Re: Netskrt - ISP-colo CDN

[Aaron Gould]

I've had my dual-100g-connected Amazon ACEv2 caches for over a year 
now.  With my ~55,000 subs I saw every Thursday night for NFL/TNF usage 
at 15 gbps X2 (so 30 gbps total) and one day in late November 
(thanksgiving probably) I saw 25 gbps x2 (so 50 gbps) usage!


-Aaron

On 4/4/2024 6:08 PM, Paul Bradford wrote:
I have some on my network.  I don't think they populate content from 
their own cdn network, but it comes from Amazon.   interestingly for 
the NFL super bowl, while paramount+ streamed the game, on Amazon 
Prime Video you could "Watch super bowl on paramount+ Via Prime.". 
 that did actually drive users to using the netskrt caches.


They seem to work OK.  TNF in 6 months will tell us more.  :)



On Thu, Apr 4, 2024 at 6:14 PM John Stitt  wrote:

The website says they are part of the Streaming Video Technology
Alliance.

I wonder if this is a prepackaged Open Cache box.

https://opencaching.svta.org/

We also don’t appear to have had any traffic from them.  Not much
on the peeringdb for the USA ASN either.

BGP.tools shows they have upstreams with each ASN, and are on Ohio
IX with AS53471, but not really any peers anywhere.  Looks like
Cogent and Zayo for upstreams and only peer I see is AS1239
(Sprint Wireline (Cogent))

John Stitt

*From:*NANOG  *On
Behalf Of *Aaron Gould
*Sent:* Thursday, April 4, 2024 4:36 PM
*To:* Eric Dugas 
*Cc:* nanog@nanog.org
*Subject:* Re: Netskrt - ISP-colo CDN




You don't often get email from aar...@gvtc.com. Learn why this is
important 



Thanks... they told me it was free.

-Aaron

On 4/4/2024 4:12 PM, Eric Dugas wrote:

That name rang a bell so I looked up my emails.

They contacted me last year, they were claiming to be "working
with some of the major streaming brands, such as Amazon Prime
Video, to improve the quality of both VOD and live streaming
while also reducing the load on ISP networks such as your own.".

Based on my quick research, they have a few registered ASNs
(their peeringdb page )
with a few netblocks but I get 0 traffic from them (we're a
sizable eyeball network). Their origin network might still not
be ready but digging a little bit more, it seems they act as a
third-party video caching solution and not as an origin CDN so
in the end, they're really just trying to sell ISPs and other
types of customers their caching solutions.


Eric

On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould 
wrote:

Anyone out there using Netskrt CDN?  I mean, installed in
your network
for content delivery to your customers.  I understand
Netskrt provides
caching for some well known online video streaming
services... just
wondering if there are any network operators that have
worked with
Netskrt and deployed their caching servers in your
networks and what
have you thought about it?  What Internet uplink savings
are you seeing?

Netskrt - https://www.netskrt.io/


-- 
-Aaron


-- 


-Aaron

CAUTION:This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the
sender and know the content is safe. If you are not expecting this
message contact the sender directly via phone/text to verify.


--
-Aaron

Re: Netskrt - ISP-colo CDN

[Mike Hammett]

It's free. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Eric Dugas via NANOG"  
To: "Aaron Gould"  
Cc: nanog@nanog.org 
Sent: Thursday, April 4, 2024 4:12:38 PM 
Subject: Re: Netskrt - ISP-colo CDN 


That name rang a bell so I looked up my emails. 


They contacted me last year, they were claiming to be "working with some of the 
major streaming brands, such as Amazon Prime Video, to improve the quality of 
both VOD and live streaming while also reducing the load on ISP networks such 
as your own.". 


Based on my quick research, they have a few registered ASNs (their peeringdb 
page ) with a few netblocks but I get 0 traffic from them (we're a sizable 
eyeball network). Their origin network might still not be ready but digging a 
little bit more, it seems they act as a third-party video caching solution and 
not as an origin CDN so in the end, they're really just trying to sell ISPs and 
other types of customers their caching solutions. 


Eric 


On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould < aar...@gvtc.com > wrote: 


Anyone out there using Netskrt CDN? I mean, installed in your network 
for content delivery to your customers. I understand Netskrt provides 
caching for some well known online video streaming services... just 
wondering if there are any network operators that have worked with 
Netskrt and deployed their caching servers in your networks and what 
have you thought about it? What Internet uplink savings are you seeing? 

Netskrt - https://www.netskrt.io/ 


-- 
-Aaron 

Re: Netskrt - ISP-colo CDN

[Paul Bradford]

I have some on my network.  I don't think they populate content from their
own cdn network, but it comes from Amazon.   interestingly for the NFL
super bowl, while paramount+ streamed the game, on Amazon Prime Video you
could "Watch super bowl on paramount+ Via Prime.".  that did actually drive
users to using the netskrt caches.

They seem to work OK.  TNF in 6 months will tell us more.  :)



On Thu, Apr 4, 2024 at 6:14 PM John Stitt  wrote:

> The website says they are part of the Streaming Video Technology Alliance.
>
>
>
> I wonder if this is a prepackaged Open Cache box.
>
>
>
> https://opencaching.svta.org/
>
>
>
> We also don’t appear to have had any traffic from them.  Not much on the
> peeringdb for the USA ASN either.
>
>
>
> BGP.tools shows they have upstreams with each ASN, and are on Ohio IX with
> AS53471, but not really any peers anywhere.  Looks like Cogent and Zayo for
> upstreams and only peer I see is AS1239 (Sprint Wireline (Cogent))
>
>
>
> John Stitt
>
>
>
> *From:* NANOG  *On
> Behalf Of *Aaron Gould
> *Sent:* Thursday, April 4, 2024 4:36 PM
> *To:* Eric Dugas 
> *Cc:* nanog@nanog.org
> *Subject:* Re: Netskrt - ISP-colo CDN
>
>
>
> You don't often get email from aar...@gvtc.com. Learn why this is
> important 
>
> Thanks... they told me it was free.
>
> -Aaron
>
> On 4/4/2024 4:12 PM, Eric Dugas wrote:
>
> That name rang a bell so I looked up my emails.
>
>
>
> They contacted me last year, they were claiming to be "working with some
> of the major streaming brands, such as Amazon Prime Video, to improve the
> quality of both VOD and live streaming while also reducing the load on ISP
> networks such as your own.".
>
>
>
> Based on my quick research, they have a few registered ASNs (their peeringdb
> page ) with a few netblocks but I
> get 0 traffic from them (we're a sizable eyeball network). Their origin
> network might still not be ready but digging a little bit more, it seems
> they act as a third-party video caching solution and not as an origin CDN
> so in the end, they're really just trying to sell ISPs and other types of
> customers their caching solutions.
>
>
> Eric
>
>
>
> On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould  wrote:
>
> Anyone out there using Netskrt CDN?  I mean, installed in your network
> for content delivery to your customers.  I understand Netskrt provides
> caching for some well known online video streaming services... just
> wondering if there are any network operators that have worked with
> Netskrt and deployed their caching servers in your networks and what
> have you thought about it?  What Internet uplink savings are you seeing?
>
> Netskrt - https://www.netskrt.io/
>
>
> --
> -Aaron
>
> --
>
> -Aaron
>
>
>
> CAUTION: This email originated from outside of the organization. Do not
> click links or open attachments unless you recognize the sender and know
> the content is safe. If you are not expecting this message contact the
> sender directly via phone/text to verify.
>
>
>

Re: Netskrt - ISP-colo CDN

[Jesse DuPont]

  
  
Right now, Amazon Prime is sponsoring the
  deployment of the caches. They deploy in your network and requests
  from your IPs (v4 or v6) are redirected to your on-net caches. For
  on-demand content, it's loaded nightly (as best they can predict)
  and for live (like TNF), it's a one-to-many HLS media server for
  participating content.

On 4/4/24 3:36 PM, Aaron Gould wrote:


  
  Thanks... they told me it was free.
  -Aaron
  
  On 4/4/2024 4:12 PM, Eric Dugas
wrote:
  
  

That name rang a bell so I looked up my emails.
  
  
  They contacted me last year, they were claiming to be
"working with some of the major streaming brands, such as
Amazon Prime Video, to improve the quality of both VOD and
live streaming while also reducing the load on ISP networks
such as your own.".
  
  
  Based on my quick research, they have a few
registered ASNs (their peeringdb page) with a few
netblocks but I get 0 traffic from them (we're a sizable
eyeball network). Their origin network might still not be
ready but digging a little bit more, it seems they act as a
third-party video caching solution and not as an origin CDN
so in the end, they're really just trying to sell ISPs and
other types of customers their caching solutions.
  

  Eric
  



  On Thu, Apr 4, 2024 at
4:00 PM Aaron Gould 
wrote:
  
  Anyone
out there using Netskrt CDN?  I mean, installed in your
network 
for content delivery to your customers.  I understand
Netskrt provides 
caching for some well known online video streaming
services... just 
wondering if there are any network operators that have
worked with 
Netskrt and deployed their caching servers in your networks
and what 
have you thought about it?  What Internet uplink savings are
you seeing?

Netskrt - https://www.netskrt.io/


-- 
-Aaron

  

  
  -- 
-Aaron


  

Re: Netskrt - ISP-colo CDN

[Aaron Gould]

Thanks ... that svta caching sounds interesting.  i watched the 
presentation, but don't understand how it's used by ISP's that want to 
benefit from it.


-Aaron

On 4/4/2024 5:14 PM, John Stitt wrote:


The website says they are part of the Streaming Video Technology Alliance.

I wonder if this is a prepackaged Open Cache box.

https://opencaching.svta.org/

We also don’t appear to have had any traffic from them.  Not much on 
the peeringdb for the USA ASN either.


BGP.tools shows they have upstreams with each ASN, and are on Ohio IX 
with AS53471, but not really any peers anywhere.  Looks like Cogent 
and Zayo for upstreams and only peer I see is AS1239 (Sprint Wireline 
(Cogent))


John Stitt

*From:*NANOG  *On 
Behalf Of *Aaron Gould

*Sent:* Thursday, April 4, 2024 4:36 PM
*To:* Eric Dugas 
*Cc:* nanog@nanog.org
*Subject:* Re: Netskrt - ISP-colo CDN




You don't often get email from aar...@gvtc.com. Learn why this is 
important 




Thanks... they told me it was free.

-Aaron

On 4/4/2024 4:12 PM, Eric Dugas wrote:

That name rang a bell so I looked up my emails.

They contacted me last year, they were claiming to be "working
with some of the major streaming brands, such as Amazon Prime
Video, to improve the quality of both VOD and live streaming while
also reducing the load on ISP networks such as your own.".

Based on my quick research, they have a few registered ASNs (their
peeringdb page ) with a few
netblocks but I get 0 traffic from them (we're a sizable eyeball
network). Their origin network might still not be ready but
digging a little bit more, it seems they act as a third-party
video caching solution and not as an origin CDN so in the end,
they're really just trying to sell ISPs and other types of
customers their caching solutions.


Eric

On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould  wrote:

Anyone out there using Netskrt CDN?  I mean, installed in your
network
for content delivery to your customers.  I understand Netskrt
provides
caching for some well known online video streaming services...
just
wondering if there are any network operators that have worked
with
Netskrt and deployed their caching servers in your networks
and what
have you thought about it?  What Internet uplink savings are
you seeing?

Netskrt - https://www.netskrt.io/


-- 
-Aaron


--
-Aaron

CAUTION:This email originated from outside of the organization. Do not 
click links or open attachments unless you recognize the sender and 
know the content is safe. If you are not expecting this message 
contact the sender directly via phone/text to verify.



--
-Aaron

RE: Netskrt - ISP-colo CDN

[John Stitt]

The website says they are part of the Streaming Video Technology Alliance.

I wonder if this is a prepackaged Open Cache box.

https://opencaching.svta.org/

We also don’t appear to have had any traffic from them.  Not much on the 
peeringdb for the USA ASN either.

BGP.tools shows they have upstreams with each ASN, and are on Ohio IX with 
AS53471, but not really any peers anywhere.  Looks like Cogent and Zayo for 
upstreams and only peer I see is AS1239 (Sprint Wireline (Cogent))

John Stitt

From: NANOG  On Behalf Of 
Aaron Gould
Sent: Thursday, April 4, 2024 4:36 PM
To: Eric Dugas 
Cc: nanog@nanog.org
Subject: Re: Netskrt - ISP-colo CDN

You don't often get email from aar...@gvtc.com. Learn 
why this is important

Thanks... they told me it was free.

-Aaron
On 4/4/2024 4:12 PM, Eric Dugas wrote:
That name rang a bell so I looked up my emails.

They contacted me last year, they were claiming to be "working with some of the 
major streaming brands, such as Amazon Prime Video, to improve the quality of 
both VOD and live streaming while also reducing the load on ISP networks such 
as your own.".

Based on my quick research, they have a few registered ASNs (their peeringdb 
page) with a few netblocks but I get 0 
traffic from them (we're a sizable eyeball network). Their origin network might 
still not be ready but digging a little bit more, it seems they act as a 
third-party video caching solution and not as an origin CDN so in the end, 
they're really just trying to sell ISPs and other types of customers their 
caching solutions.

Eric

On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould 
mailto:aar...@gvtc.com>> wrote:
Anyone out there using Netskrt CDN?  I mean, installed in your network
for content delivery to your customers.  I understand Netskrt provides
caching for some well known online video streaming services... just
wondering if there are any network operators that have worked with
Netskrt and deployed their caching servers in your networks and what
have you thought about it?  What Internet uplink savings are you seeing?

Netskrt - https://www.netskrt.io/


--
-Aaron

--

-Aaron

CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe. If you are not expecting this message contact the sender directly via 
phone/text to verify.

Re: Netskrt - ISP-colo CDN

[Aaron1]

Thanks… and does anyone know the benefit of Netskrt for ISPs that already have native Amazon ACEv2 servers installed?AaronOn Apr 4, 2024, at 4:50 PM, Jesse DuPont  wrote:

  

  
  
Right now, Amazon Prime is sponsoring the
  deployment of the caches. They deploy in your network and requests
  from your IPs (v4 or v6) are redirected to your on-net caches. For
  on-demand content, it's loaded nightly (as best they can predict)
  and for live (like TNF), it's a one-to-many HLS media server for
  participating content.

On 4/4/24 3:36 PM, Aaron Gould wrote:


  
  Thanks... they told me it was free.
  -Aaron
  
  On 4/4/2024 4:12 PM, Eric Dugas
wrote:
  
  

That name rang a bell so I looked up my emails.
  
  
  They contacted me last year, they were claiming to be
"working with some of the major streaming brands, such as
Amazon Prime Video, to improve the quality of both VOD and
live streaming while also reducing the load on ISP networks
such as your own.".
  
  
  Based on my quick research, they have a few
registered ASNs (their peeringdb page) with a few
netblocks but I get 0 traffic from them (we're a sizable
eyeball network). Their origin network might still not be
ready but digging a little bit more, it seems they act as a
third-party video caching solution and not as an origin CDN
so in the end, they're really just trying to sell ISPs and
other types of customers their caching solutions.
  

  Eric
  



  On Thu, Apr 4, 2024 at
4:00 PM Aaron Gould 
wrote:
  
  Anyone
out there using Netskrt CDN?  I mean, installed in your
network 
for content delivery to your customers.  I understand
Netskrt provides 
caching for some well known online video streaming
services... just 
wondering if there are any network operators that have
worked with 
Netskrt and deployed their caching servers in your networks
and what 
have you thought about it?  What Internet uplink savings are
you seeing?

Netskrt - https://www.netskrt.io/


-- 
-Aaron

  

  
  -- 
-Aaron


  

Re: Netskrt - ISP-colo CDN

[Aaron Gould]

Thanks... they told me it was free.

-Aaron

On 4/4/2024 4:12 PM, Eric Dugas wrote:

That name rang a bell so I looked up my emails.

They contacted me last year, they were claiming to be "working with 
some of the major streaming brands, such as Amazon Prime Video, to 
improve the quality of both VOD and live streaming while also reducing 
the load on ISP networks such as your own.".


Based on my quick research, they have a few registered ASNs (their 
peeringdb page ) with a few 
netblocks but I get 0 traffic from them (we're a sizable eyeball 
network). Their origin network might still not be ready but digging a 
little bit more, it seems they act as a third-party video caching 
solution and not as an origin CDN so in the end, they're really just 
trying to sell ISPs and other types of customers their caching solutions.


Eric

On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould  wrote:

Anyone out there using Netskrt CDN?  I mean, installed in your
network
for content delivery to your customers.  I understand Netskrt
provides
caching for some well known online video streaming services... just
wondering if there are any network operators that have worked with
Netskrt and deployed their caching servers in your networks and what
have you thought about it?  What Internet uplink savings are you
seeing?

Netskrt - https://www.netskrt.io/


-- 
-Aaron



--
-Aaron

Re: Netskrt - ISP-colo CDN

[Eric Dugas via NANOG]

That name rang a bell so I looked up my emails.

They contacted me last year, they were claiming to be "working with some of
the major streaming brands, such as Amazon Prime Video, to improve the
quality of both VOD and live streaming while also reducing the load on ISP
networks such as your own.".

Based on my quick research, they have a few registered ASNs (their peeringdb
page ) with a few netblocks but I get
0 traffic from them (we're a sizable eyeball network). Their origin network
might still not be ready but digging a little bit more, it seems they act
as a third-party video caching solution and not as an origin CDN so in the
end, they're really just trying to sell ISPs and other types of customers
their caching solutions.

Eric

On Thu, Apr 4, 2024 at 4:00 PM Aaron Gould  wrote:

> Anyone out there using Netskrt CDN?  I mean, installed in your network
> for content delivery to your customers.  I understand Netskrt provides
> caching for some well known online video streaming services... just
> wondering if there are any network operators that have worked with
> Netskrt and deployed their caching servers in your networks and what
> have you thought about it?  What Internet uplink savings are you seeing?
>
> Netskrt - https://www.netskrt.io/
>
>
> --
> -Aaron
>
>

Netskrt - ISP-colo CDN

[Aaron Gould]

Anyone out there using Netskrt CDN?  I mean, installed in your network 
for content delivery to your customers.  I understand Netskrt provides 
caching for some well known online video streaming services... just 
wondering if there are any network operators that have worked with 
Netskrt and deployed their caching servers in your networks and what 
have you thought about it?  What Internet uplink savings are you seeing?


Netskrt - https://www.netskrt.io/


--
-Aaron

Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com)

[Michael Thomas]

On 4/4/24 12:43 AM, Jay Acuna wrote:

On Thu, Apr 4, 2024 at 1:23 AM Adam Brenner via NANOG  wrote:
..

It seems to me that if msn.com is going to include DKIM headers in their
outgoing email, they should also publish their DKIM public key. If they
are not going to publish their DKIM public key, then they should not
include DKIM headers in their outgoing email.

Microsoft can still sign the message, Even if the signature cannot be verified
because they have not yet published the Public Key, for whatever reason.
That is a partial/incomplete implementation of DKIM then.


There is one potential reason a site might want to do this which is to 
essentially invalidate signatures from a non-repudiation standpoint. 
Simply unpublishing the key while not 100% foolproof is essentially 
saying "we don't take responsibility for mail signed with this key 
anymore" -- sort of like the expirey tag in the header but with 
attitude. The entire kerfuffle about Her Emails (ie Hillary's email 
server) was in part about the fact that the mail on it could still be 
verified and thus not denied. After, there were calls for providers to 
publish their private keys on a regular basis but that went nowhere that 
I've heard of. That's probably not what's going on here -- maybe they 
just botched a key rollover -- but it still amusing to me that we got 
non-repudiation along for the ride [*].


Mike

[*] while DKIM only speaks at the domain level and not an individual 
account, if providers always require submission auth before signing that 
seems pretty airtight to me

Talk of the Week, Peering Forum, Socials + More

[Nanog News]

*NANOG Talk of the Week*
*Go Lang for Engineers with Arista Networks'  Daniel Hertzberg *

*Why it's worth your time:* At 820 views and counting since our last
meeting in February, this talk is a gateway for network engineers into the
world of Go, demystifying its core concepts and illustrating its
unparalleled potential for building efficient, concurrent, and performant
network automation tasks.


*WATCH NOW * 

*N91 Peering Coordination Forum Applications are Open!  *
*Open Until 24 May or 20 Applications Received*

The forum allows attendees to meet and network with others in the peering
community present at NANOG.

*MORE INFO * 

*Check out the NANOG 91 Socials Schedule *
*Make your Travel Arrangements Now *

NANOG Socials are an incredible opportunity to get to know your peers in
the industry + foster important relationships in a relaxed, casual
environment.

*N91 SOCIALS * 

*VIDEO - Experience a NANOG Meeting *
*Watch the Recap of Our Most Recent Meeting — N90 in Charlotte, NC *

Our last meeting may have come and gone— but the memories will last
forever! Check out some familiar faces + learn what makes a NANOG meeting
special.

*WATCH NOW * 

[NANOG-announce] Talk of the Week, Peering Forum, Socials + More

[Nanog News]

*NANOG Talk of the Week*
*Go Lang for Engineers with Arista Networks'  Daniel Hertzberg *

*Why it's worth your time:* At 820 views and counting since our last
meeting in February, this talk is a gateway for network engineers into the
world of Go, demystifying its core concepts and illustrating its
unparalleled potential for building efficient, concurrent, and performant
network automation tasks.


*WATCH NOW * 

*N91 Peering Coordination Forum Applications are Open!  *
*Open Until 24 May or 20 Applications Received*

The forum allows attendees to meet and network with others in the peering
community present at NANOG.

*MORE INFO * 

*Check out the NANOG 91 Socials Schedule *
*Make your Travel Arrangements Now *

NANOG Socials are an incredible opportunity to get to know your peers in
the industry + foster important relationships in a relaxed, casual
environment.

*N91 SOCIALS * 

*VIDEO - Experience a NANOG Meeting *
*Watch the Recap of Our Most Recent Meeting — N90 in Charlotte, NC *

Our last meeting may have come and gone— but the memories will last
forever! Check out some familiar faces + learn what makes a NANOG meeting
special.

*WATCH NOW * 
___
NANOG-announce mailing list
NANOG-announce@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog-announce

Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com)

[John Levine]

It appears that Adam Brenner via NANOG  said:
>mail server. Our mail server checks if DKIM email headers are present 
>and if they are, tries to validate them. If the check fails, we reject 
>the message.

MSN's setup is broken but let me strongly reiterate the advice DON'T DO THAT.

If a DKIM signature isn't valid, you ignore it.  If you do anything else,
as you have just discovered, you will be sorry.

R's,
John

Re: Unimus as NCM (Network Configuration Management) Tool

[Chris Boyd]

> On Apr 4, 2024, at 2:06 AM, Mark Tinka  wrote:
> On 4/4/24 08:25, Mike Lyon wrote:
> 
>> I use it for config backups, diffs, etc. Love it.
>> 
>> Theres others such as Rancid but im not sure if it works on anything other 
>> than Vendor C.
> 
> RANCID works perfectly for Cisco, Juniper, Arista, Brocade (Foundry) and HP.

Also works well for Dell S series switches. I use it on S4128s and S4048s.

Re: Unimus as NCM (Network Configuration Management) Tool

[Josh Luthman]

We've used Unimus exclusively since 2018.  It's absolutely wonderful for
NCM.

On Wed, Apr 3, 2024 at 5:20 PM Shahid Shafi  wrote:

> Hi Network Experts,
>
> Is anyone using Unimus as your main NCM tool in production? I am looking
> at an NCM tool that can scale upto 10,000 to 15,000 Network Devices. Do you
> recommend any other solution? The solution should atleast able to support
> network config backups, diffs, and basic network auditing features.
>
> https://unimus.net/
>
> thanks
> Shahid
>

Re: Unimus as NCM (Network Configuration Management) Tool

[Tim Požar via NANOG]

For backup and version control (e.g., git), I use Oxidize.  It supports 
a bunch of different vendors, so long as there is a CLI. Writing scripts 
for new vendors is very simple.


Oxidized can run on its own or get fed by something like LibreNMS so as 
you add devices for monitoring, Oxidize will pick up the new devices. 
Very handy to track changes that get pushed out. And track down who did 
what to screw up your network.


Tim

On 4/4/24 5:59 AM, Mike Hammett wrote:
Unimus is very open to adding additional platforms and improving support 
for existing platforms. I'd reach out to them for assistance.




-
Mike Hammett
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 


*From: *"Mel Beckman" 
*To: *"Mike Lyon" 
*Cc: *"nanog" 
*Sent: *Thursday, April 4, 2024 1:49:31 AM
*Subject: *Re: Unimus as NCM (Network Configuration Management) Tool

We use both Unumus and ManageEngine. Neither covers all device models, 
or all firmware versions of all devices, so we have to use both products 
to get complete device coverage. Scaling depends on host performance, so 
for large device populations you may want to assign different SCM 
instances to particular subgroups.


-mel via cell

On Apr 3, 2024, at 11:28 PM, Mike Lyon  wrote:


I use it for config backups, diffs, etc. Love it.

Theres others such as Rancid but im not sure if it works on anything
other than Vendor C.

-Mike

On Apr 3, 2024, at 23:16, Shahid Shafi  wrote:


Hi Network Experts,

Is anyone using Unimus as your main NCM tool in production? I am
looking at an NCM tool that can scale upto 10,000 to 15,000
Network Devices. Do you recommend any other solution? The
solution should atleast able to support network config backups,
diffs, and basic network auditing features.

https://unimus.net/ 

thanks
Shahid

Re: Unimus as NCM (Network Configuration Management) Tool

[Thomas Croghan]

We use it for that. It's pretty darn nice to use most days. We are nowhere that 
scale though, but I know the owner. He has some customers with far larger 
deployments as far as I understand.

Very responsive and they are pretty sharp cookies. Price is also good.



On Apr 3, 2024 16:22, Shahid Shafi  wrote:
Hi Network Experts,

Is anyone using Unimus as your main NCM tool in production? I am looking at an 
NCM tool that can scale upto 10,000 to 15,000 Network Devices. Do you recommend 
any other solution? The solution should atleast able to support network config 
backups, diffs, and basic network auditing features.

https://unimus.net/

thanks
Shahid

Re: Unimus as NCM (Network Configuration Management) Tool

[Colten Lange]

If you are looking for a self-host version, Oxidized (
https://github.com/ytti/oxidized) works great. Its mainly focused on just
network backup however, but you can customize to your liking.

Regards,
Colten Lange

On Wed, Apr 3, 2024 at 4:20 PM Shahid Shafi  wrote:

> Hi Network Experts,
>
> Is anyone using Unimus as your main NCM tool in production? I am looking
> at an NCM tool that can scale upto 10,000 to 15,000 Network Devices. Do you
> recommend any other solution? The solution should atleast able to support
> network config backups, diffs, and basic network auditing features.
>
> https://unimus.net/
>
> thanks
> Shahid
>

Re: Unimus as NCM (Network Configuration Management) Tool

[Mike Hammett]

Unimus is very open to adding additional platforms and improving support for 
existing platforms. I'd reach out to them for assistance. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mel Beckman"  
To: "Mike Lyon"  
Cc: "nanog"  
Sent: Thursday, April 4, 2024 1:49:31 AM 
Subject: Re: Unimus as NCM (Network Configuration Management) Tool 

We use both Unumus and ManageEngine. Neither covers all device models, or all 
firmware versions of all devices, so we have to use both products to get 
complete device coverage. Scaling depends on host performance, so for large 
device populations you may want to assign different SCM instances to particular 
subgroups. 


-mel via cell 



On Apr 3, 2024, at 11:28 PM, Mike Lyon  wrote: 








I use it for config backups, diffs, etc. Love it. 


Theres others such as Rancid but im not sure if it works on anything other than 
Vendor C. 


-Mike 



On Apr 3, 2024, at 23:16, Shahid Shafi  wrote: 







Hi Network Experts, 


Is anyone using Unimus as your main NCM tool in production? I am looking at an 
NCM tool that can scale upto 10,000 to 15,000 Network Devices. Do you recommend 
any other solution? The solution should atleast able to support network config 
backups, diffs, and basic network auditing features. 


https://unimus.net/ 



thanks 
Shahid 

Re: Unimus as NCM (Network Configuration Management) Tool

[Joel Busch via NANOG]

On 04.04.2024 09:06, Mark Tinka wrote:
RANCID works perfectly for Cisco, Juniper, Arista, Brocade (Foundry) and 
HP.


They are also known to support other obscure vendors.


Can confirm for Cisco.

We use it for ECI (now Ribbon) gear as well, just with our local 
modifications. We copied the Juniper scripts and modified them to not 
set some CLI states and to adapt the commands that are run. It's not 
that complicated to modify.


Joel Busch
AS559 SWITCH

Re: Microsoft missing public DNS TXT entry for DKIM records (msn.com)

[Jay Acuna]

On Thu, Apr 4, 2024 at 1:23 AM Adam Brenner via NANOG  wrote:
..
> It seems to me that if msn.com is going to include DKIM headers in their
> outgoing email, they should also publish their DKIM public key. If they
> are not going to publish their DKIM public key, then they should not
> include DKIM headers in their outgoing email.

Microsoft can still sign the message, Even if the signature cannot be verified
because they have not yet published the Public Key, for whatever reason.
That is a partial/incomplete implementation of DKIM then.

The Interpretation of the results by Recipients should be the same
as if that Message had not been signed at all.   And that domain has
not published the policy record to indicate messages must be signed.

RFC6376   6.3  Interpretation of Results[ Page 50 ]

If the email cannot be verified, then it SHOULD be treated the same
   as all unverified email, regardless of whether or not it looks like
   it was signed.

   See Section 8.15 for additional discussion.


> Other Microsoft email accounts and services such as hotmail.com and
> outlook.com publish their DKIM records. Again, it seems msn.com should
> as well.

-J

Re: Unimus as NCM (Network Configuration Management) Tool

[Mark Tinka]

On 4/4/24 08:25, Mike Lyon wrote:


I use it for config backups, diffs, etc. Love it.

Theres others such as Rancid but im not sure if it works on anything 
other than Vendor C.


RANCID works perfectly for Cisco, Juniper, Arista, Brocade (Foundry) and HP.

They are also known to support other obscure vendors.

Mark.

Microsoft missing public DNS TXT entry for DKIM records (msn.com)

[nanog]

"if msn.com is going to include DKIM headers in their outgoing email, they 
should also publish their DKIM public key."

Yes, and mailop seems a place to post this.
https://www.mailop.org/

Patrick

Re: Unimus as NCM (Network Configuration Management) Tool

[Mel Beckman]

We use both Unumus and ManageEngine. Neither covers all device models, or all 
firmware versions of all devices, so we have to use both products to get 
complete device coverage. Scaling depends on host performance, so for large 
device populations you may want to assign different SCM instances to particular 
subgroups.

-mel via cell

On Apr 3, 2024, at 11:28 PM, Mike Lyon  wrote:


I use it for config backups, diffs, etc. Love it.

Theres others such as Rancid but im not sure if it works on anything other than 
Vendor C.

-Mike

On Apr 3, 2024, at 23:16, Shahid Shafi  wrote:


Hi Network Experts,

Is anyone using Unimus as your main NCM tool in production? I am looking at an 
NCM tool that can scale upto 10,000 to 15,000 Network Devices. Do you recommend 
any other solution? The solution should atleast able to support network config 
backups, diffs, and basic network auditing features.

https://unimus.net/

thanks
Shahid

Re: Unimus as NCM (Network Configuration Management) Tool

[Mike Lyon]

I use it for config backups, diffs, etc. Love it.

Theres others such as Rancid but im not sure if it works on anything other than 
Vendor C.

-Mike

> On Apr 3, 2024, at 23:16, Shahid Shafi  wrote:
> 
> 
> Hi Network Experts,
> 
> Is anyone using Unimus as your main NCM tool in production? I am looking at 
> an NCM tool that can scale upto 10,000 to 15,000 Network Devices. Do you 
> recommend any other solution? The solution should atleast able to support 
> network config backups, diffs, and basic network auditing features.
> 
> https://unimus.net/
> 
> thanks
> Shahid

Microsoft missing public DNS TXT entry for DKIM records (msn.com)

[Adam Brenner via NANOG]

Apologies if this message is the wrong listserv to ask this question but 
we are scratching are heads here.



We run our own exim mail server and are receiving reports of end users 
getting bounce back messages when they send email from msn.com to our 
mail server. Our mail server checks if DKIM email headers are present 
and if they are, tries to validate them. If the check fails, we reject 
the message.


We are noticing that Microsoft, specifically, msn.com, does *not* 
publish DKIM DNS text records but sends email with the DKIM email headers.


Is this normal or correct? Anyone have information or a contact at 
Microsoft that can fix this -- publish their DKIM records?






It seems to me that if msn.com is going to include DKIM headers in their 
outgoing email, they should also publish their DKIM public key. If they 
are not going to publish their DKIM public key, then they should not 
include DKIM headers in their outgoing email.



Other Microsoft email accounts and services such as hotmail.com and 
outlook.com publish their DKIM records. Again, it seems msn.com should 
as well.


If we look at a bounce back messages we see the following snippet:


Generating server: PH7PR84MB1704.NAMPRD84.PROD.OUTLOOK.COM
...
Remote server returned '550 5.0.350 Remote server returned an error -> 
550 DKIM: encountered the following problem validating 
msn.com:;pubkey_unavailable'


Original message headers:
...
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=msn.com; 
s=selector1;

...


When we try and perform a TXT DNS query to fetch the DKIM record: 
selector1._domainkey.msn.com we see that Microsoft does *not* publish 
their DKIM records:


adam@defiant ~ $ dig selector1._domainkey.msn.com TXT

; <<>> DiG 9.18.25 <<>> selector1._domainkey.msn.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13050
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;selector1._domainkey.msn.com.  IN  TXT

;; ANSWER SECTION:
selector1._domainkey.msn.com. 21170 IN	CNAME 
www-msn-com.a-0003.a-msedge.net.

www-msn-com.a-0003.a-msedge.net. 240 IN CNAME   a-0003.a-msedge.net.

;; AUTHORITY SECTION:
a-msedge.net.		184	IN	SOA	ns1.a-msedge.net. msnhst.microsoft.com. 
2016092901 1800 900 2419200 240


;; Query time: 20 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed Apr 03 23:04:31 PDT 2024
;; MSG SIZE  rcvd: 173

Again, this problem does *not* exist when we perform the same query to 
hotmail.com and outlook.com as those domains publish their DKIM TXT 
records: selector1._domainkey.outlook.com and 
selector1._domainkey.hotmail.com



--
Adam Brenner
https://aeb.io/