Re: Saying goodnight to my GSR
Well, I think it was just blind fear talking. Properly configured, it is less a security issue than newer devices. Pretty impressive from Matthew to have the patience/skills to not simply reload that fridge over the years. On 09/20/14 16:25, Keith Medcalf wrote: And what, exactly, is it vulnerable to? -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Daniel Sterling Sent: Saturday, 20 September, 2014 12:06 To: Bacon Zombie Cc: nanog@nanog.org Subject: Re: Saying goodnight to my GSR Again, you're focusing resentment towards someone who did the right thing. Negative reinforcement will discourage others from taking action and will discourage them from encouraging others to take action. Let's focus on who still has vulnerable equipment and how to help them. Let's not shame people who did the right thing Thanks, Dan On Sat, Sep 20, 2014 at 1:59 PM, Bacon Zombie baconzom...@gmail.com wrote: OK thank you for decommissioning this.* * Only if you either had authority to do so for max 1 year or had no authority but were fighting to have it patches or replaced for years. On Sep 20, 2014 7:54 PM, Daniel Sterling sterling.dan...@gmail.com wrote: On Sat, Sep 20, 2014 at 1:37 PM, Bacon Zombie baconzom...@gmail.com wrote: So when was the last time you patched this internet facing device? Isn't the better response, thank you for decommissioning it? Can someone from cisco set up a poll or release whatever numbers they have about how many of these old devices are still in service? Thanks, Dan
RE: Saying goodnight to my GSR
Got you beat by nine weeks with a Foundry 9604. :-) #sh ver SW: Version 03.3.01aTc1 Copyright (c) 1996-2004 Foundry Networks, Inc. Compiled on Feb 01 2005 at 11:21:12 labeled as FES03301a (2057881 bytes) from Primary foundry-FES/FES03301a.bin Boot Monitor: Version 03.2.00Tc4 HW: Stackable FES9604 == Serial #: 330 MHz Power PC processor 8245 (version 129/1014) 66 MHz bus 512 KB boot flash memory 16384 KB code flash memory 128 MB DRAM The system uptime is 3411 days 7 hours 52 minutes 20 seconds The system started at 01:38:44 Eastern Sat May 21 2005 The system : started=warm start reloaded=by reload Poor thing just handles traffic for managed power strips and we haven't had the heart to replace it lol. David -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
RE: Saying goodnight to my GSR
On Mon, 22 Sep 2014, David Hubbard wrote: Got you beat by nine weeks with a Foundry 9604. :-) I might have a Cat5505 or two on our out-of-band management network with uptimes that approach this. jms #sh ver SW: Version 03.3.01aTc1 Copyright (c) 1996-2004 Foundry Networks, Inc. Compiled on Feb 01 2005 at 11:21:12 labeled as FES03301a (2057881 bytes) from Primary foundry-FES/FES03301a.bin Boot Monitor: Version 03.2.00Tc4 HW: Stackable FES9604 == Serial #: 330 MHz Power PC processor 8245 (version 129/1014) 66 MHz bus 512 KB boot flash memory 16384 KB code flash memory 128 MB DRAM The system uptime is 3411 days 7 hours 52 minutes 20 seconds The system started at 01:38:44 Eastern Sat May 21 2005 The system : started=warm start reloaded=by reload Poor thing just handles traffic for managed power strips and we haven't had the heart to replace it lol. David -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
RE: IP Geolocation Issue
Thanks to everyone for the advise and the information. Already got in touch with someone of Maxmind. Damian. IAR. -Original Message- From: Rob Seastrom [mailto:r...@seastrom.com] Sent: domingo, 21 de septiembre de 2014 10:22 a.m. To: Alex Wacker Cc: Jose Damian Cantu Davila; nanog@nanog.org Subject: Re: IP Geolocation Issue Good luck with that. My past experience with them (while not as bad as dealing with certain fast-n-loose RBLs) has been less than encouraging. -r Alex Wacker a...@alexwacker.com writes: You can submit corrections to maxmind here: https://www.maxmind.com/en/correction On Wed, Sep 17, 2014 at 6:17 PM, Jose Damian Cantu Davila jca...@nic.mx wrote: Hi, Im new here, so any advice would be very appreciated. Is someone from Maxmind IP Geolocation available, that I can talk to offline? Its regarding to a block we assigned to a client. The client and its customers are located in Mexico but the IP Geolocation services says they are located in Brazil. Thanks for your help. [damian cantu] -- Este mensaje contiene informacion confidencial y se entiende dirigido y para uso exclusivo del destinatario. Si recibes este mensaje y no eres el destinatario por favor eliminalo, ya que difundir, revelar, copiar o tomar cualquier accion basada en el contenido esta estrictamente prohibido. Network Information Center Mexico, S.C., ubicado en Ave. Eugenio Garza Sada 427 L4-6 Col. Altavista, Monterrey, Mexico, C.P. 64840 recaba tus datos personales necesarios para: la prestacion, estudio, analisis y mejora del servicio, la realizacion de comunicaciones y notificaciones; la transferencia y publicacion en los casos aplicables; el cumplimiento de la relacion existente; asi como para la prevencion o denuncia en la comision de ilicitos. Si eres colaborador o candidato a colaborador de NIC Mexico, tus datos seran utilizados para: la creacion y administracion de tu perfil como profesionista; el otorgamiento de herramientas de trabajo; la realizacion de estudios; el otorgamiento de programas y beneficios para mejorar tu desarrollo profesional; la gestion y administracion de servicios de pago y/o nomina; asi como para contacto y/o notificaciones. Si participas en promociones o en estudios podras dejar de participar. Para mayor informacion revisa el Aviso de Privacidad [http://www.nicmexico.mx/static/docs/Aviso_de_Privacidad.pdf] This message contains confidential information and is intended only for the individual named. If you are not the named addressee please delete it, since the dissemination, distribuition, copy or taking any action in reliance on the contents is strictly prohibited. Network Information Center Mexico, S.C., located on Av. Eugenio Garza Sada 427 Col. Altavista L4-6, Monterrey, Mexico, CP 64840 collects your personal data which is necessary to: provide, research, analyze and improve the service; send communications and notices; transfer and publish your personal data when applicable; fulfill the existing relationship; prevent or inform in the commission of unlawful acts or events. If the data is processed in your quality of candidate or collaborator of NIC Mexico, the purpose of treatment is to: create and manage your profile as a professional; provide you with working tools; conduct studies; grant benefits and programs to enhance your professional development; manage and administrate payment services and/or payroll; as well as to contact you. If you participate in promotions or surveys you may stop or quit your participation at any time. For more information read the Privacy Note [http://www.nicmexico.mx/static/docs/Aviso_de_Privacidad.pdf]
RE: Saying goodnight to my GSR
The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com
RE: Saying goodnight to my GSR
They make great fish tanks in their second lives, although uptime stats are more general recollection for me now. http://postimg.org/image/xdyp4o6p7/ -Original Message- From: NANOG [mailto:nanog-bounces+jdevane=switchnap@nanog.org] On Behalf Of Drew Weaver Sent: Monday, September 22, 2014 10:58 AM To: 'Matthew Crocker' Cc: 'nanog@nanog.org' Subject: RE: Saying goodnight to my GSR The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com CONFIDENTIAL INFORMATION This email message, its chain, and any attachments: (a) may include proprietary information, trade secrets, confidential information and/or other protected information (Confidential Information) which are hereby labeled as Confidential for protection purposes, (b) is sent to you in confidence with a reasonable expectation of privacy, (c) may be protected by confidentiality agreements requiring this notice and/or identification, and (d) is not intended for transmission to, or receipt by unauthorized persons. If you are not the intended recipient, please notify the sender immediately by telephone or by replying to this message. Please then delete this message, any attachments, chains, copies or portions from your system(s). Thank you.
Twitter appears inop
I'm getting various 403 messages on tweets about looks automated, from Tweetcaster and the Web UI, both over Sprint LTE from Tampa; anyone else seeing this? Retrieval seems ok; the web UI loads fine too. Appears internal. I would notify them, but Twitter is down. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
RE: Saying goodnight to my GSR
On Mon, 22 Sep 2014, Jim Devane wrote: They make great fish tanks in their second lives, although uptime stats are more general recollection for me now. http://postimg.org/image/xdyp4o6p7/ Reminds me of a kegerator I saw many moons ago, made out of a hollowed-out Wellfleet BCN ;) jms -Original Message- From: NANOG [mailto:nanog-bounces+jdevane=switchnap@nanog.org] On Behalf Of Drew Weaver Sent: Monday, September 22, 2014 10:58 AM To: 'Matthew Crocker' Cc: 'nanog@nanog.org' Subject: RE: Saying goodnight to my GSR The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com CONFIDENTIAL INFORMATION This email message, its chain, and any attachments: (a) may include proprietary information, trade secrets, confidential information and/or other protected information (Confidential Information) which are hereby labeled as Confidential for protection purposes, (b) is sent to you in confidence with a reasonable expectation of privacy, (c) may be protected by confidentiality agreements requiring this notice and/or identification, and (d) is not intended for transmission to, or receipt by unauthorized persons. If you are not the intended recipient, please notify the sender immediately by telephone or by replying to this message. Please then delete this message, any attachments, chains, copies or portions from your system(s). Thank you.
Re: Saying goodnight to my GSR
Ha! I'd say that's an upgrade for the BCN! ;-) I still have nightmares about Site Mangler, and conflicting versions between it and the BCN/BLNs. Ken On Mon, Sep 22, 2014 at 10:07 AM, Justin M. Streiner strei...@cluebyfour.org wrote: On Mon, 22 Sep 2014, Jim Devane wrote: They make great fish tanks in their second lives, although uptime stats are more general recollection for me now. http://postimg.org/image/xdyp4o6p7/ Reminds me of a kegerator I saw many moons ago, made out of a hollowed-out Wellfleet BCN ;) jms -Original Message- From: NANOG [mailto:nanog-bounces+jdevane=switchnap@nanog.org] On Behalf Of Drew Weaver Sent: Monday, September 22, 2014 10:58 AM To: 'Matthew Crocker' Cc: 'nanog@nanog.org' Subject: RE: Saying goodnight to my GSR The best thing about having GSRs around is trading them in for ASR 9900s. The freight is a ding, though. -Drew -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Crocker Sent: Saturday, September 20, 2014 10:19 AM To: NANOG Subject: Saying goodnight to my GSR Has been running for a while, time to shut 'er down. She (is a router a she?) used to handle all of my BGP GigE links but over the years has been demoted to OSPF and T1 aggregation. If anyone needs a boat anchor let me know. gsr8-1#show version Cisco Internetwork Operating System Software IOS (tm) GS Software (GSR-P-M), Version 12.0(30)S3, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Thu 30-Jun-05 18:29 by pwade Image text-base: 0x50010E80, data-base: 0x536E8000 ROM: System Bootstrap, Version 11.2(20030108:132517) [jkuzma-112 2.2] RELEASE SOFTWARE gsr8-1 uptime is 9 years, 9 weeks, 2 days, 8 hours, 39 minutes Uptime for this control processor is 9 years, 2 weeks, 2 days, 18 minutes System returned to ROM by Stateful Switchover at 13:46:36 UTC Tue Sep 6 2005 System image file is slot0:gsr-p-mz.120-30.S3.bin cisco 12008/GRP (R5000) processor (revision 0x05) with 524288K bytes of memory. R5000 CPU at 200Mhz, Implementation 35, Rev 2.1, 512KB L2 Cache Last reset from power-on 2 Route Processor Cards 2 Clock Scheduler Cards 3 Switch Fabric Cards 2 Single Port Gigabit Ethernet/IEEE 802.3z controllers (2 GigabitEthernet). 1 Three Port Gigabit Ethernet/IEEE 802.3z controller (3 GigabitEthernet). 1 Ethernet/IEEE 802.3 interface(s) 5 GigabitEthernet/IEEE 802.3 interface(s) 507K bytes of non-volatile configuration memory. 20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K). 8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x2102 -- Matthew S. Crocker President Crocker Communications, Inc. PO BOX 710 Greenfield, MA 01302-0710 E: matt...@crocker.com P: (413) 746-2760 F: (413) 746-3704 W: http://www.crocker.com CONFIDENTIAL INFORMATION This email message, its chain, and any attachments: (a) may include proprietary information, trade secrets, confidential information and/or other protected information (Confidential Information) which are hereby labeled as Confidential for protection purposes, (b) is sent to you in confidence with a reasonable expectation of privacy, (c) may be protected by confidentiality agreements requiring this notice and/or identification, and (d) is not intended for transmission to, or receipt by unauthorized persons. If you are not the intended recipient, please notify the sender immediately by telephone or by replying to this message. Please then delete this message, any attachments, chains, copies or portions from your system(s). Thank you.
Re: Saying goodnight to my GSR
On 9/22/2014 06:38, Alain Hebert wrote: Properly configured, it is less a security issue than newer devices. Pretty impressive from Matthew to have the patience/skills to not simply reload that fridge over the years. Whew! I was afraid I was the one who thought so anymore. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
Re: Saying goodnight to my GSR
On 9/22/2014 08:35, David Hubbard wrote: Got you beat by nine weeks with a Foundry 9604. :-) The system uptime is 3411 days 7 hours 52 minutes 20 seconds The system started at 01:38:44 Eastern Sat May 21 2005 That's the kind of waving I like to see. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes
IPV6 Multicast Listener storm control?
(originally posted to wispa ipv6 list, and someone there mentioned that folks here might have some suggestions, so apologize if you are a member of both.) I am seeing issues with IPV6 multicast storms in my network that are fairly low volume (1-2mbit), but that are causing service disruptions due to CPU load on the switches and that the network is a Point to MultiPoint wireless network. I have about 500 IPV4 clients on a vlan served by Cisco ME3400, Catalyst 3750 and 3560 switches. These are switched back to a routed interface and IP addresses are assigned by DHCP. We are not using IPV6 at all, and I don't have control of the clients. What I'm seeing is IPV6 Multicast Listener requests from a single client (different clients at different times) going out on the network, the switches manage them in software, so CPU goes up (not a lot, but it seems to impact performance quite a bit), but the larger problem is that all other IPV6 clients respond to the multicast broadcast address generating a 1-2mbit storm of traffic to all ports all the time. This then transits the bandwidth constrained wireless network in a steady state, causing high collisions which causes _significant_ performance degradation in the wireless network. It would appear that this is _generally_ caused by Dell or HP workstations with buggy network interface cards in hibernate mode. http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/ http://packetpushers.net/good-nics-bad-things-blast-ipv6-multicast-listener-discovery-queries/ Now it looks like from my reading that CISCO MLD snooping would _help_ with this, though it would not stop the offender from generating the multicast requests, it might keep if from reaching _all_ ports, but it would still affect any ports that had _subscribed_ IPV6 clients, and it would require changing the SDM template and a reload on all the switches. So not a real answer and very painful. Right now, I'm just tracking the source down and shutting it off. Do not really want to get into an argument about switched vs routed, and am working on reducing the size of the broadcast domain now, but this is a new issue, and I need to come up with some kind of plan to resolve with my current equipment/network. Any thoughts?? Ideas? I suspect this will become more of an issue for more folks in the near future. /thanks -- Richard Holbo Southern Oregon Network Support Services richard.ho...@sonss.net - 541.890.8067 http://www.sonss.net
Re: IPV6 Multicast Listener storm control?
On Mon, 22 Sep 2014, Richard Holbo wrote: Now it looks like from my reading that CISCO MLD snooping would _help_ with this, though it would not stop the offender from generating the multicast requests, it might keep if from reaching _all_ ports, but it would still If the packets are sent to ff02::1, then this will be sent to all ports even with MLD snooping turned on. http://www.ietf.org/rfc/rfc4541.txt In IPv6, the data forwarding rules are more straight forward because MLD is mandated for addresses with scope 2 (link-scope) or greater. The only exception is the address FF02::1 which is the all hosts link-scope address for which MLD messages are never sent. Packets with the all hosts link-scope address should be forwarded on all ports. So I doubt turning on MLD snooping will help. Your switches, can't you do some kind of protocol based filtering, and only allow two ethertypes, ARP and IPv4? -- Mikael Abrahamssonemail: swm...@swm.pp.se
RE: IPV6 Multicast Listener storm control?
We have seen the same issue with Lenovo devices. They all seem to have a variety of Intel chipsets. We have not found a good solution other than updating drivers and/or shutting down ipv6 which we really don’t want to do but it is easier to automate that than to automate the driver update. I will be interested in seeing what anyone else has come up with to kill these off. In our case, the biggest issue is wireless clients that show this behavior because they really bury the access points CPU. The switched network seems to absorb the load better. Steven Naslund Chicago IL (originally posted to wispa ipv6 list, and someone there mentioned that folks here might have some suggestions, so apologize if you are a member of both.) I am seeing issues with IPV6 multicast storms in my network that are fairly low volume (1-2mbit), but that are causing service disruptions due to CPU load on the switches and that the network is a Point to MultiPoint wireless network. I have about 500 IPV4 clients on a vlan served by Cisco ME3400, Catalyst 3750 and 3560 switches. These are switched back to a routed interface and IP addresses are assigned by DHCP. We are not using IPV6 at all, and I don't have control of the clients. What I'm seeing is IPV6 Multicast Listener requests from a single client (different clients at different times) going out on the network, the switches manage them in software, so CPU goes up (not a lot, but it seems to impact performance quite a bit), but the larger problem is that all other IPV6 clients respond to the multicast broadcast address generating a 1-2mbit storm of traffic to all ports all the time. This then transits the bandwidth constrained wireless network in a steady state, causing high collisions which causes _significant_ performance degradation in the wireless network.
