Re: route converge time

[Greg Foletta]

Would be helpful if you let us know what platform you're running on.
Assuming a Cisco, make sure next-hop-tracking not disabled (enabled by
default on modern IOS), then at "BGP Prefix Independent Convergence", so
your BGP process isn't walking the entire RIB to see which next-hops it
needs to change.

Greg Foletta
g...@foletta.org
+61 408 199 630

On 23 November 2015 at 05:12, Colton Conor  wrote:

> What types of routers are you currently using?
>
> On Sat, Nov 21, 2015 at 7:44 AM, Baldur Norddahl <
> baldur.nordd...@gmail.com>
> wrote:
>
> > Hi
> >
> > I got a network with two routers and two IP transit providers, each with
> > the full BGP table. Router A is connected to provider A and router B to
> > provider B. We use MPLS with a L3VPN with a VRF called "internet".
> > Everything happens inside that VRF.
> >
> > Now if I interrupt one of the IP transit circuits, the routers will take
> > several minutes to remove the now bad routes and move everything to the
> > remaining transit provider. This is very noticeable to the customers. I
> am
> > looking into ways to improve that.
> >
> > I added a default static route 0.0.0.0 to provider A on router A and did
> > the same to provider B on router B. This is supposed to be a trick that
> > allows the network to move packets before everything is fully converged.
> > Traffic might not leave the most optimal link, but it will be delivered.
> >
> > Say I take down the provider A link on router A. As I understand it, the
> > hardware will notice this right away and stop using the routes to
> provider
> > A. Router A might know about the default route on router B and send the
> > traffic to router B. However this is not much help, because on router B
> > there is no link that is down, so the hardware is unaware until the BGP
> > process is done updating the hardware tables. Which apparently can take
> > several minutes.
> >
> > My routers also have multipath support, but I am unsure if that is going
> to
> > be of any help.
> >
> > Anyone got any tricks or pointers to what can be done to optimize the
> > downtime in case of a IP transit link failure? Or the related case of one
> > my routers going down or the link between them going down (the traffic
> > would go a non-direct way instead if the direct link is down).
> >
> > Thanks,
> >
> > Baldur
> >
>

Re: DHCPv6 PD & Routing Questions

[Mikael Abrahamsson]

On Sat, 21 Nov 2015, Jim Burwell wrote:


The gist I get is that no real SOP/BCP has emerged yet for doing this,
and everyone is home-brewing their own methods.


Quite a few years back I did the following experiment:

I had a Cisco 7200 router running some kind of not-too-old-code, which had 
a /48 routed to it. I then created a DHCPv6 PD pool of /56:es. I had 2 
D-Link home gateways (DIR-655 I think) with some beta code I received from 
D-Link. I then hooked them up like this:


C7200-DIR1-DIR2-Computer

The C7200 would delegate a /56 to DIR1, who would then subdelegate a /64 
out of that one to DIR2 who would assign that to its LAN interface so 
Computer could use SLAAC itself an address out of it. This worked fine.


I also tested C7200-WIN7PC-Computer (WIN7PC running Windows7) and turned 
on ICS (Internet connection sharing), and WIN7PC would get a /56, allocate 
a /64 to its "LAN" interface, and Computer worked just fine. I never tried 
hooking up another router behind it. I am not 100% sure it was running 
Windows7, it might even have been running Windows Vista.


So I'd say there is equipment out there that works, as expected, but as 
seen in this thread, plenty of equipment that doesn't.


--
Mikael Abrahamssonemail: swm...@swm.pp.se

Re: Binge On! - And So This is Net Neutrality?

[nanog-isp]

So, which porn sites are zero rated? Uh, asking for a friend. 

(Would love to be a fly on the wall when those and other uncomfortable requests 
to join come in.)

Jared

Re: Gmail spam filtering

[Jay R. Ashworth]

That wasn't a problem prior to my departure, but apparently it is now.

I've just added an SPF for the domain.
-- j

- Original Message -
> From: "Filip Hruska" 
> To: nanog@nanog.org
> Sent: Sunday, November 22, 2015 12:33:29 PM
> Subject: Re: Gmail spam filtering

> You might need to setup/change a SPF record for that domain. I always
> had Google marking my email as spam when I tried to send emails with no
> SPF record.
> 
> On 11/22/2015 06:03 PM, Jay Ashworth wrote:
>> Bout a month ago, I had someone crack a POP password on my private mail 
>> server,
>> and got a couple days of spam out through it before I caught it on Sunday
>> afternoon.
>>
>> I locked it down, and am this weekend replacing that mail server with one
>> of current vintage, serving the same domain from a linode instance on a
>> different IP and, obviously, transport network.
>>
>> I'm finding, though, that gmail is spam-filing the emails I send out,
>> presumably because they're on the same domain name in the envelope.
>>
>> Anyone got a pointer to where I go to assure Google I'm on top of it now?
>>
>> The mail delivers to their inbound MX ok, it just ends up in the spam folder,
>> even on my business GoogleApps account.  Delivers to Yahoomail just fine.
>>
>> I checked the new IP in the MXtoolbox RBL checker, and no hits, but does
>> gmail know what ranges are assigned to VPS providers, like with the cable
>> swamp, and bias its spamchecking accordingly?
>>
>> Cheers,
>> -- jra

Re: route converge time

[Colton Conor]

What types of routers are you currently using?

On Sat, Nov 21, 2015 at 7:44 AM, Baldur Norddahl 
wrote:

> Hi
>
> I got a network with two routers and two IP transit providers, each with
> the full BGP table. Router A is connected to provider A and router B to
> provider B. We use MPLS with a L3VPN with a VRF called "internet".
> Everything happens inside that VRF.
>
> Now if I interrupt one of the IP transit circuits, the routers will take
> several minutes to remove the now bad routes and move everything to the
> remaining transit provider. This is very noticeable to the customers. I am
> looking into ways to improve that.
>
> I added a default static route 0.0.0.0 to provider A on router A and did
> the same to provider B on router B. This is supposed to be a trick that
> allows the network to move packets before everything is fully converged.
> Traffic might not leave the most optimal link, but it will be delivered.
>
> Say I take down the provider A link on router A. As I understand it, the
> hardware will notice this right away and stop using the routes to provider
> A. Router A might know about the default route on router B and send the
> traffic to router B. However this is not much help, because on router B
> there is no link that is down, so the hardware is unaware until the BGP
> process is done updating the hardware tables. Which apparently can take
> several minutes.
>
> My routers also have multipath support, but I am unsure if that is going to
> be of any help.
>
> Anyone got any tricks or pointers to what can be done to optimize the
> downtime in case of a IP transit link failure? Or the related case of one
> my routers going down or the link between them going down (the traffic
> would go a non-direct way instead if the direct link is down).
>
> Thanks,
>
> Baldur
>

Re: Gmail spam filtering

[Colin Johnston]

You can override the spam filter to inbox for specific domains/address's via 
googleapps gmail filter settings config

Colin


> On 22 Nov 2015, at 17:03, Jay Ashworth  wrote:
> 
> Bout a month ago, I had someone crack a POP password on my private mail 
> server,
> and got a couple days of spam out through it before I caught it on Sunday 
> afternoon.
> 
> I locked it down, and am this weekend replacing that mail server with one
> of current vintage, serving the same domain from a linode instance on a
> different IP and, obviously, transport network.
> 
> I'm finding, though, that gmail is spam-filing the emails I send out,
> presumably because they're on the same domain name in the envelope.
> 
> Anyone got a pointer to where I go to assure Google I'm on top of it now?
> 
> The mail delivers to their inbound MX ok, it just ends up in the spam folder,
> even on my business GoogleApps account.  Delivers to Yahoomail just fine.
> 
> I checked the new IP in the MXtoolbox RBL checker, and no hits, but does
> gmail know what ranges are assigned to VPS providers, like with the cable
> swamp, and bias its spamchecking accordingly?
> 
> Cheers,
> -- jra
> 
> -- 
> Jay R. Ashworth  Baylink   
> j...@baylink.com
> Designer The Things I Think   RFC 2100
> Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: Gmail spam filtering

[Filip Hruska]

You might need to setup/change a SPF record for that domain. I always 
had Google marking my email as spam when I tried to send emails with no 
SPF record.


On 11/22/2015 06:03 PM, Jay Ashworth wrote:

Bout a month ago, I had someone crack a POP password on my private mail server,
and got a couple days of spam out through it before I caught it on Sunday
afternoon.

I locked it down, and am this weekend replacing that mail server with one
of current vintage, serving the same domain from a linode instance on a
different IP and, obviously, transport network.

I'm finding, though, that gmail is spam-filing the emails I send out,
presumably because they're on the same domain name in the envelope.

Anyone got a pointer to where I go to assure Google I'm on top of it now?

The mail delivers to their inbound MX ok, it just ends up in the spam folder,
even on my business GoogleApps account.  Delivers to Yahoomail just fine.

I checked the new IP in the MXtoolbox RBL checker, and no hits, but does
gmail know what ranges are assigned to VPS providers, like with the cable
swamp, and bias its spamchecking accordingly?

Cheers,
-- jra

Gmail spam filtering

[Jay Ashworth]

Bout a month ago, I had someone crack a POP password on my private mail server,
and got a couple days of spam out through it before I caught it on Sunday 
afternoon.

I locked it down, and am this weekend replacing that mail server with one
of current vintage, serving the same domain from a linode instance on a
different IP and, obviously, transport network.

I'm finding, though, that gmail is spam-filing the emails I send out,
presumably because they're on the same domain name in the envelope.

Anyone got a pointer to where I go to assure Google I'm on top of it now?

The mail delivers to their inbound MX ok, it just ends up in the spam folder,
even on my business GoogleApps account.  Delivers to Yahoomail just fine.

I checked the new IP in the MXtoolbox RBL checker, and no hits, but does
gmail know what ranges are assigned to VPS providers, like with the cable
swamp, and bias its spamchecking accordingly?

Cheers,
-- jra

-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

Re: Gmail spam filtering

[Grant Taylor via NANOG]

On 11/22/2015 12:36 PM, Jay R. Ashworth wrote:

I've just added an SPF for the domain.


While you are at it, consider adding DKIM too.

You might as well publish DMARC records if you have SPF and DKIM.



--
Grant. . . .
unix || die

Re: Gmail spam filtering

[Marcin Cieslak]

On Sun, 22 Nov 2015, Grant Taylor via NANOG wrote:

> On 11/22/2015 12:36 PM, Jay R. Ashworth wrote:
> > I've just added an SPF for the domain.
> 
> While you are at it, consider adding DKIM too.
> 
> You might as well publish DMARC records if you have SPF and DKIM.

I do only DKIM and no SPF for my domain names and it mostly works with Gmail.

Marcin