Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
--- On Sun, 2/20/11, Owen DeLong o...@delong.com wrote: Oh, I expect CGN/LSN to be connectivity of last resort, no question. Ok, so let's just deploy it and not even try to fix it? Even when it is a required functionality for IPv6-only hosts to access the IPv4 domain? That'll go down real well with end-users and really cut down on the operational and support issues enumerated earlier. - Zed
Re: Switch with 10 Gig and GRE support in hardware.
On 2011-02-18 15:37, Jeffrey Lyon wrote: I am looking for a switch with a minimum of 12 X 10GE ports on it, that can has routing protocol support and can do GRE in hardware. Yes, Juniper EX4500. Interesting: http://www.juniper.net/techpubs/en_US/junos10.4/topics/reference/general/ex-series-l3-protocols-not-supported.html -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann |http://lukasz.bromirski.net
Off list contact for Quadranet
If the network contact at Quadranet could contact me off list, I'd appreciate it. This is concerning the continual spamming of a proxy server I run from multiple hosts at Quadranet. Thomas York smime.p7s Description: S/MIME cryptographic signature
Software Bugs
Good Day, I have always been exposed to one vendor only so i can never compare but I am curious to know what every one here have seen in their lives on the below: 1) Which vendor has more bugs than others, what are the top 3 2) Who is doing a better job fixing them 3) What do you consider is a good job in fixing these bugs : response from technical support, educated support engineers
Re: Software Bugs
Good Day, Sorry, previous email sent by mistake I have always been exposed to one vendor only so i can never compare but I am curious to know what every one here have seen in their lives on the below: 1) Which vendor has more bugs than others, what are the top 3 ? 2) Who is doing a better job fixing/handling these bugs overall 3) What do you consider is a good job in fixing/handling these bugs : A) Response from technical support B) Educated support engineers being able to respond to questions C) Taking less time to identify bugs D) Less time in fixing them E) Transparent communication on their issues F) Transparency from their teams allow us to plan better for our network G) etc.please add more 4) Specially Huawei, are they doing a good job or its a mess? I would like to try to do some rating and ranking when it comes to bugs but i need to know what i have to be looking at? Regards, Kim
VZW LTE provisioning
Is there anyone on the list who can comment, on- or off-list, for-attribution or not, on what kind of job Verizon Wireless has done provisioning the data backbone for their new LTE 4G[1] rollout? Given the fact that it is at 700MHz and will therefore have *substantially* better building penetration, and the fact that -- due to the Google imposed any device, any app restrictions the FCC placed on their license -- there is quite a bit higher possibility that we'll see better device competition on this service than we've seen before... the odds that we'll have to deal with it, as operators of larger end-networks, seem pretty high. Knowing what we're getting into would be nice. :-) Cheers, -- jra [1] The ITU has said that none of {HSDPA,LTE,WiMax} qualifies for 4G designation by the standards, of which they (I understand) are the promulgating agency.
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Feb 20, 2011, at 3:27 AM, Zed Usser wrote: --- On Sun, 2/20/11, Owen DeLong o...@delong.com wrote: Oh, I expect CGN/LSN to be connectivity of last resort, no question. Ok, so let's just deploy it and not even try to fix it? Even when it is a required functionality for IPv6-only hosts to access the IPv4 domain? That'll go down real well with end-users and really cut down on the operational and support issues enumerated earlier. - Zed Again, I think that it is unfixable and that development efforts are better focused on getting the IPv4 only hosts onto IPv6 as that IS a workable solution to the problem where NAT444 is an awful hack made worse by layering. IPv6 deployment is the only thing that will cut down on the operational and support issues enumerated. Trying to fix NAT444 is like trying to use more gas to get yourself out of the mud in a 2-wheel drive automobile. If you take a limited view, you might think that pushing harder will help, but, in reality, you're just digging a deeper hole. Owen
Re: Graph Utils (Open-Source)
Is scaling of rrdtool still a problem for you with rrdcached? This helps on some of my network/server related graphs, but this data is not exactly time based (well timestamps are recorded, but not at cyclic intervals). Plus the dataset is extremely large (100's of millions or rows already in mySQL). This isn't really network or server related metrics i'm trying to plot. Regards, Max On Sat, Feb 19, 2011 at 5:53 PM, Rene Skjoldmose rene.skjoldm...@gmail.comwrote: On 2011-02-18 22:03, Max Pierson wrote: Nothing at all :)My problem is with rrdtool. It doesn't scale for this project. I was looking into GNUplot, but wanted to see what else was out there as well. Is scaling of rrdtool still a problem for you with rrdcached? http://oss.oetiker.ch/rrdtool/doc/rrdcached.en.html Cheers, René
Re: Switch with 10 Gig and GRE support in hardware.
Gah that should have read doa rate. @#$@#$ing autocorrect. sorry about that. - Original Message - From: Tammy A Wisdom tammy-li...@wiztech.biz To: Greg Whynott greg.whyn...@oicr.on.ca Cc: nanog@nanog.org Sent: Sunday, February 20, 2011 11:22:27 AM Subject: Re: Switch with 10 Gig and GRE support in hardware. Ugh they're nice except for the power supplies becoming a fireball they're high dos rate. Ymmv Tammy Sent from my iPhone On Feb 20, 2011, at 8:46, Greg Whynott greg.whyn...@oicr.on.ca wrote: Extreme 650, but not sure of the gre in hardware req. These are awesome switches, bgp support, VSS like clustering, and many other nice features. G - Original Message - From: Łukasz Bromirski [mailto:luk...@bromirski.net] Sent: Sunday, February 20, 2011 10:04 AM To: nanog@nanog.org nanog@nanog.org Subject: Re: Switch with 10 Gig and GRE support in hardware. On 2011-02-18 15:37, Jeffrey Lyon wrote: I am looking for a switch with a minimum of 12 X 10GE ports on it, that can has routing protocol support and can do GRE in hardware. Yes, Juniper EX4500. Interesting: http://www.juniper.net/techpubs/en_US/junos10.4/topics/reference/general/ex-series-l3-protocols-not-supported.html -- There's no sense in being precise when | Łukasz Bromirski you don't know what you're talking | jid:lbromir...@jabber.org about. John von Neumann | http://lukasz.bromirski.net -- This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization. ** Disclaimer: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation. ** ** Disclaimer: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation. **
RE: Switch with 10 Gig and GRE support in hardware.
On 2/18/11 6:30 AM, Matt Newsom matt.new...@rackspace.com wrote: I am looking for a switch with a minimum of 12 X 10GE ports on it, that can has routing protocol support and can do GRE in hardware. Does anyone have a suggestion that might fit. Keep in mind I am looking for something in the 1-2U range and not a chassis. Hard to tell from the data sheet: http://www.xbridgeservices.com/images/files/7450_ess.pdf But it looks like the Alcatel-Lucent 7450 ESS-1 might do it. Not sure if it has 4, 8, or 12 10G ports, though. The data sheet is confusing to me and it would be oversubscribed but that might be OK in your applications.
RE: Software Bugs
2) Who is doing a better job fixing them Again, see the above discussion of severity. If a vendor is good about fixing the real show-stoppers in a matter of hours or days, but has a huge backlog of fixes for minor things, is that better or worse than a vendor that fixes half of both serious and minor things? In addition, the question of how fixes get deployed matters too. If a vendor is consistently good about finding a root cause, fixing it, and then saying we'll ship the fix in the next dot-rev release, is that good or bad? Remember that if they ship a new, updated, more-fixed image every week, that means you get to re-qualify a new image every week That also changes over time. A vendor that might have been slow to fix bugs 5 years ago might be completely different today or a vendor that was particularly buggy 5 years ago might be rock solid today and the opposite is also true. Vendors can put out buggy stuff when they had been very stable. Use cases also vary widely and a portion of the software that might be very buggy for some feature set might be completely transparent to you because you don't use those features. The question is widely variable and very dependent on the deployment. Generally, the simpler you build your network, the less bugs you are going to run into. The more features you use, the more likely you are to run into them.
Re: Software Bugs
Thanks Valdis. On Sun, Feb 20, 2011 at 9:43 PM, valdis.kletni...@vt.edu wrote: On Sun, 20 Feb 2011 18:05:44 +0200, Kasper Adel said: (Disclaimer - I've never filed a bug report with Cisco or Juniper, but I've spent 3 decades filing bugs with almost everybody else in the computer industry, it seems... Questions like the ones you asked are almost always pointless unless the asker and answerer are sharing a set of base assumptions. In other words, which one is best/worst? is a meaningless question unless you either tell us what *your* criteria are in detail, or are willing to listen to advice that uses other criteria (without stating how they're different from yours). I tried to put details and criteria below and yes i am mainly interested in Juniper, Cisco, Alcatel and Huawei Routers and Switches, mostly High End Equipment and yes i am willing to listen to advice on criteria, why wouldnt I :) ? 1) Which vendor has more bugs than others, what are the top 3 More actual bugs, more known and acknowledged bugs, or more serious bugs that actually affect day to day operations in a major manner? What i wanted to ask is from the field experience of experts on the alias if there is a clear winner on which vendor has throughout history shown more bugs impacting operation and interrupting trafficpoor written code or bad internal testing, can we have some sort of a general assumption here or that is not possible? The total number of actual bugs for each vendor is probably unknownable, other than there's at least one more in there. The vendor probably can produce a number representing how many bug reports they've accepted as valid. The vendor's number is guaranteed to be different than the customer's number - how divergent, *and why*, probably tells you a lot about the vendor and the customer base. The vendor may be difficult about accepting a bug report, or the customer base may be clueless about what the product is supposed to be doing and calling in a lot of non-bugs - almost every trouble ticket closed with RTFM status is one of these non-bugs. If there's a lot of non-bugs, it usually indicates a documentation/training issue, not an actual software quality issue. And of course, bug severity *has* to be considered. Router falls over if somebody in Zimbabwe sends it a christmas-tree packet is different than the CLI insists on a ;; where a ; should suffice. You may be willing to tolerate or work around dozens or even hundreds of the latter (in fact, there's probably hundreds of such bugs in your current vendor that you don't know about simply because they don't trigger in your environment), but it only takes 2 or 3 of the former to render the box undeployable. 2) Who is doing a better job fixing them Again, see the above discussion of severity. If a vendor is good about fixing the real show-stoppers in a matter of hours or days, but has a huge backlog of fixes for minor things, is that better or worse than a vendor that fixes half of both serious and minor things? In addition, the question of how fixes get deployed matters too. If a vendor is consistently good about finding a root cause, fixing it, and then saying we'll ship the fix in the next dot-rev release, is that good or bad? Remember that if they ship a new, updated, more-fixed image every week, that means you get to re-qualify a new image every week What you have mentioned is operations headache, so one questions comes to mind here is what are issues a vendor will never be able to find in their internal testing, i mean are there issues that will definitely be discovered on the customer networks or we can assume that software needs to come out with less number of sev1/2 bugs because internal testing is not doing a good job? thanks
Re: [dnsext] zone cut semantics
- Original Message - From: Jim Reid j...@rfc1035.com On 21 Feb 2011, at 01:44, Jay Ashworth wrote: So: people-who-do: is my supposition/assertion above correct? If it is, is it reasonable to draw from it the inference that I do (IE, that Jim is correct and Brandon's not)? It's more than reasonable Jay: it's true! Then again, I would say that. :-) But don't take my word for it. See for yourself. Query the parent zone's name servers and the child's for the zone's NS RRset. Look who sets and does not set the AA bit. You've misunderstood the granularity of my question, though, Jim. :-) I asked not what the default behavior was, but *whether it was even manually possible to override* that default behavior. I believe it is not, which would serve as much stronger evidence for your case. You will of course need to use a decent lookup tool like dig to do this. Or you could just read Section 6 of RFC2181. Brandon clearly hasn't. :-) Yes; I know how to drive dig. +trace is *really* cool, in fact. I've been wanting to wrap +trace for nagios, so I can monitor my registries/registrars. :-) BTW, BIND8 got zone cut semantics wrong. It used one monolithic data structure (a hash table) for everything. [BIND9 uses discrete red- black trees for each zone.] So the parent would set the AA bit in a referral response even though it shouldn't have done that. This incorrect behaviour broke things and also permitted zone and server misconfigurations to appear to work: for instance no NS records in the child. Another weird error this caused was phantom A records that didn't exist in either the parent or child zone files! Secure DNS put an end to this brokenness -- and as a side effect killed BIND8 -- because it demands much stricter (and correct) zone cut sematics. Good you made a point of this discrepancy. When you say, though, that this permitted child zones to have no NS records in them, I presume you mean when the same server is serving both the parent and the child in question? Cheers, -- jra
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6naysayer...)
On Fri, Feb 18, 2011 at 2:31 PM, Leigh Porter leigh.por...@ukbroadband.com wrote: ... IPv6 only hosts are a good thing to speed up v6 adoption. Nothing like a good carrot to get the donkeys moving. -- Leigh Well, speaking of carrots...a few years back we _did_ have http://ipv6experiment.com/ though, unfortunately, the original content of the experiment has changed somewhat, and the delta between the A record and the quad-A has diminished. :/ Would be nice to see if someone was willing to host some v6-only content, and see what level of penetration was achieved... Matt
Re: Graph Utils (Open-Source)
On Fri, Feb 18, 2011 at 1:13 PM, Max Pierson nmaxpier...@gmail.com wrote: Anyone out there using something other than rrdtool for creating graphs?? I have a project that will need a trend taken, and unfortunately rrdtool doesn't fit the bill. All of the scripting, data collection, database archival, etc will be custom written or is already done (with some hacks of course :). So really what i'm looking for is something along the lines of GNUplot. Has anyone used it before and would like to share I haven't heard of gnuplot used often with other software as a framework for graphing/visualizations. For simple visualizations, I think usually a 'native' framework/API is preferred, e.g. JGraph for java apps. I suspect one reason gnuplot is not used as widely as it could be otherwise is, its licensing is not as friendly as other graphics frameworks. gnuplot license is GPL incompatible and does not seem to even fully meet the open source definition, Because redistributing complete modified source code of gnuplot itself is not allowed by the license; a clear reading of gnuplot license suggests only patches, unmodified source code, can be freely redistributed, redistributed binaries based on modified source have special rules). Aside from that caveat, which most likely does not normally impair private use by a network operator: gnuplot is a really good tool. If you need to paint a bunch of arbitrary X and Y values on a graph from an input file or based on simple equations, gnuplot will happily oblige; it can handle chart types rrdtool cannot, and you have more direct control of output. If you want some 3D / surface graphs, RRDTool won't do it, anyways. Gnuplot's less expensive than Matlab / Maple. You can even set terminal type to dumb in gnuplot, and generate some fancy ASCII art graphs on stdout. In regards to scalability... About the millions of rows... err.. Try plotting a test dataset with 500 million datapoints.Chances are gnuplot won't necessarily scale that well either, and you need some method to be selective of which rows are provided as input to the plotting framework, in that case. If you have a million datapoints on your X axis, each X position is smaller than 1/1000 of a display pixel (on a graph that fits on a display at say 1920x1080); displaying such high resolution of all datapoints at once on the unzoomed graph is beyond the display hardware capabilitiy. there should normally be some form of averaging / smoothing / selection of points contemplated, if the dataset is huge experiences?? Seems like it will be able to my plot data accordingly, but wanted to see if there were any other popular tools I've yet to come across. (Open-Source only please) -- -JH
Re: [arin-ppml] NAT444 rumors (was Re: Looking for an IPv6 naysayer...)
On Fri, Feb 18, 2011 at 2:24 AM, Zed Usser zzu...@yahoo.com wrote: Basic Internet services will work (web browsing, email, Facebook, Youtube,...), but: - Less torrenting - Less Netflix watching - Less FTP downloads - Less video streaming in general (webcams, etc.) You might take a hit on online gaming, but what else is there not to love? :) Your sales department / helpdesk might have a bit of hassle of trying to undestand / explain this new Intertubes to the suck^H^H^H^Hcustomers, but most of them won't care either way. Until some competitor who's not using NAT444 comes along and advertises that those functions work properly, maybe. Only for very liberal definitions of the phrase won't care either way Tolerate != won't care Most of them != People who won't eventually tell their friends or tweet about their frustrations For those who are connecting to watch Netflix, it is only marginally less annoying for the user than removing the always on feature of DSL, requiring customers to manually click an icon to dial in, and get a busy tone played / All dialin 'lines are busy' / Please use IPv6 while you wait, wait 10 minutes and try dialing in again, if there are no global IPv4 IPs available at the moment they are trying to connect. Some might even strongly prefer that (time limited access and pay per connected hour) for periods of access to proper unique IPs over NAT444 brokenness; possibly with a customer choice between NAT444 and time metered dynamic unique IP and reasonably automatic simple means of switching between IP types on demand. -- -JH