Re: Random five character string added to URLs?
On 11/1/2011 7:05 PM, Stefan Fouant wrote: > Is there anything perhaps protecting or intercepting the data on its way to > the server, perhaps an Arbor device of some type of load balancer? > > This type of behavior is quite common when protecting web assets to eliminate > zombies and such, but its usually something you would see back to the > clients, not tp the server. I have seen this in SEO-poisoning type of webpage defacement. They anchor a javascript in the main website "frame" and it generates optimization "links" using a numeric suffix or ?argument so that they appear as separate links. If the crawler is recognized (e.g., googlebot) then the SEO page is returned. Jeff
Re: BGP conf
Google for "team cymru secure bgp template" for a good starting point. -Original message- From: Edward avanti To: "nanog@nanog.org" Sent: Wed, Nov 2, 2011 01:01:37 GMT+00:00 Subject: BGP conf Halo, First, I accept this might not really right list for request, have use nsp cisco list but only first post to was succeed, sent several other for past 4 day and none appear (verified by list archive) so please excuse request. I am in need of a cisco config for BGP setup, we have a require to include IX peering at new location as well as our Verizon link, we like to take full bgp from Verizon and send to IX what they send us, I spend days reading google, and so many conflict web site example, so many example seem insecure no prefix list so on. end result to date is only sore eyes, would someone who do same (not need be Verizon) be kind to send us off list working running config (yes without your password heh) or at least how to apply to BGP router including access/prefix list and interfaces so we have an idea on what do, if you take two full BGP feed from two transit carrierin load share and IX, that good, because that our stage three plan, but I can work without two transit. I am not ignorant with cisco 7201, but am total newby to BGP. Best Thanks Edwardo
Re: BGP conf
Halo, I am not, I wish all transit by Verizon, but if traffic come in from IX, it only fair I send trafic to them if they in that IX, they be closest path anyway. On Wed, Nov 2, 2011 at 11:11 AM, Mark Gauvin wrote: > Why would you want to advertise full verizon routes out to the ix? You > shoud only be advertising your own network via ix > > Sent from my iPhone > > On 2011-11-01, at 7:59 PM, "Edward avanti" > wrote: > > > Halo, > > First, I accept this might not really right list for request, have > > use nsp > > cisco list but only first post to was succeed, sent several other > > for past > > 4 day and none appear (verified by list archive) so please excuse > > request. > > > > I am in need of a cisco config for BGP setup, we have a require to > > include > > IX peering at new location as well as our Verizon link, we like to > > take > > full bgp from Verizon and send to IX what they send us, I spend days > > reading google, and so many conflict web site example, so many > > example seem > > insecure no prefix list so on. end result to date is only sore eyes, > > would > > someone who do same (not need be Verizon) be kind to send us off list > > working running config (yes without your password heh) or at least > > how to > > apply to BGP router including access/prefix list and interfaces so > > we have > > an idea on what do, if you take two full BGP feed from two transit > > carrierin load share and IX, that good, because that our stage three > > plan, > > but I can work without two transit. > > > > I am not ignorant with cisco 7201, but am total newby to BGP. > > > > Best Thanks > > Edwardo >
Re: BGP conf
On Tue, Nov 1, 2011 at 9:01 PM, Edward avanti wrote: > many example seem > insecure no prefix list so on. ... > I am not ignorant with cisco 7201, but am total newby to BGP. Your concern about a lack of any prefix-lists in the documentation / examples you have read is justified. If you are connecting to an IX it may offer route-servers which have prefix-lists maintained by the IX staff and tools. However, as you may already know, you will only receive the "best path" to each prefix from an IX route-server. This is often a motive (among others) to establish direct eBGP sessions with other IX members. Once you start doing that, you had better filter routes from those neighbors, or you will subject your network to your peers' mistakes and glitches. If you imagine that the IX has other members like yourself, who also do not know much about BGP, then you can understand why you do not want your peers' mistakes to cause outages on your network. Doing a "cut, replace, and paste" from online examples is obviously a bad idea. If I were you, I would find a local consultant (perhaps someone on the staff of the IX or another member) who can assist you with your initial configuration, and help you in the event of a severe emergency. Otherwise, frankly, you are going to be better off by just buying transit from Verizon and being single-homed. The added complexity of BGP is not an asset to an organization that doesn't have adequate expertise. -- Jeff S Wheeler Sr Network Operator / Innovative Network Concepts
Re: BGP conf
Why would you want to advertise full verizon routes out to the ix? You shoud only be advertising your own network via ix Sent from my iPhone On 2011-11-01, at 7:59 PM, "Edward avanti" wrote: > Halo, > First, I accept this might not really right list for request, have > use nsp > cisco list but only first post to was succeed, sent several other > for past > 4 day and none appear (verified by list archive) so please excuse > request. > > I am in need of a cisco config for BGP setup, we have a require to > include > IX peering at new location as well as our Verizon link, we like to > take > full bgp from Verizon and send to IX what they send us, I spend days > reading google, and so many conflict web site example, so many > example seem > insecure no prefix list so on. end result to date is only sore eyes, > would > someone who do same (not need be Verizon) be kind to send us off list > working running config (yes without your password heh) or at least > how to > apply to BGP router including access/prefix list and interfaces so > we have > an idea on what do, if you take two full BGP feed from two transit > carrierin load share and IX, that good, because that our stage three > plan, > but I can work without two transit. > > I am not ignorant with cisco 7201, but am total newby to BGP. > > Best Thanks > Edwardo
BGP conf
Halo, First, I accept this might not really right list for request, have use nsp cisco list but only first post to was succeed, sent several other for past 4 day and none appear (verified by list archive) so please excuse request. I am in need of a cisco config for BGP setup, we have a require to include IX peering at new location as well as our Verizon link, we like to take full bgp from Verizon and send to IX what they send us, I spend days reading google, and so many conflict web site example, so many example seem insecure no prefix list so on. end result to date is only sore eyes, would someone who do same (not need be Verizon) be kind to send us off list working running config (yes without your password heh) or at least how to apply to BGP router including access/prefix list and interfaces so we have an idea on what do, if you take two full BGP feed from two transit carrierin load share and IX, that good, because that our stage three plan, but I can work without two transit. I am not ignorant with cisco 7201, but am total newby to BGP. Best Thanks Edwardo
Re: using IPv6 address block across multiple locations
Same from LACNIC. This would have justify a /44 or separate /48s for each site. /as On 31 Oct 2011, at 12:45, Justin M. Streiner wrote: > On Mon, 31 Oct 2011, Owen DeLong wrote: > >> Ideally, you should put a /48 at each location. > > Speaking from my experience with getting v6 space from ARIN earlier this > year, as long as your documentation is in pretty good order, a /48 per site > is pretty easy to get. > > I don't know if the experience is different with other RIRs. > > jms
Re: Colocation providers and ACL requests
On Tue, Nov 1, 2011 at 1:22 PM, Kevin Loch wrote: > Christopher Pilkington wrote: > We have always accommodated temporary ACL's for active DDOS attacks. I > think that is fairly standard across the ISP/hosting industry. And it's reasonable to accomodate the customer that asks, and reasonable for a customer to ask for a temporary ACL in such situations. However, it's also reasonable for the provider to refuse, and there's nothing wrong with that, unless the provider agreed that they would be willing to do that, and then refused to do something they had already agreed to do. The provider might be especially dissuaded from responding and providing a temporary ACL for free if the DoS is a "small" one based on the provider's definition of small, or if the provider doesn't have or won't allocate the resources to respond, without charging a fee to do so. Or its a cut rate hosting service, and the customer refused to buy the "managed filtering" firewall (or whatever solution). In that case, it's reasonable for the provider to counter the request with "You can buy our such and service, and we will gladly implement that" If this is something you want to be sure you can do, then you should ask the provider about it before signing that colocation contract for IP connectivity, and make sure you have it in writing that the provider will create an ACL on your interface of sufficient length to do what you want.. And be sure you have worked out with the provider how this effects billing in advance. It's quite possible you still have to pay or have said dropped traffic counted against your commit. -- -JH
Re: Random five character string added to URLs?
Is there anything perhaps protecting or intercepting the data on its way to the
server, perhaps an Arbor device of some type of load balancer?
This type of behavior is quite common when protecting web assets to eliminate
zombies and such, but its usually something you would see back to the clients,
not tp the server.
Also, IIRC, the LOIC DoS tool had this ability to create random strings in the
URL, and I believe it did so with 5 characters. Might want to do a packet
trace and identify if this is coming from LOIC.
Regards,
Stefan Fouant
Technical Trainer, Juniper Networks
GPG Key ID: 0xB4C956EC
Sent from my HTC EVO.
- Reply message -
From: "Christopher J. Pilkington"
Date: Tue, Nov 1, 2011 3:51 pm
Subject: Random five character string added to URLs?
To:
This might be off-topic, my apologies if so.
I seeing requests against a server with initial GET requests in the form:
GET /[a-zA-Z]{5}/pagename.html
pagename.html being optional. The 5 character string seems to be
random. This GET always results in a 404, as our servers don't have
these paths. The second request seems to always the same without the
modified path, which results in a 20.
I initially suspected this was something from an attack or DOS tool,
but the traffic doesn't fit such a pattern.
Is anyone familiar with what device/service behaves in this fashion?
Clearly something layer 7 is between the clients and the server.
Provider is without clue regarding this. Google results in many
GoDaddy users complaining of same; the server in question is not
hosted with them, but I suspect they may be doing something similar.
Thanks,
-cjp
Re: Colocation providers and ACL requests
On 11/1/2011 1:22 PM, Kevin Loch wrote: Christopher Pilkington wrote: Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as: deny udp any a.b.c.d/24 eq 80 …to refuse and tell us we must subscribe to their managed DDOS product? We have always accommodated temporary ACL's for active DDOS attacks. I think that is fairly standard across the ISP/hosting industry. I do feel it is bad practice to regularly implement customer specific ACL's on routers. If a customer wants a managed firewall we have a full range of those services available. And Managed DDOS products better be a LOT more than an ACL. If I'm going to pay someone to manage DDOS, they will scrub the traffic and let all my legitimate traffic through. That's what I'm paying for. null routing an IP or a simple acl isn't worth paying a dime for. Jack
Re: Outgoing SMTP Servers
The point to make here is: - if an ISP takes the path of blocking tcp/25, then they MUST communicate this appropiately to customers and other users - they also MUST provide alternatives: SMTP over SSL should be allowed (tcp/465), authenticated relay, but *something*. IMO blocking 25/tcp is a side-effect of the failure of the whole ISP system to decisively deal with spammers. It's easier to blind-block 25/tcp than to do proper investigations and to collaborate with law enforcement. I have tried to hand reports with *static* IP addresses, contract identifiers and even home, mobile and work phone numbers of known spammers in Uruguay (I happen to have my personal feud with one that sells dog food), only to be shelved by management on the fears of legal action. I have also trouble swallowing the argument of "blocking 25/tcp is great because it avoids us getting into black lists and reduces spam". Yes, sure, but that doesn't prove it's the right approach in the long run, as you are dealing with symptoms and not causes/sources. It's the same thing as having tons of aspirines each time you have a headache. Even if the pain subsides, you might still have other underlying conditions that in fact are being masqueraded by your "solution". So, as it is often the case in society, we all pay the price. On Mon, Oct 31, 2011 at 11:17 PM, Brian Johnson wrote: > > > Sent from my iPad > > On Oct 31, 2011, at 4:17 PM, "Robert Bonomi" > > > >> There is an at-least-somewhat-valid argument against outbound filtering. >> to wit, various receiving systems may have different policies on what is/ >> is-not 'acceptable' traffic. They have a better idea of what is acceptable >> to the recipients (their users), than the originating MTA operator does. An >> originating system cannot accomodate that diversity of opinions _without_ >> getting input from all prospective recipients. >> >> And it is, of course, 'not practical' for every email recipient to notify >> every email 'source' network as to what that recpient considers 'acceptable'. >> > > This is not plausible. It also has nothing to do with a network owner > protecting his network from his own users. > >> >> There are only a relative handful of things a _residential_ provider can >> use to "reliably" filter outgoing mail. A non-comprehensive list: >> 1) 'Greylisting' at the origin is as effective at stopping spam as it is >> at the destination. >> 2) Checks for certain kinds of standards violations that legitimate mail >> software does not make. >> 3) Check for certain kinds of 'lies' in headers -- things that *cannot* >> occur in legitimate email. >> 4) 'Rate-limiting' to detect/quarrantine abnormal traffic levels. >> 5) Tracking SMTP 'MAIL FROM:" and the "From:" (or 'Resent-From:', if >> present), and quarrantining on abnormal numbers of different putative >> origins. >> >> There's no point in checking source addresses against any DNSBL, for reasons >> that should be 'obvious'. <*GRIN*> >> >> Further, any sort of "content" filters prevent customers from _discussing_ >> scams in e-mail. >> >> There is a 'hard' problem in letting the source 'opt out' of such filtering, >> because an intentional 'bad guy' will request his outgoing mail not be >> monitored, as well as the person who has a 'legitimate' reason for sending >> messages that might trip mindless content filters. >> >> Statistical note: Out of the last roughly 6,000 pieces of spam seen here, >> circa 2,700 were caught by checks 2), and 3) above, and another circa 2,600 >> were in character-sets not supported here. Incidentally, spam volume, as >> seen here, is running a bit _under_ 2/3 of all email, down from a peak of >> over 95%. >> > > This misses the point of the thread which is not filtering. It is port 25 > blocking. Statistically all of he problems exist on TCP port 25. This is why > the filtering is largely effective. > > - Brian > -- -- = Carlos M. Martinez-Cagnazzo http://www.labs.lacnic.net =
Random five character string added to URLs?
This might be off-topic, my apologies if so.
I seeing requests against a server with initial GET requests in the form:
GET /[a-zA-Z]{5}/pagename.html
pagename.html being optional. The 5 character string seems to be
random. This GET always results in a 404, as our servers don't have
these paths. The second request seems to always the same without the
modified path, which results in a 20.
I initially suspected this was something from an attack or DOS tool,
but the traffic doesn't fit such a pattern.
Is anyone familiar with what device/service behaves in this fashion?
Clearly something layer 7 is between the clients and the server.
Provider is without clue regarding this. Google results in many
GoDaddy users complaining of same; the server in question is not
hosted with them, but I suspect they may be doing something similar.
Thanks,
-cjp
Re: Mexico?
Mexico-based networks get their IP blocks (v4 and v6) from NIC Mexico (http://www.nic.mx). NIC Mexico and NIC Brasil are the two NIRs within LACNIC's service area. regards Carlos On Fri, Oct 28, 2011 at 1:24 AM, Ryan Finnesey wrote: > If I want to get a block of IP's issued for a network within Mexico who do I > talk with? I have been told arin does not cover Mexico. It was my > understand arin covers North America. > > > > Cheers > > Ryan > > > > -- -- = Carlos M. Martinez-Cagnazzo http://www.labs.lacnic.net =
Re: using IPv6 address block across multiple locations
My take on the issue is that your providers are wise in not wanting to accept prefixes longer than /48s. You should get multiple prefixes, from the same or different RIRs. If there are policies in place which do not allow you to do so, I think it's a good time to discuss them. regards Carlos On Mon, Oct 31, 2011 at 5:56 AM, Dmitry Cherkasov wrote: > Hello, > > Please advice what is the best practice to use IPv6 address block > across distributed locations. > > Recently we obtained our PI /48 from RIPE. The idea was to assign > partial slices from this block to different locations (we have > currently 3 offices in Europe and 2 in USA). All locations are > interconnected with static VPNs. Each location is supposed to > establish BGP session with local ISP. Partial prefix /56 + aggregate > /48 (with long AS PATH) are to be announced by each office. > > The problem we ran across is that ISP in US does not wish to accept > prefixes longer then /48 from us. > Need your advice: is this normal to distribute /48 by /56 parts across > locations or should we obtain separate /48 for each of them? Or maybe > we need /32 that can be split into multiple /48? Anyway we are not ISP > so /48 looks quite reasonable and sufficient for all our needs. > > Thank you. > > Dmitry Cherkasov > > -- -- = Carlos M. Martinez-Cagnazzo http://www.labs.lacnic.net =
Re: Colocation providers and ACL requests
Christopher Pilkington wrote: Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as: deny udp any a.b.c.d/24 eq 80 …to refuse and tell us we must subscribe to their managed DDOS product? We have always accommodated temporary ACL's for active DDOS attacks. I think that is fairly standard across the ISP/hosting industry. I do feel it is bad practice to regularly implement customer specific ACL's on routers. If a customer wants a managed firewall we have a full range of those services available. - Kevin
Verizon ISP mailing list / ATM ports
Hey All, I am looking for verizon ATM/DSL wholesale DSL ports for NY/NJ latas, and I found some verizon-isp mailing lists, but nothing seems current. Off-list replies are welcome. Thanks, Joe
OT:Hotmail mail Admin
Hi all, Sorry for the offtopic post. I have a need to talk to a real person at Hotmail regarding a user account. The normal channels aren't getting me what I need. Thanks, Justin
Re: using IPv6 address block across multiple locations
On Nov 1, 2011, at 4:10 AM, Justin M. Streiner wrote: > On Tue, 1 Nov 2011, Dmitry Cherkasov wrote: > >> case 2: extranet like multiple POPs interconnected with VPNs >> - get greater then /48 block (like /44) so each POP gets its /48 part >> - each POP announces its corresponding /48 prefix to their local ISPs >> - decide if you wish that traffic from Internet to some POP passes >> through some other of your POPs (security or other considerations); if >> this is desirable you may announce the whole aggregate (like /44) >> additionally to /48 from all or some of the POPs; optionally you may >> wish to announce /44 with community 'no-export' > > You really don't need to tag the larger block with no-export. In fact, > if the POPs are suitably interconnected on the back end, you really > don't need to advertise the /48s all, and just advertise the /44. Depending > on your upstreams, you might be able to tag your advertisements with certain > BGP communities (will vary from provider to provider) to give you some degree > of conrol over traffic distribution. > > Getting back to the original point, unless someone does something odd with > their BGP views, the /48s will be preferred because they're smaller (more > specific), and the /44 would only be used if a corresponding /48 prefix > doesn't exist in their BGP view. > > jms In fact, if you have one or more providers which, in common, serve multiple POPs, it may be desirable to tag the more specifics (/48s) as no-export and leave the /44s exportable. In this way, you can avoid unnecessary DFZ pollution. Owen
Re: using IPv6 address block across multiple locations
> > As for /48 IPv6 blocks being like /24 for IPv4. > It really seems that /48 may be the most popular PI block and this may > lead to overcrowding of DFZ. Probably, this is logical consequence of > getting bigger address space. We needed more IP addresses and we get > them. Anyway getting greater then /48 just because you do not want to > pollute DFZ is not justified. > I agree with you except this last statement. If you have a need for more than a /48 and you can announce the aggregate and not the more specifics, it is perfectly valid to get more than a /48 and you should do so in a way that allows you to announce only the aggregate so as to avoid polluting the DFZ. DFZ pollution is not about prefix size, it is about the number of prefixes. In all cases, one should attempt to implement the minimum number of prefixes necessary to effect your desired (or needed) routing policy. Prefix size, OTOH, should relate to the number of end-sites served where each end-site gets a /48. Owen
Re: Network Asset/Service Track/Management
For tracking gear, space, racks, power, assets, etc... Might want to take a look at NetZoomDC by Altima Technologies. They're doing some neat stuff. For the recurring fees and such, not quite sure it will meet your needs but there are customizable categories, elements, and what not you can apply to things and create customer reports and stuff. It all runs on top of Microsoft's SQL server, with Excel and Word for reporting functions. I assume anything you can do in an Excel sheet can be hooked into it. --chip On Tue, Nov 1, 2011 at 2:59 AM, Payam Poursaied wrote: > Hi all > > I'm looking for a system to keep track of network assets and also periodic > services in each pop site. Currently we have > about 500 pop-sites. In each site we have DSLAMs, Linecards and also some > passive equipments including terminals, racks > and .. > > Also each site may have some recurring fees/services. Something like transit > link, power, rental space and . > > > > Could you please share your experience with me > > > > Best Regards > > Payam Poursaied > > > > -- Just my $.02, your mileage may vary, batteries not included, etc
Re: Network Asset/Service Track/Management
On Nov 1, 2011, at 5:29 PM, Phil Regnauld wrote: > Payam Poursaied (me) writes: >> Hi all >> >> I'm looking for a system to keep track of network assets and also periodic >> services in each pop site. Currently we have >> about 500 pop-sites. In each site we have DSLAMs, Linecards and also some >> passive equipments including terminals, racks >> and .. >> >> Also each site may have some recurring fees/services. Something like transit >> link, power, rental space and . >> >> Could you please share your experience with me > > Hi Payam, > > Some of what you mention can be handled with Netdot > (https://netdot.uoregon.edu). > > There is built-in support for maintenance contract definitions, but some > customization might be required. The good part about netdot is that it > will automate some of the inventory management if it has SNMP access to > your devices. Asset mgmt support is rather good for Cisco equipment, but > would have to be tested for other vendors. > > Cheers, > Phil > +1 on Netdot, it's good stuff ;)
Re: consumer DSL problems
On 11/01/2011 05:03 AM, Mike Reed wrote: Is there a common policy on rendering vendor-supplied CPEs unusable? Yes if they are old. As a network operator to residential users, would you notify any potentially affected users before making such a change? Any responsible provider would make sure to notify users before making the change and then not make the change until all users had been upgraded to a new modem...within reason of course...some customer are hard to reach and never respond, so at some point you just have to make the switch. Regards, Bret
Re: using IPv6 address block across multiple locations
On Tue, 1 Nov 2011, Dmitry Cherkasov wrote: case 2: extranet like multiple POPs interconnected with VPNs - get greater then /48 block (like /44) so each POP gets its /48 part - each POP announces its corresponding /48 prefix to their local ISPs - decide if you wish that traffic from Internet to some POP passes through some other of your POPs (security or other considerations); if this is desirable you may announce the whole aggregate (like /44) additionally to /48 from all or some of the POPs; optionally you may wish to announce /44 with community 'no-export' You really don't need to tag the larger block with no-export. In fact, if the POPs are suitably interconnected on the back end, you really don't need to advertise the /48s all, and just advertise the /44. Depending on your upstreams, you might be able to tag your advertisements with certain BGP communities (will vary from provider to provider) to give you some degree of conrol over traffic distribution. Getting back to the original point, unless someone does something odd with their BGP views, the /48s will be preferred because they're smaller (more specific), and the /44 would only be used if a corresponding /48 prefix doesn't exist in their BGP view. jms
Re: using IPv6 address block across multiple locations
Thanks to everybody who responded. To summarize it all, these are the guides for non-ISP company to use PI IPv6 addresses: case 1: single POP, no plans to have more - get single /48 from your RIR, announce it to one or multiple ISPs that POP is connected to case 1a: multiple separate POPs (no VPN interconnections) - the same as for case 1 but for each POP independently; each POP has individual AS, btw case 2: extranet like multiple POPs interconnected with VPNs - get greater then /48 block (like /44) so each POP gets its /48 part - each POP announces its corresponding /48 prefix to their local ISPs - decide if you wish that traffic from Internet to some POP passes through some other of your POPs (security or other considerations); if this is desirable you may announce the whole aggregate (like /44) additionally to /48 from all or some of the POPs; optionally you may wish to announce /44 with community 'no-export' As for /48 IPv6 blocks being like /24 for IPv4. It really seems that /48 may be the most popular PI block and this may lead to overcrowding of DFZ. Probably, this is logical consequence of getting bigger address space. We needed more IP addresses and we get them. Anyway getting greater then /48 just because you do not want to pollute DFZ is not justified. Thank you. Dmitry Cherkasov 2011/11/1 Ricky Beam : > On Mon, 31 Oct 2011 05:39:57 -0400, Richard Barnes > wrote: >> >> Couldn't you also advertise the /48 from all the sites, if you're >> willing to sort things out over the inter-site VPNs? > > If we're talking about a site-to-site IPsec VPN "over the internet", then > that's a very bad idea. Even if "the internet" in this case is entirely > within the same provider's network. (and it doesn't sound like it is.) > > --Ricky > >
Re: Network Asset/Service Track/Management
Payam Poursaied (me) writes: > Hi all > > I'm looking for a system to keep track of network assets and also periodic > services in each pop site. Currently we have > about 500 pop-sites. In each site we have DSLAMs, Linecards and also some > passive equipments including terminals, racks > and .. > > Also each site may have some recurring fees/services. Something like transit > link, power, rental space and . > > Could you please share your experience with me Hi Payam, Some of what you mention can be handled with Netdot (https://netdot.uoregon.edu). There is built-in support for maintenance contract definitions, but some customization might be required. The good part about netdot is that it will automate some of the inventory management if it has SNMP access to your devices. Asset mgmt support is rather good for Cisco equipment, but would have to be tested for other vendors. Cheers, Phil
Re: Network Asset/Service Track/Management
On 11/01/2011 02:38 AM, Babak Farrokhi wrote: > Hi, > > I would suggest you use the element management software provided by your > vendor. But you may want to take a look at www.ziptie.org for an alternative. Also nocproject.org
consumer DSL problems
Hi folks, It would seem that my home broadband provider (Orange, formerly known as Wanadoo/Freeserve) have made some networking changes at the weekend. The first I knew of it was when my DSL router refused to connect. It's a vendor-supplied Siemens Gigaset SE572. While it's probably not the best router in the world (most consumer routers are risible), it was generally fine. On complaint, they tell me it's 'old'. Closer inspection reveals it's picking up the DSL carrier signal fine, but failing during LCP negotation Is there a common policy on rendering vendor-supplied CPEs unusable? As a network operator to residential users, would you notify any potentially affected users before making such a change? I am grateful for any insight. Kind regards, Mike
Re: Network Asset/Service Track/Management
Hi, I would suggest you use the element management software provided by your vendor. But you may want to take a look at www.ziptie.org for an alternative. Regards, On Nov 1, 2011, at 10:29 AM, Payam Poursaied wrote: > Hi all > > I'm looking for a system to keep track of network assets and also periodic > services in each pop site. Currently we have > about 500 pop-sites. In each site we have DSLAMs, Linecards and also some > passive equipments including terminals, racks > and .. > > Also each site may have some recurring fees/services. Something like transit > link, power, rental space and . > > > > Could you please share your experience with me > > > > Best Regards > > Payam Poursaied > > > -- Babak Farrokhi Network Expert / Unix SA / Security Analyst
Network Asset/Service Track/Management
Hi all I'm looking for a system to keep track of network assets and also periodic services in each pop site. Currently we have about 500 pop-sites. In each site we have DSLAMs, Linecards and also some passive equipments including terminals, racks and .. Also each site may have some recurring fees/services. Something like transit link, power, rental space and . Could you please share your experience with me Best Regards Payam Poursaied smime.p7s Description: S/MIME cryptographic signature
