Re: SNMP via proxy

2019-04-10 Thread Brant Ian Stevens 

This might be what you're looking for...

http://www.net-snmp.org/wiki/index.php/Snmpd_proxy

--
Regards, <https://www.postbox-inc.com>
Brant Ian Stevens
bra...@branto.com

<https://www.postbox-inc.com>


Jared Mauch wrote on 4/10/19 12:50 PM:

This is one of (many) reasons why a number of people have been converting to a 
streaming telemetry model of getting data out of devices.  You can send it to a 
relay host and visualize in your favorite magic (eg: grafana w/ influx or some 
other storage).

- Jared


On Apr 10, 2019, at 10:15 AM, Dave Phelps  wrote:

Some devices only accept IP addresses as destinations, or resolve a FQDN to an 
IP and that goes in the config.

I add secondary IPs to servers for these functions. Then I can simply move the 
IP to a new host whenever the role moves.

On Wed, Apr 10, 2019 at 9:13 AM Dovid Bender  wrote:
Hi,

A bit off topic. One of my early mistakes in my 9-5 was hard coding the IP's of 
our SNMP box in all of our gear (networking equipment, Servers etc,). The box 
is at its limit and increasing its capacity will be nearly impossible. We 
mainly use Nagios and Cacti to monitor our network. Going forward I was 
thinking of setting up a few hosts whose job would be to simply relay SNMP 
traffic. This way moving forward we could hard code several IP's and bounce all 
traffic through one of these IP's.

TIA for your advice.

Regards,

Dovid

Re: Nokia SP Business Group Account Contact

2018-08-08 Thread Brant Ian Stevens 
Thank you to everyone that reached-out to me offline and forwarded my 
request onward.  I'm all set now.


--
Regards,
--
Brant I. Stevens

On 8/8/18 10:57 AM, Brant Ian Stevens wrote:
Sorry to bother the list, but could someone help me get in touch with 
a Nokia account rep from their SP team for the NYC area? Specifically 
looking for information on the managed sp wireless solution.


I've tried going through the website, but have made no progress 
reaching the right people to move my request forward.

Nokia SP Business Group Account Contact

2018-08-08 Thread Brant Ian Stevens 
Sorry to bother the list, but could someone help me get in touch with a 
Nokia account rep from their SP team for the NYC area? Specifically 
looking for information on the managed sp wireless solution.


I've tried going through the website, but have made no progress reaching 
the right people to move my request forward.


--
Regards,
--
Brant I. Stevens

Re: Proving Gig Speed

2018-07-17 Thread Brant Ian Stevens 

"There is no reason for any individual to have a computer in his home."

"640K ought to be enough for anybody."


On 7/17/18 10:41 AM, Mike Hammett wrote:


10G to the home will be pointless as more and more people move away from 
Ethernet to WiFi where the noise floor for most installs prevents anyone from 
reaching 802.11n speeds, much less whatever alphabet soup comes later.




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

- Original Message -

From: "Mark Tinka" 
To: "K. Scott Helms" 
Cc: "NANOG list" 
Sent: Tuesday, July 17, 2018 7:11:35 AM
Subject: Re: Proving Gig Speed



On 17/Jul/18 14:07, K. Scott Helms wrote:


That's absolutely true, but I don't see any real alternatives in some
cases. I've actually built automated testing into some of the CPE
we've deployed and that works pretty well for some models but other
devices don't seem to be able to fill a ~500 mbps link.

So what are you going to do when 10Gbps FTTH into the home becomes the norm?

Perhaps laptops and servers of the time won't even see this as a
rounding error :-\...

Mark.

Re: What are people using for IPAM these days?

2018-06-14 Thread Brant Ian Stevens 

sorry, but nano4lyfe!

On 6/12/18 2:52 PM, Chris Adams wrote:

Once upon a time, Randy Bush  said:

If you start with Excel, down Will It Scale Road, you will be sorry,
so very sorry.  Especially when it comes to v6.

emacs!

vim!

Re: 100G QSFP28 DAC cables - experience

2017-09-14 Thread Brant Ian Stevens 
+1 on this...  I'd go so far as to say skip the copper, and just go with 
active-optical for short-run interconnects.



Tyler Conrad 
September 14, 2017 at 2:12 PM
We're using a mix as well, some QSFP28 AOC, others DAC. One thing that you
need to keep in mind about the DACs is going to be the bend radius. These
things are girthy af, so make sure to either overestimate your runs
slightly, or buy one to test first.

Hugo Slabbert 
September 14, 2017 at 12:54 PM

On Wed 2017-Sep-06 09:17:39 +0200, Jiri Prochazka  wrote:


We're deploying a decent chunk of 100G QSFP28 at the moment, but it's 
a mix of:


- a handful of 100G QSFP28 copper DACs for some switch peerlinks
- a bit >100x 100G QSFP28 AOC for interswitch links
- a lot more 100G QSFP28 -> 4x25G SFP28 copper breakouts

We're only a few weeks in at this point, so mileage may vary in the 
long run etc.


The copper peerlinks are mostly 1M with some 3M.  We've had no issues 
with them so far.


The AOC interswitch links vary more in length, but some of those are 
>10M (hence AOC rather than copper).  We've faced no issues with 
those.  Granted, there is BGP with BFD running across those, so those 
should help in terms of liveness checks and such.


I mention that because where we _have_ had issues are on the 100G -> 
4x25G copper breakouts.  Those are for 25G edge connectivity.  It's a 
decent sample size with a bit north of 600x 25G ports.  The trouble 
we've had there have been with some links showing link up on the 
switch and server side but actually failing to pass any traffic, so we 
need to stuff some >L1 liveness checks on there to ensure those links 
are good while we sort out the root issue.  It is not yet clear if 
this is a cable fault, driver issue, or something firmware-ish on the 
NICs.


Also, fun fact: 25G only made its way into the 802.3ad bonding mode 
driver in the Linux kernel in March this year[1].


Jiri Prochazka 
September 6, 2017 at 3:17 AM
Hi folks,

I'm wondering if anyone have (either positive or negative) experience 
with 100G QSFP28 DAC cables?


Is there anyone who is using 100G DAC in large scale and would 
recommend it (which means there are no issues compared to SR4 links)?


I'm thinking about cables with lenght up to 1m, not more.

We have had quite bad experience with 10G DAC in the past - but I do 
not want to be slave of the past.





Thank you for your thoughts!



Jiri



--

--
Regards,
--
Brant I. Stevens, Principal & Consulting Architect
bra...@argentiumsolutions.com
d:212.931.8566, x101. m:917.673.6536. f:917.525.4759.
http://argentiumsolutions.com

Re: 10Gb CPE

2015-05-27 Thread Brant Ian Stevens 
Brocade.

From:  Colton Conor
Date:  Wednesday, May 27, 2015 at 12:52 PM
To:  branto
Cc:  Chris Lane, Daniel Rohan, NANOG
Subject:  Re: 10Gb CPE

Who makes the 7250? 

On Tue, May 26, 2015 at 10:07 PM, Brant Ian Stevens 
bra...@argentiumsolutions.com wrote:
Any feedback on the new 7250’s yet?




On 5/26/15, 3:02 PM, NANOG on behalf of Chris Lane nanog-boun...@nanog.org 
on behalf of clane1...@gmail.com wrote:

We use Brocade ICX 6450s for this.

-Chris

On Tue, May 26, 2015 at 2:40 PM, Daniel Rohan dro...@gmail.com wrote:

 With the deluge of 10Gb X device recommendations, I thought I'd hit the
 list with one more.  Does anyone out there running 10Gb managed CPE feel
 like sharing their experiences?

  Our use case would be a managed endpoint that would allow for testing and
 circuit verification while providing a layer 2 extension to our edge gear
 at the PoPs.

 We're hoping to find a cheap vendor-supplied solution- not homebrew.

 If so, which features have been important to you?

 Which vendors have good products?

 What price point?


 Thanks,

 Dan




--
- Chris

Re: 10Gb CPE

2015-05-26 Thread Brant Ian Stevens 
Any feedback on the new 7250’s yet?




On 5/26/15, 3:02 PM, NANOG on behalf of Chris Lane nanog-boun...@nanog.org 
on behalf of clane1...@gmail.com wrote:

We use Brocade ICX 6450s for this.

-Chris

On Tue, May 26, 2015 at 2:40 PM, Daniel Rohan dro...@gmail.com wrote:

 With the deluge of 10Gb X device recommendations, I thought I'd hit the
 list with one more.  Does anyone out there running 10Gb managed CPE feel
 like sharing their experiences?

  Our use case would be a managed endpoint that would allow for testing and
 circuit verification while providing a layer 2 extension to our edge gear
 at the PoPs.

 We're hoping to find a cheap vendor-supplied solution- not homebrew.

 If so, which features have been important to you?

 Which vendors have good products?

 What price point?


 Thanks,

 Dan




-- 
- Chris

Re: GMail IPv6 IMAP Issue, or is it Just Me?

2013-06-02 Thread Brant Ian Stevens 
It started flowing shortly after I sent the initial message...  Thanks 
to all who answered.



Mike Tancsa mailto:m...@sentex.net
June 1, 2013 9:43 PM


Looks ok for me via Toronto, Ont, Canada

0(marble)% host imap.gmail.com
imap.gmail.com is an alias for gmail-imap.l.google.com.
gmail-imap.l.google.com has address 74.125.142.108
gmail-imap.l.google.com has address 74.125.142.109
gmail-imap.l.google.com has IPv6 address 2607:f8b0:4003:c01::6c
0(marble)%

% traceroute6 -q1 2607:f8b0:4003:c01::6c
traceroute6 to 2607:f8b0:4003:c01::6c (2607:f8b0:4003:c01::6c) from
2607:f3e0::2, 64 hops max, 12 byte packets
1 iolite4-6 0.560 ms
2 toronto-torix-6 4.678 ms
3 he.ip6.torontointernetxchange.net 3.793 ms
4 2001:478:245:1::6 5.810 ms
5 2001:4860::1:0:e38 3.471 ms
6 2001:4860::8:0:2fe9 16.342 ms
7 2001:4860::8:0:29ee 31.341 ms
8 2001:4860::2:0:95e 31.340 ms
9 *
10 ob-in-x6c.1e100.net 30.584 ms


1(marble)% openssl s_client -host imap.gmail.com -port 993
CONNECTED(0003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-BEGIN CERTIFICATE-
MIIDgDCCAumgAwIBAgIKVEsbtQABAACELjANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0xMzA0MTUwODQ0MDBaFw0xMzEyMzExNTU4NTBa
MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw5pbWFw
LmdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3a/wUjZBSOgZ
EeyRqaSaKEwS8+1y/8AK9HdplSR72PU+iBc7HyA4aXgD6XYEJVoyGsO97nMj+oeN
2iNvKfkPvTrn2YnQfJLuxpEw9gwIHvwVqy3TNpHwt4DHnxOg5CxV8e7PaCAhAXD+
uj0H09aVFJmfYDnU0VSSukNJX2MZSJUCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUY9A6EExy3NNFBc2R0vrY8lpf
OB8wHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ
oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY
MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy
bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB
Af8EAjAAMBkGA1UdEQQSMBCCDmltYXAuZ21haWwuY29tMA0GCSqGSIb3DQEBBQUA
A4GBAAcrDCcXCKZ2VNcJv31SSXTKs1AH0sU1lvAB0kzy3mIB/H8UHvMz1+T3Lfmy
68bqBSM97W6MO6UiqmVvbMhwPBrktUVT/Q4cWskVf2MONrW3g0UtX47L1ocs/WZe
XdUTkjQ3EFCzxpw4joHefndfZHsEn0VrjZR49kzR9+1Me7Rz
-END CERTIFICATE-
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1752 bytes and written 325 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID:
881124D0017ADA0B7D8CEB26ECBCBCF86AF8A593600858D165164A17B2C0C652
Session-ID-ctx:
Master-Key:
667BDFF99C7FE7733C8CB36FE2F73C76380DE2AC9453A0D3D621E39CE64EC1259BC8AB8FE65C425E15BCA467B80FD274
Key-Arg : None
Start Time: 1370137039
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
* OK Gimap ready for requests from 199.212.134.2 bj1if1491559oac.162
^C
1(marble)%
Stevens, Brant I. mailto:bra...@argentiumsolutions.com
June 1, 2013 1:53 PM
Is anyone else having issues reaching GMail on IPv6 via IMAP, or is it 
just

me?

Here's some of what I'm seeing:

It responds to ping...

imac01:~ branto$ ping6 imap.gmail.com
PING6(56=40+8+8 bytes) 2001:470:8d30:b00c::bb0e -- 2607:f8b0:400d:c00::6c
16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=0 hlim=55 time=31.299 ms
16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=1 hlim=55 time=41.528 ms
16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=2 hlim=55 time=30.092 ms
16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=3 hlim=55 time=35.450 ms
^C
--- gmail-imap.l.google.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 30.092/34.592/41.528/4.470 ms


TCP Sessions on v6 seem to time-out:

imac01:~ branto$ telnet -6 imap.gmail.com 993
Trying 2607:f8b0:400d:c01::6c...
telnet: connect to address 2607:f8b0:400d:c01::6c: Operation timed out
telnet: Unable to connect to remote host

IPv4 Connects:

imac01:~ branto$ telnet -4 imap.gmail.com 993
Trying 173.194.76.108...
Connected to gmail-imap.l.google.com.
Escape character is '^]'.

^]
telnet close
Connection closed.

and other connectivity via IPv6 works:

imac01:~ branto$ telnet -6 www.google.com 80
Trying 2607:f8b0:400c:c04::68...
Connected to www.google.com.
Escape character is '^]'.

GET /
HTTP/1.0 200 OK
Date: Sat, 01 Jun 2013 17:08:58 GMT

snip

Connection closed by foreign host.

I've tried flushing my

Re: Force10 E Series at the edge?

2012-03-28 Thread Brant Ian Stevens 




Brant Ian Stevens mailto:bra...@argentiumsolutions.com
March 28, 2012 11:41 AM
The CER is the perfect box for this application, save for the 
redundant processors.  The MLXe will work great if you want a small 
form factor and redundant processors.


-Brant
George Bonser mailto:gbon...@seven.com
March 28, 2012 11:34 AM


I have been using a pair of CER (but not the -RT) at one location for 
a while now and so far have been flawless. These particular units 
aren't taking full tables so don't need the -RT but I wouldn't have 
any trouble using them. The -RT are basically a 1U XMR.


Tom Daly mailto:t...@dyn.com
March 27, 2012 11:59 PM
Brent,
Your options include, for smaller boxes:

- Brocade CER series, but make sure you the -RT versions due to RAM 
(haven't tried, though)

- Juniper MX (MX80 is working well for us)
- Cisco ASR1006 (heard a lot about BGP price issues)

But for 300mb/sec, what not OpenBSD + Quagga?

Tom



- Original Message -

Jo Rhett mailto:jrh...@netconsonance.com
March 27, 2012 6:00 PM
I was very happy with the E300 as a data center core switch handling 
multiple full feeds (around 15) with about 10x the traffic you are 
talking about. The only problem I had was that Force10 didn't have a 
useful (basically forklift) upgrade to get more IPv4 prefixes, and the 
more I talked to them and the more I showed them the graphs 
demonstrating what we'd need for prefix space assuming even the most 
conservative assumptions at depletion, the more I realized they really 
Did Not Get It. In fact, their brand new architecture recently 
announced had only 500k prefixes allowed, at a time that the Juniper 
MX platform handled 2million easily.


So I would be fine using Force10 again, given the following changes:
1. Large limits on IP prefixes allowed
2. Reallocation of useless memory from stupid things like MAC tables 
to prefixes (data centers have very few MACs, very many prefixes)

3. Command line logging

The units worked great at failover, never had any problems gracefully 
failing over from one RP to another, but if you have to cold boot them 
for any reason it takes like 5 minutes :(