Re: Simple/best tool to verify PMTUD?
Hi, On Dec 18, 2012, at 7:59 PM, Christopher J. Pilkington c...@0x1.net wrote: I'm looking for a simple tool to verify PMTUD is usable along a particular path. Ideally this tool would be cross-platform, or run on Linux or Windows. I've done some testing of my own by hand, but hoping a tool would help the admin on the other side be able to test for themselves. Scamper is a really cool tool, look at this example: job@Alice:~$ sudo scamper -c 'trace -P UDP-paris -M' -i 8.8.4.4 2001:67c:208c:10::1 traceroute from 2a02:d28:666::69 to 2001:67c:208c:10::1 1 2a02:d28:666::1 0.247 ms [mtu: 1500] 2 2a02:d28:5580:666::a 1.085 ms [mtu: 1500] 3 2a02:d28:5580:1::31 7.141 ms [mtu: 1500] 4 2a02:d28:5580:1::21 6.588 ms [mtu: 1500] 5 2a02:d28:5580::1:411 6.815 ms [mtu: 1500] 6 2001:7f8:1::a501:2414:2 7.612 ms [mtu: 1500] 7 2001:9e0:0:2::2 9.793 ms [mtu: 1500] 8 2001:9e0:0:3::2 8.277 ms [mtu: 1500] 9 2001:9e0:0:9::2 8.851 ms [mtu: 1500] 10 2001:9e0:411:1::10 9.015 ms [mtu: 1500] 11 2001:67c:208c:10::1 20.220 ms [mtu: 1464] traceroute from 78.152.42.69 to 8.8.4.4 1 78.152.42.65 0.230 ms [mtu: 1500] 2 78.152.42.1 0.253 ms [mtu: 1500] 3 78.152.44.89 6.693 ms [mtu: 1500] 4 78.152.34.14 6.906 ms [mtu: 1500] 5 78.152.44.95 6.705 ms [mtu: 1500] 6 195.69.144.247 7.207 ms [mtu: 1500] 7 209.85.248.116 7.183 ms [mtu: 1500] 8 209.85.255.60 7.416 ms [mtu: 1500] 9 216.239.49.28 12.922 ms [mtu: 1500] 10 * 11 8.8.4.4 10.481 ms [mtu: 1500] job@Alice:~$ Kind regards, Job
Re: btw, the itu imploded
Bill Woodcock wo...@pch.net wrote: The main unfortunate outcome is that the ITU has managed to get Study Group 3 approved to try to figure out how to override peering agreements with government-imposed settlements. Do you have any citations for that? I thought they had given up on trying to interfere with Internet peering and settlement. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
Validation of FCS
Hi all, I'm trying to confirm (or debunk) my current understanding of FCS errors. An FCS error is a layer 2 error. In Ethernet spake, the 4 bytes of FCS data within each Ethernet frame is validated by a CRC check, which is done by the device receiving said frame. If the CRC check fails, an FCS error is reported by that receiving device. If that understanding is true and presuming a circuit was made up of many layer 2 devices between the A and Z side of said circuit, it would be impossible for a CRC error somewhere along the path of that circuit to register on the receiving device of either the A or Z side. Perhaps in simpler terms, a CRC error is a localized thing and would never be forwarded from one device to another. Is that fair and/or accurate? Thanks in advance.
Re: Validation of FCS
On (2012-12-19 09:53 -0500), Jason Lixfeld wrote: Perhaps in simpler terms, a CRC error is a localized thing and would never be forwarded from one device to another. It would be forwarded in cut-through switching. -- ++ytti
Re: Validation of FCS
On 2012-12-19, at 10:02 AM, Saku Ytti s...@ytti.fi wrote: On (2012-12-19 09:53 -0500), Jason Lixfeld wrote: Perhaps in simpler terms, a CRC error is a localized thing and would never be forwarded from one device to another. It would be forwarded in cut-through switching. ... until the bad frame reached the first store-and-forward switch (or most any router) which would log the FCS error, correct?
Re: btw, the itu imploded
On 19/12/2012 14:25, Tony Finch wrote: Do you have any citations for that? I thought they had given up on trying to interfere with Internet peering and settlement. http://www.itu.int/net/ITU-T/lists/questions.aspx?Group=03Period=15 ETNO is very keen on introducing sending-party-pays, and recently brought out an opinion piece on their intentions to bring this idea forward at the ITU: http://www.etno.eu/datas/itu-matters/etno-ip-interconnection.pdf ETNO has introduced its views in Contribution C 109 submitted to the last meeting of the ITU Council Working Group to prepare for 2012 WCIT. ETNO’s proposal concerns: [...] ‐ the economic background, advocating for an adequate return on investment based, where appropriate, on the principle of sending party network pays; The Body of European Regulators for Electronic Communications (i.e. the representative body of all the EU national comms regulators) came out with the following statement: http://berec.europa.eu/files/document_register_store/2012/11/BoR(12)120rev.1_BEREC_Statement_on_ITR_2012.11.14.pdf ... where they noted among other things: ETNO’s proposed end-to-end SPNP approach to data transmission is totally antagonistic to the decentralised efficient routing approach to data transmission of the Internet. It's pretty unusual to get language this strong from a regulatory body. Nick
Re: btw, the itu imploded
Nick Hilliard n...@foobar.org wrote: On 19/12/2012 14:25, Tony Finch wrote: Do you have any citations for that? I thought they had given up on trying to interfere with Internet peering and settlement. http://www.itu.int/net/ITU-T/lists/questions.aspx?Group=03Period=15 Looks vaguely ominous. Do they have a document which gives their definition of international telecommunications services and NGNs? Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first.
Re: btw, the itu imploded
On 19/12/2012 15:17, Tony Finch wrote: Nick Hilliard n...@foobar.org wrote: On 19/12/2012 14:25, Tony Finch wrote: Do you have any citations for that? I thought they had given up on trying to interfere with Internet peering and settlement. http://www.itu.int/net/ITU-T/lists/questions.aspx?Group=03Period=15 Looks vaguely ominous. Do they have a document which gives their definition of international telecommunications services and NGNs? dunno - they look intentionally vague to me. Nick
Re: Validation of FCS
... until the bad frame reached the first store-and-forward switch (or most any router) which would log the FCS error, correct? Log and drop yes. cut-through would log it also, but it would be too late to drop it. -- ++ytti
Check Point Firewall Appliances
Howdy, I am just getting into an environment with a large Check Point deployment and I am looking for a little bit of feedback from other real world admins. Looking for what people like, what people don't (why hopefully). Also for those of you who might run Check Point devices in your environments what to dig into first as far as getting more experience on the devices and a better understanding of how not to break them. I am slowly going through all of the official documentation, but would also like to hear a real world opinion. Thanks in advance! Blake
RE: Check Point Firewall Appliances
Watch out for licensing gotchyas. In active/active ClusterXL situations (load sharing multicast mode) be careful of multicast--make sure any traversed switches and routers are compatible with Ethernet Multicast (make sure they don't partition ports due to high broadcast traffic). Active/Active clustering can also make troubleshooting a pain--which unit has state for which flow, etc.. Also, minimize lag time between State Synchronization nodes or suffer myriad hard to isolate problems. I advise you to minimize the number of cluster nodes per vlan or you will effectively DOS your attached network--think broadcast storms. If you use unicast active/active clusterxl, you can run into pivot problems. They are great firewalls, but like all systems they have their opportunities. --Patrick Darden -Original Message- From: Blake Pfankuch [mailto:bl...@pfankuch.me] Sent: Wednesday, December 19, 2012 2:36 PM To: NANOG (nanog@nanog.org) Subject: Check Point Firewall Appliances Howdy, I am just getting into an environment with a large Check Point deployment and I am looking for a little bit of feedback from other real world admins. Looking for what people like, what people don't (why hopefully). Also for those of you who might run Check Point devices in your environments what to dig into first as far as getting more experience on the devices and a better understanding of how not to break them. I am slowly going through all of the official documentation, but would also like to hear a real world opinion. Thanks in advance! Blake
Google contact
Can someone from GOOG contact me off-list. After many submissions to have my corp IP space fixed for geolocation, I'm at wits end looking at British news, finding British searches, knowing more about the UK then the US than I care to. Makes for difficult GHDB'ing when searching as well. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM Where ignorance is our master, there is no possibility of real peace - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x2BF7D83F210A95AF
Re: btw, the itu imploded
You can look at the final outcome yourself (no password needed), at http://www.itu.int/en/wcit-12/Documents/final-acts-wcit-12.pdf RESOLUTION PLEN/5 on page 27 (by PDF count, out of 30 pages) describes work to be done by Study Group 3 and cooperating members. Note that the resolution is not part of the preceding treaty text. On 19/12/2012 9:25 AM, Tony Finch wrote: Bill Woodcock wo...@pch.net wrote: The main unfortunate outcome is that the ITU has managed to get Study Group 3 approved to try to figure out how to override peering agreements with government-imposed settlements. Do you have any citations for that? I thought they had given up on trying to interfere with Internet peering and settlement. Tony.
Re: Simple/best tool to verify PMTUD?
On Dec 19, 2012, at 3:59 AM, Christopher J. Pilkington c...@0x1.net wrote: I'm looking for a simple tool to verify PMTUD is usable along a particular path. Ideally this tool would be cross-platform, or run on Linux or Windows. I've done some testing of my own by hand, but hoping a tool would help the admin on the other side be able to test for themselves. tracepath rocks. mehmet
Re: Google contact
On Wed, 19 Dec 2012, J. Oquendo wrote: Can someone from GOOG contact me off-list. After many submissions to have my corp IP space fixed for geolocation, I'm at wits end looking at British news, finding British searches, knowing more about the UK then the US than I care to. Makes for difficult GHDB'ing when searching as well. Odd responding to my own message. Yes, Maxmind, Neustar and everyone else I can think of sees my space just fine minus Google. (Before someone wastes time telling me to go there) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM Where ignorance is our master, there is no possibility of real peace - Dalai Lama 42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x2BF7D83F210A95AF
Need a Yahoo network contact
I need a Yahoo contact if anyone is available. I'm having issues with customers on 186.65.92.0/22 (ASN52379) out of Costa Rica being able to reach Yahoo sites (www.yahoo.com/www.flickr.com) with their web browsers, but they can ping them just fine. Thanks- joe This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
Re: Need a Yahoo network contact
On Dec 19, 2012, at 8:46 PM, Joe Freeman joe.free...@terenine.com wrote: I need a Yahoo contact if anyone is available. I'm having issues with customers on 186.65.92.0/22 (ASN52379) out of Costa Rica being able to reach Yahoo sites (www.yahoo.com/www.flickr.com) with their web browsers, but they can ping them just fine. Sounds like MTU is borked up somewhere. Do you have the same issue with http://www.msn.com/ ? Kind regards, Job
RE: Need a Yahoo network contact
I'll have to check tonight when I get my next window to play with it. -Original Message- From: Job Snijders [mailto:j...@instituut.net] Sent: Wednesday, December 19, 2012 5:40 PM To: Joe Freeman Cc: nanog@nanog.org Subject: Re: Need a Yahoo network contact On Dec 19, 2012, at 8:46 PM, Joe Freeman joe.free...@terenine.com wrote: I need a Yahoo contact if anyone is available. I'm having issues with customers on 186.65.92.0/22 (ASN52379) out of Costa Rica being able to reach Yahoo sites (www.yahoo.com/www.flickr.com) with their web browsers, but they can ping them just fine. Sounds like MTU is borked up somewhere. Do you have the same issue with http://www.msn.com/ ? Kind regards, Job
Re: IP Address Management IPAM software for small ISP
+1 for ipplan http://iptrack.sourceforge.net/ -Ed On Thu, Dec 13, 2012 at 4:10 AM, Aftab Siddiqui aftab.siddi...@gmail.com wrote: Kindly search the archives for many threads on the same subject, which should be the normal practice. nevertheless, IPPlan, PHPIP, PHPIPAM are good enough as per the need. The first one I assume should serve your purpose for both v4 and v6. Regards, Aftab A. Siddiqui On Thu, Dec 13, 2012 at 6:22 AM, Eric A Louie elo...@yahoo.com wrote: I'm looking for IPAM solutions for a small regional wireless ISP. There are 4 Tier 2 personnel and 2 NOC technicians who would be using the tool, and a small staff of engineers. They have regionalized IP addresses so blocks are local, but there are subnets that are global. don't care if it's a linux or windows solution. Need to be able to migrate from FreeIPdb (yes, I know, it's a dinosaur) We're not dealing with a lot now, but the potential for growth is pretty high. What are you using and how is it working for you? Much appreciated, Eric -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
RE: IP Address Management IPAM software for small ISP
I actually was doing research on this today as well. Anyone have any experience with the solutions that implement VLAN management as well like Gestioip? -Original Message- From: Beavis [mailto:pfu...@gmail.com] Sent: Wednesday, December 19, 2012 8:10 PM To: Aftab Siddiqui Cc: NANOG Operators' Group Subject: Re: IP Address Management IPAM software for small ISP +1 for ipplan http://iptrack.sourceforge.net/ -Ed On Thu, Dec 13, 2012 at 4:10 AM, Aftab Siddiqui aftab.siddi...@gmail.com wrote: Kindly search the archives for many threads on the same subject, which should be the normal practice. nevertheless, IPPlan, PHPIP, PHPIPAM are good enough as per the need. The first one I assume should serve your purpose for both v4 and v6. Regards, Aftab A. Siddiqui On Thu, Dec 13, 2012 at 6:22 AM, Eric A Louie elo...@yahoo.com wrote: I'm looking for IPAM solutions for a small regional wireless ISP. There are 4 Tier 2 personnel and 2 NOC technicians who would be using the tool, and a small staff of engineers. They have regionalized IP addresses so blocks are local, but there are subnets that are global. don't care if it's a linux or windows solution. Need to be able to migrate from FreeIPdb (yes, I know, it's a dinosaur) We're not dealing with a lot now, but the potential for growth is pretty high. What are you using and how is it working for you? Much appreciated, Eric -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: IP Address Management IPAM software for small ISP
On (2012-12-20 03:24 +), Blake Pfankuch wrote: I actually was doing research on this today as well. Anyone have any experience with the solutions that implement VLAN management as well like Gestioip? I'm not remotely interested in externally developed software for this problem. But it's fair question. Generally this tool should not be IP or VLAN based but generic resource reservation tool, IP, VLAN, RD, RT, VPLS-ID, site-id, pseudowireID what have you. For me, humans would not do much directly with the tool. They'd give it large chunk of resource. Then maybe mine it to pools like 'coreLink', 'coreLoop', 'custLink', 'custLAN' etc. Then in your provisioning tools, you'd request resource from specific pool via restful API. Humand would never manually write RD/RT/IP/VLAN in the tool or in the configs. And this type of system is vastly simpler than the IPAMs I see listed, once you get rid of all the UI candy, it gets rather easy problem to solve. -- ++ytti
