Re: Mikrotik BGP Question
* George Bonser: Well, I believe the original poster said that one of his colleagues swore that BGP multihoming wouldn't work unless both feeds terminated on the same router. I suppose said colleague has never heard of iBGP between two routers of the local AS. Those two routers should probably take a full table and exchange them between the two but going inside the network, yeah, they should probably simply originate a default into the the ospf routing. Does this really work that well? Won't you still get loops or blackholes unless the eBGP routes on all border routers are identical? I think you also need iBGP speakers along all feasible paths between eBGP speakers.
Re: DWDM hardware recommendations
I've been pretty happy with the Adva FSP3000R7 units. Lots of options for 1g and 10g and they are very helpful with setup and design. There's a lot more to it than just coming up with an attenuation budget. --chip On Sat, May 22, 2010 at 11:52 AM, ML m...@kenweb.org wrote: I'm in the process of researching DWDM equipment for a new ring I'm about to light. Only two dark fibers to start. My only experience with WDM is a ring lit with MRV CWDM equipment by another provider. The MRV equipment hasn't failed once in the years I've had the service. Good/bad/ugly thoughts on MRV? What I'm looking for is the ability to drop 10G and 1G channels on the same ring. Upgradability to 40G channels is a plus. I haven't been told I should plan for OC-n but it would nice if I had the option. Does anyone have a recommendation that might fit these requirements? Thanks -- Just my $.02, your mileage may vary, batteries not included, etc
RE: Mikrotik BGP Question
None in my mind. The legacy network operator was unfamiliar with actual best practice enterprise/carrier networking policies that he thought that for BGP to work on a two internet feed network, both internet connections have to be delivered to the same location. I thought since he has more insight into Mikrotik, that he knew about a bug with Mikrotik that made the argument true. Feedback from NANOG list members that also run Mikrotik has proven that there is no problem with running current rev levels of the Mikrotik RouterOS and BGP with internet feeds at two different locations. Sincerely, Lorell Hathcock OfficeConnect.net | 832-665-3400 x101 (o) | 832-782-4656 (c) 713-992-2343 (f) | lor...@officeconnect.net Texas State Security Contractor License | ONSSI Certified Channel Partner Axis Communications Channel Partner | BICSI Corporate Member Leviton Authorized Installer -Original Message- From: Ingo Flaschberger [mailto:i...@xip.at] Sent: Sunday, May 23, 2010 8:56 PM To: Lorell Hathcock Cc: nanog@nanog.org Subject: RE: Mikrotik BGP Question Dear Lorell, We will implement OSPF. so what arguments speak against 2 bgp upstreams? Kind regards, Ingo Flaschberger
Re: Mikrotik BGP Question
* George Bonser: Does this really work that well? Won't you still get loops or blackholes unless the eBGP routes on all border routers are identical? As opposed to what, injecting the entire BGP table into your igp? As opposed to just injecting defaults. Maybe there is a reason the legacy operator said both uplinks must be connected to the same router. If the two locations are not interconnected, that would be one reason. I don't believe the original poster described their internal connectivity. There was a follow-up that mentioned that there's a direct connection, so they just have to make the other paths infeasible.
RE: useful bgp example
-Original Message- From: Jian Gu [mailto:guxiaoj...@gmail.com] Sent: Saturday, May 22, 2010 1:44 PM To: Jeff Harper Cc: Jared Mauch; nanog@nanog.org Subject: Re: useful bgp example You don't need ip prefix-list NETZ seq 1000 deny 0.0.0.0/0 le 32 I know, I just use it as one of those things I like to do as a habit.
Re: Mikrotik BGP Question
On Sun, 23 May 2010 08:21:47 +0200, Graham Beneke wrote: On 2010/05/21 11:56 PM, Martin List-Petersen wrote: - Mikrotik still has some memory leaks in the BGP stack somewhere, causing funny issues at times. - Filters aren't adequate for my use, and lacking a lot on IPv4, but even more on IPv4. I haven't seen either of those issues running the v4.x stream of RouterOS. The memory leak was solved a while ago and Mikrotik has fairly short release cycles. We have extensive inbound and outbound filters on our eBGP doing most of the normal things that you would do on a cisco. The IPv6 filters must be built via the terminal to avoid limitations with the current GUI but they also work very well In some ways, I find the MikroTik RouterOS routing filter syntax a little more powerful than Cisco's route-maps. As routing filters work the same way as firewall filters, you can group rules in chains and reuse parts of your filters in other filters by jumping to another chain. This could be used, for instance, on a peering setup, where you have a number of rules per peer but also some common filtering for all peers, or to handle specific and generic filtering for your customers. I haven't yet found anything that I missed being able to with filters, at least with BGP. With other routing protocols, it's another story. Regards, Allan Eising
RE: Mikrotik BGP Question
in V3 RouterOS's BGP support is very decent. We typically don't have any issues with it! :) Whats nice is a router with 2 gig of RAM (cheap RAM too) can take multiple full table BGP feeds without issues. Something else that's nice on our Dual Core systems is that while you are receiving the routes, you are only doing so on one core, instead of hitting high CPU while you receive all those, you only go up to 50% (on dual core system, and lower for quad and dual-quad systems). So you don't have the huge CPU issue when you pull those routes. We had some upstream limit the BGP to something stupid like 128k! Takes 50 min to get all the routes! --- Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, MTCTCE, MTCUME Link Technologies, Inc -- Mikrotik WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training - Author of Learn RouterOS -Original Message- From: Allan Eising [mailto:allan.eising+gm...@gmail.com] Sent: Monday, May 24, 2010 11:29 AM To: nanog@nanog.org Subject: Re: Mikrotik BGP Question On Sun, 23 May 2010 08:21:47 +0200, Graham Beneke wrote: On 2010/05/21 11:56 PM, Martin List-Petersen wrote: - Mikrotik still has some memory leaks in the BGP stack somewhere, causing funny issues at times. - Filters aren't adequate for my use, and lacking a lot on IPv4, but even more on IPv4. I haven't seen either of those issues running the v4.x stream of RouterOS. The memory leak was solved a while ago and Mikrotik has fairly short release cycles. We have extensive inbound and outbound filters on our eBGP doing most of the normal things that you would do on a cisco. The IPv6 filters must be built via the terminal to avoid limitations with the current GUI but they also work very well In some ways, I find the MikroTik RouterOS routing filter syntax a little more powerful than Cisco's route-maps. As routing filters work the same way as firewall filters, you can group rules in chains and reuse parts of your filters in other filters by jumping to another chain. This could be used, for instance, on a peering setup, where you have a number of rules per peer but also some common filtering for all peers, or to handle specific and generic filtering for your customers. I haven't yet found anything that I missed being able to with filters, at least with BGP. With other routing protocols, it's another story. Regards, Allan Eising
Quick IP6/BGP question
From the provider side, are most of you who are implementing IP6 peerings running BGP over IP4 and just using IP6 address families to exchange routes or doing IP6 peering? Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
Re: Quick IP6/BGP question
Date: Mon, 24 May 2010 11:21:45 -0700 From: Thomas Magill tmag...@providecommerce.com From the provider side, are most of you who are implementing IP6 peerings running BGP over IP4 and just using IP6 address families to exchange routes or doing IP6 peering? Can't speak for most of us, but we run an iBGP v4 mesh carrying both v4 and v6 routes. For external peers, we run separate peerings. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Quick IP6/BGP question
On Mon, May 24, 2010 at 11:21:45AM -0700, Thomas Magill wrote: From the provider side, are most of you who are implementing IP6 peerings running BGP over IP4 and just using IP6 address families to exchange routes or doing IP6 peering? I've never liked how you have to configure ::w.x.y.z/96 style IPv4-compatible IPv6 addresses in order to use IPv6 NLRIs with IPv4 BGP sessions, so I've always used separate native IPv6 sessions.
Re: Quick IP6/BGP question
At Hurricane, most of our IPv6 peerings are exchanging over IPv6 addresses. In general, most routers work better if you run IPv4 peering on IPv4 and IPv6 peering on IPv6. In many cases, this is because the configuration files are less confusing more than any underlying dependency in the router OS. YMMV, but, my recommendation is to peer v6 on v6 and v4 o v4. Owen On May 24, 2010, at 11:21 AM, Thomas Magill wrote: From the provider side, are most of you who are implementing IP6 peerings running BGP over IP4 and just using IP6 address families to exchange routes or doing IP6 peering? Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
RE: Quick IP6/BGP question
Thanks (to you and everyone else that answered before). It sounds like everyone is in agreement. I mostly ask because a customer of mine is considering venturing into the ISP business and expressed interest in offering IP6. If that is the case, I want to do it correctly from the start. -Original Message- From: Owen DeLong [mailto:o...@delong.com] Sent: Monday, May 24, 2010 11:30 AM To: Thomas Magill Cc: nanog@nanog.org Subject: Re: Quick IP6/BGP question At Hurricane, most of our IPv6 peerings are exchanging over IPv6 addresses. In general, most routers work better if you run IPv4 peering on IPv4 and IPv6 peering on IPv6. In many cases, this is because the configuration files are less confusing more than any underlying dependency in the router OS. YMMV, but, my recommendation is to peer v6 on v6 and v4 o v4. Owen On May 24, 2010, at 11:21 AM, Thomas Magill wrote: From the provider side, are most of you who are implementing IP6 peerings running BGP over IP4 and just using IP6 address families to exchange routes or doing IP6 peering? Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
RE: Quick IP6/BGP question
We've done it both ways. We've found that there are sometimes issues with announcing IPv6 NLRI over IPv4 BGP sessions depending on your chosen vendor and code version on both sides of the session. Specifically, we have seen some implementations where an IPv4-mapped IPv6 address (usually the IPv4 router-id or neighbor address) is announced as the next-hop, or a link-local address is used as the next-hop, or some random junk is announced as the next-hop, even with next-hop-self configured. All of these result in the receiving router dropping the announcements because it doesn't have a route to the next-hop. It's usually possible to work around this by using route policies to force the correct next-hop to be written on in/outbound announcements, and as we find it working improperly, we've been reporting bugs, but I thought it would be worth bringing this up as a caveat so that you can make sure your hardware/software of choice is behaving properly if you choose to go this route. Also, I know of at least one vendor that didn't implement the converse functionality in CLI yet - it's impossible to configure an IPv6 neighbor address in the IPv4 address family in order to exchange IPv4 NLRI over an IPv6 BGP session. Thanks, Wes George -Original Message- From: Thomas Magill [mailto:tmag...@providecommerce.com] Sent: Monday, May 24, 2010 2:22 PM To: nanog@nanog.org Subject: Quick IP6/BGP question From the provider side, are most of you who are implementing IP6 peerings running BGP over IP4 and just using IP6 address families to exchange routes or doing IP6 peering? Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/ This e-mail may contain Sprint Nextel Company proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
Re: Quick IP6/BGP question
On 24 May 2010, at 19:21, Thomas Magill wrote: From the provider side, are most of you who are implementing IP6 peerings running BGP over IP4 and just using IP6 address families to exchange routes or doing IP6 peering? Different sessions, one for v4, one for v6. This keeps config saner, therefore debugging easier. It means you can split out your v4 and v6 edge in the future should you want to, without having to renumber and split out the sessions then. Thanks Andy
RE: Quick IP6/BGP question
On Mon, 24 May 2010, Michael K. Smith - Adhost wrote: At the Seattle Internet Exchange we have both IPv4 and IPv6 peering, via discrete addresses, on the same interface. That's how we do it here as well. jms
Cisco ASR
Anyone using ASRs? We are demoing one to possibly upgrade our 7206s. We are seeing what looks like a memory leak on the RP. Cisco is looking at it and says they haven't seen it before. I am wondering if anyone else has run across this. With the default 2G of memory the RP only had about 1% free memory, and the router was rebooting every 5 days or so when the RP ran out. We upgraded and now have about 60% free on the RP, but I still see the used memory incrementing at a pretty steady rate. We are running IOS-XE 12.2(33)XNF. The router is currently not even routing traffic, just acting as a BGP peer so it has one set of full tables. It seems to be a process on the Linux OS side that has the leak as the IOS memory commands show everything staying pretty static. Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
NIKSUN? Thoughts?
All: I've been digging for more information about NIKSUN, http:// www.niksun.com, and found this sort-of informative post here, http:// www.gossamer-threads.com/lists/nanog/users/125959#125959, which got me to join in here and ask if anyone has had more experience with them recently. I'm taking a look at their Enterprise kit, so far, so good, I'm able to place the probes at egress points in my network and get down to packet / other data wherever through a single interface and avoid probe hopping, but before I expand my trial a bit more - anyone used this before? The prior poster(s) just seemed to be using only a single product like old Sniffers I'm curious about bigger deployments. /dmfh
Re: Cisco ASR
On 5/24/10 4:00 PM, Thomas Magill tmag...@providecommerce.com wrote: Anyone using ASRs? We are demoing one to possibly upgrade our 7206s. We are seeing what looks like a memory leak on the RP. Cisco is looking at it and says they haven't seen it before. I am wondering if anyone else has run across this. With the default 2G of memory the RP only had about 1% free memory, and the router was rebooting every 5 days or so when the RP ran out. We upgraded and now have about 60% free on the RP, but I still see the used memory incrementing at a pretty steady rate. We are running IOS-XE 12.2(33)XNF. The router is currently not even routing traffic, just acting as a BGP peer so it has one set of full tables. It seems to be a process on the Linux OS side that has the leak as the IOS memory commands show everything staying pretty static. Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/ I am using a few 1002's and I am not seeing that issue. I will get you the IOS train later.