Re: route converge time
Would be helpful if you let us know what platform you're running on. Assuming a Cisco, make sure next-hop-tracking not disabled (enabled by default on modern IOS), then at "BGP Prefix Independent Convergence", so your BGP process isn't walking the entire RIB to see which next-hops it needs to change. Greg Foletta g...@foletta.org +61 408 199 630 On 23 November 2015 at 05:12, Colton Conorwrote: > What types of routers are you currently using? > > On Sat, Nov 21, 2015 at 7:44 AM, Baldur Norddahl < > baldur.nordd...@gmail.com> > wrote: > > > Hi > > > > I got a network with two routers and two IP transit providers, each with > > the full BGP table. Router A is connected to provider A and router B to > > provider B. We use MPLS with a L3VPN with a VRF called "internet". > > Everything happens inside that VRF. > > > > Now if I interrupt one of the IP transit circuits, the routers will take > > several minutes to remove the now bad routes and move everything to the > > remaining transit provider. This is very noticeable to the customers. I > am > > looking into ways to improve that. > > > > I added a default static route 0.0.0.0 to provider A on router A and did > > the same to provider B on router B. This is supposed to be a trick that > > allows the network to move packets before everything is fully converged. > > Traffic might not leave the most optimal link, but it will be delivered. > > > > Say I take down the provider A link on router A. As I understand it, the > > hardware will notice this right away and stop using the routes to > provider > > A. Router A might know about the default route on router B and send the > > traffic to router B. However this is not much help, because on router B > > there is no link that is down, so the hardware is unaware until the BGP > > process is done updating the hardware tables. Which apparently can take > > several minutes. > > > > My routers also have multipath support, but I am unsure if that is going > to > > be of any help. > > > > Anyone got any tricks or pointers to what can be done to optimize the > > downtime in case of a IP transit link failure? Or the related case of one > > my routers going down or the link between them going down (the traffic > > would go a non-direct way instead if the direct link is down). > > > > Thanks, > > > > Baldur > > >
Re: DHCPv6 PD & Routing Questions
On Sat, 21 Nov 2015, Jim Burwell wrote: The gist I get is that no real SOP/BCP has emerged yet for doing this, and everyone is home-brewing their own methods. Quite a few years back I did the following experiment: I had a Cisco 7200 router running some kind of not-too-old-code, which had a /48 routed to it. I then created a DHCPv6 PD pool of /56:es. I had 2 D-Link home gateways (DIR-655 I think) with some beta code I received from D-Link. I then hooked them up like this: C7200-DIR1-DIR2-Computer The C7200 would delegate a /56 to DIR1, who would then subdelegate a /64 out of that one to DIR2 who would assign that to its LAN interface so Computer could use SLAAC itself an address out of it. This worked fine. I also tested C7200-WIN7PC-Computer (WIN7PC running Windows7) and turned on ICS (Internet connection sharing), and WIN7PC would get a /56, allocate a /64 to its "LAN" interface, and Computer worked just fine. I never tried hooking up another router behind it. I am not 100% sure it was running Windows7, it might even have been running Windows Vista. So I'd say there is equipment out there that works, as expected, but as seen in this thread, plenty of equipment that doesn't. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Binge On! - And So This is Net Neutrality?
So, which porn sites are zero rated? Uh, asking for a friend. (Would love to be a fly on the wall when those and other uncomfortable requests to join come in.) Jared
Re: Gmail spam filtering
That wasn't a problem prior to my departure, but apparently it is now. I've just added an SPF for the domain. -- j - Original Message - > From: "Filip Hruska"> To: nanog@nanog.org > Sent: Sunday, November 22, 2015 12:33:29 PM > Subject: Re: Gmail spam filtering > You might need to setup/change a SPF record for that domain. I always > had Google marking my email as spam when I tried to send emails with no > SPF record. > > On 11/22/2015 06:03 PM, Jay Ashworth wrote: >> Bout a month ago, I had someone crack a POP password on my private mail >> server, >> and got a couple days of spam out through it before I caught it on Sunday >> afternoon. >> >> I locked it down, and am this weekend replacing that mail server with one >> of current vintage, serving the same domain from a linode instance on a >> different IP and, obviously, transport network. >> >> I'm finding, though, that gmail is spam-filing the emails I send out, >> presumably because they're on the same domain name in the envelope. >> >> Anyone got a pointer to where I go to assure Google I'm on top of it now? >> >> The mail delivers to their inbound MX ok, it just ends up in the spam folder, >> even on my business GoogleApps account. Delivers to Yahoomail just fine. >> >> I checked the new IP in the MXtoolbox RBL checker, and no hits, but does >> gmail know what ranges are assigned to VPS providers, like with the cable >> swamp, and bias its spamchecking accordingly? >> >> Cheers, >> -- jra
Re: route converge time
What types of routers are you currently using? On Sat, Nov 21, 2015 at 7:44 AM, Baldur Norddahlwrote: > Hi > > I got a network with two routers and two IP transit providers, each with > the full BGP table. Router A is connected to provider A and router B to > provider B. We use MPLS with a L3VPN with a VRF called "internet". > Everything happens inside that VRF. > > Now if I interrupt one of the IP transit circuits, the routers will take > several minutes to remove the now bad routes and move everything to the > remaining transit provider. This is very noticeable to the customers. I am > looking into ways to improve that. > > I added a default static route 0.0.0.0 to provider A on router A and did > the same to provider B on router B. This is supposed to be a trick that > allows the network to move packets before everything is fully converged. > Traffic might not leave the most optimal link, but it will be delivered. > > Say I take down the provider A link on router A. As I understand it, the > hardware will notice this right away and stop using the routes to provider > A. Router A might know about the default route on router B and send the > traffic to router B. However this is not much help, because on router B > there is no link that is down, so the hardware is unaware until the BGP > process is done updating the hardware tables. Which apparently can take > several minutes. > > My routers also have multipath support, but I am unsure if that is going to > be of any help. > > Anyone got any tricks or pointers to what can be done to optimize the > downtime in case of a IP transit link failure? Or the related case of one > my routers going down or the link between them going down (the traffic > would go a non-direct way instead if the direct link is down). > > Thanks, > > Baldur >
Re: Gmail spam filtering
You can override the spam filter to inbox for specific domains/address's via googleapps gmail filter settings config Colin > On 22 Nov 2015, at 17:03, Jay Ashworthwrote: > > Bout a month ago, I had someone crack a POP password on my private mail > server, > and got a couple days of spam out through it before I caught it on Sunday > afternoon. > > I locked it down, and am this weekend replacing that mail server with one > of current vintage, serving the same domain from a linode instance on a > different IP and, obviously, transport network. > > I'm finding, though, that gmail is spam-filing the emails I send out, > presumably because they're on the same domain name in the envelope. > > Anyone got a pointer to where I go to assure Google I'm on top of it now? > > The mail delivers to their inbound MX ok, it just ends up in the spam folder, > even on my business GoogleApps account. Delivers to Yahoomail just fine. > > I checked the new IP in the MXtoolbox RBL checker, and no hits, but does > gmail know what ranges are assigned to VPS providers, like with the cable > swamp, and bias its spamchecking accordingly? > > Cheers, > -- jra > > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC 2100 > Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Gmail spam filtering
You might need to setup/change a SPF record for that domain. I always had Google marking my email as spam when I tried to send emails with no SPF record. On 11/22/2015 06:03 PM, Jay Ashworth wrote: Bout a month ago, I had someone crack a POP password on my private mail server, and got a couple days of spam out through it before I caught it on Sunday afternoon. I locked it down, and am this weekend replacing that mail server with one of current vintage, serving the same domain from a linode instance on a different IP and, obviously, transport network. I'm finding, though, that gmail is spam-filing the emails I send out, presumably because they're on the same domain name in the envelope. Anyone got a pointer to where I go to assure Google I'm on top of it now? The mail delivers to their inbound MX ok, it just ends up in the spam folder, even on my business GoogleApps account. Delivers to Yahoomail just fine. I checked the new IP in the MXtoolbox RBL checker, and no hits, but does gmail know what ranges are assigned to VPS providers, like with the cable swamp, and bias its spamchecking accordingly? Cheers, -- jra
Gmail spam filtering
Bout a month ago, I had someone crack a POP password on my private mail server, and got a couple days of spam out through it before I caught it on Sunday afternoon. I locked it down, and am this weekend replacing that mail server with one of current vintage, serving the same domain from a linode instance on a different IP and, obviously, transport network. I'm finding, though, that gmail is spam-filing the emails I send out, presumably because they're on the same domain name in the envelope. Anyone got a pointer to where I go to assure Google I'm on top of it now? The mail delivers to their inbound MX ok, it just ends up in the spam folder, even on my business GoogleApps account. Delivers to Yahoomail just fine. I checked the new IP in the MXtoolbox RBL checker, and no hits, but does gmail know what ranges are assigned to VPS providers, like with the cable swamp, and bias its spamchecking accordingly? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Gmail spam filtering
On 11/22/2015 12:36 PM, Jay R. Ashworth wrote: I've just added an SPF for the domain. While you are at it, consider adding DKIM too. You might as well publish DMARC records if you have SPF and DKIM. -- Grant. . . . unix || die
Re: Gmail spam filtering
On Sun, 22 Nov 2015, Grant Taylor via NANOG wrote: > On 11/22/2015 12:36 PM, Jay R. Ashworth wrote: > > I've just added an SPF for the domain. > > While you are at it, consider adding DKIM too. > > You might as well publish DMARC records if you have SPF and DKIM. I do only DKIM and no SPF for my domain names and it mostly works with Gmail. Marcin