Re: EQUIPMENT NEEDED: PRI/SIP Gateway (Adtran)
Didja plug it into 208V? We had a customer that blew up two before realizing that those (inexplicably) are 120V-only, unlike anything else modern on the planet. On 5/27/17 1:49 AM, James Laszko wrote: Hi everyone- Had a new Adtran TA908e going into service tonight for a customer move and something went wrong and it physically blew up on us. Customer going live Tuesday morning, located in San Diego. Anyone have a compatible unit we can rent or buy until we get a replacement? Only really need 1 PRI with 23 SIP trunk capability. I appreciate any help that may be available and Happy Memorial Day! Thanks, James Laszko Mythos Technology Inc jam...@mythostech.com Sent from my iPhone
RE: Cisco NCS5501 as a P Router
Hi Radu-Adrian, have you done any MPLS PE functions on the NCS5001 ? ...like MPLS/VPLS L2VPN, or L3VPN ? I'm asking because I tried a NCS5001 in my lab about a year or 2 ago and it was pretty bad. At which point I was told to only try it as a P box from a Cisco engineerat which point it dropped from my consideration since I needed to replace lots of Cisco ME3600's with mpls edge functions, and I ended up settling on the Juniper ACX5048. I'm wondering if Cisco improved that NCS5001 in more recent versions of XR to included functional MPLS L2 and L3 vpn's. -Aaron
Re: What happened to BGP Update Report?
Seems good. Thanks for sharing! On Sat, May 27, 2017 at 12:21 AM, Andrew Lathamwrote: > Just bookmark http://bgpupdates.potaroo.net/instability/bgpupd.html if you > like the report. > > On Fri, May 26, 2017 at 1:40 PM, Anurag Bhatia > wrote: > > > Hello, everyone. > > > > > > I wonder if anyone is aware of what happened to BGP Update Report which > was > > being published to most of NOG mailing lists? > > > > I see the last one is from 7th Dec 2016. BGP Update Report was the one > > which provided unstable origin ASNs etc. I still do see the weekly > routing > > table report with other data. > > > > > > > > > > Thanks. > > -- > > > > > > Anurag Bhatia > > anuragbhatia.com > > > > > > -- > - Andrew "lathama" Latham - > -- Anurag Bhatia anuragbhatia.com
SV: Cisco NCS5501 as a P Router
Hello. We are running 5001 also and we have the same issue with it programming the wrong entry into the hardware. Interesting to hear that the issue is still in 6.1.2 since we were thinking about upgrading to that one to see if it fixes the issue but I think we will give it a pass. Seems the BU cant find why its happening only that it indeed is happening. They don’t seem to be able to duplicate it in the lab either last we heard. /Gustav -Ursprungligt meddelande- Från: NANOG [mailto:nanog-boun...@nanog.org] För Radu-Adrian Feurdean Skickat: den 27 maj 2017 11:31 Till: nanog@nanog.org Ämne: Re: Cisco NCS5501 as a P Router On Thu, May 18, 2017, at 15:21, Erik Sundberg wrote: > We're at the growing point where we need a dedicated P router for a > core device. We are taking a serious look at the NCS5501. Is there > anyone else using a NCS5501 as P Router or just general feedback on > the NCS5501 if you are using it? Hi, While we're not using the NCS5501, we do use the "previous version", NCS5001. We're not yet at a point to care about the minuscule buffers. Set-up : initially P-router in a very small BGP-free core (ISIS + LDP), then added route-reflector functionality too. As a P-router they usually behave correctly, except for the some cases where they start routing incorrectly (according to Cisco, the wrong label is programmed into hardware). That should have been fixed with 6.1.2, which we have deployed, until we recently had the same issue on 6.1.2, on the exact same box. We expect having some fun with the TAC about that. > The big downside is it's only has a single processor Yes, but: - it's powerful enough (we ended-up using them as RR too, and ~1.2M routes in RIB pose no problem) - ours being about half the price of a 5501, we have 2 of them on every site. If you can afford the same (2 / site) do it; If you don't - review the copy so that you can (Brocade SLX 9540 looks like a good alternative).
Re: BCP38/84 and DDoS ACLs
Your bogon list has a few non-bogons, and is missing a few current bogon. Team Cymru keep a good resource for this: http://www.team-cymru. org/bogon-dotted-decimal.html Regards, Dave On 26 May 2017 5:01 pm, "Compton, Rich A"wrote: > To block UDP port 19 you can add something like: > deny udp any eq 19 any > deny udp any any eq 19 > > This will prevent the DDoS attack traffic entering your network (source > port 19) as well as the hosts scanning around looking for hosts on your > network that can be used in amplification attacks (destination port 19). > Please note that this will not block the UDP fragments that come with > these attacks which have no L4 port to block. You can possibly do > policing on UDP fragments to address this. > > I¹d also suggest adding: > deny udp any eq 17 any > deny udp any any eq 17 > > deny udp any eq 123 any packet-length eq 468 > > deny udp any eq 520 any > deny udp any any eq 520 > > deny udp any eq 1900 any > deny udp any any eq 1900 > > Some people will complain that you shouldn¹t block UDP port 1900 because > it¹s above 1023 but believe me it¹s worth it. > > > > also to block invalid source IPs to prevent some spoofed traffic from > coming into your network: > > deny ipv4 0.0.0.0 0.255.255.255 any > deny ipv4 10.0.0.0 0.255.255.255 any > deny ipv4 11.0.0.0 0.255.255.255 any > deny ipv4 22.0.0.0 0.255.255.255 any > deny ipv4 30.0.0.0 0.255.255.255 any > deny ipv4 100.64.0.0 0.63.255.255 any > deny ipv4 127.0.0.0 0.255.255.255 any > deny ipv4 169.254.0.0 0.0.255.255 any > deny ipv4 172.16.0.0 0.15.255.255 any > deny ipv4 192.0.0.0 0.0.0.255 any > deny ipv4 192.0.2.0 0.0.0.255 any > deny ipv4 192.168.0.0 0.0.255.255 any > deny ipv4 198.18.0.0 0.1.255.255 any > deny ipv4 198.51.0.0 0.0.0.255 any > deny ipv4 203.0.113.0 0.0.0.255 any > deny ipv4 224.0.0.0 31.255.255.255 any > > > For BCP38 and 84 you would want to enable uRPF > https://en.wikipedia.org/wiki/Reverse_path_forwarding > https://tools.ietf.org/html/rfc3704 > > > > Rich Compton | Principal Eng | 314.596.2828 > 14810 Grasslands Dr,Englewood, CO80112 > > > > > > > On 5/26/17, 11:39 AM, "NANOG on behalf of Graham Johnston" > wrote: > > >I really did try looking before I sent the email but couldn't quickly > >find what I was looking for. > > > >I am looking for information regarding standard ACLs that operators may > >be using at the internet edge of their network, on peering and transit > >connections, wherein you are filtering ingress packets such as those > >sourced from UDP port 19 for instance. I've found incomplete conceptual > >discussions about it nothing that seemed concrete or complete. > > > >This doesn't seem quite like it is BCP38 and more like this is BCP84, but > >it only talks about use of ACLs in section 2.1 without providing any > >examples. Given that it is also 13 years old I thought there might be > >fresher information out there. > > > >Thanks, > >graham > > E-MAIL CONFIDENTIALITY NOTICE: > The contents of this e-mail message and any attachments are intended > solely for the addressee(s) and may contain confidential and/or legally > privileged information. If you are not the intended recipient of this > message or if this message has been addressed to you in error, please > immediately alert the sender by reply e-mail and then delete this message > and any attachments. If you are not the intended recipient, you are > notified that any use, dissemination, distribution, copying, or storage of > this message or any attachment is strictly prohibited. > >
Re: Cisco NCS5501 as a P Router
On Thu, May 18, 2017, at 15:21, Erik Sundberg wrote: > We're at the growing point where we need a dedicated P router for a core > device. We are taking a serious look at the NCS5501. Is there anyone else > using a NCS5501 as P Router or just general feedback on the NCS5501 if > you are using it? Hi, While we're not using the NCS5501, we do use the "previous version", NCS5001. We're not yet at a point to care about the minuscule buffers. Set-up : initially P-router in a very small BGP-free core (ISIS + LDP), then added route-reflector functionality too. As a P-router they usually behave correctly, except for the some cases where they start routing incorrectly (according to Cisco, the wrong label is programmed into hardware). That should have been fixed with 6.1.2, which we have deployed, until we recently had the same issue on 6.1.2, on the exact same box. We expect having some fun with the TAC about that. > The big downside is it's only has a single processor Yes, but: - it's powerful enough (we ended-up using them as RR too, and ~1.2M routes in RIB pose no problem) - ours being about half the price of a 5501, we have 2 of them on every site. If you can afford the same (2 / site) do it; If you don't - review the copy so that you can (Brocade SLX 9540 looks like a good alternative).
EQUIPMENT NEEDED: PRI/SIP Gateway (Adtran)
Hi everyone- Had a new Adtran TA908e going into service tonight for a customer move and something went wrong and it physically blew up on us. Customer going live Tuesday morning, located in San Diego. Anyone have a compatible unit we can rent or buy until we get a replacement? Only really need 1 PRI with 23 SIP trunk capability. I appreciate any help that may be available and Happy Memorial Day! Thanks, James Laszko Mythos Technology Inc jam...@mythostech.com Sent from my iPhone