon list. On Wed, 19 Jan 2005 13:51:11 -0500 Kurt Kruegel [EMAIL PROTECTED] wrote: from http://www.cymru.com/Documents/bogon-list.html Changes in version 2.5 (02 AUG 2004) 71/8 and 72/8 allocated to ARIN (AUG 2004). Removed from the bogon lists. Changes in version 2.4 (28 APR 2004) 58/8 and 59/8 allocated to the APNIC (APR 2004). Removed from the bogon lists. Changes in version 2.3 (01 APR 2004) 85/8, 86/8, 87/8, and 88/8 allocated to the RIPE NCC (APR 2004). Removed from the bogon lists. Changes in version 2.2 (15 JAN 2004) 70/8 allocated to ARIN (JAN 2004). Removed from the bogon lists. At 10:20 AM 1/19/2005 -0800, Richard J. Sears wrote: ___ From: [EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 9:58 AM To: 'nanog@merit.edu' Subject: BOGON Filtering IP Space?Our NOC is opening a lot of tickets for customers that live on our 72.14.128.0/19 network going towards local and federal government sites in particular. I'm curious if providers / vendors / managed service providers are BOGON filtering this network range as it's relatively new IP space allocated by ARIN that used to be BOGON space. If anyone has these in the BOGON list, please remove - it's real space. :-)I'd appreciate any feedback on ways to notify / check if providers are BOGON filtering this network. Regards, James Laszko Pipeline Communications, Inc. [EMAIL PROTECTED] 760-807-5129 24x7 NOC contact 951-541-9688 office Return-Path: X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from smtp01.adnc.com (smtp01.adnc.com [206.251.248.151]) by pop3-02.adnc.com (Postfix) with ESMTP id D869735C056 for ; Wed, 19 Jan 2005 10:18:22 -0800 (PST) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp01.adnc.com (Postfix) with ESMTP id BA3601BCC6D for ; Wed, 19 Jan 2005 10:17:17 -0800 (PST) Received: from smtp01.adnc.com ([127.0.0.1]) by localhost (smtp01.adnc.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id 20263-01-59 for ; Wed, 19 Jan 2005 10:17:15 -0800 (PST) Received: from sandcaexch01.pcipros.net (unknown [207.158.33.163]) by smtp01.adnc.com (Postfix) with ESMTP id 2B9E01BC7DA for ; Wed, 19 Jan 2005 10:17:15 -0800 (PST) X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 MIME-Version: 1.0 Subject: FW: BOGON Filtering IP Space? Date: Wed, 19 Jan 2005 10:24:27 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: BOGON Filtering IP Space? Thread-Index: AcT+TgcBXRcsgfNZT8u0oENeEuZ2VQAAjpjgAADzviA= From: James Laszko To: Richard J. Sears X-Virus-Scanned: by amavisd-new at smtp01.adnc.com X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on pop3-02.adnc.com X-Spam-Status: No, hits=-4.6 required=3.0 tests=BAYES_00,HTML_70_80, HTML_FONTCOLOR_UNKNOWN,HTML_MESSAGE autolearn=no version=2.61 X-Spam-Level: X-UIDL: It doesn#8217;t appear to be showing up at all when I send it in#8230;#8230;#8230;. From: [EMAIL PROTECTED] Sent: Wednesday, January 19, 2005 9:58 AM To: 'nanog@merit.edu' Subject: BOGON Filtering IP Space?I#8217;m curious if providers / vendors / managed service providers are BOGON filtering this network range as it#8217;s relatively new IP space allocated by ARIN that used to be BOGON space. If anyone has these in the BOGON list, please remove #8211; it#8217;s real space. JI#8217;d appreciate any feedback on ways to notify / check if providers are BOGON filtering this network. Regards, James Laszko Pipeline Communications, Inc. [EMAIL PROTECTED] 760-807-5129 24x7 NOC contact 951-541-9688 office Kurt A Kruegel, CCNP, DP, SP, CISSP#30711 Senior Network Administrator Network Systems American Museum of Natural History Central Park West at 79th Street New York, New York 10024 (P) 212-496-3601 (F) 212-496-3555 (E) [EMAIL PROTECTED] (W) http://www.amnh.org ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Deutch
Can someone from Deutsch Telecom please contact me off list. Thanks ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: PathControl vs. Internap(hardware)
Hi Dave, We utilize the 5014 box from Pathcontrol (having been connected to Internap before that) and it works great. We have just upgraded to the near latest software rev after waiting through the .0 and .1 releases. I can tell you that the box operates like they say it does. We have a total of 6 backbones, adding another 3 or 4 in the next month and it does not break a sweat keeping up with all the traffic. While I liked the Internap model, it shifted greatly from what we were sold and I had to find a way to keep my customers happy. I needed best performance routing and we found out that what we had been getting was least cost routing. In my case, it was getting the PathControl box and connecting to a bunch of backbones. In looking at all the hardware solutions, we looked at NetVMG before they were acquired by Internap and were not impressed with their product for a variety of reason. Hope this helps. On Thu, 4 Nov 2004 08:03:34 -0500 (EST) Dave Temkin [EMAIL PROTECTED] wrote: Has anyone done any comparisons recently? I know that RouteScience changed their model of not providing the hardware anymore, but I was overall satisfied with their product when I had it before. Has anyone stacked the Internap (former NetVMG/Sockeye) soft against the PathControl software? What were your impressions if so? Thanks, -Dave ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Network Monitoring System - Recommendations?
Hi Charlie - We use JFFNMS here (http://www.jffnms.org/). We have it monitoring BGP with our 6 backbone providers, all of our T1's (300 or so), DSL lines, dedicated servers, backing up all of our router configs, talking to our F5s, pretty much everything you are asking for. We use it extensively to grab traps and notify my NOC of any problems. Overall I would say that it is monitoring over 15,000 connections and pieces of hardware. We have its bandwidth monitoring and tracking talking directly to our billing engine and allow our customers the ability to log into it and view all of their stats as well. We don't use it to monitor uptime as we utilize different hardware for that but my guess is that with some minor tweaking it could do that as well. Hope this helps. On Thu, 28 Oct 2004 00:01:42 -0700 Charlie Khanna - NextWeb [EMAIL PROTECTED] wrote: Hi - I was interested in finding out what software applications other ISPs are using for network monitoring? For example: 1) Overall network health - uptime reports 2) Backup router config automatically 3) Bandwidth reporting (or integration with an MRTG-type app) 4) SNMP trap support (BGP/OSPF session drops - emails out) 5) Database back end (port info into or over to other apps) I'm just looking for something well rounded for a small ISP. I've heard about OpenNMS and other apps but I'd like to get everyone's feedback. Thanks! -Charlie ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Verio Routing
We have an OC3 with Verio and took a hit as well.. On Wed, 13 Oct 2004 17:06:02 -0500 Joe Johnson [EMAIL PROTECTED] wrote: Did anyone else just get a hiccup on Verio circuits? Lost routing in small 2-5 second bursts incrementally over the past 10 minutes. Joe Johnson JMDN.net ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Loss of Telnet Capability to 6509
We posted this to cisco-nsp but someone suggested posting it here as well... We have a 6509 running a SUP720 in IOS only mode (no cat os). At around 4am this morning, we lost our ability to telnet to the router. Running a tcpdump shows that the router never responds to the telnet request. All functions and interfaces on the router seem fine (bgp, etherchannel, ibgp, vtp, hsrp) and I can console into the sup with no problems at all, we just cannot telnet into it. The CPU is at around 6%. I have checked all access lists on the router, none were added/removed or modified on line vty that would cause this problem. All logging appears normal. We are running Version 12.2(17a)SX3. Anyone have a similar problem or know how to check or restart the telnet process on the router without a reload...? ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Loss of Telnet Capability to 6509
Hi Robert - There is only a single connection to vty 2 (which I cannot clear) other than that, there are no other connections at all. On Wed, 28 Jul 2004 15:03:44 -0400 Robert Blayzor [EMAIL PROTECTED] wrote: Richard J. Sears wrote: Anyone have a similar problem or know how to check or restart the telnet process on the router without a reload...? Isnt't here a maximum of VTY's that can be used at one time? Perhaps that's the problem. From the console what does the swtich say if you do a show users or who ? If it shows users, then there are some other connections using the VTY's and probably not permitting any more connections. Try clearing the vty's if you think they are stale. -- Robert Blayzor INOC, LLC [EMAIL PROTECTED] ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Loss of Telnet Capability to 6509
Hi Jason, the only ACL's on the vty's are the same across my entire farm of routers and switches. And when I telnet to a box with an ACL, I get a refused connection...this one is saying that it is timing out. On Wed, 28 Jul 2004 15:33:45 -0400 Jason Frisvold [EMAIL PROTECTED] wrote: Do you have ACL's restricting access to the vty's? I've seen instances where telnet ports get locked up because of port scanning and/or attacks... -- Jason Frisvold Penteledata -Original Message- From: Richard J. Sears [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 2:54 PM To: Nanog Subject: Loss of Telnet Capability to 6509 We posted this to cisco-nsp but someone suggested posting it here as well... We have a 6509 running a SUP720 in IOS only mode (no cat os). At around 4am this morning, we lost our ability to telnet to the router. Running a tcpdump shows that the router never responds to the telnet request. All functions and interfaces on the router seem fine (bgp, etherchannel, ibgp, vtp, hsrp) and I can console into the sup with no problems at all, we just cannot telnet into it. The CPU is at around 6%. I have checked all access lists on the router, none were added/removed or modified on line vty that would cause this problem. All logging appears normal. We are running Version 12.2(17a)SX3. Anyone have a similar problem or know how to check or restart the telnet process on the router without a reload...? ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching. ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Loss of Telnet Capability - RESOLVED
Thanks to everyone who provided suggestions. The problem has been resolved. There was a telnet connection on vty 2 that I was unable to clear. Thanks to Laris Benkis [EMAIL PROTECTED] who reminded me of the sho tcp brief command, I was able to locate the tcb number of the established session (which was really no longer connected) and nuke it with a clear tcp tcb # command. As soon as I did that, telnet was immediately restored to the router. Thanks again for everyone's suggestions and help. ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
COnfiguration Suggestion - Etherchannel
Hey Everyone, I am building out a customer that needs more than 1000Mbps of sustained bandwidth. Because of the customer equipment, etherchannel was suggested as the means to do this (it is compatible with this customers equipment). I am running a 6509 with Dual SUP720's in IOS mode only (no cat software). It was pointed out that there are really two different ways to configure the switch - I guess my question is which is the best (lowest overhead, etc)? Hopefully someone out there has been down this road before. TIA Two methods: ! interface Port-channel2 no ip address switchport switchport access vlan 10 switchport mode access ! interface GigabitEthernet7/1 no ip address switchport switchport access vlan 10 switchport mode access channel-group 2 mode on ! interface GigabitEthernet8/1 no ip address switchport switchport access vlan 10 switchport mode access channel-group 2 mode on ! interface Vlan10 description Customer_Name ip address 192.168.0.1 255.255.0.0 no ip redirects no ip unreachables ! And then there is this way: ! interface Port-channel2 description Customer_Name ip address 192.168.0.1 255.255.0.0 no ip redirects no ip unreachables ! interface GigabitEthernet7/1 description Customer_Name EtherChannel Interface #1 no ip address channel-group 2 mode on ! interface GigabitEthernet8/1 description Customer_Name EtherChannel Interface #2 no ip address channel-group 2 mode on ! ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: COnfiguration Suggestion - Etherchannel
Robert, Just a routed interface. On Tue, 27 Jul 2004 22:40:16 -0400 Robert Crowe [EMAIL PROTECTED] wrote: Do you need VLAN support or just a routed interface ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard J. Sears Sent: Tuesday, July 27, 2004 10:23 PM To: Nanog Subject: COnfiguration Suggestion - Etherchannel Hey Everyone, I am building out a customer that needs more than 1000Mbps of sustained bandwidth. Because of the customer equipment, etherchannel was suggested as the means to do this (it is compatible with this customers equipment). I am running a 6509 with Dual SUP720's in IOS mode only (no cat software). It was pointed out that there are really two different ways to configure the switch - I guess my question is which is the best (lowest overhead, etc)? Hopefully someone out there has been down this road before. TIA Two methods: ! interface Port-channel2 no ip address switchport switchport access vlan 10 switchport mode access ! interface GigabitEthernet7/1 no ip address switchport switchport access vlan 10 switchport mode access channel-group 2 mode on ! interface GigabitEthernet8/1 no ip address switchport switchport access vlan 10 switchport mode access channel-group 2 mode on ! interface Vlan10 description Customer_Name ip address 192.168.0.1 255.255.0.0 no ip redirects no ip unreachables ! And then there is this way: ! interface Port-channel2 description Customer_Name ip address 192.168.0.1 255.255.0.0 no ip redirects no ip unreachables ! interface GigabitEthernet7/1 description Customer_Name EtherChannel Interface #1 no ip address channel-group 2 mode on ! interface GigabitEthernet8/1 description Customer_Name EtherChannel Interface #2 no ip address channel-group 2 mode on ! ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching. ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Whois/RWhois Server - what is everyone running..?
We are looking into the possibility of implementing our own RWhois server as opposed to continuing to provide information via SWIP. I am looking for any advice as to what people are currently running for their whois/rwhois server. I have seen http://www.rwhois.net and actually have it installed and running, but it utilized flat files instead of a backend database, and we have looked at the RIPE whois server as well. Searching Google does not seem to produce a variety of whois/rwhois server software. TIA ! ** Richard J. Sears
MLPPP Follow Up - How we fixed the problem
I asked the group some time ago about some problems we were seeing with MLPPP on our Cisco 7513s. I have had 5 or 6 people contact me off list to ask how we solved the problem, so I figured I would post our solution to the group. I am sure there may be other fixes, however this works great for us and we have not had a problem in months since converting all MLPPP customers over. Basically we shut down MLPPP and went with (ip load-sharing per-packet) Here is what our config looks like: interface Serial1/0/0/13:0 description Customer #4144 (San Diego) #1 UPDATE [4144] ip address X.X.X.X 255.255.255.252 no ip directed-broadcast ip load-sharing per-packet ip route-cache distributed no cdp enable interface Serial2/1/0/14:0 description Customer #4144 (San Diego) #2 UPDATE [4144] ip address X.X.X.X 255.255.255.252 no ip directed-broadcast ip load-sharing per-packet ip route-cache distributed no cdp enable ip route X.X.X.X 255.255.255.252 Serial1/0/0/13:0 ip route X.X.X.X 255.255.255.252 Serial2/1/0/14:0 The only problem that we ran into was that we had to use the Serial designator of the interface in our route statement otherwise it will not work (or at least it did not for us). Since converting our customers (all MLPPP customers) to ip load-sharing per-packet - we have had no further problems. Hope this helps someone ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Load Balancing Multiple DS3s (outgoing) on a 7500
Hi Drew - We have 6 backbones distributed across two 7507s and we messed around with a lot of different ways to make this happen. MEDs, Weights, manual BGP configurations every time one of the connections would get overloaded (even at 2am), you name it - we tried it, and in the end we determined that we needed something that could keep an eye on everything and do it automatically within guidelines I had set. In the end, we headed the route of performance-based routing optimization hardware. After testing many different vendors, we choose the RouteScience PathControl box to make my life (as well as the life of my lead backbone engineer) much, much simpler. About a month or two ago, there was quite a discussion on route-optimization hardware on the list including a lot of different ideas. If you do a search on the list for RouteScience or route optimization, you should hit the core of the discussion around the different platforms. If you need more info, feel free to contact me off-list. On Fri, 12 Mar 2004 22:39:16 -0500 Drew Weaver [EMAIL PROTECTED] wrote: Does anyone know of an article, or documentation regarding load balancing the traffic on 3 or more FastEthernet interfaces on the outgoing direction? Right now we're running BGP internally, and the routes that are being chosen based upon the final BGP decision step or what I like to call the 'IP address tie breaker' which is not always optimal. We have a cisco 7500 that is connected to 4 other Cisco 7500s which each have 45Mbps ds3s to the Internet, we would like to load balance the outgoing traffic across all 4 of these 7500s, can anyone shine any advice my way? I noticed that there are instructions on Cisco's site regarding doing LB on 12000s. Anyways thanks in advance ;-) -Drew ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
CIsco 7206VXR w/NPE-G1 Question
I am looking at upgrading my current 7507 backbone routers. Each of my routers has dual RSP4s and I was thinking of upgrading them to RSP8s when I started reading about the new 7206VXRs with the NPE-G1 engine. I was wondering if anyone has had experience with this router/engine combination, how well they perform in comparison to the RSP8s and actual total traffic capabilities when utilizing all three gig ports with a mixture of OC3, Gig and DS3 connections as well. These will be backbone routers connected to a total of 6 upstream providers, so we will be carrying full BGP tables on each of them as well. Just looking for a real world (as opposed to marketing) performance capabilities and any horror stories (if any). Thanks ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re[2]: Outbound Route Optimization.
Scott, Not all boxes are created equal. I agree that certain manufactures of route optimization equipment really should be in the used car sales arena. However that is not the case with the unit we purchased. The RouteScience PathControl box we purchased only sends UDP traceroutes to the top 15000 networks that my customers are attempting to get to. This information about the flow of traffic to these networks is based on netflow information from my backbone routers. There are no ping sweeps to locate anything. Using PBR, the box sends a UDP traceroute out each backbone to my top 15000 destinations, calculates which one has the best latency and routes traffic out that backbone. Once I had fully implemented the unit, my latency dropped by 40% to over 100 keynote locations around the world. For me, the proof was in the performance increases. On Mon, 26 Jan 2004 16:15:48 -0500 (EST) Scott McGrath [EMAIL PROTECTED] wrote: This was one of the pipe dreams that RSVP was _supposed_ to solve in that you could set up a end to end path with precisely specified characteristics. problem is _all_ the devices in the path need to support RSVP. Now the snake oil salesmen are coming out with boxes which purport to monitor the all paths on the internet and will indvidually select the best path for your flow.The racket will be deafening when all these boxes start running scripted ICMP sweeps to find the best path. The solution is simple buy adequate pipes and possibly partner with a content delivery network who peers with _all_ the major carriers so that your traffic will not need to transit the major public peering points. Scott C. McGrath ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Outbound Route Optimization
they were before. On Wed, 21 Jan 2004 12:27:16 -0800 Jim Devane [EMAIL PROTECTED] wrote: Hello, I am trying to determine for myself the relevance of Intelligent Routing Devices like Sockeye, Route Science etc. I am not trying to determine who does it better, but rather if the concept of optimizing routes is addressing a significant problem in terms of improved traffic performance ( not in cost savings of disparate transit pipes ) I am interested in hearing other views ( both for and against ) these devices in the context of optimizing latency for a small multi-homed ISP. I want to make sure I understand their context correctly and have not missed any important points of view. My questions are these: Is sub-optimal routing caused by BGP so pervasive it needs to be addressed? Are these devices able to effectively address the need? Thanks, Jim ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Looking for power metering equipment...
Hi Alex, We monitor almost 400 20amp and 30amp 110V and 208V circuit breakers in our data center in San Deigo. We utilize a system called Data Trax which is tied into our Remote Power Panels and monitoring gear made by a company called Invensys. Our power comes from our UPSs, ties into redundant PDUs and then hits the RPPs where we pick up load with inductive donuts. In our case, the Data Trax system alerts us is the usage goes over a certain amperage that we set. As we sell 1/3 cabinets and only allow customers 5.33 amps, we set those to alert (via e-mail, trap and visual warning in my NOC) when those customers go over 5 amps. On standard 20 amp circuits, we alert at 15 amps. The customer is also notified at the same time via e-mail so they can take corrective action. We utilize the same system to monitor our DC plants as well. The system works very well for us. Hope this helps a bit. Let me know if I can answer any other questions. http://www.invensys.com/ On Thu, 15 Jan 2004 01:33:52 -0500 (Eastern Standard Time) Alex Rubenstein [EMAIL PROTECTED] wrote: Preamble: We run a colocation center. We sell power to customers. Question: We are looking for something that sits in the PDUs or branch circuit-breaker distribution load centers, that, on a branch-circuit by branch-circuit basis, can monitor amperage, and be queried by SNMP. Considering there are several hundreds of circuits to be monitored, cheap and featureless (all we need is amperage via SNMP) is fine. Looked at things like Square-D PowerLogin stuff, but thats very pricey, and does about 30x what we need. Pointers? URLs? Experiences? Thanks. ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
MLPPP Problem with Cisco 7513
FastEthernet)(6 Channelized T3). 2 FastEthernet/IEEE 802.3 interface(s) 168 Serial network interface(s) 6 Channelized T3 port(s) 123K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Slave in slot 7 is running Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-DW-M), Version 12.2(13)T5, RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Wed 28-May-03 22:33 by nmasa Slave: Loaded from system Slave: cisco RSP4 (R5000) processor with 262144K bytes of memory. Configuration register is 0x2102 Any help would be greatly appreciated. ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: DS3 questions.
Hi Drew, We have several customer we do this with using DS3s. On our end we use an Adtran 830 DACS (pretty inexpensive). We use the T3SU at the customers end with various cards (depending on how much voice they want. We break out the voice channels and then run a HSSI connection to a router as a fractional DS3. In our case, we originate the dialtone at our facility with PRIs. then pipe then to the different customer locations that terminate via DS3s and CT3s at our facility, but you could easily do it with a point-to-pint DS3 and some Adtran equipment. I would suggest giving Adtran a call as they have a great pre-sales engineering department. And no I don't work for Adtran :-) Hope this helps. On Thu, 11 Dec 2003 11:58:48 -0500 Drew Weaver [EMAIL PROTECTED] wrote: We have a scenario where we have a DS3 at a Customer location that they want to use for both Data/PRI(voice) They need 8 Voice PRIs and they want to use the remainder of the DS3 for data. If we channelize this DS3, my question is, is it possible to use the unused portion of the DS3 as a fractional DS3, or would we have to terminate the rest as single T1s? Thanks, -Drew ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
92 Byte ICMP Blocking Problem
We started blocking 92 Byte ICMP packets on our ingress points on our core backbone routers. This was a recommendation from Cisco to help mitigate the effects of the Nachi worm. Since then, we have been hammered with customer complaints concerning the inability to talk to mail servers and ssh to their servers, as well as other weird network issues, all centering around the time we started blocking 92 Byte ICMP packets. Has anyone else seen this, and if so, is the only resolution to stop the blockage of 92 Byte ICMP Packets..? Thanks Richard
Re: 92 Byte ICMP Blocking Problem
Hi Chris, We were having the same exact problem with 4 TNTs that we have. In the end, we shut off ip-route-cache on the TNTs and that fixed the problem with them. Richard On Fri, 12 Sep 2003 12:52:58 -0500 Chris Adams [EMAIL PROTECTED] wrote: Once upon a time, Richard J.Sears [EMAIL PROTECTED] said: Since then, we have been hammered with customer complaints concerning the inability to talk to mail servers and ssh to their servers, as well as other weird network issues, all centering around the time we started blocking 92 Byte ICMP packets. Has anyone else seen this, and if so, is the only resolution to stop the blockage of 92 Byte ICMP Packets..? Yes. As soon as we put the policy route map in place, we had some people unable to talk via SSH, SMTP, or POP3. It was random: one person here in the office couldn't SSH to a particular server. He could SSH to other servers, and the rest of us could SSH to the server he could not. We had similar experiences with SMTP and POP3. When we took the policy route map back out, the problems went away. This is with IOS 12.0(25)S1 on a 7513 doing dCEF. We put the policy route map on the FE interface linking this router to the POP core router; this router has MC-T3 interfaces and ethernets to Ascend TNTs and such. The intent was to stop the 92 byte ICMP echos from reaching the Ascend TNTs, since several of them were rebooting constantly. -- Chris Adams [EMAIL PROTECTED] Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: 92 Byte ICMP Blocking Problem
So, the choice is to go from dCEF to CEF or to not block the 92 byte packets at allanyone have an idea as to which is the better route to take..? - Richard On Fri, 12 Sep 2003 10:59:54 -0700 Matt Ploessel [EMAIL PROTECTED] wrote: See http://www.cisco.com/warp/public/707/cisco-sn-20030820-nachi.shtml The policy-routing solutions works great in small routers (26xx, 17xx) and in 7200s. In 7500s it seems OK *UNLESS* dCEF is enabled, then it does what you saw. I'm assuming it's dropping 92-byte TCP packets as well as the ICMP echoes. You can see 1-packet flows of mail getting dropped. Notice that the workaround cannot be used on GSRs because it causes packets to be punted to the CPU... this is as bad a news as that it doesn't work right on dCEF because we use GSRs or 7500s with dCEF where the network is really busy. - Matt Ploessel -Original Message- From: Richard J.Sears [mailto:[EMAIL PROTECTED] Sent: Friday, September 12, 2003 10:43 AM To: Nanog Subject: 92 Byte ICMP Blocking Problem We started blocking 92 Byte ICMP packets on our ingress points on our core backbone routers. This was a recommendation from Cisco to help mitigate the effects of the Nachi worm. Since then, we have been hammered with customer complaints concerning the inability to talk to mail servers and ssh to their servers, as well as other weird network issues, all centering around the time we started blocking 92 Byte ICMP packets. Has anyone else seen this, and if so, is the only resolution to stop the blockage of 92 Byte ICMP Packets..? Thanks Richard ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Cisco IOS Failure due to Virus
Hey Everyone - We have two 7507 routers configured with dual RSP4s w/256MB RAM, VIP2-50s with 128/8MB RAM, Gig, POSIP OC3 and Fast Ethernet interfaces. These routers have run flawlessly for over two years now. But about two weeks ago, all of a sudden we started having serious crashing problems with these two routers. The routers will lose bgp connectivity (one at a time) to our upstreams (configured on each router). First, we would see a keepalive not sent message, then a bgp hold timer expire, then the bgp peering session would go down. OSPF would start crashing, then we would see the memory error messages, then all interfaces would blink off-line. (Note - we are running the max memory we can on both the RSPs and the VIPs). Within 1 minute, the exact same thing would happen to the other router. Often times we would have to reboot the router to get it to come back online. We would see the following errors and have to reboot multiple times to get the router back: %SYS-2-MALLOCFAIL: Memory allocation of 704 bytes failed from 0x60329F00, alignment 0 Pool: Processor Free: 92744 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= Pool Manager, ipl= 0, pid= 6 -Traceback= 6038049C 60382200 60329F08 6038DEDC %TCP-6-NOBUFF: TTY0, no buffer available -Process= BGP Router, ipl= 0, pid= 132 %% Low on memory; try again later GigabitEthernet1/1/0: keepalive not sent We are running the latest S train IOS patched for the IPV4 issue - however downgrading to the code we had run for the previous year did not solve the problem, nor did replacing the RSPs, VIPs and interfaces with new cards. In addition, we have complied with the Cisco recommendations for mitigating the effects of the Nachi Worm. http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a00801b143a.shtml We also shut down one of the routers totally and the other router still experienced the same issue. None of these updates or fixes have solved the problem. I am thinking it may have something to do with all the virus stuff running around (same thing was crashing my Lucent TNT's), but I cannot seem to get an answer from Cisco, nor can I find anyone seeing the same issues. Hopefully someone here can shed some light on this problem. Thanks in Advance Richard I fly because it releases my mind from the tyranny of petty things . .
Re: Cisco IOS Failure due to Virus
Hi Robert, Thanks for the info. We are running dCEF...routers show about 4% CPU load and the following memory: BR02#sh mem Head Total(b)Used(b)Free(b) Lowest(b) Largest(b) Processor 613AE340 247798976 106515996 141282980 140653360 134546752 Fast 6138E340 131080 37240 93840 93840 93788 Also, we are not blocking 92 byte ICMP due to the traceroute problems on customers networks... Thanks On Wed, 10 Sep 2003 23:17:01 -0400 Robert Blayzor [EMAIL PROTECTED] wrote: On 9/10/03 10:58 PM, Richard J.Sears [EMAIL PROTECTED] wrote: %SYS-2-MALLOCFAIL: Memory allocation of 704 bytes failed from 0x60329F00, alignment 0 Pool: Processor Free: 92744 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= Pool Manager, ipl= 0, pid= 6 -Traceback= 6038049C 60382200 60329F08 6038DEDC %TCP-6-NOBUFF: TTY0, no buffer available -Process= BGP Router, ipl= 0, pid= 132 %% Low on memory; try again later Did you enable CEF? Are you dropping 92 byte ICMP packets where needed? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 I don't need parents. All I need is a recording that says, 'Go play outside! - Calvin and Hobbes ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
