Re: Route Management Best Practices

[Mark Tinka]

On Tuesday, January 31, 2012 03:04:15 PM Joe Marr wrote:

> What do you use for reflectors, hardware(Cisco/Juniper)
> or software daemons(Quagga)?

We operate 2x networks.

One of them runs Cisco 7201 routers as route reflectors, 
while the other runs Juniper M120 routers.

The large Juniper routers were due to particular BGP AFI's 
that Cisco IOS does not support (yet).

> I've been toying with the idea of using Quagga route
> servers to announce our prefixes to our edge routers and
> redistribute BGP annoucements learned from downstream
> customers.

You can certainly use any device in your network to 
originate your allocations. We just use the route reflectors 
because it is a natural fit, but you can use any device 
provided it would be as stable and independent as a route 
reflector.

The last thing you want is a blackhole or a route going away 
because your backhaul failed or your customer DoS'ed your 
edge router :-).

> Only drawback is the lack of support for
> tagged static routes, so it looks like I'm going to have
> to use a network statement w/ route-map to set the
> attributes.

There was a time when networks were ran without prefix 
lists, BGP communities or even route maps. I'm too young to 
have ever experienced those times, but I always joke with a 
friend (from those times) about how good we have it today, 
and how hard life must have been for Internet engineers of 
old :-).

If you have the opportunity, I'd advise against operating 
without these very useful tools.

> Has anyone tried this, or is it suicide?

I'm sure there are several networks out there that are 
intimidated by additional BGP features such as communities, 
advanced routing policy, e.t.c. They do survive without 
having to deal with this, probably because they're networks 
are small and the pain is better than trying something new. 
But I certainly wouldn't recommend it to anyone (except, as 
Randy would say, my competitors).

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: Route Management Best Practices

[Joe Marr]

Thanks Mark

What do you use for reflectors, hardware(Cisco/Juniper) or software
daemons(Quagga)?

I've been toying with the idea of using Quagga route servers to announce
our prefixes to our edge routers and redistribute BGP annoucements learned
from downstream customers. Only drawback is the lack of support for tagged
static routes, so it looks like I'm going to have to use a network
statement w/ route-map to set the attributes.

Has anyone tried this, or is it suicide?

On Tue, Jan 31, 2012 at 1:38 AM, Mark Tinka wrote:

> On Tuesday, January 31, 2012 01:01:30 AM Joe Marr wrote:
>
> > I currently use static routes and tags on my edge routers
> > to inject route into BGP. The tags correspond to
> > communities that reflect how the routes are announced
> > per region.
>
> > I would love to heat from others on how they handle this.
>
> We originate our allocations from our route reflectors. The
> route reflectors make sense for a number of reasons, e.g.,
> they're always up, they aren't doing anything else, they
> aren't in the forwarding path, they aren't reachable from
> outside our AS, they're few enough to manage scalably,
> e.t.c.
>
> Like you, we attach communities to all originated
> allocations as the route reflector is announcing them to all
> iBGP neighbors, and those communities are used to determine
> how the routes are announced to peers, upstreams and
> customers.
>
> The problem with originating your routes at the edge
> (peering or customers) is you'll likely have more of these
> routers than route reflectors, so redundancy management of
> route origination will become a huge problem.
>
> Also, failure of your edge routers is probably more likely
> than your route reflectors just by the very nature of their
> functions. This is why most advice is not to originate
> routes on routers that are providing inter-AS connectivity,
> as it could lead to blackholes due to backhaul link failure.
>
> Cheers,
>
> Mark.
>

Re: Route Management Best Practices

[Mark Tinka]

On Tuesday, January 31, 2012 01:01:30 AM Joe Marr wrote:

> I currently use static routes and tags on my edge routers
> to inject route into BGP. The tags correspond to
> communities that reflect how the routes are announced
> per region.

> I would love to heat from others on how they handle this.

We originate our allocations from our route reflectors. The 
route reflectors make sense for a number of reasons, e.g., 
they're always up, they aren't doing anything else, they 
aren't in the forwarding path, they aren't reachable from 
outside our AS, they're few enough to manage scalably, 
e.t.c.

Like you, we attach communities to all originated 
allocations as the route reflector is announcing them to all 
iBGP neighbors, and those communities are used to determine 
how the routes are announced to peers, upstreams and 
customers.

The problem with originating your routes at the edge 
(peering or customers) is you'll likely have more of these 
routers than route reflectors, so redundancy management of 
route origination will become a huge problem.

Also, failure of your edge routers is probably more likely 
than your route reflectors just by the very nature of their 
functions. This is why most advice is not to originate 
routes on routers that are providing inter-AS connectivity, 
as it could lead to blackholes due to backhaul link failure.

Cheers,

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: Console Server Recommendation

[Mark Tinka]

On Tuesday, January 31, 2012 12:08:45 AM Ray Soucy wrote:

> What are people using for console servers these days? 
> We've historically used retired routers with ASYNC
> ports, but it's time for an upgrade.

Cisco 2811.

Mark.


signature.asc
Description: This is a digitally signed message part.

Re: MD5 considered harmful

[Keegan Holley]

I suppose so but BFD certainly has alot more moving parts then adding
MDF checksums to an existing control packet.  I'm not saying everyone
should turn it on or off for that matter.  I just don't see what the
big deal is.  Most of the shops I've seen have it on because of some
long forgotten engineering standard.


2012/1/30 John Kristoff :
> On Fri, 27 Jan 2012 15:52:41 -0500
> "Patrick W. Gilmore"  wrote:
>
>> Unfortunately, Network Engineers are lazy, impatient, and frequently
>> clueless as well.
>
> While the quantity of peering sessions I've had is far less than
> yours, once upon a time when I had tried to get MD5 on dozens of peering
> sessions I learned quite a bit about those engineers and those
> networks.  I got to find out who couldn't do password management, who
> never heard of MD5 and who had been listening to Patrick.  :-) All good
> input that inform what else I might want to do to protect myself from
> those networks or who I wouldn't mind having a business relationship
> with.
>
> John
>
>

Re: IP KVM suggestions

[Randy McAnally]

+1 on lantronix.  Also does serial console.  Lots of settings.  Beats the pants 
off other units in terms of flexibility and configuration options.  

Sent from my IPhone (pardon the typo's)

On Jan 30, 2012, at 9:11 PM, Jeff Fisher  wrote:

>> Lantronix Spider is a small, portable, affordable and web enabled IP KVM.
>> Supports ISO mounting and has USB connections.
>> 
>> http://www.lantronix.com/it-management/kvm-over-ip/securelinx-spider.html
>> 
>> It is a single server unit. So if you want to connect many servers at the
>> same time, it might not be the best option as the price quickly escalates.
>> However, if you buy one and just move it from server to server (which is
>> what I got from your email), then it is a pretty good fit. Java based web
>> interface, not the greatest, but it works.
> 
> I've got a few Lantronix Spiders and I love them; however, I would opt to get 
> the external power adapter instead of just relying on the unit drawing power 
> from the computer it's connected to.
> 
> Also, there is a PS2 + USB model available that I'd recommend getting if you 
> have any older gear which doesn't support USB keyboards while in the BIOS.
> 
> I think they go for around $260 + another $20 or so for the external power 
> adapter.
> 
> Jeff

Re: Please help our simple bgp

[Justin M. Streiner]

On Mon, 30 Jan 2012, Ann Kwok wrote:


Our router is running simple bgp. "one BGP router, two upstreams (each 100M
from ISP A and ISP B)
We are getting full feeds tables from them


Are you sure you're getting a full table from each provider?  A full IPv4 
feed is close to 400,000 prefixes and a full IPv6 feed is getting close to 
8,000 routes.


It's also important to understand what the desired behavior is.  Do you 
want to use both upstream links, or do you want to use provider B only 
when provider A is down?  Based on your description above, I'm guessing 
you want to use both links at the same time.



We discover the routes is going to ISP A only even the bandwidth 100M is
full


BGP doesn't know or care about link utilization.  If all of your outbound 
traffic is using only one link, then it sounds like one (or more) of a 
few things is happening:


1. Provider B is only sending you a default route, or something less than 
a full table.  If that's the case, then you need to get provider B to send 
you a full table, or verify that your BGP import policy isn't rejecting 
most of what provider B is sending you.  Most specific route wins.
2. Provider B's routes are less preferred by your router for one or 
more reasons, with a longer AS path probably being the most common reason.
Check if provider B is doing anything like prepending routes before they 
send them to you (generally a bad idea, but I've seen stranger things 
happen).
3. You are taking some action on provider B's routes to make them less 
preferred, such as lowering the local-preference.  It might be helpful to 
post the whole "router bgp " section of your config, with any related 
items (route-maps, access-lists, prefix-lists, AS-path access-lists (if 
any, etc).



Can we set the weight to change to ISP B to use ISP B as preference routes?

neighbor 1.2.3.4 description ISP B
neighbor 1.2.3.4 remote-as 111
neighbor 1.2.3.4 weight 2000


If you are receiving a full table from both providers, you can write a 
policy to reset the local-preference on some of the routes you get from 
provider B to higher than the same routes you get from provider A.



If this works, how is ISP B upstream connection is down?

Can it still be failover to ISP A automatically?


If you receive a full table from both providers, you should be able to use 
either provider's link when the other one fails, with little to no 
intervention on your part.


jms

Re: Please help our simple bgp

[Joel Maslak]

On Mon, Jan 30, 2012 at 7:27 PM, Ann Kwok  wrote:

> We discover the routes is going to ISP A only even the bandwidth 100M is
> full

There are several ways to handle this is, if you have at least two
/24s of space.

Let's say you just have two /24s, both part of the same /23.

Option 1:

Announce m.m.m.m/24 with no path prefixing on ISP A.
Announce m.m.m.m/24 prefixed with your own ASN one or two times on ISP B.
Announce n.n.n.n/24 with no path prefixing on ISP B
Announce n.n.n.n/24 prefixed with your own ASN one or two times on ISP A.

Most of the internet would probably prefer A for m.m.m.m/24, and
prefer B for n.n.n.n/24.  But if either A or B went down, there would
still be a reachable route.

Option 2:

Announce m.m.m.m/23 on both ISP A and B
Announce m.m.m.m/24 on ISP A
Announce n.n.n.n/24 on ISP B

The n.n.n.n/24 which is part of m.m.m.m/23 would use ISP B for inbound
traffic, while ISP A would be used for m.m.m.m/24.  If either A or B,
the less specific /23 would provide a backup path.


> Can we set the weight to change to ISP B to use ISP B as preference routes?

Not really.  You may be able to set a community that controls how ISP
B advertises the routes or preferences your traffic.  Weights
generally aren't used for path selection.

Please help our simple bgp

[Ann Kwok]

Hello

Our router is running simple bgp. "one BGP router, two upstreams (each 100M
from ISP A and ISP B)
We are getting full feeds tables from them

We discover the routes is going to ISP A only even the bandwidth 100M is
full

Can we set the weight to change to ISP B to use ISP B as preference routes?

Can the following configuration work?
What suggest to this weight no. too?

 neighbor 1.2.3.4 description ISP B
 neighbor 1.2.3.4 remote-as 111
 neighbor 1.2.3.4 weight 2000

If this works, how is ISP B upstream connection is down?

Can it still be failover to ISP A automatically?

If it won't work, Do you have any suggestion?

Thank you for your help

Re: Console Server Recommendation

[Joe Hamelin]

-1 for Cyclades. At least in Clear's DC plants the PCMCIA modems would
often wedgie and require a re-insert.  Also, if you have a DC power side
fail, they beep and beep and beep.  Very annoying when your power people
are still catching up when you're trying to commission equipment.
--
Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474

Re: IP KVM suggestions

[Jeff Fisher]

Lantronix Spider is a small, portable, affordable and web enabled IP KVM.
Supports ISO mounting and has USB connections.

http://www.lantronix.com/it-management/kvm-over-ip/securelinx-spider.html

It is a single server unit. So if you want to connect many servers at the
same time, it might not be the best option as the price quickly escalates.
However, if you buy one and just move it from server to server (which is
what I got from your email), then it is a pretty good fit. Java based web
interface, not the greatest, but it works.


I've got a few Lantronix Spiders and I love them; however, I would opt 
to get the external power adapter instead of just relying on the unit 
drawing power from the computer it's connected to.


Also, there is a PS2 + USB model available that I'd recommend getting if 
you have any older gear which doesn't support USB keyboards while in the 
BIOS.


I think they go for around $260 + another $20 or so for the external 
power adapter.


Jeff

Re: Console Server Recommendation

[Mark Gauvin]

Currenly run 80+ raritan ksx boxes under the cc device with zero issue  
alot more expensive than othe solutions but the single point of touch  
is a life saver

Sent from my iPhone

On 2012-01-30, at 6:44 PM, "Christopher J. Pilkington"   
wrote:

> On Jan 30, 2012, at 16:52, Robert Hajime Lanning  
>  wrote:
>
>> Avocent Cyclades ACS uses Cat5 straight through cables to Cisco  
>> consoles.
>
> We have Cyclades ACS boxen also, but ours require rollover cables, not
> straight, when talking to a Cisco console. YMMV.
>

Re: Console Server Recommendation

[Christopher J. Pilkington]

On Jan 30, 2012, at 16:52, Robert Hajime Lanning  wrote:

> Avocent Cyclades ACS uses Cat5 straight through cables to Cisco consoles.

We have Cyclades ACS boxen also, but ours require rollover cables, not
straight, when talking to a Cisco console. YMMV.

Re: ARP is sourced from loopback address

[William Herrin]

On Mon, Jan 30, 2012 at 6:24 PM, Joe Maimon  wrote:
> Golden.
> Thank you, William.

Hi Joe,

You're welcome. The flip side of Linux's arp funkiness is that you can
get it to do some nifty stuff. For example, a /32 ethernet looks more
or less like this:

ifconfig lo:1 198.51.100.1 netmask 255.255.255.255
ifconfig eth1 192.168.0.1 netmask 255.255.255.252
ip route add 198.51.100.44/32 dev eth1 src 198.51.100.1
arptables --out-interface eth1 -j mangle -s 192.168.0.1 --mangle-ip-s
198.51.100.1

The implicit proxy arp takes care of the rest with the machine hanging
off the interface thinking that it's part of a /24.


This sort of thing is how I'm using all 17 of the IP addresses in my
Cox /28. :-)

Regards,
Bill Herrin



-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: MD5 considered harmful

[John Kristoff]

On Fri, 27 Jan 2012 15:52:41 -0500
"Patrick W. Gilmore"  wrote:

> Unfortunately, Network Engineers are lazy, impatient, and frequently
> clueless as well.

While the quantity of peering sessions I've had is far less than
yours, once upon a time when I had tried to get MD5 on dozens of peering
sessions I learned quite a bit about those engineers and those
networks.  I got to find out who couldn't do password management, who
never heard of MD5 and who had been listening to Patrick.  :-) All good
input that inform what else I might want to do to protect myself from
those networks or who I wouldn't mind having a business relationship
with.

John

Re: ARP is sourced from loopback address

[Joe Maimon]

Golden.

Thank you, William.

Joe

William Herrin wrote:

net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.eth1.arp_announce = 1

Re: ARP is sourced from loopback address

[Joe Maimon]

Thanks for the reply.

Yes, it does appear to have the correct mac.


root@debian31:~# tcpdump -e -n -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
12:54:17.882537 00:03:fd:03:38:08 > 00:0c:29:b8:2a:14, ethertype IPv4 
(0x0800), length 114: 69.90.15.224 > 216.222.144.24: ICMP echo request, 
id 161, seq 4, length 80
12:54:18.084320 00:0c:29:b8:2a:14 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 42: Request who-has 192.168.76.1 tell 209.54.140.64, 
length 28
12:54:19.083580 00:0c:29:b8:2a:14 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 42: Request who-has 192.168.76.1 tell 209.54.140.64, 
length 28
12:54:19.838376 00:03:fd:03:38:08 > 00:0c:29:b8:2a:14, ethertype IPv4 
(0x0800), length 407: 69.90.15.224.179 > 216.222.144.24.60714: Flags 
[P.], seq 4062306194:4062306547, ack 170308540, win 16365, length 353: 
BGP, length: 353
12:54:20.083649 00:0c:29:b8:2a:14 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 42: Request who-has 192.168.76.1 tell 209.54.140.64, 
length 28


^C


root@debian31:~# ifconfig eth1
eth1  Link encap:Ethernet  HWaddr 00:0c:29:b8:2a:14
  inet addr:192.168.76.16  Bcast:192.168.76.255  Mask:255.255.255.0



Keegan Holley wrote:

Even though TCP dump doesn't show it the ARP packets should have a
source mac address that is reachable on the link.  I think the reply
is unicast to that mac address regardless of the IP in the request.
Otherwise the receiving station would have to do an arp request for
the source IP in the packet before it replied, in order to reply that
station would need to have the very mapping it just requested making
the whole thing useless.   I've never seen arp sourced from a
non-local interface IP unless there was some sort of tunnel or
bridging configured, but then again I don't spend my days staring at
ARP packets so I could be missing something.


2012/1/30 Joe Maimon:


Hey All,

Anycast related.

Is this normal behavior? Whats the workaround? Why havent I run into this
before?

192.168.76.1 is a HSRP address on a ring of routers transiting a private non
routed vlan to the service addresses hosted on systems that have independent
management interfaces.

Best,

Joe


root@debian31:~# ifconfig lo:0
lo:0  Link encap:Local Loopback
  inet addr:209.54.140.64  Mask:255.255.255.255
  UP LOOPBACK RUNNING  MTU:16436  Metric:1

root@debian31:~# ip rule list
0:  from all lookup local
32764:  from 209.54.140.0/24 lookup pbr1-exit
32765:  from 216.222.144.16/28 lookup pbr1-exit
32766:  from all lookup main
32767:  from all lookup default
root@debian31:~# ip route list table pbr1-exit
default via 192.168.76.1 dev eth1
192.168.34.0/24 dev eth1  scope link  src 192.168.76.16
192.168.76.0/24 dev eth1  scope link  src 192.168.76.16
root@debian31:~# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

11:08:09.053943 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
28
11:08:10.035126 IP noc08rt08.noc08.chl.net>  209.54.140.64: ICMP echo
request, id 517, seq 0, length 80
11:08:10.051276 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
28
11:08:11.052548 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
28
11:08:12.035964 IP noc08rt08.noc08.chl.net>  209.54.140.64: ICMP echo
request, id 517, seq 1, length 80
^C

root@debian31:~# ip neigh
fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
192.168.76.1 dev eth1  FAILED
192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b DELAY
192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE

root@debian31:~# uname -a
Linux debian31 3.2.0-1-686-pae #1 SMP Tue Jan 24 06:09:30 UTC 2012 i686
GNU/Linux

root@debian31:~# ping 192.168.76.1
PING 192.168.76.1 (192.168.76.1) 56(84) bytes of data.
64 bytes from 192.168.76.1: icmp_req=1 ttl=255 time=2.95 ms
^C
--- 192.168.76.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.952/2.952/2.952/0.000 ms
root@debian31:~# ip neigh
fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
192.168.76.1 dev eth1 lladdr 00:00:0c:9f:f0:01 REACHABLE
192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b REACHABLE
192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
192.168.76.2 dev eth1 lladdr 00:b0:4a:9e:54:00 STALE
root@debian31:~# !tcp
tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
11:12:22.476479 IP noc08rt08-l0.noc08.chl.net>  209.54.140.64: ICMP echo
request, id 518, seq 0, length 80
11:12:22.476572 IP 209.54.140.64>  noc08rt08-l0.noc08.chl.net: ICMP echo
reply, id 518, seq 0, length 80
11:12:22.479495 IP noc08rt08-l0.noc08.chl.net>  209.54.140.64: ICMP echo
request, id 518, seq 1, length 80
11:12:22.479533 IP 209.54.

Re: ARP is sourced from loopback address

[William Herrin]

On Mon, Jan 30, 2012 at 4:27 PM, Joe Maimon  wrote:
> Is this normal behavior? Whats the workaround? Why havent I run into this
> before?
>
> 192.168.76.1 is a HSRP address on a ring of routers transiting a private non
> routed vlan to the service addresses hosted on systems that have independent
> management interfaces.

Hi Joe,

Linux frequently does Really Stupid Things with ARP. You can generally
force it to do the right thing with the arp_announce, arp_ignore and
arp_filter sysctl's as well as the arptables command.

If I understand your problem correctly, you have a virtual IP on a
loopback interface and when that virtual IP is pinged, the Linux box
uses it as the source address in the arp request instead of using the
correct source address for that interface. Because the source address
is not valid for that LAN, the router does not respond.

Workaround:

vi /etc/sysctl.conf:
net.ipv4.conf.all.arp_announce = 1
net.ipv4.conf.eth1.arp_announce = 1

sysctl -p

This forces the box to use eth1's IP address when making an ARP
request from eth1 instead of using the VIP in the source address of
the IP packet (the default behavior).

#arp_announce - INTEGER
#Define different restriction levels for announcing the local
#source IP address from IP packets in ARP requests sent on
#interface:
#0 - (default) Use any local address, configured on any interface
#1 - Try to avoid local addresses that are not in the target's
#subnet for this interface.
#2 - Always use the best local address for this target.
#In this mode we ignore the source address in the IP packet
#and try to select local address that we prefer for talks with
#the target host.


Regards,
Bill Herrin




-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: ARP is sourced from loopback address

[Keegan Holley]

Even though TCP dump doesn't show it the ARP packets should have a
source mac address that is reachable on the link.  I think the reply
is unicast to that mac address regardless of the IP in the request.
Otherwise the receiving station would have to do an arp request for
the source IP in the packet before it replied, in order to reply that
station would need to have the very mapping it just requested making
the whole thing useless.   I've never seen arp sourced from a
non-local interface IP unless there was some sort of tunnel or
bridging configured, but then again I don't spend my days staring at
ARP packets so I could be missing something.


2012/1/30 Joe Maimon :
>
> Hey All,
>
> Anycast related.
>
> Is this normal behavior? Whats the workaround? Why havent I run into this
> before?
>
> 192.168.76.1 is a HSRP address on a ring of routers transiting a private non
> routed vlan to the service addresses hosted on systems that have independent
> management interfaces.
>
> Best,
>
> Joe
>
>
> root@debian31:~# ifconfig lo:0
> lo:0      Link encap:Local Loopback
>          inet addr:209.54.140.64  Mask:255.255.255.255
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>
> root@debian31:~# ip rule list
> 0:      from all lookup local
> 32764:  from 209.54.140.0/24 lookup pbr1-exit
> 32765:  from 216.222.144.16/28 lookup pbr1-exit
> 32766:  from all lookup main
> 32767:  from all lookup default
> root@debian31:~# ip route list table pbr1-exit
> default via 192.168.76.1 dev eth1
> 192.168.34.0/24 dev eth1  scope link  src 192.168.76.16
> 192.168.76.0/24 dev eth1  scope link  src 192.168.76.16
> root@debian31:~# tcpdump -i eth1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
>
> 11:08:09.053943 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
> 28
> 11:08:10.035126 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 517, seq 0, length 80
> 11:08:10.051276 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
> 28
> 11:08:11.052548 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, length
> 28
> 11:08:12.035964 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 517, seq 1, length 80
> ^C
>
> root@debian31:~# ip neigh
> fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
> 192.168.76.1 dev eth1  FAILED
> 192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b DELAY
> 192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
>
> root@debian31:~# uname -a
> Linux debian31 3.2.0-1-686-pae #1 SMP Tue Jan 24 06:09:30 UTC 2012 i686
> GNU/Linux
>
> root@debian31:~# ping 192.168.76.1
> PING 192.168.76.1 (192.168.76.1) 56(84) bytes of data.
> 64 bytes from 192.168.76.1: icmp_req=1 ttl=255 time=2.95 ms
> ^C
> --- 192.168.76.1 ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 2.952/2.952/2.952/0.000 ms
> root@debian31:~# ip neigh
> fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
> 192.168.76.1 dev eth1 lladdr 00:00:0c:9f:f0:01 REACHABLE
> 192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b REACHABLE
> 192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
> 192.168.76.2 dev eth1 lladdr 00:b0:4a:9e:54:00 STALE
> root@debian31:~# !tcp
> tcpdump -i eth1
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
> 11:12:22.476479 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 0, length 80
> 11:12:22.476572 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 0, length 80
> 11:12:22.479495 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 1, length 80
> 11:12:22.479533 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 1, length 80
> 11:12:22.484346 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 2, length 80
> 11:12:22.484392 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 2, length 80
> 11:12:22.487670 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 3, length 80
> 11:12:22.487705 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 3, length 80
> 11:12:22.490639 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo
> request, id 518, seq 4, length 80
> 11:12:22.490675 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo
> reply, id 518, seq 4, length 80
> ^C
>
>
>
>

Re: [c-nsp] ASR opinions..

[Christopher J. Pilkington]

On Fri, Sep 2, 2011 at 5:56 AM, Mark Tinka  wrote:
> Like the ASR1002-F, the ASR1001 is based on an ESP5
> forwarding processor. That comes with 512,000 FIB entries
> maximum.
>
> As a side note, unlike the ASR1002-F, the ASR1001 can be
> upgraded (software license) form the default 2.5Gbps
> forwarding performance to 5Gbps.
>
>> To
>> my knowledge this is not true as the 1001 has the Intel
>> RP1.5...
>
> We're talking about FIB slots (the ESP) and not RIB slots
> (the RP).

Sorry to resurrect an old thread, but I'm also confused on this
ASR1001 FIB question.

The Cisco ASR 1000 ESP data sheet
(http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html)
lists the ASR1001 separately from the ASR1002-5G.  It claims the
ASR1001 does 1M IPv4 and 1M IPv6 routes.  (Not to be confused with the
numbers on the ASR 1000 RP data sheet, which say it can do up to 9M
with 8GB RAM doing selective download.)

Does anyone have a link to a definitive document clearly showing FIB
numbers for the ASR1001?  I've got an email into our Cisco SE, but I
don't think they're motivated to sell us a lower-end box. :-)

-cjp

Cing Installers

[Grupo IPv6]

Hi all,


Does anyone know where to find the installers for network measuring tool
“cing” ?



All the links I found are down. I’m using Ubuntu 11.04



Many thanks,



Gabriel

Re: Console Server Recommendation

[Coy Hile]

>
> Avocent Cyclades ACS uses Cat5 straight through cables to Cisco consoles.
>
> I use them in our lab and production sites.
>

I personally use these as well; so does work.  There's a dongle for some
things like the older Sun Netra devices that used an RJ45 console connector.

One of the nicest features of the ACS boxes over my previous solution (old
cisco router with octopus cables) is the ability to share sessions.  Very
useful if I switch from my desktop to my laptop, for example.

Re: Console Server Recommendation

[Robert Hajime Lanning]

On 01/30/12 11:41, Brandon Butterworth wrote:

Just buy the units that have the pinout for your devices, or you may
need adapters.


Hate that, I got a Cyclades by accident, never more.

Lantronix is same pinout as cisco and everything else we use regularly.


Avocent Cyclades ACS uses Cat5 straight through cables to Cisco consoles.

I use them in our lab and production sites.

--
END OF LINE
   -MCP

ARP is sourced from loopback address

[Joe Maimon]

Hey All,

Anycast related.

Is this normal behavior? Whats the workaround? Why havent I run into 
this before?


192.168.76.1 is a HSRP address on a ring of routers transiting a private 
non routed vlan to the service addresses hosted on systems that have 
independent management interfaces.


Best,

Joe


root@debian31:~# ifconfig lo:0
lo:0  Link encap:Local Loopback
  inet addr:209.54.140.64  Mask:255.255.255.255
  UP LOOPBACK RUNNING  MTU:16436  Metric:1

root@debian31:~# ip rule list
0:  from all lookup local
32764:  from 209.54.140.0/24 lookup pbr1-exit
32765:  from 216.222.144.16/28 lookup pbr1-exit
32766:  from all lookup main
32767:  from all lookup default
root@debian31:~# ip route list table pbr1-exit
default via 192.168.76.1 dev eth1
192.168.34.0/24 dev eth1  scope link  src 192.168.76.16
192.168.76.0/24 dev eth1  scope link  src 192.168.76.16
root@debian31:~# tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

11:08:09.053943 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, 
length 28
11:08:10.035126 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo 
request, id 517, seq 0, length 80
11:08:10.051276 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, 
length 28
11:08:11.052548 ARP, Request who-has 192.168.76.1 tell 209.54.140.64, 
length 28
11:08:12.035964 IP noc08rt08.noc08.chl.net > 209.54.140.64: ICMP echo 
request, id 517, seq 1, length 80

^C

root@debian31:~# ip neigh
fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
192.168.76.1 dev eth1  FAILED
192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b DELAY
192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE

root@debian31:~# uname -a
Linux debian31 3.2.0-1-686-pae #1 SMP Tue Jan 24 06:09:30 UTC 2012 i686 
GNU/Linux


root@debian31:~# ping 192.168.76.1
PING 192.168.76.1 (192.168.76.1) 56(84) bytes of data.
64 bytes from 192.168.76.1: icmp_req=1 ttl=255 time=2.95 ms
^C
--- 192.168.76.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 2.952/2.952/2.952/0.000 ms
root@debian31:~# ip neigh
fe80::230:71ff:fe3b:6808 dev eth0 lladdr 00:30:71:3b:68:08 router STALE
192.168.76.1 dev eth1 lladdr 00:00:0c:9f:f0:01 REACHABLE
192.168.34.254 dev eth0 lladdr 00:11:93:04:7a:1b REACHABLE
192.168.34.48 dev eth0 lladdr 00:0c:29:fd:64:8a STALE
192.168.76.2 dev eth1 lladdr 00:b0:4a:9e:54:00 STALE
root@debian31:~# !tcp
tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
11:12:22.476479 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo 
request, id 518, seq 0, length 80
11:12:22.476572 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo 
reply, id 518, seq 0, length 80
11:12:22.479495 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo 
request, id 518, seq 1, length 80
11:12:22.479533 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo 
reply, id 518, seq 1, length 80
11:12:22.484346 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo 
request, id 518, seq 2, length 80
11:12:22.484392 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo 
reply, id 518, seq 2, length 80
11:12:22.487670 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo 
request, id 518, seq 3, length 80
11:12:22.487705 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo 
reply, id 518, seq 3, length 80
11:12:22.490639 IP noc08rt08-l0.noc08.chl.net > 209.54.140.64: ICMP echo 
request, id 518, seq 4, length 80
11:12:22.490675 IP 209.54.140.64 > noc08rt08-l0.noc08.chl.net: ICMP echo 
reply, id 518, seq 4, length 80

^C

Re: IP KVM suggestions

[Chris Hunt]

On 1/30/2012 11:05 AM, nanog-requ...@nanog.org wrote:
> --
>
> Message: 8
> Date: Mon, 30 Jan 2012 12:09:16 -0600
> From: "Express Web Systems" 
> To: "'NANOG'" 
> Subject: RE: IP KVM suggestions
> Message-ID: <033601ccdf7a$481d0f90$d8572eb0$@com>
> Content-Type: text/plain; charset="us-ascii"
>
>> > I have a need for a small, portable, web based IP kvm with decent
>> > features that doesn't break the bank.  Preferably something that
>> > supports ISO mounting from http or ftp and USB connectivity.  Would
>> > also prefer something browser independent.  Small plugin like the
>> > Raritan devices would be acceptable too. It will be used internally for
>> > Remote access while building devices pre deployment to customers.  Any
>> > suggestions?
>> > 
>> > Thanks!
>> > 
>> > Blake
> Lantronix Spider is a small, portable, affordable and web enabled IP KVM.
> Supports ISO mounting and has USB connections.
>
> http://www.lantronix.com/it-management/kvm-over-ip/securelinx-spider.html
>
> It is a single server unit. So if you want to connect many servers at the
> same time, it might not be the best option as the price quickly escalates.
> However, if you buy one and just move it from server to server (which is
> what I got from your email), then it is a pretty good fit. Java based web
> interface, not the greatest, but it works.
>
> For multiple server access from a single unit, look at the Dell 2161DS
> (rebranded Avocent units) line. They are abundant on ebay, and relatively
> inexpensive, and can expand to up to 128 servers (via add on PEM modules -
> the unit has 16 ports and you connect a PEM to one of the ports and you can
> connect up to 8 servers to the PEM 16 x 8 = 128). The 2161DS-2 also supports
> ISO mounting when using USB dongles (the 2161DS does not). Java based client
> software... Dell isn't supporting the 2161DS software any more apparently
> and won't install natively on Windows 7,
I have it running on Windows7, but it has to be "Run As Administrator"
>  but the software can be installed
> on an XP machine and then copied, this also works for linux, etc.
>
> Tom Walsh
>
If security is a concern, then you will probably want to only use the
2161-DS behind a VPN, if at all.  The session authentication is fairly
weak and supports no ACLs.  It does support lock-out on multiple bad
authentication attempts though.

-Chris

Re: Wireless Recommendations

[david raistrick]

On Mon, 30 Jan 2012, Jonathan Lassoff wrote:



That said, I'm not sure what you're trying to do here, but I think
you'll be disappointed with any AP with 600 *active* stations
associated to it. No AP can work around the congestive collapse of
hundreds of stations all transmitting RTS frames at once.


unless, of course, that's the concept you are trying to prove...? :)



--
david raistrickhttp://www.netmeister.org/news/learn2quote.html
dr...@icantclick.org http://www.expita.com/nomime.html

Re: Wireless Recommendations

[Jonathan Lassoff]

On Mon, Jan 30, 2012 at 12:46 PM, Jim Gonzalez  wrote:
> Hi,
>
>                I am looking for a Wireless bridge or Router that will
> support 600 wireless clients concurrently (mostly cell phones).  I need it
> for a proof of concept.

I've had some great luck with a variety of vendors, though never with
this many clients on one AP.
For a stable 802.11 stack, I've found Cisco AP1142N's to be great.

That said, I'm not sure what you're trying to do here, but I think
you'll be disappointed with any AP with 600 *active* stations
associated to it. No AP can work around the congestive collapse of
hundreds of stations all transmitting RTS frames at once.

If you can split up your many stations across a swath of APs, bridging
down to a couple L2 Ethernet LANs, I think you'll get something much
more scalable.

Cheers,
jof

Wireless Recommendations

[Jim Gonzalez]

Hi,

I am looking for a Wireless bridge or Router that will
support 600 wireless clients concurrently (mostly cell phones).  I need it
for a proof of concept. 

 

 

Thanks in advance

Jim 

 

 

Re: Console Server Recommendation

[Jay Ashworth]

- Original Message -
> From: "Michael Thomas" 

> Lantronix still makes terminal servers? Huh. I designed their first
> ones over 20 years ago!

And Lantronix has the *delightful* policy that *they will still support
those units (assuming they do at all) free*, even if I bought them used.

+5 for Lantronix.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA  http://photo.imageinc.us +1 727 647 1274

Re: Console Server Recommendation

[Brandon Butterworth]

> Just buy the units that have the pinout for your devices, or you may
> need adapters.

Hate that, I got a Cyclades by accident, never more.

Lantronix is same pinout as cisco and everything else we use regularly.

> Lantronix still makes terminal servers? Huh. I designed their first
> ones over 20 years ago!

If that was LRS16 we still have some running

brandon

FYI - New ARIN Legacy Registration Services Agreement (LRSA 3.0) Posted

[John Curran]

Please note the availability of a revised Legacy RSA (version 3.0) from ARIN.
This version addresses several issues raised with past versions and hence
may be of particular interest to some folks in the region.

The accompanying FAQ has a summary of the more significant changes.

FYI,
/John

John Curran
President and CEO
ARIN

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] New Legacy Registration Services Agreement Posted
Date: January 30, 2012 2:05:55 PM EST
To: mailto:arin-annou...@arin.net>>

ARIN is pleased to announce the release of Version 3.0 of its Legacy
Registration Services Agreement ("LRSA"). On 4 November 2011 ARIN
concluded its consultation with the community with regards to the Legacy
Registration Services Agreement (LRSA) 3.0, the first fundamental
rewrite of the LRSA introduced in 2007. The revisions found in version
3.0 were based on the information and feedback obtained during the
execution of over 500 LRSAs as well as community feedback received
during the community consultation referenced above.

ARIN has simplified the LRSA language in order to more clearly identify
and describe the respective rights, duties and obligations of ARIN and
Legacy Holders. In addition, edits were made to narrow the differences
between our Registration Services Agreement (“RSA”) and our LRSA. These
changes also provide clarity with respect to conditions when ARIN will
seek resource utilization from the Legacy holder and conditions when
ARIN may revoke resources. Information regarding the differences between
LRSA 2.2 and LRSA 3.0 can be found along with additional details and
answers to many of the typical questions that ARIN receives about the
Legacy RSA in the Frequently Asked Questions (“FAQ”) at:

https://www.arin.net/resources/legacy/index.html#faq

The previous version of the LRSA, version 2.2, will remain on our
website for comparison and review for the next 90 days. Please feel free
to compare the two documents and observe the updates and modifications
that have been incorporated into LRSA 3.0.

To view Version 3.0 of the Legacy RSA, please visit:

https://www.arin.net/resources/agreements/legacy_rsa.pdf

Anyone needing further information about the LRSA can call the Financial
Services Help Desk at +1-703-227-9886 or send an email to bill...@arin.net.

Nothing in this announcement alters or otherwise modifies any terms of
the LRSA.

Regards,

Financial Services
American Registry for Internet Numbers (ARIN)

Re: Console Server Recommendation

[Leigh Porter]

On 30 Jan 2012, at 18:41, "Brent Jones"  wrote:

> Another +1 to Opengear
> Just buy the units that have the pinout for your devices, or you may need
> adapters.

And making them gets boring very quickly!

--
Leigh


__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__

RE: Console Server Recommendation

[George Bonser]

> -Original Message-
> From: -Hammer- 
> Sent: Monday, January 30, 2012 8:26 AM
> Subject: Re: Console Server Recommendation
> 
> Avocent Cyclades ACS. Enterprise class.
> 
> http://www.avocent.com/Products/Category/Serial_Appliances.aspx
> 
> -Hammer-

We're using some of those, no trouble with them to date.  

Re: Console Server Recommendation

[Michael Thomas]

Lantronix still makes terminal servers? Huh. I designed their first ones over 
20 years ago!

Mike

Dan White wrote:

+1 for the Lantronix SLC.

On 01/30/12 11:24 -0500, Paul Stewart wrote:

We really like Lantronix .. use them a lot.

Paul


-Original Message-
From: Ray Soucy [mailto:r...@maine.edu]
Sent: Monday, January 30, 2012 11:09 AM
To: NANOG
Subject: Console Server Recommendation

What are people using for console servers these days?  We've historically
used retired routers with ASYNC ports, but it's time for an upgrade.

OpenGear seems to have some nice stuff, anyone else?

--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

Re: Console Server Recommendation

[Gino]

+1 for Cyclades .. we've been using a few of these with a bunch 20-port
PDU strips (2 x 15A circuits) and they've worked out pretty well for us.

We did have some overheating issues with the PDU's though, but this was
fixed with an adjustment to the HVAC (CYCLADES-ACS-PM-MIB is your friend ;-)


-- 
Gino

PGP Info: http://1337.io/pgp

On 1/30/12 8:26 AM, -Hammer- wrote:
> Avocent Cyclades ACS. Enterprise class.
> 
> http://www.avocent.com/Products/Category/Serial_Appliances.aspx
> 
> -Hammer-
> 
> "I was a normal American nerd"
> -Jack Herer
> 
> 
> 
> On 1/30/2012 10:08 AM, Ray Soucy wrote:
>> What are people using for console servers these days?  We've
>> historically used retired routers with ASYNC ports, but it's time for
>> an upgrade.
>>
>> OpenGear seems to have some nice stuff, anyone else?
>>
> 

Re: Console Server Recommendation

[Brent Jones]

Another +1 to Opengear
Just buy the units that have the pinout for your devices, or you may need
adapters.

--
Brent Jones
br...@brentrjones.com



On Mon, Jan 30, 2012 at 9:40 AM, Asaf Rapoport wrote:

> I use Opengear more often now on smaller installs.. Works well and they
> have some neat add ons (Nagios, UPS monitoring etc)
>
> Asaf Rapoport
>
>
>
>
>
>
>
> On 1/30/12 9:31 AM, "Rafael Rodriguez"  wrote:
>
> >Opengear
> >
> >On Mon, Jan 30, 2012 at 11:08 AM, Ray Soucy  wrote:
> >
> >> What are people using for console servers these days?  We've
> >> historically used retired routers with ASYNC ports, but it's time for
> >> an upgrade.
> >>
> >> OpenGear seems to have some nice stuff, anyone else?
> >>
> >> --
> >> Ray Soucy
> >>
> >> Epic Communications Specialist
> >>
> >> Phone: +1 (207) 561-3526
> >>
> >> Networkmaine, a Unit of the University of Maine System
> >> http://www.networkmaine.net/
> >>
> >>
> >
>
>
>

RE: IP KVM suggestions

[Express Web Systems]

> I have a need for a small, portable, web based IP kvm with decent
> features that doesn't break the bank.  Preferably something that
> supports ISO mounting from http or ftp and USB connectivity.  Would
> also prefer something browser independent.  Small plugin like the
> Raritan devices would be acceptable too. It will be used internally for
> Remote access while building devices pre deployment to customers.  Any
> suggestions?
> 
> Thanks!
> 
> Blake

Lantronix Spider is a small, portable, affordable and web enabled IP KVM.
Supports ISO mounting and has USB connections.

http://www.lantronix.com/it-management/kvm-over-ip/securelinx-spider.html

It is a single server unit. So if you want to connect many servers at the
same time, it might not be the best option as the price quickly escalates.
However, if you buy one and just move it from server to server (which is
what I got from your email), then it is a pretty good fit. Java based web
interface, not the greatest, but it works.

For multiple server access from a single unit, look at the Dell 2161DS
(rebranded Avocent units) line. They are abundant on ebay, and relatively
inexpensive, and can expand to up to 128 servers (via add on PEM modules -
the unit has 16 ports and you connect a PEM to one of the ports and you can
connect up to 8 servers to the PEM 16 x 8 = 128). The 2161DS-2 also supports
ISO mounting when using USB dongles (the 2161DS does not). Java based client
software... Dell isn't supporting the 2161DS software any more apparently
and won't install natively on Windows 7, but the software can be installed
on an XP machine and then copied, this also works for linux, etc.

Tom Walsh

Re: IP KVM suggestions

[James Triplett]

> Thanks!
> 
> Blake


I have used dozens of these:  Opengear IP-KVM 1001.  It's a small, single box,
that handles one machine and costs about $300.  It has a lot of nice little
convenience features, like a second RJ-45 port so it doesn't use up a position
on the big switch.

Tried the Raritan, but it's way expensive, and it can't do forwarded ports
(you HAVE TO connect on 443; it that port is already in use, too bad).

(I'm not affiliated with OpenGear, an Aussie company so far as I know).

james

Re: Console Server Recommendation

[Asaf Rapoport]

I use Opengear more often now on smaller installs.. Works well and they
have some neat add ons (Nagios, UPS monitoring etc)

Asaf Rapoport
 






On 1/30/12 9:31 AM, "Rafael Rodriguez"  wrote:

>Opengear
>
>On Mon, Jan 30, 2012 at 11:08 AM, Ray Soucy  wrote:
>
>> What are people using for console servers these days?  We've
>> historically used retired routers with ASYNC ports, but it's time for
>> an upgrade.
>>
>> OpenGear seems to have some nice stuff, anyone else?
>>
>> --
>> Ray Soucy
>>
>> Epic Communications Specialist
>>
>> Phone: +1 (207) 561-3526
>>
>> Networkmaine, a Unit of the University of Maine System
>> http://www.networkmaine.net/
>>
>>
>

IP KVM suggestions

[Blake Pfankuch]

I have a need for a small, portable, web based IP kvm with decent features that 
doesn't break the bank.  Preferably something that supports ISO mounting from 
http or ftp and USB connectivity.  Would also prefer something browser 
independent.  Small plugin like the Raritan devices would be acceptable too. It 
will be used internally for Remote access while building devices pre deployment 
to customers.  Any suggestions?

Thanks!

Blake

Re: Console Server Recommendation

[Rafael Rodriguez]

Opengear

On Mon, Jan 30, 2012 at 11:08 AM, Ray Soucy  wrote:

> What are people using for console servers these days?  We've
> historically used retired routers with ASYNC ports, but it's time for
> an upgrade.
>
> OpenGear seems to have some nice stuff, anyone else?
>
> --
> Ray Soucy
>
> Epic Communications Specialist
>
> Phone: +1 (207) 561-3526
>
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/
>
>

Re: Console Server Recommendation

[PC]

Love the boxes.  Absolutely despise the ~50 mhz processor they put in them
that takes 10 seconds to negotiate SSH.



On Mon, Jan 30, 2012 at 9:26 AM, -Hammer-  wrote:

> Avocent Cyclades ACS. Enterprise class.
>
> http://www.avocent.com/**Products/Category/Serial_**Appliances.aspx
>
> -Hammer-
>
> "I was a normal American nerd"
> -Jack Herer
>
>
>
>
> On 1/30/2012 10:08 AM, Ray Soucy wrote:
>
>> What are people using for console servers these days?  We've
>> historically used retired routers with ASYNC ports, but it's time for
>> an upgrade.
>>
>> OpenGear seems to have some nice stuff, anyone else?
>>
>>
>

Re: Console Server Recommendation

[Ray Soucy]

Thanks, all.

On Mon, Jan 30, 2012 at 11:49 AM, Malte von dem Hagen  
wrote:
> Hi,
>
> leigh.por...@ukbroadband.com wrote on Mo, 2012-01-30 at 17:47+0100:
>>
>> On 30 Jan 2012, at 16:10, "Ray Soucy"  wrote:
>>
>>> What are people using for console servers these days?  We've
>>> historically used retired routers with ASYNC ports, but it's time for
>>> an upgrade.
>>>
>>> OpenGear seems to have some nice stuff, anyone else?
>>>
>>
>> +1 for OpenGear. I asked this same question about a year ago..
>
> +1 from me. Their boxes really rock. It just saved my life you can fully
> access the underlying linux as root (in my case to debug the mgetty on
> the box).
>
> Rgds,
>
> Malte
> --
> Malte von dem Hagen
> Head of Network Engineering & Operations
> ---
> Host Europe GmbH - http://www.hosteurope.de
> Welserstraße 14 - 51149 Köln - Germany
> Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
> HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
> Geschäftsführer: Patrick Pulvermüller, Thomas Vollrath
>
> (*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min.
> aus den dt. Mobilfunknetzen
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

Route Management Best Practices

[Joe Marr]

My network has grown large enough that maintaining my prefix announcements
to the rest of the world has become increasingly difficult.

I currently use static routes and tags on my edge routers to inject route
into BGP. The tags correspond to communities that reflect how the routes
are announced per region.

I would love to heat from others on how they handle this.

Re: Fiber outage in Miami

[Joe Marr]

I've yet to hear back from them on the reason for the outage and
explanation on why our "redundant" darkfiber pairs both were down.

On Sat, Jan 28, 2012 at 2:23 PM, Jason LeBlanc  wrote:

> We got the same RFO.  BS.
>
>
> On 01/28/2012 01:36 PM, Randy Epstein wrote:
>
>> Anyone has seen on gotten a  RFA  or a deeper explanation of what
>>> happened from them ?
>>>
>>>
>>> Faisal Imtiaz
>>> Snappy Internet&   Telecom
>>> 7266 SW 48 Street
>>> Miami, Fl 33155
>>> Tel: 305 663 5518 x 232
>>> Helpdesk: 305 663 5518 option 2 Email: supp...@snappydsl.net
>>>
>> Yes.  They blamed/burned the local crew and suggested that they fired
>> them.  Yes, they put this in the RFO.  I have it, but I'm having legal
>> determine if it can be made public record.
>>
>> Randy
>>
>>
>>
>>
>

Re: Console Server Recommendation

[Malte von dem Hagen]

Hi,

leigh.por...@ukbroadband.com wrote on Mo, 2012-01-30 at 17:47+0100:
> 
> On 30 Jan 2012, at 16:10, "Ray Soucy"  wrote:
> 
>> What are people using for console servers these days?  We've
>> historically used retired routers with ASYNC ports, but it's time for
>> an upgrade.
>>
>> OpenGear seems to have some nice stuff, anyone else?
>>
> 
> +1 for OpenGear. I asked this same question about a year ago..

+1 from me. Their boxes really rock. It just saved my life you can fully
access the underlying linux as root (in my case to debug the mgetty on
the box).

Rgds,

Malte
-- 
Malte von dem Hagen
Head of Network Engineering & Operations
---
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer: Patrick Pulvermüller, Thomas Vollrath

(*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min.
aus den dt. Mobilfunknetzen



signature.asc
Description: OpenPGP digital signature

Re: Console Server Recommendation

[Ian Goodall]

On 30/01/2012 16:08, "Ray Soucy"  wrote:

>OpenGear seems to have some nice stuff, anyone else?

+1 for OpenGear. They come in a range of port densities, AC or DC power,
various OOB options and were significantly cheaper than the Avocet
alternatives. I have used the IM4200 in larger sites and also ACM5000 and
CM4000 in small POPs without issue.

Ian

Re: Console Server Recommendation

[Leigh Porter]

On 30 Jan 2012, at 16:10, "Ray Soucy"  wrote:

> What are people using for console servers these days?  We've
> historically used retired routers with ASYNC ports, but it's time for
> an upgrade.
> 
> OpenGear seems to have some nice stuff, anyone else?
> 

+1 for OpenGear. I asked this same question about a year ago..

-- 
Leigh


__
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
__

Re: Console Server Recommendation

[Dan White]

+1 for the Lantronix SLC.

On 01/30/12 11:24 -0500, Paul Stewart wrote:

We really like Lantronix .. use them a lot.

Paul


-Original Message-
From: Ray Soucy [mailto:r...@maine.edu]
Sent: Monday, January 30, 2012 11:09 AM
To: NANOG
Subject: Console Server Recommendation

What are people using for console servers these days?  We've historically
used retired routers with ASYNC ports, but it's time for an upgrade.

OpenGear seems to have some nice stuff, anyone else?

--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

Re: Console Server Recommendation

[-Hammer-]

Avocent Cyclades ACS. Enterprise class.

http://www.avocent.com/Products/Category/Serial_Appliances.aspx

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 1/30/2012 10:08 AM, Ray Soucy wrote:

What are people using for console servers these days?  We've
historically used retired routers with ASYNC ports, but it's time for
an upgrade.

OpenGear seems to have some nice stuff, anyone else?

RE: Console Server Recommendation

[Jensen Tyler]

+1 Opengear

Jensen Tyler
Sr Engineering Manager
Fiberutilities Group, LLC
(319) 297-6915 (office) *NEW
(319) 364-8100 (fax)
(319) 329-8578 (mobile)


-Original Message-
From: Ray Soucy [mailto:r...@maine.edu] 
Sent: Monday, January 30, 2012 10:09 AM
To: NANOG
Subject: Console Server Recommendation

What are people using for console servers these days?  We've
historically used retired routers with ASYNC ports, but it's time for
an upgrade.

OpenGear seems to have some nice stuff, anyone else?

-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

RE: Console Server Recommendation

[Paul Stewart]

We really like Lantronix .. use them a lot.

Paul


-Original Message-
From: Ray Soucy [mailto:r...@maine.edu] 
Sent: Monday, January 30, 2012 11:09 AM
To: NANOG
Subject: Console Server Recommendation

What are people using for console servers these days?  We've historically
used retired routers with ASYNC ports, but it's time for an upgrade.

OpenGear seems to have some nice stuff, anyone else?

--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

Re: Console Server Recommendation

[Tim Jackson]

On Mon, Jan 30, 2012 at 10:16 AM, Matthew Huff  wrote:
> We use MRV, and are very happy with them:
>
> http://www.mrv.com/oobn/console-servers/

At least someone is.. We couldn't keep their -48vdc products from
dying every few months requiring a manual reboot, or hardware
replacement.

Outside of that, they did a few things nobody else seemed to do, but
they had a few drawbacks such as pppd not supporting classless on
inbound dial-in connections (hopefully that's fixed now).

--
Tim

Re: Console Server Recommendation

[Pierre-Yves Maunier]

2012/1/30 Ray Soucy 

> What are people using for console servers these days?  We've
> historically used retired routers with ASYNC ports, but it's time for
> an upgrade.
>
> OpenGear seems to have some nice stuff, anyone else?
>
> --
> Ray Soucy
>
>
We're using opengear CM4116 to have a remote console access to all our
routers, switches and wdm transponders. They work well and do the job.
Avocent is also another player you might consider with their ACS series.

I don't know much about the others.
-- 
Pierre-Yves Maunier

RE: Console Server Recommendation

[Matthew Huff]

We use MRV, and are very happy with them:

http://www.mrv.com/oobn/console-servers/




Matthew Huff | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC   | Phone: 914-460-4039
aim: matthewbhuff    | Fax:   914-460-4139


> -Original Message-
> From: Ray Soucy [mailto:r...@maine.edu]
> Sent: Monday, January 30, 2012 11:09 AM
> To: NANOG
> Subject: Console Server Recommendation
> 
> What are people using for console servers these days?  We've
> historically used retired routers with ASYNC ports, but it's time for
> an upgrade.
> 
> OpenGear seems to have some nice stuff, anyone else?
> 
> --
> Ray Soucy
> 
> Epic Communications Specialist
> 
> Phone: +1 (207) 561-3526
> 
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/

Console Server Recommendation

[Ray Soucy]

What are people using for console servers these days?  We've
historically used retired routers with ASYNC ports, but it's time for
an upgrade.

OpenGear seems to have some nice stuff, anyone else?

-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

Re: US DOJ victim letter

[Matthew S. Crocker]

- Original Message -
> From: "Jack Bates" 
> To: "Jon Lewis" 
> Cc: nanog@nanog.org
> Sent: Monday, January 30, 2012 10:54:02 AM
> Subject: Re: US DOJ victim letter
> 
> On 1/27/2012 2:23 PM, Jon Lewis wrote:
> >
> > It's definitely real, but seems like they're handling it as
> > incompetently as possible. We got numerous copies to the same email
> > address, the logins didn't work initially. The phone numbers given
> > are
> > of questionable utility. Virtually no useful information was
> > provided.
> > My attitude at this point is, ignore it until they provide some
> > useful
> > information.
> >
> 
> We finally got the hard copy. No customer IP listed, just our
> recursive
> resolvers, both for the customers as well as the ones that handle the
> MX
> servers.
> 
> All that waiting and work for apparently nothing. I'm going to guess
> that my bind servers aren't malware infected (outside of being bind
> j/king).
> 

Same here,  The hard copy came the other day with the access codes to download 
the IP list.  Every IP on the list was for a resolving DNS server on our IP 
space.  Total waste of time.

Re: US DOJ victim letter

[Jack Bates]

On 1/27/2012 2:23 PM, Jon Lewis wrote:


It's definitely real, but seems like they're handling it as
incompetently as possible. We got numerous copies to the same email
address, the logins didn't work initially. The phone numbers given are
of questionable utility. Virtually no useful information was provided.
My attitude at this point is, ignore it until they provide some useful
information.



We finally got the hard copy. No customer IP listed, just our recursive 
resolvers, both for the customers as well as the ones that handle the MX 
servers.


All that waiting and work for apparently nothing. I'm going to guess 
that my bind servers aren't malware infected (outside of being bind 
j/king).



Jack

SV: 10G switchrecommendaton

[Andreas Larsen]

I would check out Extremes x670-48v they are very very affordable and have very 
low latency, We just bought a couple of them, And they do 40G module cards also.

// Andreas

-Ursprungligt meddelande-
Från: Deric Kwok [mailto:deric.kwok2...@gmail.com] 
Skickat: den 26 januari 2012 21:21
Till: nanog list
Ämne: 10G switchrecommendaton

Hi all

I would like to have 10G switchrecommendaton Ipref software can test around 
9.2G but we can have congestion over 6G in single port!

Thank you

Re: 10G switchrecommendaton

[Rodrick Brown]

On Jan 29, 2012, at 5:27 PM, Joe Provo  wrote:

> On Sun, Jan 29, 2012 at 08:02:28PM -0200, Alvaro Pereira wrote:
>> And note that the Juniper EX2500 does not run JUNOS, it is just an OEM box
>> from someone else...
> 
> Blade Networks, now IBM.

If I remember correctly I believe Blade Networks licenses the same fulcrum 
ASIC's as the Arista's.

>> 
>> Alvaro
>> 
>> On Fri, Jan 27, 2012 at 10:23, Tim Vollebregt  wrote:
>> 
>>> 2,5MB shared approximately.
>>> 
>>> Aggregating 10G with microbursts is definately a no-go on such box.
>>> 
>>> -Tim
>>> 
>>> 
>>> On 27-01-12 12:33, James Braunegg wrote:
>>> 
 How small is the buffer on the EX4500 ??
 
 Kindest Regards
 
 James Braunegg
 W:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
 E:   james.braun...@micron21.com  |  ABN:  12 109 977 666
 
 
 This message is intended for the addressee named above. It may contain
 privileged or confidential information. If you are not the intended
 recipient of this message you must not use, copy, distribute or disclose it
 to anyone other than the addressee. If you have received this message in
 error please return the message to the sender by replying to it and then
 delete the message from your computer.
 
 
 -Original Message-
 From: Tim Vollebregt [mailto:t...@interworx.nl]
 Sent: Friday, January 27, 2012 8:35 PM
 To: nanog@nanog.org
 Subject: Re: 10G switchrecommendaton
 
 I would not recommend EX4500 as an 10G aggregator switch, it has really
 small buffers.
 
 EX3300 as TOR
 EX82** as 10G aggregator
 
 -Tim
 
 On 26-01-12 22:13, Raul Rodriguez wrote:
 
> Juniper EX4500.
> 
> -RR
> 
> On 1/26/12, Deric Kwok   wrote:
> 
>> Hi all
>> 
>> I would like to have 10G switchrecommendaton Ipref software can test
>> around 9.2G but we can have congestion over 6G in single port!
>> 
>> Thank you
>> 
>> 
>> 
>>> 
> 
> -- 
> RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NewNOG
> 

Re: 10G switchrecommendaton

[Piotr Salwerowicz]

W dniu 2012-01-27 09:32, Erik Bais pisze:

We have a full purple network, so my answer for this would be Extreme Networks.

We have a few Black Diamond 8800. There is big problem with microburst, 
congestion. There is only 4MB buffers per slot allocated dynamicly. 
Extreme support said: make LAG or buy another switch. Maybe this switch 
will be ok as access but not core or aggregaitng.



regards
Piotr