Re: AS PATH limits

2017-12-22 Thread Nick Hilliard 
Ken Chase wrote:
> (And I'd fix it _right now_, but it's at my major customer's 
> discretion.

ok, so this is a customer management problem. If this is the only
customer on that router, then ok, if they want to continue putting
themselves at risk of service loss, I guess that would be their concern.

If there's anyone else connected to this router, then you would probably
want to consider moving them off it, because you seem to have said
that you may not have full control of your business assets. If this is
the case, it isn't a good situation to be in and will lead to issues
like this turning into serious longer term problems.

> read the first table on page 3 and then explain the philosophy of
> not caring about this as a general issue affecting the entire
> internet. That's not, to date, been the attitude I've seen in here or
> elsewhere amongst admins, and I dont see why we should start now.

Globally, there are 59000 ASNs announcing a total of 670k ipv4 prefixes
and 45k ipv6 routes. If any one of those prefixes is announced anywhere
in the world with an oddball as-path, then this puts vulnerable
versions of quagga at risk of service loss.

This isn't about sympathy or caring or not caring or anything else, but
the uncomfortable fact that with a pool this large, mistakes are going
to happen from time to time, whether we like it or not. It's as-path
length this time, but on previous occasions it's been attribute size, or
incorrect attribute combos or, well, a small catalog of other problems
that have caused bgp session failure globally over the years.

It's each of our responsibility to ensure that our systems are resistant
to problems like this, not other peoples' responsibility to ensure that
our networks don't get hit by third party misconfigs.

Nick

Re: AS PATH limits

2017-12-22 Thread William Herrin 
On Fri, Dec 22, 2017 at 5:57 PM, Scott Weeks  wrote:

> Well, that's a brilliant platitude, but what do you do
> when it breaks over and over until the other guy upgrades?
> ---
>
>
> Filter that network out of your tables until it's fixed? :)


Good luck with that since the BGP session collapses in the process of
receiving that corrupted data. That's the bug. The other guy's router could
filter the prefix but if he doesn't he fouls the BGP session to everybody
he tries to peer it to.

Regards.
Bill Herrin

-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: AS PATH limits

2017-12-22 Thread Ken Chase 
Ive found some other stuff that's totally busted, but screw those who havent
patched their systems. We should not help them at all as knowlegeable stewards
of big chunks of bandwidth, we should just write stuff about how silly they
are instead:

 https://www.usenix.org/system/files/conference/woot14/woot14-kuhrer.pdf

read the first table on page 3 and then explain the philosophy of not caring
about this as a general issue affecting the entire internet. That's not, to
date, been the attitude I've seen in here or elsewhere amongst admins, and I
dont see why we should start now.

(And I'd fix it _right now_, but it's at my major customer's discretion. I've
explained the risks, he's taken them to heart. He too is an actual seasoned
admin (with quagga experience), but turned off his AS least year and got out of
the game. He has his reasons for waiting a bit longer.)

/kc


On Fri, Dec 22, 2017 at 11:11:44PM +, Nick Hilliard said:
  >William Herrin wrote:
  >> On Fri, Dec 22, 2017 at 5:45 PM, Nick Hilliard  wrote:
  >> If you've been hit with a known service-affecting problem that can
  >> easily recur without warning and which will be service affecting if it
  >> hits again, common sense suggests that it would be a good idea to
  >> upgrade to a version of code which isn't affected.
  >> 
  >> Well, that's a brilliant platitude, but what do you do when it breaks
  >> over and over until the other guy upgrades?
  >
  >I dunno, maybe shake our fists and rage a bit about the existence of
  >service affecting bugs?  It's not like we haven't all been in this
  >position at one stage or another.
  >
  >The point was, though, that there's been several months since this bug
  >was discussed on nanog-l way back in balmy september, and given the fact
  >that it can completely wipe out connectivity without warning for those
  >affected, it would have been a good idea to deal with the problem in an
  >orderly way at the time rather than letting it interfere with eggnog and
  >seasonal good cheer, at one of the times of year where chunks of the
  >world are busy taking well-deserved holidays.
  >
  >On which point, seasonal cheers to all.
  >
  >Nick
  >

-- 
Ken Chase - k...@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto 
Canada
Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front 
St. W.

Re: Waste will kill ipv6 too

2017-12-22 Thread Jima 

On 2017-12-21 08:58, Christopher Morrow wrote:

On Thu, Dec 21, 2017 at 10:16 AM, Jason Iannone 
wrote:


M plays into this too.  By my calculations, CenturyLink controls at
least 17 million /48s.  How many sites does CenturyLink provide
service to?  I'm gonna go out on a limb and say it's not 17 million.



there are less than 17m households served by centurylink's residential
product? really?
each of those could be considered a site and then get a /48.


Speaking non-hypothetically, there's some shoddy network address 
management at play there. I can state for a fact that there's at least 
one /48 (and I imagine many more) in Jason's list that hasn't been valid 
for over three years. The IPv4 side of that circuit (a /25) is also 
still SWIP'd -- not that it's meaningfully usable in the DFZ.


Therein lies a (minor, I hope) flaw in Job Snijders' proposal to use 
ARIN OriginAS data for determining routing authorization: ISPs have to 
not suck at cleaning up SWIP entries for dormant circuits. I (as a 
customer) tried to get my employer's entries removed three months ago, 
but no one cared enough to follow up.


(Also, I doubt the vast majority of CenturyLink's residential customer 
base a) has non-tunneled IPv6 or b) receives a /48.)


If anyone from AS209 wants to clean up those SWIPs, they're welcome to 
ping me off-list. :-)


- Jima

Re: AS PATH limits

2017-12-22 Thread Nick Hilliard 
William Herrin wrote:
> On Fri, Dec 22, 2017 at 5:45 PM, Nick Hilliard  wrote:
> If you've been hit with a known service-affecting problem that can
> easily recur without warning and which will be service affecting if it
> hits again, common sense suggests that it would be a good idea to
> upgrade to a version of code which isn't affected.
> 
> Well, that's a brilliant platitude, but what do you do when it breaks
> over and over until the other guy upgrades?

I dunno, maybe shake our fists and rage a bit about the existence of
service affecting bugs?  It's not like we haven't all been in this
position at one stage or another.

The point was, though, that there's been several months since this bug
was discussed on nanog-l way back in balmy september, and given the fact
that it can completely wipe out connectivity without warning for those
affected, it would have been a good idea to deal with the problem in an
orderly way at the time rather than letting it interfere with eggnog and
seasonal good cheer, at one of the times of year where chunks of the
world are busy taking well-deserved holidays.

On which point, seasonal cheers to all.

Nick

Re: AS PATH limits

2017-12-22 Thread Ken Chase 
Push harder on upgrading. "Dec 30" is my earliest window I got from my customer
after previously pushing with previous events (didnt help that Cogent said "yeah
we agree these are silly, we'll be filtering more aggressively" -- this time it
snuck in from the less busy side of our network).

It's not even going to be service impacting, if we do everything correctly,
but *who knows for sure* :) Course more long path events occurring ARE service
impacting more than the risk during upgrade, so go figure.

Customers! Cant live with em, cant afford to live without em!

Nonetheless, I do think that backbones should be filtering ridiculous AS paths
just as a matter of course. Everyone fix their own stuff, and everyone help
the next guy downstream by stomping on sillyness. Generally been an internet 
mindset
that I've seen since even before the great renaming...

/kc


On Fri, Dec 22, 2017 at 05:50:36PM -0500, William Herrin said:
  >On Fri, Dec 22, 2017 at 5:45 PM, Nick Hilliard  wrote:
  >
  >> William Herrin wrote:
  >> > The AS path lengths we're talking about are unreasonable.
  >>
  >> "unreasonable" is a peculiar word to use here :-)
  >>
  >> It's the internet and you can't expect other people not to do silly
  >> things from time to time.  This is a known problem and it isn't even the
  >> first time it's been discussed on nanog-l.
  >>
  >> If you've been hit with a known service-affecting problem that can
  >> easily recur without warning and which will be service affecting if it
  >> hits again, common sense suggests that it would be a good idea to
  >> upgrade to a version of code which isn't affected.
  >
  >
  >Well, that's a brilliant platitude, but what do you do when it breaks over
  >and over until the other guy upgrades?
  >
  >-Bill
  >
  >
  >
  >
  >-- 
  >William Herrin  her...@dirtside.com  b...@herrin.us
  >Dirtside Systems . Web: 

/kc
--
Ken Chase - m...@sizone.org Guelph Canada

Re: AS PATH limits

2017-12-22 Thread Scott Weeks 


--- b...@herrin.us wrote:
From: William Herrin 

Well, that's a brilliant platitude, but what do you do 
when it breaks over and over until the other guy upgrades?
---



Filter that network out of your tables until it's fixed? :)

scott

Re: AS PATH limits

2017-12-22 Thread William Herrin 
On Fri, Dec 22, 2017 at 5:45 PM, Nick Hilliard  wrote:

> William Herrin wrote:
> > The AS path lengths we're talking about are unreasonable.
>
> "unreasonable" is a peculiar word to use here :-)
>
> It's the internet and you can't expect other people not to do silly
> things from time to time.  This is a known problem and it isn't even the
> first time it's been discussed on nanog-l.
>
> If you've been hit with a known service-affecting problem that can
> easily recur without warning and which will be service affecting if it
> hits again, common sense suggests that it would be a good idea to
> upgrade to a version of code which isn't affected.


Well, that's a brilliant platitude, but what do you do when it breaks over
and over until the other guy upgrades?

-Bill




-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: AS PATH limits

2017-12-22 Thread Nick Hilliard 
Ken Chase wrote:
> quagga 0.99.22.4, yes i need to upgrade, as my other
> router on 0.99.23.1 seems ok.

All unpatched versions of quagga between 0.99.2 and 1.2.2 are affected.

Nick

Re: AS PATH limits

2017-12-22 Thread Nick Hilliard 
William Herrin wrote:
> The AS path lengths we're talking about are unreasonable.

"unreasonable" is a peculiar word to use here :-)

It's the internet and you can't expect other people not to do silly
things from time to time.  This is a known problem and it isn't even the
first time it's been discussed on nanog-l.

If you've been hit with a known service-affecting problem that can
easily recur without warning and which will be service affecting if it
hits again, common sense suggests that it would be a good idea to
upgrade to a version of code which isn't affected.

Nick

Re: AS PATH limits

2017-12-22 Thread William Herrin 
On Fri, Dec 22, 2017 at 12:40 PM, Nick Hilliard  wrote:

> What router software version are you running that barfs on long as-paths?
>

Hi Nick,

Versions of quagga up until the very most recent release corrupt the
transmission of routes with very long AS paths. They add up the packet
length wrong. The neighbors of any router brand then barf on the malformed
data and terminate the BGP session.

Your peer running quagga must either upgrade or filter long AS paths or you
will receive corrupt data and terminate the BGP session. There's nothing
that -you- can do about it.

The AS path lengths we're talking about are unreasonable. They indicate a
high probability of misconfiguration at the origin. There's no legitimate
cause for them to exist on the pubic Internet at all. It would be
reasonable to treat them like when peers offer /32 prefixes and just say no.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: AS PATH limits

2017-12-22 Thread Mike Tancsa 
On 12/22/2017 12:46 PM, Ken Chase wrote:
> quagga 0.99.22.4, yes i need to upgrade, as my other
> router on 0.99.23.1 seems ok. now coordinating with
> customers to get it upgraded is a different issue.

Will that version of quagga not support a filter list?

e.g
neighbor 38.xx.yy.zz filter-list maxas-limit65 in


ip as-path access-list maxas-limit65 deny ^([{},0-9]+ ){65}
ip as-path access-list maxas-limit65 permit .*

---Mike

> 
> /kc
> 
> 
> On Fri, Dec 22, 2017 at 05:40:28PM +, Nick Hilliard said:
>   >What router software version are you running that barfs on long as-paths?
>   >
>   >Nick
>   >
>   >Ken Chase wrote:
>   >> And again this morn at 08:35:19 EST (13:35 UTC). I dont have access to 
> the
>   >> router that fed us the long route, so I cant tell what it was (since we 
> never
>   >> consumed it before barfing).
>   >> 
>   >> Let's hope for no more over holiday season...
>   >> 
>   >> /kc
>   >> 
>   >> 
>   >> On Fri, Oct 13, 2017 at 05:02:42PM -0400, Ken Chase said:
>   >>   > It is happening AGAIN.
>   >>   >
>   >>   >And of course it started on a friday aft 15 min before quittin' time 
> in EDT:
>   >>   >
>   >>   >Last time it was 186.177.184.0/23   0 174 262206 262206 262197 262197 
>   >>   >
>   >>   >*> 186.176.186.0/23 38.x.x.x 45050 0 174 262206 
> 262206 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
>   >262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262
>   >197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197
>   > 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197

Weekly Routing Table Report

2017-12-22 Thread Routing Analysis Role Account 
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG, CaribNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG.

Daily listings are sent to bgp-st...@lists.apnic.net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith .

Routing Table Report   04:00 +10GMT Sat 23 Dec, 2017

Report Website: http://thyme.rand.apnic.net
Detailed Analysis:  http://thyme.rand.apnic.net/current/

Analysis Summary


BGP routing table entries examined:  676712
Prefixes after maximum aggregation (per Origin AS):  263365
Deaggregation factor:  2.57
Unique aggregates announced (without unneeded subnets):  327650
Total ASes present in the Internet Routing Table: 59421
Prefixes per ASN: 11.39
Origin-only ASes present in the Internet Routing Table:   51300
Origin ASes announcing only one prefix:   22596
Transit ASes present in the Internet Routing Table:8121
Transit-only ASes present in the Internet Routing Table:251
Average AS path length visible in the Internet Routing Table:   4.3
Max AS path length visible:  30
Max AS path prepend of ASN ( 29046)  25
Prefixes from unregistered ASNs in the Routing Table:79
Number of instances of unregistered ASNs:79
Number of 32-bit ASNs allocated by the RIRs:  20993
Number of 32-bit ASNs visible in the Routing Table:   16811
Prefixes from 32-bit ASNs in the Routing Table:   69214
Number of bogon 32-bit ASNs visible in the Routing Table:10
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space:329
Number of addresses announced to Internet:   2859271842
Equivalent to 170 /8s, 109 /16s and 6 /24s
Percentage of available address space announced:   77.2
Percentage of allocated address space announced:   77.2
Percentage of available address space allocated:  100.0
Percentage of address space in use by end-sites:   98.8
Total number of prefixes smaller than registry allocations:  224135

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:   185943
Total APNIC prefixes after maximum aggregation:   53409
APNIC Deaggregation factor:3.48
Prefixes being announced from the APNIC address blocks:  185047
Unique aggregates announced from the APNIC address blocks:77442
APNIC Region origin ASes present in the Internet Routing Table:8547
APNIC Prefixes per ASN:   21.65
APNIC Region origin ASes announcing only one prefix:   2408
APNIC Region transit ASes present in the Internet Routing Table:   1245
Average APNIC Region AS path length visible:4.4
Max APNIC Region AS path length visible: 30
Number of APNIC region 32-bit ASNs visible in the Routing Table:   3421
Number of APNIC addresses announced to Internet:  770053922
Equivalent to 45 /8s, 230 /16s and 23 /24s
APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911, 45056-46079, 55296-56319,
   58368-59391, 63488-64098, 64297-64395, 131072-137529
APNIC Address Blocks 1/8,  14/8,  27/8,  36/8,  39/8,  42/8,  43/8,
49/8,  58/8,  59/8,  60/8,  61/8, 101/8, 103/8,
   106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8,
   116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8,
   123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8,
   163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8,
   203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8,
   222/8, 223/8,

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:202379
Total ARIN prefixes after maximum aggregation:97452
ARIN Deaggregation factor: 2.08
Prefixes being announced from the ARIN address blocks:   203716
Unique aggregates announced from the ARIN address blocks: 95500
ARIN Region origin ASes present in the Internet Routing Table:18029
ARIN Prefixes per ASN:

Re: AS PATH limits

2017-12-22 Thread Ken Chase 
quagga 0.99.22.4, yes i need to upgrade, as my other
router on 0.99.23.1 seems ok. now coordinating with
customers to get it upgraded is a different issue.

/kc


On Fri, Dec 22, 2017 at 05:40:28PM +, Nick Hilliard said:
  >What router software version are you running that barfs on long as-paths?
  >
  >Nick
  >
  >Ken Chase wrote:
  >> And again this morn at 08:35:19 EST (13:35 UTC). I dont have access to the
  >> router that fed us the long route, so I cant tell what it was (since we 
never
  >> consumed it before barfing).
  >> 
  >> Let's hope for no more over holiday season...
  >> 
  >> /kc
  >> 
  >> 
  >> On Fri, Oct 13, 2017 at 05:02:42PM -0400, Ken Chase said:
  >>   > It is happening AGAIN.
  >>   >
  >>   >And of course it started on a friday aft 15 min before quittin' time in 
EDT:
  >>   >
  >>   >Last time it was 186.177.184.0/23   0 174 262206 262206 262197 262197 
  >>   >
  >>   >*> 186.176.186.0/23 38.x.x.x 45050 0 174 262206 
262206 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
  >262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262
  >197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197
  > 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 26
  >2197 262197 262197 262197 262197 262197 262197 262197 262197 ?

Re: AS PATH limits

2017-12-22 Thread Nick Hilliard 
What router software version are you running that barfs on long as-paths?

Nick

Ken Chase wrote:
> And again this morn at 08:35:19 EST (13:35 UTC). I dont have access to the
> router that fed us the long route, so I cant tell what it was (since we never
> consumed it before barfing).
> 
> Let's hope for no more over holiday season...
> 
> /kc
> 
> 
> On Fri, Oct 13, 2017 at 05:02:42PM -0400, Ken Chase said:
>   > It is happening AGAIN.
>   >
>   >And of course it started on a friday aft 15 min before quittin' time in 
> EDT:
>   >
>   >Last time it was 186.177.184.0/23   0 174 262206 262206 262197 262197 
>   >
>   >*> 186.176.186.0/23 38.x.x.x 45050 0 174 262206 262206 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
> 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262
197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197
 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 26
2197 262197 262197 262197 262197 262197 262197 262197 262197 ?
>   >
>   >/kc
>   >--
>   >Ken Chase - m...@sizone.org Guelph Canada
>

Re: AS PATH limits

2017-12-22 Thread Ken Chase 
And again this morn at 08:35:19 EST (13:35 UTC). I dont have access to the
router that fed us the long route, so I cant tell what it was (since we never
consumed it before barfing).

Let's hope for no more over holiday season...

/kc


On Fri, Oct 13, 2017 at 05:02:42PM -0400, Ken Chase said:
  > It is happening AGAIN.
  >
  >And of course it started on a friday aft 15 min before quittin' time in EDT:
  >
  >Last time it was 186.177.184.0/23   0 174 262206 262206 262197 262197 
  >
  >*> 186.176.186.0/23 38.x.x.x 45050 0 174 262206 262206 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 262197 
262197 262197 ?
  >
  >/kc
  >--
  >Ken Chase - m...@sizone.org Guelph Canada

-- 
Ken Chase - m...@sizone.org Guelph Canada

RE: Small full BGP table capable router with low power consumption

2017-12-22 Thread Adam Greene 
Hey Steve (or anyone else),

How much RAM are you running on your 4431? We have a similar application and 
are trying to figure out whether to order a 4431 with the default 4GB RAM, or 
upgrade it proactively to 8GB to support the full BGP table.

Thanks,
Adam


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Naslund, Steve
Sent: Monday, December 4, 2017 5:04 PM
To: nanog@nanog.org
Subject: RE: Small full BGP table capable router with low power consumption

Watch the memory requirements on a full Internet table in the Cisco 2900 
series.  More current model would be the Cisco 4300 - 4400 ISR series.  They 
have 2/4/8/16 gigs of memory.  Power consumption MAX ranges from 0.6A to 3.0A 
depending on model.  Higher models have more throughput and more interfaces.  
Throughput ranges from 35 mbps to 2 gbps.  I rarely see Cisco routers running 
near the max power rating especially if you are not using PoE or etherswitch 
interfaces.  The 43xx series is replacing the 29xx series and the 44xx series 
is replacing the 39xx series.  I've put in a few of them and they are pretty 
nice.  They are either 1 or 2 U in size.

We are using 4431 with throughput license to 1 GB receiving a full table from 
the provider and three IBGP peers with no issues and full gig throughput.  It 
is currently drawing 65 watts of power in steady state and 250 watts on bootup 
(not using any PoE or network modules, just built in Ethernets).

Steven Naslund
Chicago IL 

>>-Original Message-
>>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of William 
>>Herrin
>>Sent: Monday, December 04, 2017 3:43 PM
>>To: Adam Lawson
>>Cc: nanog
>>Subject: Re: Small full BGP table capable router with low power 
>>consumption

>>On Mon, Dec 4, 2017 at 2:19 PM, Adam Lawson  wrote:
>> The router needs to be squeezed in to a rack which doesn't have a lot  
>>of space nor power. As for space, maybe I can make space for 3U or 4U  
>>but as for power, I can only do around 1.5A@100V on average. (There is  
>>room for burst power usage.)

>A Cisco 2911 or 3945 does this though the 3945 is a little more power hungry.

>A current generation x86 server running Linux and Quagga does this.

>Regards,
>Bill Herrin


>--
>William Herrin  her...@dirtside.com  b...@herrin.us 
>Dirtside Systems . Web: