Re: Meraki

2013-11-21 Thread Seth Mos

Op 22 nov 2013, om 06:37 heeft Jay Ashworth het volgende geschreven:

> - Original Message -
> Anecdote:
> 
> My local IHOP finally managed to get Wifi internet access in the restaurant.
> 
> For reasons unknown to me, it's a Meraki box, backhauled *over T-mobile*.
> 
> That's just as unpleasant as you'd think it would be, And More!
> 
> Both the wifi and 3G (yes, 3G) boxes lock up on a fairly regular basis, 
> requiring a power cycle, which, generally, they'll only do because I've
> been eating there for 20 years, and they trust me when I ask them to.
> 
> I can't say whether this provides any illumination on the rest of their
> product line, but...

To compound matters, i'd go as far as to say that any wireless solution on 
2.4Ghz isn't really a wireless solution. It's just not feasible anymore in 
2013, there is just *so much* interference from everything using the unlicensed 
2.4Ghz band that it's own success is it's greatest downfall.

Reliable wireless isn't (to use the famous war quote "friendly fire isn't")

For whatever reasons, whomever I talk to they all tell me that  
sucks, and if I ask further if they are using the wireless thingamabob that the 
ISP shipped them, they says yes. So, that's about right then.

I've been using a PCengines.ch Alix router for years now (AMD Geode, x86, 256MB 
ram, CF) with a cable modem in bridge mode with seperate dual band access 
points in the places where I need them (living room, attic office) and I can't 
say that my experiences with the  mesh with theirs.

Anyhow, if you are going to deploy wireless, make sure to use dual band, and 
name the 2.4Ghz SSID "internet" and the 5Ghz SSID "faster-internet". You'll see 
people having a heck of a better time. Social engineering works :)

When we chose the Ubiquity wireless kit we could deploy twice as many APs for 
the same price of one of the other APs. This effectively means we have a very 
dense wireless network that covers the entire building, and lot's of kit that 
can actually see and use the 5Ghz band.

Setup was super easy, I added a unifi DNS name that points to my unifi 
controller host and I get a email that a new AP is ready to be put into 
service. Having a local management host instead of some cloud was a hard 
requirement. I also like that I can just "apt-get update; apt-get upgrade" the 
software. By using DNS remote deployment was super easy too, send the unit off 
and let them plug it in, it then comes onto the network and registers itself.

I believe every current Apple iDevice currently supports the 5Ghz band, and all 
the Dell gear we purchase also comes ordered with it. Heck, even my 2011 Sony 
Xperia T has 5Ghz wireless now, as do the current Samsung Galaxy S3, S4

Best regards,

Seth


Re: Meraki

2013-11-21 Thread Jay Ashworth
- Original Message -
> From: "Hank Disuko" 

> I'm considering Cisco's Meraki platform for my access layer and I'm
> looking for deployment stories of folks that have deployed Meraki in
> the past...good/bad/ugly kinda stuff.
> 
> I know Meraki hardcores were upset when Cisco acquired them, but not
> exactly sure why.

Anecdote:

My local IHOP finally managed to get Wifi internet access in the restaurant.

For reasons unknown to me, it's a Meraki box, backhauled *over T-mobile*.

That's just as unpleasant as you'd think it would be, And More!

Both the wifi and 3G (yes, 3G) boxes lock up on a fairly regular basis, 
requiring a power cycle, which, generally, they'll only do because I've
been eating there for 20 years, and they trust me when I ask them to.

I can't say whether this provides any illumination on the rest of their
product line, but...

Cheers,
-- jra
-- 
Make Election Day a federal holiday: http://wh.gov/lBm94  100k sigs by 12/14

Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274



Re: NAT64 and matching identities

2013-11-21 Thread Andrew Yourtchenko
It was a stale DNS entry. Now fixed (modulo TTLs and such), thanks.

That said, your  troubleshooting was troubleshooting a different
problem, not your browser's inability to retrieve the page. The way
the browser sends the request is something like this (note the HTTP
version and the host header):

ayourtch@mcmini:~$ telnet -6 6lab.cisco.com 80
Trying 2001:420:4420:101:0:c:15c0:4664...
Connected to 6lab.cisco.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: 6lab.cisco.com

HTTP/1.1 302 Found
Date: Thu, 21 Nov 2013 19:38:31 GMT
Server: Apache/2.2.16 (Debian)
X-Frame-Options: SAMEORIGIN
Location: http://6lab.cisco.com/index.php
Cache-Control: max-age=1
Expires: Thu, 21 Nov 2013 19:38:32 GMT
Vary: Accept-Encoding
Content-Length: 295
Content-Type: text/html; charset=iso-8859-1



302 Found

Found
The document has moved http://6lab.cisco.com/index.php";>here.

Apache/2.2.16 (Debian) Server at 6lab.cisco.com Port 80



Anyway, the fact that you were still able to retrieve the original
reply with a redirect, makes me think that there could be a PMTUD
problem somewhere inbetween 6lab and yourself for retrieving the
larger content ...

If you tell your client address I will be able to test this theory. Or
you can quickly tweak your local interface value to 1280 and if that
works, then tell me your client address so i could debug from the
other side.

--a

On 11/21/13, Matthew Petach  wrote:
> On Wed, Nov 20, 2013 at 1:30 PM, Gary E. Miller  wrote:
>
>> Yo Lee!
>>
>> On Wed, 20 Nov 2013 16:14:47 -0500
>> Lee Howard  wrote:
>>
>> > >There is obviously a long tail of ip4 destinations, but nearly all
>> > >of 500 of the Alexa global 500 have ip6 listeners,
>> >
>> > Do you have a data source for that?  I see no indication of IPv6
>> > listeners on 85% of the top sites.
>>
>> A slightly different metric, 44% of USA content available on IPv6:
>>
>> http://6lab.cisco.com/stats/
>>
>
>
> I'm puzzled; I have native v6 connectivity
> to 6lab.cisco.com according to traceroute6
> output, and  yet the page says I'm connecting
> to it via IPv4.  :(
> So, I did some poking; it seems 6lab.cisco.com
> doesn't have working IPv6 for their stats system,
> which makes me wonder how accurate the data
> from it is likely to be:
>
> mpetach@mintyHP:~> telnet -6 6lab.cisco.com 80
> Trying 2001:420:4420:101:0:c:15c0:4664...
> Connected to 6lab.cisco.com.
> Escape character is '^]'.
> GET / HTTP/1.0
>
> HTTP/1.1 302 Found
> Date: Thu, 21 Nov 2013 19:03:29 GMT
> Server: Apache/2.2.16 (Debian)
> Location: http://6lab-stats.com/index.php
> Cache-Control: max-age=1
> Expires: Thu, 21 Nov 2013 19:03:30 GMT
> Vary: Accept-Encoding
> Content-Length: 295
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
> 
> 
> 302 Found
> 
> Found
> The document has moved http://6lab-stats.com/index.php
> ">here.
> 
> Apache/2.2.16 (Debian) Server at 6lab-stats.com Port 80
> 
> Connection closed by foreign host.
> mpetach@mintyHP:~> telnet -6 6lab-stats.com 80
> Trying 2001:420:81:101:0:c:15c0:4664...
> telnet: Unable to connect to remote host: Connection timed out
> mpetach@mintyHP:~>
> mpetach@mintyHP:~> ping6 6lab-stats.com
> PING 6lab-stats.com(2001:420:81:101:0:c:15c0:4664) 56 data bytes
> ^C
> --- 6lab-stats.com ping statistics ---
> 10 packets transmitted, 0 received, 100% packet loss, time 9071ms
>
> mpetach@mintyHP:~>
>
>
>
>
>
>> RGDS
>> GARY
>> ---
>> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
>> g...@rellim.com  Tel:+1(541)382-8588
>>
>



rogers.ca contact

2013-11-21 Thread Dennis Burgess
Got an issue where rogers SWIPed blocks to my customer in prep for BGP
peering and advertising, but at the last minute (right before we are to
set it up) rogers is saying that we can't advertise it, as they
advertise a larger block and that if we advertised it out our other
provider it would be considered route hijacking and they would turn OFF
the IPs though their network?

 

Off-list is fine !  

 

 

Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS-
Second Edition  "

 Link Technologies, Inc -- Mikrotik & WISP Support Services

 Office: 314-735-0270   Website:
http://www.linktechs.net   - Skype: linktechs


 -- Create Wireless Coverage's with www.towercoverage.com
  - 900Mhz - LTE - 3G - 3.65 - TV
Whitespace  

 



ATT Network Security/Mail Admin Team

2013-11-21 Thread Chris Watts
Hello NANOG,

Sorry for the spam, trying to resolve a large issue with AT&T blacklisting
my employer (We are a large, well known web security company). Attempts to
resolve via the normal channels have failed for the last couple hours and
this issue is impacting thousands of AT&T customers and thousands of our
own. Emails to my account reps, n...@att.com, net...@att.com and tickets go
un-responded too. MIS Helpdesk states they have no way to contact the admin
team in charge of listings.

Would appreciate a off-list contact.

Thanks!
-Chris


Issues with Multiple T1's - southwest US

2013-11-21 Thread Khurram Khan
Hi All,

Does anyone know if there are any carrier issues up in Colorado (West Colorado) 
and New Mexico that would cause a bunch of T1's to go down. We've got a lot of 
T1's through Level3 and Cenutrylink in that particular area that are impacted. 
Trying to get a ticket opened through our NOC but the response is slow at the 
moment.

If someone is experiencing a similar issue any input would be appreciated.

thank you in advance,

khurram


signature.asc
Description: Message signed with OpenPGP using GPGMail


Re: NAT64 and matching identities

2013-11-21 Thread Matthew Petach
On Wed, Nov 20, 2013 at 1:30 PM, Gary E. Miller  wrote:

> Yo Lee!
>
> On Wed, 20 Nov 2013 16:14:47 -0500
> Lee Howard  wrote:
>
> > >There is obviously a long tail of ip4 destinations, but nearly all
> > >of 500 of the Alexa global 500 have ip6 listeners,
> >
> > Do you have a data source for that?  I see no indication of IPv6
> > listeners on 85% of the top sites.
>
> A slightly different metric, 44% of USA content available on IPv6:
>
> http://6lab.cisco.com/stats/
>


I'm puzzled; I have native v6 connectivity
to 6lab.cisco.com according to traceroute6
output, and  yet the page says I'm connecting
to it via IPv4.  :(
So, I did some poking; it seems 6lab.cisco.com
doesn't have working IPv6 for their stats system,
which makes me wonder how accurate the data
from it is likely to be:

mpetach@mintyHP:~> telnet -6 6lab.cisco.com 80
Trying 2001:420:4420:101:0:c:15c0:4664...
Connected to 6lab.cisco.com.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 302 Found
Date: Thu, 21 Nov 2013 19:03:29 GMT
Server: Apache/2.2.16 (Debian)
Location: http://6lab-stats.com/index.php
Cache-Control: max-age=1
Expires: Thu, 21 Nov 2013 19:03:30 GMT
Vary: Accept-Encoding
Content-Length: 295
Connection: close
Content-Type: text/html; charset=iso-8859-1



302 Found

Found
The document has moved http://6lab-stats.com/index.php
">here.

Apache/2.2.16 (Debian) Server at 6lab-stats.com Port 80

Connection closed by foreign host.
mpetach@mintyHP:~> telnet -6 6lab-stats.com 80
Trying 2001:420:81:101:0:c:15c0:4664...
telnet: Unable to connect to remote host: Connection timed out
mpetach@mintyHP:~>
mpetach@mintyHP:~> ping6 6lab-stats.com
PING 6lab-stats.com(2001:420:81:101:0:c:15c0:4664) 56 data bytes
^C
--- 6lab-stats.com ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9071ms

mpetach@mintyHP:~>





> RGDS
> GARY
> ---
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
> g...@rellim.com  Tel:+1(541)382-8588
>


RE: Meraki

2013-11-21 Thread Meshier, Brent
Meraki does not handle high density environments well, will drop clients.  I 
also hate the idea of subscription based hardware, we should be moving away 
from the nickel and dime model.  We deployed Ruckus and couldn't be happier, 
running 50+ clients per AP.

Brent Meshier | Amherst Holdings, LLC | 5001 Plaza on the Lake, Suite 200, 
Austin, TX 78746 | T: 512-342-3010

--- Please refer to http://www.amherst.com/amherst-email-disclaimer/ for 
important disclosures regarding this electronic communication.




Re: Meraki

2013-11-21 Thread Joshua Goldbard
For what it's worth...

We did a conference, KazooCon, with Meraki Gear and Ubiquiti Access Points. I 
am not a wizard but I set the whole network up except the access points which 
failed to detect at first. I think it took about an hour to setup in total; 
really easy even with the stutter. The network gear was:

2x Meraki Firewall
2x Meraki 48 port switch
4x Ubiquiti APN

Comcast dropped two cable modems in for us, 200Mbps for 2 days of bliss. The 
conference network was ridiculous, but all parts held up well. The wifi was 
fast and the LAN for the SIP phones was perfect. It was kind of overkill, but 
can you ever really have too much bandwidth?

Cheers,
Joshua

Sent from my iPhone

On Nov 20, 2013, at 12:12 PM, "William Waites"  wrote:

> On Wed, 20 Nov 2013 14:08:53 -0500, Ray Soucy  said:
> 
>> I'm very interested in other user experiences with Ubiquity for
>> smaller deployments vs. traditional Cisco APs and WLC.
>> Especially for a collection of rural areas.  The price point and
>> software controller are very attractive.
> 
> I've never used the software controller but we use a lot of Ubiquiti
> kit in rural Scotland. We use it mostly in transparent bridge mode
> with more capable routers speaking ethernet - FreeBSD on Soekris boards
> and Mikrotik mostly. In general the RF part is great, but the software
> part is buggy. We have been extensively bitten by transparent bridge
> not being transparent enough and eating multicast packets which of
> course completely hoses OSPF. Using NBMA and being very careful about
> which firmware version mostly works. Don't try to make them do
> anything sophisticated.
> 
> -w
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>