Re: Hi-Rise Building Fiber Suggestions

[Ryan Hamel]

I do not recommend doing that, it's 30 members in a single stack. Mine was only 
two, directly connected to each other.

Treat your control plane like your L2, don't extend it farther than necessary.
Ryan
On Feb 25 2020, at 9:00 pm, Tim Požár  wrote:
>
> Also, Juniper switches will stack over fiber. I have deployed Virtual
> Chassis over multiple IDFs. The VC ports can be (and highly suggested)
> to be in a ring.
>
> https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-ex4200-overview.html
> https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/virtual-chassis-ex4300-configuring.html
> On 2/25/20 6:32 PM, Norman Jester wrote:
> > I’m in the process of choosing hardware
> > for a 30 story building. If anyone has experience with this I’d appreciate 
> > any tips.
> >
> > There are two fiber pairs running up the building riser. I need to put a 
> > POE switch on each floor using this fiber.
> > The idea is to cut the fiber at each floor and insert a switch and daisy 
> > chain the switches together using one pair, and using the other pair as the 
> > failover side of the ring going back to the source so if one device fails 
> > it doesn’t take the whole string down.
> > The problem here is how many switches can be strung together and I would 
> > not try more than 3 to 5. This is not something I typically do (stacking 
> > switches). I have fears of STP and/or RSTP issue stacking past Ethernet 
> > switch to switch limits (if they still exist??)
> > Is there a device with a similar protocol as the old 3com (now HP IDF) 
> > stacking capability via fiber?
> > I’d like to use something inexpensive as its to power ubiquiti wifi on each 
> > floor. Ideally if you know something I don’t about ubiquiti switches that 
> > can do this I’d appreciate knowing.
> > Norman

Re: Hi-Rise Building Fiber Suggestions

[Tim Požár]

Also, Juniper switches will stack over fiber.  I have deployed Virtual
Chassis over multiple IDFs.  The VC ports can be (and highly suggested)
to be in a ring.

https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-ex4200-overview.html

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/virtual-chassis-ex4300-configuring.html

On 2/25/20 6:32 PM, Norman Jester wrote:
> I’m in the process of choosing hardware
> for a 30 story building. If anyone has experience with this I’d appreciate 
> any tips.
> 
> There are two fiber pairs running up the building riser. I need to put a POE 
> switch on each floor using this fiber. 
> 
> The idea is to cut the fiber at each floor and insert a switch and daisy 
> chain the switches together using one pair, and using the other pair as the 
> failover side of the ring going back to the source so if one device fails it 
> doesn’t take the whole string down.
> 
> The problem here is how many switches can be strung together and I would not 
> try more than 3 to 5. This is not something I typically do (stacking 
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet 
> switch to switch limits (if they still exist??)
> 
> Is there a device with a similar protocol as the old 3com (now HP IDF) 
> stacking capability via fiber? 
> 
> I’d like to use something inexpensive as its to power ubiquiti wifi on each 
> floor.  Ideally if you know something I don’t about ubiquiti switches that 
> can do this I’d appreciate knowing.
> 
> Norman
> 

Re: Hi-Rise Building Fiber Suggestions

[Joel Jaeggli]

Sent from my iPhone

> On Feb 25, 2020, at 18:34, Norman Jester  wrote:
> 
> I’m in the process of choosing hardware
> for a 30 story building. If anyone has experience with this I’d appreciate 
> any tips.
> 
> There are two fiber pairs running up the building riser. I need to put a POE 
> switch on each floor using this fiber. 

In my experience with retrofitting existing structures, if you have access to 
the riser at each floor as it sounds like you do, you would typically drop in a 
new duct,  blow micro duct through it with a branch for each floor, have an MDF 
 or two In a utility spaces  and them you have the ability to reconfigure  the 
fiber as necessary to meet your present and future needs. 

You didn’t specify if the existing fiber is single or multi-mode however it is 
unlikely that the was enough slack built into two fiber runs to make 30 
additional splices so that approach seems dubious as a premise.

As you correctly surmise daisy chaining 30 switches is not an advisable network 
design practice.

> The idea is to cut the fiber at each floor and insert a switch and daisy 
> chain the switches together using one pair, and using the other pair as the 
> failover side of the ring going back to the source so if one device fails it 
> doesn’t take the whole string down.
> 
> The problem here is how many switches can be strung together and I would not 
> try more than 3 to 5. This is not something I typically do (stacking 
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet 
> switch to switch limits (if they still exist??)
> 
> Is there a device with a similar protocol as the old 3com (now HP IDF) 
> stacking capability via fiber? 
> 
> I’d like to use something inexpensive as its to power ubiquiti wifi on each 
> floor.  Ideally if you know something I don’t about ubiquiti switches that 
> can do this I’d appreciate knowing.
> 
> Norman
> 
> 

Re: Hi-Rise Building Fiber Suggestions

[Ryan Hamel]

How would that work to solve Norman's problem? That sounds like a lot of money 
spending, and setup time, for nothing.

Ryan
On Feb 25 2020, at 8:21 pm, Bradley Burch  wrote:
>
> Should consider DWDM or GPON and in those look at passive optical 
> technologies that can benefit the project.
> > On Feb 25, 2020, at 9:33 PM, Norman Jester  wrote:
> > I’m in the process of choosing hardware
> > for a 30 story building. If anyone has experience with this I’d appreciate 
> > any tips.
> >
> > There are two fiber pairs running up the building riser. I need to put a 
> > POE switch on each floor using this fiber.
> > The idea is to cut the fiber at each floor and insert a switch and daisy 
> > chain the switches together using one pair, and using the other pair as the 
> > failover side of the ring going back to the source so if one device fails 
> > it doesn’t take the whole string down.
> > The problem here is how many switches can be strung together and I would 
> > not try more than 3 to 5. This is not something I typically do (stacking 
> > switches). I have fears of STP and/or RSTP issue stacking past Ethernet 
> > switch to switch limits (if they still exist??)
> > Is there a device with a similar protocol as the old 3com (now HP IDF) 
> > stacking capability via fiber?
> > I’d like to use something inexpensive as its to power ubiquiti wifi on each 
> > floor. Ideally if you know something I don’t about ubiquiti switches that 
> > can do this I’d appreciate knowing.
> > Norman

Re: Hi-Rise Building Fiber Suggestions

[Tim Požár]

If you are limited on fiber runs, how about using 10Gb BiDi optics to
limit a ring to say two sets of 15 switches.

Tim

On 2/25/20 8:21 PM, Bradley Burch wrote:
> Should consider DWDM or GPON and in those look at passive optical 
> technologies that can benefit the project.
> 
>> On Feb 25, 2020, at 9:33 PM, Norman Jester  wrote:
>>
>> I’m in the process of choosing hardware
>> for a 30 story building. If anyone has experience with this I’d appreciate 
>> any tips.
>>
>> There are two fiber pairs running up the building riser. I need to put a POE 
>> switch on each floor using this fiber. 
>>
>> The idea is to cut the fiber at each floor and insert a switch and daisy 
>> chain the switches together using one pair, and using the other pair as the 
>> failover side of the ring going back to the source so if one device fails it 
>> doesn’t take the whole string down.
>>
>> The problem here is how many switches can be strung together and I would not 
>> try more than 3 to 5. This is not something I typically do (stacking 
>> switches). I have fears of STP and/or RSTP issue stacking past Ethernet 
>> switch to switch limits (if they still exist??)
>>
>> Is there a device with a similar protocol as the old 3com (now HP IDF) 
>> stacking capability via fiber? 
>>
>> I’d like to use something inexpensive as its to power ubiquiti wifi on each 
>> floor.  Ideally if you know something I don’t about ubiquiti switches that 
>> can do this I’d appreciate knowing.
>>
>> Norman
>>

Re: Hi-Rise Building Fiber Suggestions

[Ryan Hamel]

I'd say a pair of Juniper switches on each floor, with their virtual-chassis 
capability. Terminate the top/bottom floor of fiber 1 into switch 1, and the 
other into switch two. Create an LACP bond between each floors switches, tag 
the necessary VLANs, and put the VLAN SVIs onto the first pair of switches at 
the building electrical/telecom room.

The same thing can be done with MLAG across many switch vendors, but that will 
require additional configuration.
On Feb 25 2020, at 6:32 pm, Norman Jester  wrote:
>
> I’m in the process of choosing hardware
> for a 30 story building. If anyone has experience with this I’d appreciate 
> any tips.
>
> There are two fiber pairs running up the building riser. I need to put a POE 
> switch on each floor using this fiber.
> The idea is to cut the fiber at each floor and insert a switch and daisy 
> chain the switches together using one pair, and using the other pair as the 
> failover side of the ring going back to the source so if one device fails it 
> doesn’t take the whole string down.
> The problem here is how many switches can be strung together and I would not 
> try more than 3 to 5. This is not something I typically do (stacking 
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet 
> switch to switch limits (if they still exist??)
> Is there a device with a similar protocol as the old 3com (now HP IDF) 
> stacking capability via fiber?
> I’d like to use something inexpensive as its to power ubiquiti wifi on each 
> floor. Ideally if you know something I don’t about ubiquiti switches that can 
> do this I’d appreciate knowing.
> Norman

Re: Hi-Rise Building Fiber Suggestions

[Bradley Burch]

Should consider DWDM or GPON and in those look at passive optical technologies 
that can benefit the project.

> On Feb 25, 2020, at 9:33 PM, Norman Jester  wrote:
> 
> I’m in the process of choosing hardware
> for a 30 story building. If anyone has experience with this I’d appreciate 
> any tips.
> 
> There are two fiber pairs running up the building riser. I need to put a POE 
> switch on each floor using this fiber. 
> 
> The idea is to cut the fiber at each floor and insert a switch and daisy 
> chain the switches together using one pair, and using the other pair as the 
> failover side of the ring going back to the source so if one device fails it 
> doesn’t take the whole string down.
> 
> The problem here is how many switches can be strung together and I would not 
> try more than 3 to 5. This is not something I typically do (stacking 
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet 
> switch to switch limits (if they still exist??)
> 
> Is there a device with a similar protocol as the old 3com (now HP IDF) 
> stacking capability via fiber? 
> 
> I’d like to use something inexpensive as its to power ubiquiti wifi on each 
> floor.  Ideally if you know something I don’t about ubiquiti switches that 
> can do this I’d appreciate knowing.
> 
> Norman
> 

Hi-Rise Building Fiber Suggestions

[Norman Jester]

I’m in the process of choosing hardware
for a 30 story building. If anyone has experience with this I’d appreciate any 
tips.

There are two fiber pairs running up the building riser. I need to put a POE 
switch on each floor using this fiber. 

The idea is to cut the fiber at each floor and insert a switch and daisy chain 
the switches together using one pair, and using the other pair as the failover 
side of the ring going back to the source so if one device fails it doesn’t 
take the whole string down.

The problem here is how many switches can be strung together and I would not 
try more than 3 to 5. This is not something I typically do (stacking switches). 
I have fears of STP and/or RSTP issue stacking past Ethernet switch to switch 
limits (if they still exist??)

Is there a device with a similar protocol as the old 3com (now HP IDF) stacking 
capability via fiber? 

I’d like to use something inexpensive as its to power ubiquiti wifi on each 
floor.  Ideally if you know something I don’t about ubiquiti switches that can 
do this I’d appreciate knowing.

Norman

Re: Has Anyone managed to get Delegated RPKI working with ARIN

[Alex Band]

An update:

The setup process with ARIN has now been fixed in Krill 0.5.0, which was just 
released:
https://www.nlnetlabs.nl/news/2020/Feb/25/krill.0.5.0-released/

We have worked around the issue by transforming the child request XML file in 
the user interface using a toggle:
https://rpki.readthedocs.io/en/latest/krill/parent-interactions.html#arin

The ensured that Krill is compatible with both the old and new response file 
format. Once ARIN conforms to RFC 8183, this toggle will be removed in a future 
version. We have also fixed two blocking issues with APNIC, ensuring Krill now 
works with every RIR implementation.

Looking forward to your feedback on this release.

Cheers,

Alex

> On 13 Feb 2020, at 09:48, Alex Band  wrote:
> 
> Hi there!
> 
> There is also this somewhat hacky SED command to transform the Request XML 
> into the format that ARIN accepts, in case you’d like to use something other 
> than the XSL:
> 
> https://sed.js.org/?gist=3f08fb293c8825855bb26f2865161575
> 
> –– Looping in John Curran
> 
> John, I appreciate ARIN has accepted RFC 8183 compatibility as an ACSP 
> suggestion:
> 
> https://www.arin.net/participate/community/acsp/suggestions/2020-3/
> 
> Looking at the XML though, the changes needed to make this work are one tag, 
> a URL and a version number. Could this please be tracked as a simple bug 
> instead of a "feature to include in our future RPKI improvements”?
> 
> In the mean time I have added a warning to the documentation:
> https://rpki.readthedocs.io/en/latest/krill/manage-cas.html#step-1-get-the-request-xml-file
> 
> Thanks!
> 
> -Alex
> 
>> On 5 Feb 2020, at 16:48, Tim Bruijnzeels  wrote:
>> 
>> Hi,
>> 
>> Everyone is welcome to read that list of course, but the TL;DR is:
>> 
>> ARIN currently uses a pre RFC 8183 format for the identity exchange. It 
>> would be good if this were updated. New versions of rpkid as well as Krill 
>> have issues with the old format.
>> 
>> In the meantime this XSL provided by rpki.net can be of help:
>> https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl
>> 
>> Note: if you are planning to give Krill a try we recommend that you wait for 
>> version 0.5. We expect to have this version ready in 1-2 weeks. It will 
>> include usability improvements, better monitoring and a UI.
>> 
>> Kind regards,
>> 
>> Tim
>> 
>> 
>> 
>>> On 5 Feb 2020, at 16:03, Christopher Munz-Michielin  
>>> wrote:
>>> 
>>> Brilliant! Thanks for the write up Cynthia, I'll have a read through!
>>> 
>>> Chris
>>> 
>>> On 2020-02-05 1:56 a.m., Cynthia Revström wrote:
 (Re-sent as I forgot to include the ML the first time, oops)
 Hi Chris,
 
 I recently figured it out and posted it on the NLNetLabs RPKI mailing 
 list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html 
 
 I hope it helps :)
 
 - Cynthia
 
 On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin 
 mailto:christop...@ve7alb.ca>> wrote:
 
   Hi Nanog,
 
   Posting here since my Google-fu is coming up short.  I'm trying to setup 
 delegated RPKI in ARIN using rpki.net 's rpkid Python 
 daemon and am running into an issue submitting the identity file to ARIN's 
 control panel. The same file submitted to RIPE's  test environment at 
 https://localcert.ripe.net/#/rpki works without issue, while submitting to 
 ARIN results in "Invalid Identity.xml file."
 
   The guide I'm following is this one: 
 https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md
  and I'm able to get as far as generating the identity file.
 
   Wondering if anyone has gone down this road before and has any helpful 
 hints to make this work?
 
   Cheers,
   Chris
 
>> 
>