Re: Suggestions for a more privacy conscious email provider

2017-12-05 Thread Rich Kulawiec 
On Mon, Dec 04, 2017 at 07:38:18PM -0500, Eric Tykwinski wrote:
> Main point I think is mailops comes with a learning curve, and it happens...

"Current Peeve: The mindset that the Internet is some sort of
school for novice sysadmins and that everyone *not* doing stupid
dangerous things should act like patient teachers with the ones
who are."

--- Bill Cole

---rsk

Re: Akamai contact

2017-12-05 Thread Jared Mauch 
replied offlist.

ping me if you need something fyi.

- jared

On Mon, Dec 04, 2017 at 06:14:24PM -0600, J. Oquendo wrote:
> Can one of the Akamai (non salesy) guys ping me off list
> please. Security related.
> 
> -- 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
> 
> "Where ignorance is our master, there is no possibility of
> real peace" - Dalai Lama
> 
> 0A96 6318 EA49 4032 21C9  A7A8 81E9 3E95 414F 356E
> https://pgp.mit.edu/pks/lookup?op=get&search=0x81E93E95414F356E

-- 
Jared Mauch  | pgp key available via finger from ja...@puck.nether.net
clue++;  | http://puck.nether.net/~jared/  My statements are only mine.

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Jerry Jones 
MX150?


On Dec 4, 2017, at 4:13 PM, C. Jon Larsen  wrote:


On Mon, 4 Dec 2017, Naslund, Steve wrote:

FWIW ...

OpenBSD on a lanner appliance with openbgpd will chew 1G. Especially on the 
latest version - 6.2.

Debian on the same lanner running bird would also chew that as well.

>>> -Original Message-
>>> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of William Herrin
>>> Sent: Monday, December 04, 2017 3:43 PM
>>> To: Adam Lawson
>>> Cc: nanog
>>> Subject: Re: Small full BGP table capable router with low power consumption
> 
>>> On Mon, Dec 4, 2017 at 2:19 PM, Adam Lawson  wrote:
>>> The router needs to be squeezed in to a rack which doesn't have a lot
>>> of space nor power. As for space, maybe I can make space for 3U or 4U
>>> but as for power, I can only do around 1.5A@100V on average. (There is
>>> room for burst power usage.)
> 
>> A Cisco 2911 or 3945 does this though the 3945 is a little more power hungry.
> 
>> A current generation x86 server running Linux and Quagga does this.
> 
>> Regards,
>> Bill Herrin
> 
> 
>> --
>> William Herrin  her...@dirtside.com  b...@herrin.us Dirtside 
>> Systems . Web: 
>

Lanner Devices - NCA-5510

2017-12-05 Thread Raymond Burkholder 
Hello,

A number of people have been suggesting Lanner boxes for routing.  I have
used FW-7543A and FW-7573A boxes with Debian with no issues.

I am currently trying the NCA-5510 model with NCS2-IGM806B (XL710) and
NCS2-IXM407A (I350) cards with a standard Debian Stretch installation.

I was hoping that it would be as easy as installing the operating system,
turning ports up, and getting a working network.  It was like that with the
other models.  Not with this model.  There seems to be a bunch of different
BIOS combinations which give different (bad) results.  And for the
combinations I've tried, I can't seem to get the XL710 card to work
properly.  Maybe I should have gone with the 82599 card instead.  

In addition, the I210 based management port also isn't coming up properly,
always some sort 'interface reset' error.  Which, with some bios settings, I
get on the I350 cards as well.

If someone has a similar model and/or configuration, what sort of
BIOS/Kernel settings have you used to get something operationally stable?
Any particular Kernel versions work best?  I tried 4.9.51, and 4.14.3.

It seems to take about 48 hours to get turn arounds from Taiwan engineering,
which I am currently trying to escalate from a sales office, but was hoping,
in the meantime, someone else might have some experiences to share?

I can provide console / kernel messages to show what I am encountering for
those interested.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

RE: Suggestions for a more privacy conscious email provider

2017-12-05 Thread Edwin Pers 
>Last week we found out that Helpscout sends email from AWS servers.

Ouch. I'm in the same boat as you are - three of our biggest suppliers have all 
their public-facing stuff hosted on AWS, including their email smarthosts. 
None of them have static addresses.


>This is incorrect reasoning.  Because they're the biggest cloud provider
>in the world, they should send the least amount of junk: the larger
>an operation is, the easier abuse detection/prevention gets.

You'd think so, yes. Somehow Google and DO and most other hosting companies 
manage to do it. Feels like AWS truly doesn't care about it.

Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Stephen Satchell 

On 12/05/2017 02:59 AM, Rich Kulawiec wrote:

On Mon, Dec 04, 2017 at 07:38:18PM -0500, Eric Tykwinski wrote:

Main point I think is mailops comes with a learning curve, and it happens...


"Current Peeve: The mindset that the Internet is some sort of
school for novice sysadmins and that everyone *not* doing stupid
dangerous things should act like patient teachers with the ones
who are."

--- Bill Cole

---rsk



Indeed.  What Ajit Pai missed in his deliberations for the Dec 14 FCC 
vote is that the Internet as we know it was developed under the stern 
eyes of the Department of Defense and the National Science Foundation. 
The NSF in particular ran the 'Net like bouncers do in a strip club: 
you break the rules, you go.  No argument.


The original trust model for the Internet was based on this unrelenting 
oversight.  You didn't expect Bad Things(tm) because the consequences of 
doing them was so severe:  banishment and exile.  Also, the technical 
ability required to do Bad Things(tm) wasn't easily won.  Accessing the 
'Net was a PRIVILEGE, not a right.  Abuse at your own peril.


Organizations had experienced sysadmins because it was imperative to the 
survival of the connection to the 'Net.  One gained experience by being 
apprenticed to some experienced sysadmin.  Today:  not so much.


Indeed, I'm not aware of any certification that applies to system 
administrators.  Network administrators have certs that are 
well-recognized and accepted.  Mail admins?  Server admins?  The certs 
that are out there border on jokes or disguised sale pitches.  (Not 
unlike a certain operating system and software product vendor who put 
"free" copies into schools to build their marketing base.)


Ok, I'll shut up now.

Re: Suggestions for a more privacy conscious email provider

2017-12-05 Thread Stephen Satchell 

On 12/05/2017 06:38 AM, Edwin Pers wrote:

You'd think so, yes. Somehow Google and DO and most other hosting
companies manage to do it. Feels like AWS truly doesn't care about
it.
"Never attribute to malice that which is adequately explained by 
stupidity, ignorance, or negligence."  --based on Hanon's Razor


"...misunderstandings and neglect create more confusion in this world 
than trickery and malice. At any rate, the last two are certainly much 
less frequent." --  Goethe's _The Sorrows of Young Werther_ (1774)

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Harald Koch 
Thirty years ago I started my sysadmin journey on an Internet that was
filled with helpful, experienced people that were willing to share their
knowledge.

Twenty years ago I was one of three people running CA*net, the
cross-Canada research Internet with three connections to the NSFnet. I
don't remember this world of banishment and exile you're discussing; the
NSFnet staff I dealt with were all friendly and helpful.

I plan to continue to "pay it forward", by being friendly and helpful
to "novice sysadmins". The curmudgeons in this thread can, frankly, get off
my lawn.

-- 
Harald

Re: Novice sysadmins

2017-12-05 Thread Michael Thomas 

On 12/05/2017 08:17 AM, Harald Koch wrote:

Thirty years ago I started my sysadmin journey on an Internet that was
filled with helpful, experienced people that were willing to share their
knowledge.

Twenty years ago I was one of three people running CA*net, the
cross-Canada research Internet with three connections to the NSFnet. I
don't remember this world of banishment and exile you're discussing; the
NSFnet staff I dealt with were all friendly and helpful.

I plan to continue to "pay it forward", by being friendly and helpful
to "novice sysadmins". The curmudgeons in this thread can, frankly, get off
my lawn.

Exactly right. If there were some high priesthood for being able to put 
stuff on the net,  there would be no net

as we know it. This is a feature, not a bug.

Mike

Re: Suggestions for a more privacy conscious email provider

2017-12-05 Thread amuse 
I run my own mailserver...


​

On Mon, Dec 4, 2017 at 3:00 PM, Grant Taylor via NANOG 
wrote:

> On 12/04/2017 03:47 PM, Brad Knowles wrote:
>
>> The concept is sound, but attempting to use your $5 VPS as your outbound
>> mail relay is only going to end in pain and tears -- your VPS cannot have
>> or build a good enough reputation to get reliable delivery to the big mail
>> providers.  You need to use an outbound mail relay that already has a good
>> reputation, and that works hard to continue to maintain that reputation.
>>
>
> My experience shows otherwise.
>
> I've been using a VPS as my primary mail server for > 2 years and have
> only been black listed once.  Even that was a 12 hour automated listing
> because I sent one message to an address I had not used in 7 years, which
> had since been converted into a spam trap.
>
> I've also known others that use VPSs for this exact thing with
> considerable success.
>
> As for handling your inbound mail, use something like imapsync and then
>> effectively treat your IMAP provider as a POP3 provider instead, and
>> download/delete the messages from their system as soon as they have been
>> copied to your local system.
>>
>
> Why?  Having a different provider handle inbound will require them
> supporting your domain(s).  Why not handle inbound email directly?
>
> The bad guys could tap into the stream of mail that flows through that
>> system, but they wouldn't be able to get into your archive of old mail
>> without breaking into the box sitting in your house.
>>
>
> S/MIME / PGP  }:-)
>
>
>
>
> --
> Grant. . . .
> unix || die
>
>

Any from amazon cloud app.conceptboard.com

2017-12-05 Thread Shoaib Farhan 
Hi,

Anyone from Amazon Cloud in this list. Need help for app.conceptboard.com.
Our client complaining they are getting disconnected from this site.

Traceroute/mtr showing path is keep changing.

traceroute to app.conceptboard.com (52.17.144.46), 30 hops max, 60 byte
packets
 1  noc-ut-gw.telnet.net.bd (120.50.31.17)  0.513 ms  0.619 ms  0.677 ms
 2  116.212.104.25 (116.212.104.25)  0.842 ms  0.840 ms  0.943 ms
 3  DHANMONDI-RTR1-2-BANANI-RTR.TELNET.COM.BD (116.212.104.173)  1.157 ms
1.212 ms  1.274 ms
 4  43.224.113.185 (43.224.113.185)  0.974 ms  0.975 ms  0.977 ms
 5  43.228.208.17 (43.228.208.17)  1.353 ms  1.355 ms  1.327 ms
 6  43.228.208.1 (43.228.208.1)  2.229 ms  1.327 ms  4.002 ms
 7  125.17.155.45 (125.17.155.45)  40.688 ms  42.783 ms  40.885 ms
 8  182.79.245.18 (182.79.245.18)  170.338 ms 182.79.198.129
(182.79.198.129)  172.306 ms 203.101.100.170 (203.101.100.170)  172.314 ms
 9  ams1-br-tra-r2.amazon.com (80.249.210.217)  199.384 ms  199.389 ms
197.153 ms
10  54.239.114.48 (54.239.114.48)  220.252 ms 54.239.114.96
(54.239.114.96)  219.471 ms 54.239.114.36 (54.239.114.36)  226.921 ms
11  54.239.114.65 (54.239.114.65)  222.170 ms 54.239.114.79
(54.239.114.79)  218.172 ms 54.239.114.89 (54.239.114.89)  218.971 ms
12  54.239.41.117 (54.239.41.117)  216.664 ms 54.239.41.119
(54.239.41.119)  216.329 ms 54.239.43.16 (54.239.43.16)  216.342 ms
13  54.239.41.206 (54.239.41.206)  216.650 ms 54.239.44.142
(54.239.44.142)  216.647 ms  216.635 ms
14  * * 54.239.41.204 (54.239.41.204)  215.933 ms
15  52.93.6.148 (52.93.6.148)  237.179 ms 52.93.7.186 (52.93.7.186)
231.180 ms 52.93.6.160 (52.93.6.160)  218.251 ms
16  52.93.7.3 (52.93.7.3)  216.543 ms 52.93.7.31 (52.93.7.31)  212.299 ms
52.93.7.19 (52.93.7.19)  218.105 ms
17  52.93.36.34 (52.93.36.34)  216.943 ms 52.93.7.8 (52.93.7.8)  230.334 ms
52.93.7.10 (52.93.7.10)  235.409 ms
18  52.93.7.101 (52.93.7.101)  218.487 ms 52.93.7.97 (52.93.7.97)  218.505
ms 52.93.7.117 (52.93.7.117)  217.368 ms
19  * * 178.236.0.213 (178.236.0.213)  215.187 ms
20  * * *

MT:

  HOST: farhan.telnet.net.bdLoss%   Snt   Last   Avg  Best  Wrst
StDev
  1.|-- noc-ut-gw.telnet.net.bd0.0%   5000.5   0.5   0.2  54.8   2.5
  2.|-- 116.212.104.25 0.0%   5000.9   0.8   0.7   1.6   0.0
  3.|-- DHANMONDI-RTR1-2-BANANI-R  1.2%   5000.8   2.0   0.8 187.7  12.6
  4.|-- 43.224.113.185 0.0%   5001.1   3.8   0.9  84.4  10.9
  5.|-- 43.228.208.17  0.0%   5001.2   1.9   1.0  16.7   1.6
  6.|-- 43.228.208.1   0.0%   5004.5   2.3   1.0  95.5   5.7
  7.|-- 125.17.155.45  0.0%   500   41.2  42.5  39.9 109.5   6.6
  8.|-- 182.79.247.217 0.2%   500  173.8 170.4 169.3 216.0   3.6
  9.|-- ams1-br-tra-r2.amazon.com  2.8%   500  201.9 201.6 192.8 222.7   3.3
 10.|-- 54.239.114.84  2.2%   500  222.7 224.8 211.8 336.8   9.6
 11.|-- 54.239.114.91  1.8%   500  219.0 219.6 208.8 293.0   7.5
 12.|-- 54.239.41.119  1.2%   500  218.3 218.1 208.9 257.0   3.9
 13.|-- 54.239.44.140  2.2%   500  219.5 219.8 211.6 265.5   3.5
 14.|-- ???   100.0   5000.0   0.0   0.0   0.0   0.0
 15.|-- 52.93.6.1361.8%   500  222.2 234.4 212.1 382.2  14.0
 16.|-- 52.93.7.25 2.6%   500  212.9 218.8 208.9 248.9   4.2
 17.|-- 52.93.7.18 2.8%   500  235.3 230.9 214.0 266.2  12.2
 18.|-- 52.93.7.1151.6%   500  217.8 218.0 210.0 244.2   2.4
 19.|-- ???   100.0   5000.0   0.0   0.0   0.0   0.0

Any help would be appreciated.


-- 

Regards,

Md. Shoaib Farhan

Re: Suggestions for a more privacy conscious email provider

2017-12-05 Thread Robert Story 
On Mon 2017-12-04 16:00:11-0700 Grant wrote:
> I've been using a VPS as my primary mail server for > 2 years and
> have only been black listed once.  Even that was a 12 hour automated
> listing because I sent one message to an address I had not used in 7
> years, which had since been converted into a spam trap.
> 
> I've also known others that use VPSs for this exact thing with 
> considerable success.

I do the same thing, with pretty much the same experience. One initial
blacklist hiccup that was easily resolved.

I ran my mail server at home for a while, but after a few storm-related
outages I switched to a cheap VPS doing store-and-foward.

You can also shop around to get some storage (20-50GB) that you can use
for remote backups of critical files (encrypted, of course).

I find Low End Box  is a good resource for
finding VPS providers. You will have to pay attention if you want IPv6
support, as it's far from universal.


-- 
Robert Story 
USC Information Sciences Institute 


pgpknXoiRyZU_.pgp
Description: OpenPGP digital signature

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Leo Bicknell 
In a message written on Tue, Dec 05, 2017 at 06:49:43AM -0800, Stephen Satchell 
wrote:
> The NSF in particular ran the 'Net like bouncers do in a strip club: 
> you break the rules, you go.  No argument.

I'm not sure I've ever seen a more inaccurate description of the NSF.
What in the world are you talking about?

> The original trust model for the Internet was based on this unrelenting 
> oversight.  You didn't expect Bad Things(tm) because the consequences of 
> doing them was so severe:  banishment and exile.  Also, the technical 
> ability required to do Bad Things(tm) wasn't easily won.  Accessing the 
> 'Net was a PRIVILEGE, not a right.  Abuse at your own peril.

Oh wait, you took the BS to a new level.

There was no banishment and exile.  This was before we knew of buffer
overflows, spoofing, and so on.  I remember the weekly sendmail buffer
overrun bugs, the finger back bombs, the rlogin spoofing attacks.
Turns out bored college students were very good at creating mischeff.

There was no banishment.  There were plenty of bad things.

> Ok, I'll shut up now.

Good plan.

-- 
Leo Bicknell - bickn...@ufp.org
PGP keys at http://www.ufp.org/~bicknell/


signature.asc
Description: PGP signature

Re: Lanner Devices - NCA-5510

2017-12-05 Thread Andrew Latham 
Raymond

Reading that I see the possibility that you could have a bad unit.
Verifying with another unit would be great to confirm. Personally I would
use something like
https://www.supermicro.com/products/system/Mini-ITX/SYS-E300-9A.cfm where
the supply chain can get me parts faster for scale and repair. I just wish
these devices would come with some magical industry standard secured DC
power connector.

On Tue, Dec 5, 2017 at 8:20 AM, Raymond Burkholder 
wrote:

> Hello,
>
> A number of people have been suggesting Lanner boxes for routing.  I have
> used FW-7543A and FW-7573A boxes with Debian with no issues.
>
> I am currently trying the NCA-5510 model with NCS2-IGM806B (XL710) and
> NCS2-IXM407A (I350) cards with a standard Debian Stretch installation.
>
> I was hoping that it would be as easy as installing the operating system,
> turning ports up, and getting a working network.  It was like that with the
> other models.  Not with this model.  There seems to be a bunch of different
> BIOS combinations which give different (bad) results.  And for the
> combinations I've tried, I can't seem to get the XL710 card to work
> properly.  Maybe I should have gone with the 82599 card instead.
>
> In addition, the I210 based management port also isn't coming up properly,
> always some sort 'interface reset' error.  Which, with some bios settings,
> I
> get on the I350 cards as well.
>
> If someone has a similar model and/or configuration, what sort of
> BIOS/Kernel settings have you used to get something operationally stable?
> Any particular Kernel versions work best?  I tried 4.9.51, and 4.14.3.
>
> It seems to take about 48 hours to get turn arounds from Taiwan
> engineering,
> which I am currently trying to escalate from a sales office, but was
> hoping,
> in the meantime, someone else might have some experiences to share?
>
> I can provide console / kernel messages to show what I am encountering for
> those interested.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>


-- 
- Andrew "lathama" Latham -

Re: Suggestions for a more privacy conscious email provider

2017-12-05 Thread Eric Kuhnke 
In my experience with creating new mail servers that use IP addresses
belonging to dedicated hosting/colocation/VPS companies.

This is *after* all of the obvious setup things like having a real static
IP, A records, PTR records, SPF and DKIM set up proprely, are taken care of
so that a public facing smtpd can exchange mail with the world.

a) The closer the company is to the lower price end of the market, the more
likely the IP space is to be in a bunch of RBL or have "poor" reputation
from major mail destinations like gmail and office365. People buy $5/mo VPS
for testing stuff and accidentally run open relays, get a whole /24 black
listed, and so forth.

b) IP space that has been previously used by higher-end dedicated server
customers (people who are paying $400/mo for a beefy machine vs. a $35/mo
Intel Atom) is proportionally less likely to be in RBLs, is more likely to
have abuse contacts at the ISP who will work with RBL operators to get it
removed if necessary, and so forth.

c) The "best" IP space to run a mail server from is a block that has never
had any sort of dedicated server/colo/VPS customers in it whatsoever, and
has not had a bunch of random people running smtp daemons in it at some
point in the previous 10-15 yers.


On Mon, Dec 4, 2017 at 3:00 PM, Grant Taylor via NANOG 
wrote:

> On 12/04/2017 03:47 PM, Brad Knowles wrote:
>
>> The concept is sound, but attempting to use your $5 VPS as your outbound
>> mail relay is only going to end in pain and tears -- your VPS cannot have
>> or build a good enough reputation to get reliable delivery to the big mail
>> providers.  You need to use an outbound mail relay that already has a good
>> reputation, and that works hard to continue to maintain that reputation.
>>
>
> My experience shows otherwise.
>
> I've been using a VPS as my primary mail server for > 2 years and have
> only been black listed once.  Even that was a 12 hour automated listing
> because I sent one message to an address I had not used in 7 years, which
> had since been converted into a spam trap.
>
> I've also known others that use VPSs for this exact thing with
> considerable success.
>
> As for handling your inbound mail, use something like imapsync and then
>> effectively treat your IMAP provider as a POP3 provider instead, and
>> download/delete the messages from their system as soon as they have been
>> copied to your local system.
>>
>
> Why?  Having a different provider handle inbound will require them
> supporting your domain(s).  Why not handle inbound email directly?
>
> The bad guys could tap into the stream of mail that flows through that
>> system, but they wouldn't be able to get into your archive of old mail
>> without breaking into the box sitting in your house.
>>
>
> S/MIME / PGP  }:-)
>
>
>
>
> --
> Grant. . . .
> unix || die
>
>

Re: Novice sysadmins

2017-12-05 Thread Grant Taylor via NANOG 

On 12/05/2017 09:17 AM, Harald Koch wrote:
Thirty years ago I started my sysadmin journey on an Internet that was 
filled with helpful, experienced people that were willing to share their 
knowledge.


The vast majority of what I've experienced in the last ~20 years has 
been people willing to help others who are trying to help themselves.


If you are trying, make an honest mistake, and are willing to correct it 
when others politely let you know, you will quite likely find people 
willing to help you.  Especially if you return the favor in kind.


If you are being a hooligan and not responding to problems reported to 
you or purposefully ~> wantonly doing things to others ... good luck.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Eric Kuhnke 
It is worth mentioning for those who have not seen a Ubiquiti "edgrouter"
in person yet, or worked with one, where their operating system came
from...  When Vyatta was acquired by Brocade, the core Vyatta team jumped
ship and were hired directly by Ubiquiti. When you SSH into one of these
whether it's a $45 Edgerouter-X or a $300 unit, it is a Debian based CLI
and is very obviously a fork of Vyatta. The entire system file tree and
package mangement system is all Debian.




On Mon, Dec 4, 2017 at 12:55 PM, Mel Beckman  wrote:

> The Edgerouter Pro 8 meets all your specs. It's 1U, has eight GigE ports,
> including two SFP/combo ports, can take full IPv4 and IPv6 tables, and only
> consumes 40 watts (about half an amp at 120V). About $300.
>
> https://www.ubnt.com/edgemax/edgerouter-pro/
>
>  -mel beckman
>
> > On Dec 4, 2017, at 12:46 PM, Adam Lawson  wrote:
> >
> > Hi,
> >
> >
> >
> > I'm looking for suggestions on 1U-2U sized router with 1G interface
> >
> > which can handle both IPv4 and IPv6 full BGP table and doesn't consume
> >
> > too much power.
> >
> >
> >
> > The router needs to be squeezed in to a rack which doesn't
> >
> > have a lot of space nor power. As for space, maybe I can make
> >
> > space for 3U or 4U but as for power, I can only do around
> >
> > 1.5A@100V on average. (There is room for burst power usage.)
> >
> >
> >
> > The following are the one's I can think of:
> >
> > - Juniper M7i with C-FEB-E (base 1.59A)
> >
> > - Brocade CER2024F (1.35A)
> >
> > - Mikrotik CCR, UBNT EdgeRouter Pro/Infinity
> >
> > - A server with Vyos, vMX or ASR1000v
> >
> >
> >
> > Does anyone have other recommendations?
> >
> >
> >
> > Thanks,
> >
> > Adam
> >
> >
> >
> >
> >
> >
> >
> >
>

Re: Suggestions for a more privacy conscious email provider

2017-12-05 Thread John Levine 
In article <20171205105918.ga8...@gsp.org> you write:
>   "Current Peeve: The mindset that the Internet is some sort of
>   school for novice sysadmins and that everyone *not* doing stupid
>   dangerous things should act like patient teachers with the ones
>   who are."

Up to a point.  If you ask a reasonable question that shows you've
done some homework, you'll get a reasonable answer.  On the other hand ...

  I need to send mail to a million people.  But when I send the mail, a
  lot of it bounces back.  How can I tell networks not to censor me?
  I'ms using Bulk Blaster Pro!  Should I use a different program?

R's,
John

RE: Small full BGP table capable router with low power consumption

2017-12-05 Thread tony 
For me the obvious answer for the OP is the Mikrotik CCR range - 
https://mikrotik.com/product/CCR1036-8G-2Splus



-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eric Kuhnke
Sent: Wednesday, 6 December 2017 6:00 AM
To: nanog@nanog.org list 
Subject: Re: Small full BGP table capable router with low power consumption

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread mike . lyon 
Bad thing about the CCRs is that their BGP process is single threaded. So even 
though it has a bunch of cores, it doesn’t utilize them for BGP.

-Mike

> On Dec 5, 2017, at 09:50,   wrote:
> 
> For me the obvious answer for the OP is the Mikrotik CCR range - 
> https://mikrotik.com/product/CCR1036-8G-2Splus
> 
> 
> 
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eric Kuhnke
> Sent: Wednesday, 6 December 2017 6:00 AM
> To: nanog@nanog.org list 
> Subject: Re: Small full BGP table capable router with low power consumption
>

RE: Small full BGP table capable router with low power consumption

2017-12-05 Thread tony 
Is that actually still true nowadays ?  Of course there is always the option of 
running RouterOS on an X86 for an effective solution as well.

-Original Message-
From: mike.l...@gmail.com [mailto:mike.l...@gmail.com] 
Sent: Wednesday, 6 December 2017 7:07 AM
To: t...@wicks.co.nz
Cc: nanog@nanog.org
Subject: Re: Small full BGP table capable router with low power consumption

Bad thing about the CCRs is that their BGP process is single threaded. So even 
though it has a bunch of cores, it doesn’t utilize them for BGP.

-Mike

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread mike . lyon 
Unfortunately, yes. Thats why two Juniper M7is just arrived on my doorstep 
yesterday...

> On Dec 5, 2017, at 10:10,   wrote:
> 
> Is that actually still true nowadays ?  Of course there is always the option 
> of running RouterOS on an X86 for an effective solution as well.
> 
> -Original Message-
> From: mike.l...@gmail.com [mailto:mike.l...@gmail.com] 
> Sent: Wednesday, 6 December 2017 7:07 AM
> To: t...@wicks.co.nz
> Cc: nanog@nanog.org
> Subject: Re: Small full BGP table capable router with low power consumption
> 
> Bad thing about the CCRs is that their BGP process is single threaded. So 
> even though it has a bunch of cores, it doesn’t utilize them for BGP.
> 
> -Mike
> 
>

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread amuse 
Back in the day, only Ph.D's used the internet, so they were the sysadmins.

These days, I recommend that system administration be only allowed for
card-holding responsible people who have proven their technical abilities.
Then, when you get awarded your Ph.D, they can take your sysadmin card back.

On Tue, Dec 5, 2017 at 8:33 AM, Leo Bicknell  wrote:

> In a message written on Tue, Dec 05, 2017 at 06:49:43AM -0800, Stephen
> Satchell wrote:
> > The NSF in particular ran the 'Net like bouncers do in a strip club:
> > you break the rules, you go.  No argument.
>
> I'm not sure I've ever seen a more inaccurate description of the NSF.
> What in the world are you talking about?
>
> > The original trust model for the Internet was based on this unrelenting
> > oversight.  You didn't expect Bad Things(tm) because the consequences of
> > doing them was so severe:  banishment and exile.  Also, the technical
> > ability required to do Bad Things(tm) wasn't easily won.  Accessing the
> > 'Net was a PRIVILEGE, not a right.  Abuse at your own peril.
>
> Oh wait, you took the BS to a new level.
>
> There was no banishment and exile.  This was before we knew of buffer
> overflows, spoofing, and so on.  I remember the weekly sendmail buffer
> overrun bugs, the finger back bombs, the rlogin spoofing attacks.
> Turns out bored college students were very good at creating mischeff.
>
> There was no banishment.  There were plenty of bad things.
>
> > Ok, I'll shut up now.
>
> Good plan.
>
> --
> Leo Bicknell - bickn...@ufp.org
> PGP keys at http://www.ufp.org/~bicknell/
>

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Mike Hammett 
I understand that most BGP implementations are single-threaded. 

The problem is that it sucks, which version 7 fixes... whenever the unicorn 
makes that delivery. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "mike lyon"  
To: t...@wicks.co.nz 
Cc: nanog@nanog.org 
Sent: Tuesday, December 5, 2017 12:07:19 PM 
Subject: Re: Small full BGP table capable router with low power consumption 

Bad thing about the CCRs is that their BGP process is single threaded. So even 
though it has a bunch of cores, it doesn’t utilize them for BGP. 

-Mike 

> On Dec 5, 2017, at 09:50,   wrote: 
> 
> For me the obvious answer for the OP is the Mikrotik CCR range - 
> https://mikrotik.com/product/CCR1036-8G-2Splus 
> 
> 
> 
> -Original Message- 
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eric Kuhnke 
> Sent: Wednesday, 6 December 2017 6:00 AM 
> To: nanog@nanog.org list  
> Subject: Re: Small full BGP table capable router with low power consumption 
>

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Mike Hammett 
I'm replacing an M10i with a CHR. 

I hope you have a newer RE so that you don't have worse BGP convergence than a 
CCR. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "mike lyon"  
To: t...@wicks.co.nz 
Cc: nanog@nanog.org 
Sent: Tuesday, December 5, 2017 12:11:27 PM 
Subject: Re: Small full BGP table capable router with low power consumption 

Unfortunately, yes. Thats why two Juniper M7is just arrived on my doorstep 
yesterday... 

> On Dec 5, 2017, at 10:10,   wrote: 
> 
> Is that actually still true nowadays ? Of course there is always the option 
> of running RouterOS on an X86 for an effective solution as well. 
> 
> -Original Message- 
> From: mike.l...@gmail.com [mailto:mike.l...@gmail.com] 
> Sent: Wednesday, 6 December 2017 7:07 AM 
> To: t...@wicks.co.nz 
> Cc: nanog@nanog.org 
> Subject: Re: Small full BGP table capable router with low power consumption 
> 
> Bad thing about the CCRs is that their BGP process is single threaded. So 
> even though it has a bunch of cores, it doesn’t utilize them for BGP. 
> 
> -Mike 
> 
>

Re: Novice sysadmins

2017-12-05 Thread Miles Fidelman 
Umm.. back in the day, only researchers & engineers used the ARPANET, 
and secretaries, and administrators, and very quickly lots of military 
ratings, ... By the time networks were connected to form the Internet, 
and particularly once university LANs and CANs were connected, you had 
students, hackers, pretty much all types using the Internet.


And among those of us who actually built pieces of the thing, I don't 
remember a lot of PhDs - to much interesting work to be done for people 
to stay in school.



On 12/5/17 11:15 AM, amuse wrote:

Back in the day, only Ph.D's used the internet, so they were the sysadmins.

These days, I recommend that system administration be only allowed for
card-holding responsible people who have proven their technical abilities.
Then, when you get awarded your Ph.D, they can take your sysadmin card back.

On Tue, Dec 5, 2017 at 8:33 AM, Leo Bicknell  wrote:


In a message written on Tue, Dec 05, 2017 at 06:49:43AM -0800, Stephen
Satchell wrote:

The NSF in particular ran the 'Net like bouncers do in a strip club:
you break the rules, you go.  No argument.

I'm not sure I've ever seen a more inaccurate description of the NSF.
What in the world are you talking about?


The original trust model for the Internet was based on this unrelenting
oversight.  You didn't expect Bad Things(tm) because the consequences of
doing them was so severe:  banishment and exile.  Also, the technical
ability required to do Bad Things(tm) wasn't easily won.  Accessing the
'Net was a PRIVILEGE, not a right.  Abuse at your own peril.

Oh wait, you took the BS to a new level.

There was no banishment and exile.  This was before we knew of buffer
overflows, spoofing, and so on.  I remember the weekly sendmail buffer
overrun bugs, the finger back bombs, the rlogin spoofing attacks.
Turns out bored college students were very good at creating mischeff.

There was no banishment.  There were plenty of bad things.


Ok, I'll shut up now.

Good plan.

--
Leo Bicknell - bickn...@ufp.org
PGP keys at http://www.ufp.org/~bicknell/



--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread mike . lyon 
What hardware you running the CHR on?

> On Dec 5, 2017, at 10:29, Mike Hammett  wrote:
> 
> I'm replacing an M10i with a CHR. 
> 
> I hope you have a newer RE so that you don't have worse BGP convergence than 
> a CCR. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest-IX 
> http://www.midwest-ix.com 
> 
> - Original Message -
> 
> From: "mike lyon"  
> To: t...@wicks.co.nz 
> Cc: nanog@nanog.org 
> Sent: Tuesday, December 5, 2017 12:11:27 PM 
> Subject: Re: Small full BGP table capable router with low power consumption 
> 
> Unfortunately, yes. Thats why two Juniper M7is just arrived on my doorstep 
> yesterday... 
> 
>> On Dec 5, 2017, at 10:10,   wrote: 
>> 
>> Is that actually still true nowadays ? Of course there is always the option 
>> of running RouterOS on an X86 for an effective solution as well. 
>> 
>> -Original Message- 
>> From: mike.l...@gmail.com [mailto:mike.l...@gmail.com] 
>> Sent: Wednesday, 6 December 2017 7:07 AM 
>> To: t...@wicks.co.nz 
>> Cc: nanog@nanog.org 
>> Subject: Re: Small full BGP table capable router with low power consumption 
>> 
>> Bad thing about the CCRs is that their BGP process is single threaded. So 
>> even though it has a bunch of cores, it doesn’t utilize them for BGP. 
>> 
>> -Mike 
>> 
>> 
>

RE: Small full BGP table capable router with low power consumption

2017-12-05 Thread tony 
Yea, as much as I love Juniper Hardware the M series is really a long way on 
the past at this point. I would suggest the new MX150 is the way to go for up 
to 20G requirements. Of course that's in a different league from the OP's 
criteria. 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett
Sent: Wednesday, 6 December 2017 7:29 AM
Cc: nanog@nanog.org
Subject: Re: Small full BGP table capable router with low power consumption

I'm replacing an M10i with a CHR. 

I hope you have a newer RE so that you don't have worse BGP convergence than a 
CCR.

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Mike Hammett 
It's a couple year old Xeon running vSphere. 

Once I get some other migrations done, I'll load either vSphere or Proxmox onto 
the hardware running the Vyatta firewall now and run a CHR there as well for a 
second upstream. I'm not yet sure what the underlying hardware is for that one. 

My x86 ROS boxes load full tables in ~30 seconds and maintain hardly any CPU 
core usage when pulling in updates. 

I've seen CCRs take 10 minutes to receive and then change routing accordingly 
for BGP updates (Cogent, HE and several IX peers). 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "mike lyon"  
To: "Mike Hammett"  
Cc: nanog@nanog.org 
Sent: Tuesday, December 5, 2017 12:35:48 PM 
Subject: Re: Small full BGP table capable router with low power consumption 

What hardware you running the CHR on? 

> On Dec 5, 2017, at 10:29, Mike Hammett  wrote: 
> 
> I'm replacing an M10i with a CHR. 
> 
> I hope you have a newer RE so that you don't have worse BGP convergence than 
> a CCR. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest-IX 
> http://www.midwest-ix.com 
> 
> - Original Message - 
> 
> From: "mike lyon"  
> To: t...@wicks.co.nz 
> Cc: nanog@nanog.org 
> Sent: Tuesday, December 5, 2017 12:11:27 PM 
> Subject: Re: Small full BGP table capable router with low power consumption 
> 
> Unfortunately, yes. Thats why two Juniper M7is just arrived on my doorstep 
> yesterday... 
> 
>> On Dec 5, 2017, at 10:10,   wrote: 
>> 
>> Is that actually still true nowadays ? Of course there is always the option 
>> of running RouterOS on an X86 for an effective solution as well. 
>> 
>> -Original Message- 
>> From: mike.l...@gmail.com [mailto:mike.l...@gmail.com] 
>> Sent: Wednesday, 6 December 2017 7:07 AM 
>> To: t...@wicks.co.nz 
>> Cc: nanog@nanog.org 
>> Subject: Re: Small full BGP table capable router with low power consumption 
>> 
>> Bad thing about the CCRs is that their BGP process is single threaded. So 
>> even though it has a bunch of cores, it doesn’t utilize them for BGP. 
>> 
>> -Mike 
>> 
>> 
>

Re: Novice sysadmins

2017-12-05 Thread Sam Oduor 
Subject of interest; my 15 years experience I met a blend of senior admins
while learning the curves ..

1. Those who denied you knowledge/handover due to insecurity

2. Those who fed you with knowledge but were rude and could make you feel
like you undergoing some military training

3. Those who gave you manuals and told you go and read; hardcopy was a
common thing - I could deliberately stay back in the office and print a
whole library :-)

4. The rare breed that walked you through sysadmins !


Right now it seems the tables have turned around; I already feel I have
come to the end of the road as sysadmin but on a lighter note - I have been
working hard on passing knowledge down and this are the new blend of people
I have met.

1. Those willing to learn are very obedient but for some reason not up to
the task

2. Those who know everything you try to teach them; are kinda rude and they
bring down systems - lab systems

3. Those who commit to be taught but never show up for free lessons despite
offering them free lunch :-)

4. A rare young  breed that teaches me mobile apps and new games online -
the 90's champs !

5. A rare breed that goes the extra mile; sacrifice time and money to learn
!


I love 4 & 5 !






On Tue, Dec 5, 2017 at 7:54 PM, Grant Taylor via NANOG 
wrote:

> On 12/05/2017 09:17 AM, Harald Koch wrote:
>
>> Thirty years ago I started my sysadmin journey on an Internet that was
>> filled with helpful, experienced people that were willing to share their
>> knowledge.
>>
>
> The vast majority of what I've experienced in the last ~20 years has been
> people willing to help others who are trying to help themselves.
>
> If you are trying, make an honest mistake, and are willing to correct it
> when others politely let you know, you will quite likely find people
> willing to help you.  Especially if you return the favor in kind.
>
> If you are being a hooligan and not responding to problems reported to you
> or purposefully ~> wantonly doing things to others ... good luck.
>
>
>
> --
> Grant. . . .
> unix || die
>
>


-- 
Samson Oduor

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Adam Lawson 
Hi,

Thanks for all the replies.

I think the options that came up are:
- Mikrotiks
This fits my requirements pretty nicely, however as Mike pointed out the 
single threaded BGP is a bit of concern. Also, just that I'm not a very big
fan of the /xxx Mikrotik CLI.

- EdgeRouter Pros, Juniper M7i
- A server with bgpd running
- Cisco 4300-4400 series
Both the above would work nicely.

- Cisco 2900s
Can these handle full BGP tables as of today?

- Juniper MXs
The reason I wrote M7i instead of the MX was I far as I looked on the Juniper
site, it seems to use more power than the M7i (though you get more performance).

- Nokia IXR-R6 (not IXR-6)
- Huawei NE20E-S2E
I need to look these up. I'm guessing the Nokia has same CLIs as Alcatels.

Thanks,
Adam

 On Mon, 04 Dec 2017 11:19:14 -0800 Adam Lawson  wrote 


 > Hi,
 > 
 > I'm looking for suggestions on 1U-2U sized router with 1G interface 
 > which can handle both IPv4 and IPv6 full BGP table and doesn't consume 
 > too much power. 
 > 
 > The router needs to be squeezed in to a rack which doesn't 
 > have a lot of space nor power. As for space, maybe I can make 
 > space for 3U or 4U but as for power, I can only do around 
 > 1.5A@100V on average. (There is room for burst power usage.)
 > 
 > The following are the one's I can think of:
 > - Juniper M7i with C-FEB-E (base 1.59A)
 > - Brocade CER2024F (1.35A)
 > - Mikrotik CCR, UBNT EdgeRouter Pro/Infinity
 > - A server with Vyos, vMX or ASR1000v
 > 
 > Does anyone have other recommendations?
 > 
 > Thanks,
 > Adam
 > 
 > 
 >

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Seth Mattinen 

On 12/5/17 10:28 AM, Mike Hammett wrote:

I understand that most BGP implementations are single-threaded.



Well, yeah. That's where the "lots of slow cores" model doesn't work.

~Seth

RE: Small full BGP table capable router with low power consumption

2017-12-05 Thread tony 

- Juniper MXs
The reason I wrote M7i instead of the MX was I far as I looked on the Juniper 
site, it seems to use more power than the M7i (though you get more performance).


The M150 has just been released, if its within the budget I wold suggest it 
will very nicely fit the requirement with its 1U form factor and 365W draw. - 
https://www.juniper.net/us/en/products-services/routing/mx-series/mx150/

RE: Small full BGP table capable router with low power consumption

2017-12-05 Thread tony 
No, not actually seen one in real life yet. Interesting thing of course is it 
runs VMX JunOS code.

-Original Message-
From: Georg Kahest [mailto:georg.kah...@internet.ee] 
Sent: Wednesday, 6 December 2017 8:01 AM
To: t...@wicks.co.nz; nanog@nanog.org
Subject: Re: Small full BGP table capable router with low power consumption

Have you played around with mx150 yet?

It seems very appealing on paper, but as of its so new i have my doubts

Re: Novice sysadmins

2017-12-05 Thread Miles Fidelman 
And then, let's not forget the BOFH! (http://www.bofharchive.com), and 
Mordac.



On 12/5/17 11:40 AM, Sam Oduor wrote:

Subject of interest; my 15 years experience I met a blend of senior admins
while learning the curves ..

1. Those who denied you knowledge/handover due to insecurity

2. Those who fed you with knowledge but were rude and could make you feel
like you undergoing some military training

3. Those who gave you manuals and told you go and read; hardcopy was a
common thing - I could deliberately stay back in the office and print a
whole library :-)

4. The rare breed that walked you through sysadmins !


Right now it seems the tables have turned around; I already feel I have
come to the end of the road as sysadmin but on a lighter note - I have been
working hard on passing knowledge down and this are the new blend of people
I have met.

1. Those willing to learn are very obedient but for some reason not up to
the task

2. Those who know everything you try to teach them; are kinda rude and they
bring down systems - lab systems

3. Those who commit to be taught but never show up for free lessons despite
offering them free lunch :-)

4. A rare young  breed that teaches me mobile apps and new games online -
the 90's champs !

5. A rare breed that goes the extra mile; sacrifice time and money to learn
!


I love 4 & 5 !






On Tue, Dec 5, 2017 at 7:54 PM, Grant Taylor via NANOG 
wrote:


On 12/05/2017 09:17 AM, Harald Koch wrote:


Thirty years ago I started my sysadmin journey on an Internet that was
filled with helpful, experienced people that were willing to share their
knowledge.


The vast majority of what I've experienced in the last ~20 years has been
people willing to help others who are trying to help themselves.

If you are trying, make an honest mistake, and are willing to correct it
when others politely let you know, you will quite likely find people
willing to help you.  Especially if you return the favor in kind.

If you are being a hooligan and not responding to problems reported to you
or purposefully ~> wantonly doing things to others ... good luck.



--
Grant. . . .
unix || die






--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread William Herrin 
On Tue, Dec 5, 2017 at 9:49 AM, Stephen Satchell  wrote:

>  the Internet as we know it was developed under the stern eyes of the
> Department of Defense and the National Science Foundation. The NSF in
> particular ran the 'Net like bouncers do in a strip club: you break the
> rules, you go.  No argument.
>
> The original trust model for the Internet was based on this unrelenting
> oversight.  You didn't expect Bad Things(tm) because the consequences of
> doing them was so severe:  banishment and exile.


Hi Stephen,

Granted I was a late arrival in 1991, but I don't recall much in the way of
oversight... or banishment.

I do recall that the '88 Morris worm resulted in 400 hours of community
service and a tenured professorship at MIT. I suppose the latter could be
considered a severe consequence.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Colin Baker 

On 2017-12-05 12:44, Adam Lawson wrote:

Hi,

Thanks for all the replies.

I think the options that came up are:



- Juniper MXs
The reason I wrote M7i instead of the MX was I far as I looked on the 
Juniper
site, it seems to use more power than the M7i (though you get more 
performance).


RE-800 are so slow that I've had numerous instances where I've made a 
change, banged my head on the desk for several minutes trying to figure 
out why it isn't working, and then realize that the control plane was 
still thinking about it.  It will take full tables though, barely, and 
eventually.  Imagine the RE-1800s are fine, haven't used one personally. 
 C-FEB-E should have plenty of room for your FIB.


What's the application?  I'll throw a somewhat oddball option out there 
- you can fit full tables into RIB on many Juniper EX switches.  Limited 
use cases for sure, but it can be handy if you can limit what's 
installed into FIB.


--
"640K ought to be enough for anybody."
-Kurt Cobain

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Mark Blackman 

> On 4 Dec 2017, at 19:19, Adam Lawson  wrote:
> 
> Hi,
> 
> 
> 
> I'm looking for suggestions on 1U-2U sized router with 1G interface 
> which can handle both IPv4 and IPv6 full BGP table and doesn't consume 
> too much power. 
> 
> 
> 
> The router needs to be squeezed in to a rack which doesn't 
> have a lot of space nor power. As for space, maybe I can make 
> space for 3U or 4U but as for power, I can only do around 
> 1.5A@100V on average. (There is room for burst power usage.)
> 
> 
> 
> The following are the one's I can think of:
> - Juniper M7i with C-FEB-E (base 1.59A)
> - Brocade CER2024F (1.35A)
> - Mikrotik CCR, UBNT EdgeRouter Pro/Infinity
> - A server with Vyos, vMX or ASR1000v
> 
> Does anyone have other recommendations?

A low-power rack mount x86 box running one of (Free|Open|Net)BSD and OpenBGPd?

- Mark

RE: Small full BGP table capable router with low power consumption

2017-12-05 Thread tony 

What's the application?  I'll throw a somewhat oddball option out there
- you can fit full tables into RIB on many Juniper EX switches.  Limited use
cases for sure, but it can be handy if you can limit what's installed into
FIB.


Fixed format EX's range max out at 128k routes, definitely not an option
there unless I am really missing something. I often use EX/QFX for l3, but
no way they come anywhere near a full table.

Re: Small full BGP table capable router with low power consumption

2017-12-05 Thread Colin Baker 

On 2017-12-05 15:22, t...@wicks.co.nz wrote:


Fixed format EX's range max out at 128k routes, definitely not an 
option
there unless I am really missing something. I often use EX/QFX for l3, 
but

no way they come anywhere near a full table.


yep :)

set routing-options maximum-prefixes biggernumberthan128k

again, RIB only

--
"640K ought to be enough for anybody."
-Kurt Cobain

Re: Novice sysadmins

2017-12-05 Thread Tim Pozar 
Should have an honorary list of great sysadmins.  In my years of doing
this sort of work, I found a number of folks that would lend a helping
hand.  To that, I would like to nominate:

Strata Rose Chalup
--
Strata Rose Chalup began as a novice sysadmin in 1983 and has been
leading and managing complex IT projects ever since. She is a co-author
of The Practice of System and Network Administration and has taught at
USENIX Annual Tech and LISA for many years. Strata is always looking at
new technologies and is currently enjoying learning the Arduino
microcontroller platform.
[text from her USENIX conference page]


On 12/5/17 11:23 AM, Miles Fidelman wrote:
> And then, let's not forget the BOFH! (http://www.bofharchive.com), and
> Mordac.
> 
> 
> On 12/5/17 11:40 AM, Sam Oduor wrote:
>> Subject of interest; my 15 years experience I met a blend of senior
>> admins
>> while learning the curves ..
>>
>> 1. Those who denied you knowledge/handover due to insecurity
>>
>> 2. Those who fed you with knowledge but were rude and could make you feel
>> like you undergoing some military training
>>
>> 3. Those who gave you manuals and told you go and read; hardcopy was a
>> common thing - I could deliberately stay back in the office and print a
>> whole library :-)
>>
>> 4. The rare breed that walked you through sysadmins !
>>
>>
>> Right now it seems the tables have turned around; I already feel I have
>> come to the end of the road as sysadmin but on a lighter note - I have
>> been
>> working hard on passing knowledge down and this are the new blend of
>> people
>> I have met.
>>
>> 1. Those willing to learn are very obedient but for some reason not up to
>> the task
>>
>> 2. Those who know everything you try to teach them; are kinda rude and
>> they
>> bring down systems - lab systems
>>
>> 3. Those who commit to be taught but never show up for free lessons
>> despite
>> offering them free lunch :-)
>>
>> 4. A rare young  breed that teaches me mobile apps and new games online -
>> the 90's champs !
>>
>> 5. A rare breed that goes the extra mile; sacrifice time and money to
>> learn
>> !
>>
>>
>> I love 4 & 5 !
>>
>>
>>
>>
>>
>>
>> On Tue, Dec 5, 2017 at 7:54 PM, Grant Taylor via NANOG 
>> wrote:
>>
>>> On 12/05/2017 09:17 AM, Harald Koch wrote:
>>>
 Thirty years ago I started my sysadmin journey on an Internet that was
 filled with helpful, experienced people that were willing to share
 their
 knowledge.

>>> The vast majority of what I've experienced in the last ~20 years has
>>> been
>>> people willing to help others who are trying to help themselves.
>>>
>>> If you are trying, make an honest mistake, and are willing to correct it
>>> when others politely let you know, you will quite likely find people
>>> willing to help you.  Especially if you return the favor in kind.
>>>
>>> If you are being a hooligan and not responding to problems reported
>>> to you
>>> or purposefully ~> wantonly doing things to others ... good luck.
>>>
>>>
>>>
>>> -- 
>>> Grant. . . .
>>> unix || die
>>>
>>>
>>
>

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Scott Weeks 

--- l...@satchell.net wrote:
From: Stephen Satchell 

Indeed, I'm not aware of any certification that applies to system 
administrators.  Network administrators have certs that are 
well-recognized and accepted.  Mail admins?  Server admins?  The certs 
that are out there border on jokes or disguised sale pitches.  
---


Have you seen neteng certs lately?  I'm forced to maintain a
lower level one to keep my job and it makes me angry every
time I have to do it.  The sales pitch is hidden in the words 
and the correct answer is almost always something that has to
do with the proprietary item the vendor has.

scott

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread William Herrin 
On Tue, Dec 5, 2017 at 6:11 PM, Scott Weeks  wrote:
> Have you seen neteng certs lately?  I'm forced to maintain a
> lower level one to keep my job and it makes me angry every
> time I have to do it.  The sales pitch is hidden in the words
> and the correct answer is almost always something that has to
> do with the proprietary item the vendor has.


Even the relatively good ones are bad. I have identified 60 and am on track
to identify about 200 errors in the official ISC2 CISSP study guide.

"However, UDP should only be used when the delivery of data is not
essential"

List of Layer 5 (Session) protocols:
NFS
SQL
RPC

Regarding IPv6 SLAAC: "Autoconfiguration removes the need for both DHCP and
NAT."

"A static packet-filtering firewall [is unable] to tell whether a packet
originated from inside or outside the private network."

"Examples of dedicated lines:
Technology, Connection Type, Speed
Digital Signal Level 0 (DS-0), Partial T1, 64 Kbps up to 1.544 Mbps
Digital Signal Level 1 (DS-1), T1, 1.544 Mbps"

"The web application then switches to a subject role as it queries the
user's computer to retrieve a cookie"

"Plenum-grade cable must be used [...] if the building has enclosed spaces
that could trap gases."


Stop. No. Just no. Plenum-grade cable must be used in a -plenum-. A plenum
is an air-handling space like the inside of a furnace duct. The only reason
we care about plenum cable in our jobs is that most offices take a shortcut
and turn the entire area above the ceiling tiles in to a giant return-air
duct for the air conditioner. That's why the return-air grill is simply
open into the ceiling. If you burn crap in an air-handling space, the fumes
aren't trapped: they almost immediately spread throughout the office.
That's bad, so we use different cable than what we put under the desk where
the fumes will tend to stay near where they started.

Trap gases? No! Plenum is for where the gases would quickly spread!

Regards,
Bill Herrin


--
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

2017-12-05 Thread Scott Weeks 


--- b...@herrin.us wrote:
From: William Herrin 

Even the relatively good ones are bad. I have identified 
60 and am on track to identify about 200 errors in the 
official ISC2 CISSP study guide.
-


One last one I promise...  :-)

I also have to maintain a Security+ cert, which is part 
of the CISSP.  I absolutely despise the number of 
incorrect answers and misinformation that cert puts out.  
After I'm done taking that one everyone leaves me alone 
for the rest of the afternoon...  >:-(

I would not consider the Security+ a 'relatively good 
one'.  Rather, it's one of the worst I have ever had to 
do!

scott

Qrator Radar - Peerings

2017-12-05 Thread Mike Hammett 
Does anyone use this site much? Has something happened to reduce their 
visibility? 

I've noticed multiple networks that had massive drops in peerings on or around 
March 11, 2017. AS5650 went from 66 to 12. AS53828 went from 436 to 19. PCH's 
AS3856 looking glass still reports adjacencies to both of those ASes. AS3856 
went from 183 adjacencies to 113 that same day (and didn't bounce back). It 
seems rather unlikely that PCH would lose that much, given that their goal is 
to collect route table information. Even more odd that those two ASNs would 
also lose a ton of peers the same day. 

Thoughts? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP

Any Megapath / GTT clue?

2017-12-05 Thread mike . lyon 
Getting no where with the front end support @ Megapath. 

/28 suddenly is no longer being routed to my client.

Any help would be appreciated.

Thank You,
Mike

Equinix SV8 Facebook IPv6 router 2001:504:D::47/64 constantly bouncing sessions

2017-12-05 Thread Peter Kranz 
Are other SV8 peering exchange participants seeing problems with Facebooks
2001:504:D::47/64 router in the SV8? 

Been seeing this for over 48 hours now. No issues with other SV8 peers, or
Facebooks other IPv6 router in the facility.

Dec  5 18:52:00: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down BGP
Notification sent
Dec  5 18:53:40: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 18:55:07: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down NSF peer
closed the session
Dec  5 18:58:42: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:00:12: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down NSF peer
closed the session
Dec  5 19:09:41: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:11:08: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down NSF peer
closed the session
Dec  5 19:16:21: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:17:47: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down NSF peer
closed the session
Dec  5 19:18:54: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:20:24: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down BGP
Notification sent
Dec  5 19:40:58: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:43:14: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down BGP
Notification sent
Dec  5 19:47:03: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:48:51: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down BGP
Notification sent
Dec  5 19:50:54: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:52:21: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down NSF peer
closed the session
Dec  5 19:53:44: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:55:11: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down NSF peer
closed the session
Dec  5 19:55:57: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Up 
Dec  5 19:57:27: %BGP-5-ADJCHANGE: neighbor 2001:504:D::47 Down BGP
Notification sent

Peter Kranz
www.UnwiredLtd.com
Desk: 510-868-1614 x100
Mobile: 510-207-
pkr...@unwiredltd.com

Re: Qrator Radar - Peerings

2017-12-05 Thread Yang Yu 
Have you received a response from qrator? My guess is that they
dropped a BGP collector session that was advertising garbage
(modifying AS path to make non-connected ASNs appear connected).


>most ASNs left permanently on at 2017-03-11 21:00:00 were never connected
https://radar.qrator.net/as11537/peerings#startDate=2017-03-06&endDate=2017-03-15&tab=left


Yang

On Tue, Dec 5, 2017 at 6:06 PM, Mike Hammett  wrote:
> Does anyone use this site much? Has something happened to reduce their 
> visibility?
>
> I've noticed multiple networks that had massive drops in peerings on or 
> around March 11, 2017. AS5650 went from 66 to 12. AS53828 went from 436 to 
> 19. PCH's AS3856 looking glass still reports adjacencies to both of those 
> ASes. AS3856 went from 183 adjacencies to 113 that same day (and didn't 
> bounce back). It seems rather unlikely that PCH would lose that much, given 
> that their goal is to collect route table information. Even more odd that 
> those two ASNs would also lose a ton of peers the same day.
>
> Thoughts?
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
>
> Midwest Internet Exchange
>
> The Brothers WISP
>