Re: Scanning the Internet for Vulnerabilities

[Matthew Craig]

The intent behind vulnerability scans is good, however the majority of DOS 
attacks that my networks encounter these days are from cybersecurity 
organizations conducting cybersecurity research.

Funding requests for DOS mitigation solutions to protect my networks from 
cybersecurity researchers are not taken seriously.




-
Matt








On Jun 20, 2022, at 12:55 PM, Randy Bush mailto:ra...@psg.com>> 
wrote:

**Warning: This email originated external to the NMSU email system. Do not 
click on links or open attachments unless you are sure the content is safe.

I treat these folk with the same respect they afford me. Not once in
30 years of having a connected network (v4 or v6) has any entity asked
"is it OK if we .. ?".

how strange, considering you are replying to a thread doing so.

fwiw, i appreciate vuln scanners.  i do not have the hubris or tools to
think i run a flawless network or servers.

randy

Re: V6 still not supported

[Matthew Craig]

This huge conversation has been fun to follow.


I like my IPv6 transition plan:

Instead of moving the mountains and breaking my back to migrate (by myself) my 
ENTIRE not-so-small organization to IPv6, I keep things going on IPv4 
relatively burden-less to my organization till I retire.


Then the contractor that comes in after me (certainly a contractor, because the 
pool of clueful people to hire is small and getting smaller) can execute the 
transition and make a killing by causing more problems, and draining budgets to 
fix those problems, which cause more problems, etc... in a nice vicious cycle.  
I could even decide to be said contractor!


My CISO is on my side.  He DEMANDS as critical components of his Security 
Posture: IPv4 NAT, and easier-to-type IPv4 ACL segmentation (clueful people to 
hire is small)!  :)




This plan continues to be self-validating.  I like my plan.




-
Matt








On Mar 24, 2022, at 5:44 AM, Mark Delany 
mailto:k...@november.emu.st>> wrote:


On 24Mar22, Pascal Thubert (pthubert) allegedly wrote:
Hello Mark:

Any such "transition plan" whether "working" or "straightforward" is
logically impossible. Why anyone thinks such a mythical plan might yet be
formulated some 20+ years after deploying any of ipv6, ipv4++ or ipv6-lite is
absurd.

This is dishonest

My point is that if there was a real transition plan it would have been 
invented and
executed by now and we'd all be on ipv6. Yet the reality is that here we are 
some 20 years
later with no plan and no ubiquitous ipv6. How is that observation dishonest?

considering that I just proved on this very thread that such ideas existed

I don't know why you're conflating an idea with a plan - they are about as far 
away from
each other as is possible. Frankly no one cares about ideas, they're a dime a 
dozen.

A plan is an actionable, compelling and logical set of steps towards an end 
result. Do you
have such a thing for moving everyone on the planet to ipv6?

Here's a simple test of whether you have a plan or not. I'm connected via my 
legacy ipv4
ISP router completely oblivous to ipv6. How does your plan incentivise me to 
upgrade my
router to support ipv6?

When you have an answer to that, you might have a glimmer of a plan.


Mark.

Re: 40G QSFP+ to 4 SFP+ on MX960

[Craig]

40G modules/ports are a waste from a design perspective.

Agree  I have many cards of 40G laying around used them for 6 months and
swapped them out

On Thu, Feb 24, 2022 at 4:47 PM Paschal Masha 
wrote:

> Hello,
>
>
>
> Has anyone managed to get the 40G QSFP+ to 4 SFP+ breakout cable to work
> on the 2X40GE QSFPP Juniper MICs?
>
> Which commands did you use to channelize the port under the "chassis fpc"
> mode to get it to channelize to 4x10g at least for one 40G port on that MIC?
>
> My device : MX960.
>
> On a side note, 40G modules/ports are a waste from a design perspective.
>
> Thanks in advance
>
>
>
> Regards
> Paschal Masha | Engineering
> Skype ID: paschal.masha
>
>
>

Microsoft express routes contact

[Craig]

Could someone from Microsoft please contact me off line please. We have had
tickets opened for quite a while now but the ticket seems to be not getting
to the correct team.

We have a customer who has been trying to get their app working, we have an
express route peering directly to MS, however we are NOT receiving the more
specific prefix over express routes. This is creating issues w/ the app
working due to the FW involved.

The Azure Host IPv4 is:
52.158.246.45



and here are the networks we are learning over express routes:

52.158.0.0/17
52.158.160.0/20
52.158.176.0/20
52.158.192.0/19
52.159.64.0/18

However we are receiving a prefix over our ISP where the route is being
used.

I have not been able to find this specific host in the Azure route table
dump that is posted on the MS web site.

cpv

Re: Microsoft problems...

[Craig]

https://status.office365.com/




On Mon, Mar 15, 2021 at 4:49 PM Nathanael Cariaga 
wrote:

> WVD seems to be affected as well...  tak tsk tsk.  I guess this is part of
> Monday blues? :P
>
> On Tue, Mar 16, 2021, 4:39 AM Andrey Khomyakov, <
> khomyakov.and...@gmail.com> wrote:
>
>> I didn't troubleshoot at all (not my job), but yes, we are having all
>> sorts of issues accessing O365/Teams/etc
>>
>> --Andrey
>>
>>
>> On Mon, Mar 15, 2021 at 1:33 PM Justin Streiner 
>> wrote:
>>
>>> Can you be a bit more specific regarding what you're seeing or not
>>> seeing?
>>>
>>> Are you reaching MS through IP transit/peer connections, or are you
>>> having issues reaching MS cloud services over ExpressRoute circuits?
>>>
>>> Thank you
>>> jms
>>>
>>> On Mon, Mar 15, 2021 at 4:04 PM  wrote:
>>>
 Anyone else noticing major MAJOR problems with various MS services?

 Geoff

Re: Half Fibre Pair

[Craig]

single strand / cwdm optics

On Tue, Jan 26, 2021 at 3:52 PM Rod Beck 
wrote:

> Can someone explain to me what is a half fibre pair? I took it literally
> to mean a single fibre strand but someone insisted it was a large quantity
> of spectrum. Please illuminate. On or off list as you please.
>
> Regards,
>
> Roderick.
>
> Roderick Beck
> VP of Business Development
>
> United Cable Company
>
> www.unitedcablecompany.com
>
> New York City & Budapest
>
> rod.b...@unitedcablecompany.com
>
> Budapest: 36-70-605-5144
>
> NJ: 908-452-8183
>
>
> [image: 1467221477350_image005.png]
>

Re: AS 701 ?

[Craig]

yea fast email, details lacking..too much going on tonight w/ changes...

our IPv4 & IPv6 Peers both went down, bounced a few times, now down hard...
have tickets opened with Verizon, but no ETA, not sure if anyone else
experienced this. we are in eastern US



On Thu, Jan 14, 2021 at 9:21 PM Christopher Morrow 
wrote:

> On Thu, Jan 14, 2021 at 7:16 PM Craig  wrote:
> >
> > Anyone else having peering issues problems with AS 701?
>
> meaning:
>   1) "I lost all routes to 701 paths"
>   2) "All my traffic into 701 never returns"
>  3) links to 701 are full, yikes!
>   4) other ?
>
> more info is more better.
>

AS 701 ?

[Craig]

Anyone else having peering issues problems with AS 701?

Re: Hurricane Electric AS6939

[craig washington]

Side note, they don’t support any traffic engineer aside from prepends but no 
complaints Besides that.



On Oct 13, 2020, at 8:25 PM, Mike Hammett 
mailto:na...@ics-il.net>> wrote:

https://bgp.he.net/AS16527

You don't appear to be on any IXes. Definitely join some IXes before buying 
another 100G of transit.

DFW has a couple and there are some more that are starting up.



-
Mike Hammett
Intelligent Computing Solutions
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/googleicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
Midwest Internet Exchange
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/linkedinicon.png][http://www.ics-il.com/images/twittericon.png]
The Brothers WISP
[http://www.ics-il.com/images/fbicon.png][http://www.ics-il.com/images/youtubeicon.png]

From: "Aaron Gould" mailto:aar...@gvtc.com>>
To: nanog@nanog.org
Sent: Tuesday, October 13, 2020 6:29:55 PM
Subject: Hurricane Electric AS6939

Do y’all like HE for Internet uplink?  I’m thinking about using them for 100gig 
in Texas.  It would be for my eyeballs ISP.  We currently have Spectrum, Telia 
and Cogent.

-Aaron

Re: WIKI documentation Software?

[Craig]

Greatly appreciate all these suggestions, we are going to test several of
these packages out and determine which will be best for us.

Thanks!

Then comes the task of getting the legacy wiki pages off the Mac wiki
server over to the new wiki

Argg

More figuring out to do.


On Tue, Mar 17, 2020 at 9:22 PM Billy Crook 
wrote:

> We're a new group and at recommendation of this thread, I set up
> dokuwiki for us and I like it already!
>
> On Tue, Mar 17, 2020 at 1:54 PM Jens Link  wrote:
> >
> > Craig  writes:
> >
> > > Wanted to ask what WIKI software teams are using to save documentation
> to / how to's for staff, etc.
> >
> > On the wiki side: +1 for dokuwiki
> >
> > Given that more and more people are automating stuff and this way ending
> > up git anyway:
> >
> > Write your doku as markdown, put it into git, generate static web
> > pages. For people who like editing via a GUI can use gitlab or something
> > similar.
> >
> > This approach has some advantages:
> >
> > - You always have (a more or less) current version of your documentation
> >   offline
> > - You can just use grep to find stuff
> >
> > Jens
> > --
> >
> 
> > | Delbrueckstr. 41| 12051 Berlin, Germany   |
> +49-151-18721264 |
> > | http://blog.quux.de | jabber: jensl...@quux.de|
> ---  |
> >
> 
>

Re: WIKI documentation Software?

[Craig]

Lol, Sharepoint,,,. Arggg, yea NOT going to happen ,

We’ve managed to avoid using that.




On Sat, Mar 14, 2020 at 10:50 AM Nicholas Oas 
wrote:

> Seconding Confluence. Stay away from Sharepoint.
>
> On Sat, Mar 14, 2020 at 8:09 AM Craig  wrote:
>
>> Wanted to ask what WIKI software teams are using to save documentation to
>> / how to's for staff, etc.
>>
>> pro's
>> con's
>>
>> We have an older wiki bare-metal wiki server, that I want to get replaced
>> before it kicks the bucket and was looking into various ones.
>>
>> thanks;
>>
>> CPV
>>
>>
>>

Re: COVID-19 vs. our Networks

[Craig]

Somewhat of a duplicate reply here to another thread...
We have noticed as the organization has been sending various teams to WFH,
an increase in bandwidth to our various VPN services. It's been creeping up
daily.
we are in process of upgrading our bandwidth to these areas to support this.




On Sat, Mar 14, 2020 at 6:25 AM Radu-Adrian Feurdean <
na...@radu-adrian.feurdean.net> wrote:

> On Sat, Mar 14, 2020, at 04:31, Darin Steffl wrote:
> > Playing games doesn't take much bandwidth. Downloading games does. So
> > as long as everyone already has their games and there's no updates,
> > playing the game is typically under 100 kbps which is negligible
> > compared to streaming video which takes 1 to 25 mbps.
>
> My experience at $job[$now] (IXP) and $job[-1] (ISP with residential
> users) show otherwise. ISP-side traffic comes inbound from ASNs hosting
> gaming platforms, and IXP-side, gaming platforms have no issues taking 100G
> ports and pushing lots of traffic on them. Ratio-wise, they seem very much
> "heavy outbound". When new games are released, we see extra traffic from
> CDNs. Even if a game does not generate much traffic, in a MMO context every
> user pushes one data stream but receives several ones. And there may be
> reasons (avoiding cheats) where traffic pushed from the gaming platform
> contains more then each user's actions.
> IMO, it depends on how game handles inter-player communication. I do
> recall playing some serverless networked games some 15-20 years ago, with 3
> players each on their own ADSL or cable, and the upstream (in the 512-800
> Kbps range) never getting saturated.
>

Re: Work from Home and other dynamics

[Craig]

We have noticed as the organization has been sending various teams to WFH,
an increase in bandwidth to our various VPN services. It's been creeping up
daily.
we are in process of upgrading our bandwidth to these areas to support this.
we are finding support teams are taking steps to finally fix their VPN
services to a more robust nature, (active/active vs active / standby),



On Mon, Mar 9, 2020 at 6:00 PM Payam Poursaied  wrote:

> -Original Message-
> From: NANOG  On Behalf Of Jared
> Mauch
> Sent: Monday, March 9, 2020 6:32 AM
>
> I’m wondering what general trends people have seen with the recent
> reduction in travel and increased work from home activities.
> What interesting dynamics are you seeing?
>
> 
> Evening-peak graphs turned into all-day-peak
> https://ln.sync.com/dl/ded61e820/eqaehqz7-8yfw2vj9-ackq7w46-4zgfv8ru
> This is a sample 9-day graph shows it changes after and before when the
> outbreak hit a region, and people started to consider it more seriously.
>
>
>
>

WIKI documentation Software?

[Craig]

Wanted to ask what WIKI software teams are using to save documentation to /
how to's for staff, etc.

pro's
con's

We have an older wiki bare-metal wiki server, that I want to get replaced
before it kicks the bucket and was looking into various ones.

thanks;

CPV

Re: akamai yesterday - what in the world was that

[craig washington]

Dido


On Feb 11, 2020, at 9:03 PM, Andy Smith 
mailto:telephonetoughgu...@gmail.com>> wrote:

Any word on what the update was for? It caused quite a jump in traffic on our 
network.

On Tue, Feb 11, 2020, 19:06 Jared Mauch 
mailto:ja...@puck.nether.net>> wrote:
Looking good from my perspective. Let me know if we are causing you pain and 
let's see what can be done to improve.

I'm here in SF if you are at nanog.

Sent from my iCar

> On Feb 11, 2020, at 3:42 PM, Tom Deligiannis 
> mailto:tom.deligian...@gmail.com>> wrote:
>
> There is a major update that has released today, how's everything looking for 
> everyone?

Re: Elephant in the room - Akamai

[craig washington]

I don't have any insight but can confirm I am seeing the same thing. (Traffic 
shift back onto transit links)
They did tell me they were having some bandwidth issues and are working on it.
I am currently awaiting a direct PNI with them but haven't heard from them in 
some time.


From: NANOG  on behalf of Kaiser, Erich 

Sent: Thursday, December 5, 2019 3:03 AM
To: NANOG list 
Subject: Elephant in the room - Akamai

Lets talk Akamai

They have shifted 90% of their traffic off IXs and onto our full route DIA, 
anyone else seeing this issue or have insight as to what is going on over 
there?  We have been asking for help on resolution for weeks and all we get is 
we are working on it and now we get no response.  We were even sent an LOA and 
when the DC went to go put in the x-connect their patch panel was full.  How do 
they not know if they have ports open or not?  I have even reached out to an 
engineer who is on this list and he does not even respond.

The last two nights the traffic levels to them has skyrocketed as well.

Any insight?


Erich Kaiser
The Fusion Network

Graphical databases ?

[Craig]

Has anyone used the graphical data base software:
https://neo4j.com/

I looked at this software several years ago, but it will still relatively
new.
We are exploring using this to create dependencies of our network
infrastructure hardware, customer information, etc. etc.

here is an example:
https://neo4j.com/graphgist/network-dependency-graph

For those that have used it:
Has anyone been able to successfully use this for their networks?
pros/cons/good/bad

Is maintaining the data a chore?
Has it helped operationally?

if anyone has any input would appreciate hearing from you;

thanks;

CPV

Re: OT: Tech bag

[Craig]

I switched up to a backpack from this company:
https://missionworkshop.com/collections/backpacks

they have modular packs, so I keep various things in the modules, and they
can go onto their packs.

On Fri, Aug 2, 2019 at 8:41 PM Brian Knight  wrote:

> About a year ago, I switched from a Swissgear to a High Sierra Endeavor
> wheeled backpack and been very happy with it. Most of the time I carry < 15
> lbs of gear when I commute to the office on the train, so I’ll have it on
> my back. But when I head to the colo with a heavy load, it’s handy (and a
> real relief to my neck and shoulders) to be able to switch to wheeled mode.
> It’s held an ASR920 + laptop + hardware + usual load with a bit of room to
> spare.
>
> HTH,
>
> -Brian
>
> > On Aug 2, 2019, at 11:14 AM, Dovid Bender  wrote:
> >
> > Hi,
> >
> > Sorry for the OT email. I travel extensively to DC's and my computer bag
> seems to keep collecting more tools which includes your usual console
> cables, spare everything, two laptops etc. My Swissgear has been taking a
> beating and I was wondering what others who have to lug around 30-35 pounds
> use.
> >
> > TIA.
> >
> >
>
>

Microsoft Peering IPv4 BGP Table

[Craig]

If someone could please send me a IPv4 BGP table for the Microsoft Express
Routes Microsoft Peer for the prefixes you are receiving, I would
appreciate it.

thanks;
CPV

Microsoft Express Routes woes...

[Craig]

This is classic...

We have a direct BGP peering session to Microsoft using Express Routes for
the public peering session for services like Email, one drive, etc. this
uses MS Public. We also have/use MS Azure Public as well as MS Azure
Private in place for a few years now. We have had this happen a few times
already where one team at MS makes a routing change, and the other team is
either not aware of the change, or else doesn't communicate the change
properly.

So late last night, while a change was being made to a completely different
area of our network, they asked that I back out my change due to our entire
organization not being able to access share-point online, or MS One drive.

I had zero evidence it was our change. further investigation on our border
routers, revealed all four (4) of our ISP's were advertising the MS block
as a /24 prefix:

A:MY_NAME_CHANGED# show router 1053 bgp routes 13.107.136.0/24

 BGP Router ID:10.11.0.29   AS:122 Local AS:122

 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * -
valid
 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete


BGP IPv4 Routes

Flag  NetworkLocalPref   MED
  Nexthop (Router)   Path-Id Label
  As-Path
---
u*>? 13.107.136.0/2425010450
  4.49.118.153   None-
  3356 8075 8068
---
Routes : 1

HOWEVER MS Express Routes was advertising this:

A:MY_NAME_CHANGED# show router 1053 bgp routes 13.107.136.0/22

 BGP Router ID:10.11.0.29   AS:122 Local AS:122

 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * -
valid
 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete


BGP IPv4 Routes

Flag  NetworkLocalPref   MED
  Nexthop (Router)   Path-Id Label
  As-Path
---
i  13.107.136.0/22300 0
  157.229.11.66  None-
  12076

So another call to MS support and escalations to get this more specific
prefix fixed or if Express routes can advertise this more specific vs the
/22 block.

*Questions:*
Has anyone else ran into this with MS if you have a direct peering session
to them?
Has anyone did an audit on the route table's received from MS over express
routes, vs what they receive from their ISP's and noticed the differences?

MS needs to seriously think about:
Careful coordination of routing changes
Policies to prevent specific routes being advertised while larger blocks
are advertised over express routes.

Anyway I am tired, as I have not had much sleep, any comments on this,
would like to hear from you.



-Craig

Re: internet - sparkle

[craig washington]

Agree with this 💯 
Traffic engineering is non existent making it a pain to move your traffic 
besides not advertising the prefix to them

Sent from my iPhone

> On May 16, 2018, at 12:33 PM, Ca By  wrote:
> 
>> On Wed, May 16, 2018 at 9:14 AM Michael Crapse  wrote:
>> 
>> Additionally, whilst not "technically" a tier 1 provider, Hurricane
>> electric should be high on that list. Especially as one of the best
>> providers of and proponents for IPv6. We'll see into the future, HE may
>> have one of the most critical infrastructures, and should be a "part-owner"
>> of the internet.
>> 
> 
> Fully disagree.
> 
> 1). HE cant reach cogent on v6. Forget whos fault it is, it is a liability
> for anyone that relies on HE
> 
> 2). They dont support common bgp communities like no-export, so trying to
> do TE is a mess.
> 
> 3). They are at the center of nearly every bgp hijacking fiasco because
> they dont have reasonable route controls.
> 
> HE is a liability to us all until they fix their bgp filters
> 
> https://www.internetsociety.org/blog/2018/04/amazons-route-53-bgp-hijack/
> 
> 
> 
> 
>>> On Wed, May 16, 2018, 8:08 AM Eric Dugas  wrote:
>>> 
>>> Replace Level3 with CenturyLink as they're basically taking over AS33566.
>>> Would add Zayo (AS6461) to the list.
>>> 
>>> I'm not familiar with Sparkle/Seabone to be honest as we're operating an
>>> eyeball network exclusively in the NA.
 On May 16 2018, at 10:54 am, Aaron Gould  wrote:
 
 http://icaruswept.com/2016/06/28/who-owns-the-internet/
 
 
 .written in 12/2015 - do y'all think this is accurate, and, in 2018, is
>>> it
 still accurate ? (asking since my next question is related to Sparkle,
>>> since
 they are listed in that previous article as a significant Internet
>>> presence)
 
 
 
 Also, please tell me your feelings/experiences of Sparkle as an
>> Internet
 uplink provider. like for 10/100 gig.
 
 
 
 My coworker just got back from ITW/Chicago and he is considering
>> Sparkle
>>> as
 an additional Internet provider for the ISP I work for in San Antonio,
>>> TX .
 we would need to uplink to Sparkle in the central Texas area somehow.
>> He
 mentioned that Sparkle may be in McAllen / Dallas and could possibly,
>> in
>>> the
 future be in Austin or San Antonio
 
 
 
 
 
 - Aaron
>>> 
>> 

Hulu Peering

[craig washington]

Hey all,


Just wondering if anyone peers with Hulu at any public exchange.

I don't see anything on them in the peeringdb or anything that stands out from 
a google search besides it looks like they may be doing something with Equinix.


Thanks

Network Services Forms/methods for tracking

[Craig]

Could anyone that operates in a ISP or large enterprise that deals with
many different customers/clients discuss some methods you handle network
service requests.


   - Do you have/use an online form?
   - How is it tracked, IE a service request #, circuit ID, etc?
   - Can the customer look up the info to see if their request is completed?
   - Can engineers reference this info when issues arrise, and customers
   call in for support?
   - Pros/cons about the method you are using now?



once the information is gathered how is it verified? (sometimes
clients/customers don't know what they need)

and finally what information does the engineer receive to complete the
build of the network service?
does the engineer update the information when the network service is build
out so its tracked?

I am looking to get some feedback on some better ways to handle network
requests, service providers would probably have good feedback on this that
can facilitate collecting all the info needed, adding to the info once the
build is completed and then having something that can be accessed when any
t-shooting is required, and also if the service is to be decommissioned.


Any feedback is appreciated;

craig

Re: Amazon peering peeps on the list?

[Craig]

We had to do the same, a ticket and issue moved along quickly and a CO-
worker had the peers up quickly.


On Fri, Mar 9, 2018 at 9:16 AM Jason Kuehl  wrote:

> The better way to go ahead and get a hold of Amazon for peering issues is
> to open a ticket with them via AWS account with business support.
>
> This is how I resolved issues with peering in the past.
>
> On Mar 9, 2018 8:27 AM, "Joe Nelson"  wrote:
>
> > I've all but given up on trying to get a response from
> peer...@amazon.com.
> > If you do end up getting a contact, please share.
> >
> > On Wed, Mar 7, 2018 at 8:19 PM, Mike Lyon  wrote:
> >
> > > Anyone on the list from Amazon peering? Have sent multiple emails to
> > > peer...@amazon.com over the past couple of weeks with no reply.
> > >
> > > Any help would be appreciated.
> > >
> > > Thank You,
> > > Mike
> > >
> > >
> > > --
> > > Mike Lyon
> > > mike.l...@gmail.com
> > > http://www.linkedin.com/in/mlyon
> > >
> >
>

BGP next-hop self benefits

[craig washington]

Hello everyone,


Question, what are the true benefits to using the next-hop self feature, 
doesn't matter what vendor.

Most information I see is just to make sure you have reach-ability for external 
routes via IBGP, but what if all your IBGP knows the eBGP links?

Is there a added benefit to using next hop self in this situation?


Any feedback is much appreciated, either for the question specifically or 
whatever else you got 😊, L3VPN's or underlying technology that has to have that.


Thanks

Re: Physical Layer fiber Software Tools?

[Craig]

We are trying out Patchmanager currently, we are asking them if they offer
any software to speed up the physical install for the fiber techs.



On Mon, Oct 30, 2017 at 7:31 AM, Arien Vijn  wrote:

> You probably want to look at Patchmanager: https://patchmanager.com
>
> They usually allow you a free testdrive.
>
> — Arien
>
> > On Oct 26, 2017(43), at 17:08, Craig  wrote:
> >
> > I am hoping someone could help me out with some suggestions for any
> > software that is available, for individuals that are doing physical layer
> > wiring in a data center?
> >
> > The idea is the technician is performing the fiber runs from say RACK 111
> > router AAA port 1/1/1 to RACK 222 router BBB port 1/1/1
> >
> > The fiber is connected to a LIU in the TOP of the rack, and then will
> > require various cross connects to get to the other rack. If the various
> > racks and LIU's are pre-populated into the software, and then a standard
> > for the fiber labels is also installed ahead of time into the software
> > tool.
> >
> > The technician has a tablet or laptop to enter the data, and then it will
> > print out a cable label based on the info entered into the tool. The
> > back-end data base is updated for each fiber so the complete path is
> known.
> > This way its a one step process.
> >
> > Maybe my description of this is readily available or have other companies
> > developed a custom software tool to achieve this?
> >
> >
> >
> > Appreciate any feedback.
>
>

Re: Physical Layer fiber Software Tools?

[Craig]

was the link attached?

On Thu, Oct 26, 2017 at 1:31 PM, Jameson, Daniel <
daniel.jame...@tdstelecom.com> wrote:

> Give this a look.  It can track to the cross-connect level,  then provide
> a one-line drawing. Application is web driven and expandable.  It should be
> able to do what you need.
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Craig
> Sent: Thursday, October 26, 2017 9:09 AM
> To: nanog group
> Subject: Physical Layer fiber Software Tools?
>
> I am hoping someone could help me out with some suggestions for any
> software that is available, for individuals that are doing physical layer
> wiring in a data center?
>
> The idea is the technician is performing the fiber runs from say RACK 111
> router AAA port 1/1/1 to RACK 222 router BBB port 1/1/1
>
> The fiber is connected to a LIU in the TOP of the rack, and then will
> require various cross connects to get to the other rack. If the various
> racks and LIU's are pre-populated into the software, and then a standard
> for the fiber labels is also installed ahead of time into the software tool.
>
> The technician has a tablet or laptop to enter the data, and then it will
> print out a cable label based on the info entered into the tool. The
> back-end data base is updated for each fiber so the complete path is known.
> This way its a one step process.
>
> Maybe my description of this is readily available or have other companies
> developed a custom software tool to achieve this?
>
>
>
> Appreciate any feedback.
>

Physical Layer fiber Software Tools?

[Craig]

I am hoping someone could help me out with some suggestions for any
software that is available, for individuals that are doing physical layer
wiring in a data center?

The idea is the technician is performing the fiber runs from say RACK 111
router AAA port 1/1/1 to RACK 222 router BBB port 1/1/1

The fiber is connected to a LIU in the TOP of the rack, and then will
require various cross connects to get to the other rack. If the various
racks and LIU's are pre-populated into the software, and then a standard
for the fiber labels is also installed ahead of time into the software
tool.

The technician has a tablet or laptop to enter the data, and then it will
print out a cable label based on the info entered into the tool. The
back-end data base is updated for each fiber so the complete path is known.
This way its a one step process.

Maybe my description of this is readily available or have other companies
developed a custom software tool to achieve this?



Appreciate any feedback.

Peering at public exchange authentication

[craig washington]

Hello all,


Wondering your views or common practices for using authentication via BGP at 
public exchange locations.

Just for example, lets say you peer with 5 people in the TELX in Atlanta, do 
you require them to all use authentication for the BGP session?

Ive seem some use it and some not use it, is it just a preference?

Regex expression

[craig washington]

Hello all, not sure if this is the right place for this.

I am not the best with Regex and was looking for an expression in a Juniper 
that will match on only so many numbers.

Meaning, I am looking at the mpls lsp statistics "show mpls lsp transit 
statistics" and I only want to see the LSP's that have larger Bytes, for 
instance I only want to see stuff that has at least 12 digits or longer.



Any help would be greatly appreciated, and if this is the wrong thing to ask 
here, I have no qualms with that either 😊


Thanks again.

Re: AS PATH limits

[craig washington]

Thank you all very much for the feedback.

As always it is much appreciated.



From: Tom Beecher 
Sent: Wednesday, September 20, 2017 8:01 PM
To: craig washington
Cc: nanog@nanog.org
Subject: Re: AS PATH limits

Too many prepends = any more than you really need for what you're trying to 
accomplish. :)

I've cutoff paths as short as 4 to as long as 8 before in different jobs for 
different reasons.

On Tue, Sep 19, 2017 at 9:33 AM, craig washington 
mailto:craigwashingto...@hotmail.com>> wrote:
Hello world.

I was wondering and forgive me if this discussions has already taken place.

How many AS PATHS are too many?

Meaning how do we determine how many to filter on transit links or public 
peering links?


Thanks in advance

AS PATH limits

[craig washington]

Hello world.

I was wondering and forgive me if this discussions has already taken place.

How many AS PATHS are too many?

Meaning how do we determine how many to filter on transit links or public 
peering links?


Thanks in advance

Re: BGP peering question

[craig washington]

Awesome!

Thanks for all of the feedback.

I am going through the links you sent me and I think they will be of very good 
help.

I guess it was a general question but that was kinda the point, get feed back 
from all the pro's 😉


thank you very much again.



From: Martin Hannigan 
Sent: Thursday, July 13, 2017 5:41 PM
To: craig washington
Cc: nanog@nanog.org
Subject: Re: BGP peering question




On Mon, Jul 10, 2017 at 4:12 PM, craig washington 
mailto:craigwashingto...@hotmail.com>> wrote:
Hello,


Newbie question, what criteria do you look for when you decide that you want to 
peer with someone or if you will accept peering with someone from an ISP point 
of view.


You didn't say what kind of 'peering'. That could mean over an IXP or to be 
directly connected. You do not need to be a member of an IX to peer.

There are at least three types of criteria to evaluate. Technical, business and 
legal.  Take a look here for a few ideas on technical and business criteria:

http://bit.ly/2ue2t0P

"Me too" with the rest of the thread. If peering serves your mutual interests 
(or just yours even), its an easy decision.

The Dr Peering http://drpeering.net/ website is also a resource for folks new 
to peering.

http://drpeering.net/


Best Regards,

-M<

BGP peering question

[craig washington]

Hello,


Newbie question, what criteria do you look for when you decide that you want to 
peer with someone or if you will accept peering with someone from an ISP point 
of view.


Thanks.

Multiple VRFs from provider, IP addressing

[Craig Rivenburg]

Hi Nanog...looking for some advice.  I have a customer who has a large
network...approximately 130 sites across the US.  Each site is fed via two
providers, via two Separate CE Routers.  It's a  L3-VPN service.  Each
provider currently provides connectivity for 6 VRFs, each over a single
service multiplexed UNI.  Ie...there are 6 dot1q interfaces facing each
provider, each sub-interface is in its own VRF.

The network is going through a redesign, and one of my tasks is to
consolidate and "streamline" IP addressing.

Looking for a sanity check...I have this idea to make every dot1q
sub-interface facing the provider the same point-to-point subnet.
Specifically, facing a single provider, I want to use the same /30 subnet
for all 6 VRFs.  I'd use a separate /30 for each of the CE routers per
site, so I could go from 12 /30s to 2 per site.  I should note, PE-CE
protocol is BGP, and behind the CE routers is a small iBGP network.

I know it's technically possible to configure the OPs this way and under
normal circumstances its fine.  But, in this case, there is a whole lot of
route leaking / cross target exchanges happening between VRFs.  I still
think it's okay...but can anyone think of a a failure mode that I may not
have?  Is what I'm thinking common practice?  Is there a best practice for
this sort of thing?

Thanks!

Re: APC vs TrippLite metered PDU's

[Craig Tomkow]

APC PDUs have been good.  Their HTTPS interface moves like molasses iirc,
but as long as you have some SNMP mgmt platform (APC struxureware for us),
then you are good.
On Dec 1, 2015 2:55 PM, "Dovid Bender"  wrote:

> Hello All,
>
> We currently use TrippLite and over all have been very happy with their
> metered PDU's. When we first started out we had some minor issues and their
> support went above and beyond. Lately the their Java web interface has been
> becoming a real pain. More and more browsers lock it by default and it
> takes a lot of work to get it working correctly. Does anyone have any
> experience with APC? How are is management of their devices and over all
> how do they operate?
>
> TIA.
>
> Dovid
>

Re: Alcatel-Lucent 7750 Service Router (SR)

[Craig]

we do "cry" when we interview people that claim to have "advanced
knowledge" of BGP and we ask them some very basic BGP questions, and we get
a blank stare.

On Thu, May 7, 2015 at 12:49 PM, Rob Seastrom  wrote:

>
> Josh Reynolds  writes:
>
> > It really bothers me to see that people in this industry are so
> > worried about a change of syntax or terminology. If there's one
> > thing about the big vendors that bothers me, it's that these
> > batteries of vendor specific tests have allowed many "techs" to get
> > lazy. They simply can't seem to operate well, if at all, in a
> > non-Cisco (primarily) environment.
>
> If that bothers you, I recommend you not look at what passes for a
> "system administrator" these days.  It will make you cry.
>
> -r
>
>
>

Re: Alcatel-Lucent 7750 Service Router (SR)

[Craig]

yep.. its way easier and faster to take a look at what is configured:

A:R01>config>service>vprn# interface "to-what-ever-eBGP"
A:R01>config>service>vprn>if# info
--
description "L3 Ckt ID: "
enable-ingress-stats
cpu-protection 231
address 299.299.299.299/30
cflowd interface
ipv6
address 2001::x::x/126
exit
sap 1/1/2 create
cpu-protection 231
ingress
filter ip 3356
filter ipv6 3356
flowspec
exit
exit
--







On Thu, May 7, 2015 at 12:08 PM, Chris Boyd  wrote:

>
> > On May 6, 2015, at 5:24 PM, Colton Conor  wrote:
> >
> > I am worried as most tech's know Cisco and Juniper, so going to ALU would
> > be a learning curve based on replies I am getting off list.
>
> It’s not that hard to learn if you know the basics of IP routing.  I just
> did an implementation of A-L 7705 SAR 8s and 18s.  Now I really wish that
> Cisco supported the “info” command.
>
> —Chris
>
>

Re: Alcatel-Lucent 7750 Service Router (SR)

[Craig]

If you know Juniper and Cisco, the learning curve isn't so bad to pick up
the ALU CLI, after working with it for a brief time, you catch on quickly.
Their products are quite impressive, and a # of the carriers, are moving to
them and some have already moved to them and are quite happy with their
decision.


On Wed, May 6, 2015 at 6:24 PM, Colton Conor  wrote:

> I am worried as most tech's know Cisco and Juniper, so going to ALU would
> be a learning curve based on replies I am getting off list.
>
> On Wed, May 6, 2015 at 5:22 PM, Dan Snyder  wrote:
>
> >
> > They are definitely good for that. We use them in part of our network for
> > something very similar.
> >
> > I am not sure why they aren't mentioned that much. I know that they have
> > been pretty popular in the past couple years.
> >
> > We are planning on using 7750 SR-a4's in the future but right now we
> > mainly have 7750SR7/12s.
> >
> > Sent from my iPhone
> >
> > On May 6, 2015, at 6:00 PM, Colton Conor  wrote:
> >
> > Taking full BGP routes from 4+ carriers on 10G connections. Why is ALU
> > never mentioned, but Juniper MX and Cisco are all day long?
> >
> > The new 7750 SR-a4 looks like a Juniper MX80 or MX104 killer.
> >
> > On Wed, May 6, 2015 at 4:58 PM, Dan Snyder  wrote:
> >
> >> We have been using them for almost 8 years now and have been pretty
> >> happy. What are you looking to use them for?
> >>
> >> Sent from my iPhone
> >>
> >> > On May 6, 2015, at 5:48 PM, Colton Conor 
> >> wrote:
> >> >
> >> > I was wondering if anyone was using a  Alcatel-Lucent 7750 Service
> >> Router
> >> > (SR) in their network? How does this platform compare the the Cisco
> ASR,
> >> > Brocade MLXe, and Juniper MX line?
> >>
> >
> >
>

Re: Dynamic routing on firewalls.

[Craig]

Setup a multi tenant setup between Nexus 7K and Juniper Net screen 5400 FW
using OSPF.
It went OK and worked. However when under traffic load/ less than.
Desirable results... OSPF peer failure / bounces etc.

However using BGP with Juniper SRX FW has been working great. No issues
thus far.
 On Feb 5, 2015 9:11 AM, "David Jansen"  wrote:

> Hi,
>
> We have used dynamic routing on firewall in the old days. We did
> experience several severe outages due to this setup (OSPF en Cisco). As you
> will understand i’m not eager to go back to this solution but I am curious
> about your point of views.
>
> Is it advisory to so these days?
>
> Kind regards,
> David
>
>
>

Re: AS4826 leaking at Any2 LA?

[Craig Spiers]

Hi Randal,

I have put an interim solution in place to stop this - a more permanent 
solution requires some customer involvement.

For the time being - you can consider this issue closed.

Cheers


Kind regards,

Craig Spiers | Senior Network Engineer

M: +64 21 511 523 D: +64 9 913 9672   E: 
craig.spi...@vocus.co.nz<mailto:craig.spi...@vocus.co.nz>
P: 0800 VOCUS NZ or +64 9 912 8899   W: vocus.co.nz<http://www.vocus.co.nz/>   
A: 7a Parkhead Place, Albany, Auckland 0632, NZ

[Description: http://www.vocus.com.au/esig/Vocus_Email_Signature_Logo.png]


On 14 November 2014 at 12:57:07 pm, randal k 
(na...@data102.com<mailto:na...@data102.com>) wrote:

We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826.

Our traceroutes to Microsoft were going to LA->New Zealand and back O_o. We
filtered them out, but thought other folks should know just in case.

I also did call their NOC & send them a copy of my notes - just thought I'd
throw this out there!

Regards,
Randal


image001.png@01CFACB3.94A9E780
Description: image001.png@01CFACB3.94A9E780

Re: AS4826 leaking at Any2 LA?

[Craig Spiers]

Hi Randal,

I’m taking a look at this for you right now.

Cheers


Kind regards,

Craig Spiers | Senior Network Engineer

M: +64 21 511 523 D: +64 9 913 9672   E: 
craig.spi...@vocus.co.nz<mailto:craig.spi...@vocus.co.nz>
P: 0800 VOCUS NZ or +64 9 912 8899   W: vocus.co.nz<http://www.vocus.co.nz/>   
A: 7a Parkhead Place, Albany, Auckland 0632, NZ

[Description: http://www.vocus.com.au/esig/Vocus_Email_Signature_Logo.png]


On 14 November 2014 at 12:57:07 pm, randal k 
(na...@data102.com<mailto:na...@data102.com>) wrote:

We're seeing ~2000+ routes leaking at Any2 LA, originating from AS4826.

Our traceroutes to Microsoft were going to LA->New Zealand and back O_o. We
filtered them out, but thought other folks should know just in case.

I also did call their NOC & send them a copy of my notes - just thought I'd
throw this out there!

Regards,
Randal


image001.png@01CFACB3.94A9E780
Description: image001.png@01CFACB3.94A9E780

Re: Richard Bennett, NANOG posting, and Integrity

[Craig Cooter]

"Without comment" being a load of crap, as the subject is comment.

Because when I think integrity, I think sock puppets.

Re: VZ FIOS SoCo traceroute plea

[Craig]

sorry for no DNS:

traceroute to 96.44.148.54 from 10.10.10.1, 30 hops max, 36 byte packets
 1 0.0 ms  0.0 ms  0.0 ms71.245.189.1   
 2 0.0 ms 16.6 ms 16.6 ms130.81.216.174 
 3 0.0 ms  0.0 ms 33.3 ms130.81.209.76  
 416.6 ms 16.6 ms 33.3 ms152.63.3.125   
 516.6 ms 16.6 ms 16.6 ms129.250.8.37   
 633.3 ms 33.3 ms 16.6 ms129.250.3.16   
 750.0 ms 50.0 ms 50.0 ms129.250.3.51   
 850.0 ms 50.0 ms 50.0 ms129.250.3.67   
 950.0 ms 66.6 ms 50.0 ms69.31.63.168   
1050.0 ms 50.0 ms 50.0 ms69.31.54.194   
1150.0 ms 50.0 ms 50.0 ms96.44.148.54   

Trace complete.



On Tue, Oct 29, 2013 at 12:11 PM, Jim Popovitch  wrote:

> Hello,
>
> A desperate plea, since apparently VZ still doesn't have a public
> routeserver. :-(
>
> I need a trace from a VZ FIOS connection in Southern California, to
> 96.44.148.54 (Quadranet, DFW).
>
> Private replies are welcome and encouraged.
>
> Thank you, sorry for the noise.
>
> -Jim P.
>
>

Zero-Touch Deployment Remote Office solution?

[Matthew Craig]

We have a bunch of small remote offices where we deploy cheap routers with VPN 
tunnels back to the central office.  This is a very static process with high 
overhead… we have to manage each remote router separately, and the offices do 
not have tech personnel that can handle local office issues.

We're looking for a more centrally managed and automated "zero-touch" remote 
office solution, like the Cisco Virtual Office, where the local non-clueful 
people don't have to do much.

http://www.cisco.com/en/US/netsol/ns855/index.html



Does anyone have any experience / feeback for this Cisco Virtual Office 
solution or have recommendations for alternative solutions.



- Matt

Re: DNS issues with tools.ietf.org

[Craig Van Tassle]

On Wed, 4 Apr 2012 22:26:11 +0200 (CEST)
"Marco Davids (Prive)"  wrote:

> Hi,
> 
> Something seems wrong with the DNS of 'tools.ietf.org'.
> 
> Can anyone conform?
> 
> --
> Marco
> 

It works for me.

Re: Hi speed trading - hi speed monitoring

[Craig]

Some longer term players, will use delayed data as they are trading longer
term, and dont care too much so if the orders were delayed a bit more,
these players most likely wouldn't care/notice.

But also you have to consider, there are a large degree of shorter term
players, who are in/out of the market and play both sides, these do have
real-time data feeds, and do care about latency. Some shops go as far as to
only use a certain length patch cables from their trading PC to the switch
port they are connected to. Also consider when news releases are announced,
the markets often do move quite fast, and a LOT of money can be made/lost
in seconds, so delaying the orders, could and would affect the outcome of
the trades.

Also consider that a vast majority of the trades are automated by
computers, and some want their servers setup as close to the exchange as
possible, in fact the CME group released that they will offer/lease data
center space:

"One such project is a 428,000-square-foot data center in the western
suburbs of Chicago opened by the CME Group, which owns the Chicago
Mercantile 
Exchange.
It houses the exchange’s Globex electronic futures and options trading
platform and space for traders to install computers next to the exchange’s
machines, a practice known as co-location — at a cost of about $25,000 a
month per rack of computers."

http://www.nytimes.com/2011/01/02/business/02speed.html?pagewanted=all

http://www.datacenterknowledge.com/archives/2010/08/23/cme-group-opens-chicago-trading-hub/







On Fri, Feb 17, 2012 at 2:47 PM, Kiriki Delany wrote:

> Why not just simultaneously settle all trades at the same time? Once every
> minute, or every 5 minutes, or per day?
>
> There are many solutions to the problem. I'm sure those that can take
> advantage of the latency don't want the solution.
>
>
> Kiriki Delany
>
> -Original Message-
> From: Leo Bicknell [mailto:bickn...@ufp.org]
> Sent: Friday, February 17, 2012 10:54 AM
> To: NANOG
> Subject: Re: Hi speed trading - hi speed monitoring
>
> In a message written on Fri, Feb 17, 2012 at 01:36:35PM -0500,
> valdis.kletni...@vt.edu wrote:
> > Am I the only one who thinks that if network jitter can make you fall
> > outside the acceptable price window, maybe, just maybe,  the market is
> > just too damned volatile for its own good?
>
> I've had an interesting discussion with some financial heads about a simple
> idea.
>
> What if the exchange, on every inbound trade, inserted a random delay, say
> between 0 and 60 seconds, before processing it?
>
> Almost all of this computer based, let's be closer to the exchange stuff
> becomes junk, immediately.  Anyone "long" (where long is probably more than
> 10 minutes, with a 60 second jitter) in a security wouldn't notice.
>
> I mean, if the general public has to get 15 minute delayed quotes so they
> don't manipulate the market, shouldn't the big guys? :)
>
> --
>   Leo Bicknell - bickn...@ufp.org - CCIE 3440
>PGP keys at http://www.ufp.org/~bicknell/
>
>
>

Re: juniper mx80 vs cisco asr 1000

[Matt Craig]

They are competing in some things.  There are differences that will make you choose ASR1000 over MX 
series, but alot of people are choosing either one of the other for many of the same jobs, mainly 
upgrading to straight-forward L3 1/10 gig aggregation.  I know some people who've had ASR1000s and 
MXs on the plate and chose the MXs.  I've also known some who's chosen the ASR1000s.  It just really 
depends on what you need.



Actually something as an alternative to both I am researching is the Brocade MLX series.  They have 
different, more efficient, and refreshing architecture; and phenomenal cost (half the cost of 
ASR1000/MX or less).  Gonna do a trial shortly to see if it all lives up to the marketing or if its 
too good to be true.  I also know some peer institutions who have dumped both Cisco and Juniper for 
Brocade's Ethernet/IP lines.  Not a single bad word so far.



Matt



On 1/23/12 8:30 AM, Mark Tinka wrote:

On Friday, January 20, 2012 04:14:35 PM Saku Ytti wrote:


MX80 is not competing against ASR1k, and JNPR has no
product to compete with ASR1k.

And this is something I've been telling Juniper for years
(not that they don't already know). The M7i and M10i have
really done all they can - but trying to get an Ethernet box
to do non-Ethernet things, while possible, is simply not
economically viable for operators (FlexWAN's, SIP's, MX
FPC's, anyone?).

They really need to solve this one.

The MX80 had no competition from Cisco, until the ASR9001
came out (and it supports 40Gbps line cards when they come
out).

Juniper are dropping the ball on this one. But hopefully,
they're busy in the lab building a decent ASR1000
challenger.

Mark.

Re: Internet to Libya ?

[Craig Labovitz]

http://monkey.org/~labovit/images/march4_libya.pdf

- Craig

On Mar 4, 2011, at 11:42 AM, Marshall Eubanks wrote:

> Does anyone have evidence that the Internet is up to Libya today ?
> 
> The Google "transparency report" is showing flatlines after about mid-day 
> yesterday.
> 
> http://www.google.com/transparencyreport/traffic/?r=LY&l=WEBSEARCH&csd=1298650426153&ced=1299255226153
> 
> Regards
> Marshall

Re: Libya

[Craig Labovitz]

Updated data  on Libya and other Internet traffic issues in the region: 
http://goo.gl/07ONC

- Craig

Re: Libya

[Craig Labovitz]

http://www.monkey.org/~labovit/libya_pulls_plug.png


-C


Sent from my iPhone

On Feb 19, 2011, at 7:23 AM, Randy Bush  wrote:

> gossip that libya is off net.  any actual data?
> 
> randy
> 

Re: Connectivity status for Egypt

[Craig Labovitz]

Good to see the traffic back. Graphs visualizing return of Egyptian traffic 
volumes below.

Week view:
   http://www.monkey.org/~labovit/egypt_back_week.png

Today:
  http://www.monkey.org/~labovit/egypt_returns.png


- Craig


Craig Labovitz  |  Chief Scientist, Arbor Networks  | 
http://www.monkey.org/~labovit



On Feb 2, 2011, at 8:25 AM, Marshall Eubanks wrote:
> It's not just BGP - DNS (based on the samples I have been testing) seems to 
> be fully back too. 
> 
> Regards
> Marshall

Re: Connectivity status for Egypt

[Craig Labovitz]

And to add to this thread, an  graph of Egyptian Internet traffic across a 
large number of geographically / topologically diverse providers yesterday (Jan 
27):

http://farm6.static.flickr.com/5291/5395027368_7d97b74c0b_b.jpg

Traffic drops to a handful of megabits following the withdrawal of most 
Egyptian ISP BGP routes.

- Craig


On Jan 27, 2011, at 8:28 PM, Andree Toonk wrote:
> Hi,
> 
> Looking at the BGP announcements it seems that the problem started at around 
> 22:28 UTC.
> 
> Most of the Autonomous systems operating in Egypt are currently not 
> announcing any or at least significantly less prefixes.
> The one exception seems to be AS20928 (Noor Data Networks).
> 
> For more details also see: http://bgpmon.net/blog/?p=450
> 
> Cheers,
> Andree




Craig Labovitz  |  Chief Scientist, Arbor Networks  
http://www.monkey.org/~labovit

Re: Connectivity status for Egypt

[Craig V]

Some interesting financial news... Unsure if this is related the outages,
but interesting.

http://www.marketwatch.com/story/egypt-market-slumps-as-mideast-turmoil-spreads-2011-01-27

EGYPT: Stock market stumbles amid nationwide
turbulence

http://latimesblogs.latimes.com/babylonbeyond/2011/01/egypt-stock-market-stumbles-amidst-nationwide-turbulence.html


On Thu, Jan 27, 2011 at 7:10 PM, Christopher  wrote:

> I have a server with CityNet Host in Cairo. The server and ISP are
> completely offline
>
>

Re: Is Cisco equpiment de facto for you?

[Craig V]

Our core business is not as a service provider, as in selling services to
others, but we act as a service provider providing services for the various
customers in our internal network that we support.

Our core used to be an all Cisco Core. a few years back the decision was
made to replace this with Alcatel-Lucent IPD products. I can say we are
happy that we did replace the Cisco core, and we have had a very good
experience with the IPD product line. I am sure others can attest to this
also.  The features and functionality along with the reliability have been
very good, and in my opinion they have a strong product.

Our edge at this point is a mixture of Cisco access switches, and we also
still have some Cisco Distribution.

On Mon, Jan 10, 2011 at 10:31 AM, Brandon Kim wrote:

>
> Hello gents:
>
> I wanted to put this out there for all of you. Our network consists of a
> mixture of Cisco and Extreme equipment.
>
> Would you say that it's fair to say that if you are serious at all about
> being a service provider that your core equipment is Cisco based?
>
> Am I limiting myself by thinking that Cisco is the "de facto" vendor of
> choice? I'm not looking for so much "fanboy" responses, but more of a real
> world
> experience of what you guys use that actually work and does the job.
>
> No technical questions here, just general feedback. I try to follow the
> Tolly Group who compares products, and they continually show that Cisco
> equipment
> is a poor performer in almost any equipment compared to others, I find that
> so hard to believe.
>
> Thanks!
>
> Brandon
>
>

Re: AltDB?

[Craig Pierantozzi]

On Jan 5, 2011, at 9:26 AM, Jon Lewis wrote:

[snip]

> Can anyone from Level3 say how this will impact customer BGP filters. Will L3 
> keep working with the last data sync they got from altdb?

Yes, Level 3 will continue to use the last data mirrored and archived. New 
filters are not pushed daily, they are only pushed when things change.

Archives are here in case people want to know what the latest was: 


regards

Re: Some truth about Comcast - WikiLeaks style

[Craig L Uebringer]

On Thu, Dec 16, 2010 at 8:02 AM, Jared Mauch  wrote:

>
> On Dec 16, 2010, at 1:16 AM, JC Dill wrote:
>
> > On 15/12/10 9:29 PM, Jay Ashworth wrote:
> >>
> >> The underlying problem, of course, is lack of usable last-mile
> competition;
> >
> > I agree.
>
>
It exists where there is an ROI on investment. Capital markets haven't been
friendly
to network build since the dot-bomb, and for some reason localities are more
willing
to give tax-incentive financing to malls and stadiums rather than incenting
over-builders.


> >> see also my running rant about Verizon-inspired state laws *forbidding*
> >> municipalities to charter monopoly transport-only fiber providers,
> renting
> >> to all comers on non-discriminatory terms, which is the only practical
> >> way I can see to fix any of this.
> >
> > The problem is that this should have been addressed 5-10 years ago, when
>
> there *were* alternative ISPs who could have provided competition.  Now
> that
>
> Comcast has a monopoly on cable, and fiber is so bleeping expensive to
> install,
>
> at best we might get *one* alternative to Comcast, and a duopoly is really
> no
>
> better (for consumers, for the marketplace) than a monopoly.
>

Funny thing about competition is that there are losers as well as winners.
 DSL competition
didn't lose by regulation, it lost (nationally) by cheaper, more elastic
bandwidth available
on other media and JC's previously-noted fickle and lazy consumers.  Where
there is
competition, the little guy gets an easy low percentage (10-25%) of
penetration based
solely on not being the incumbent, but churn is high as soon as sign-up
incentives expire
and they get on a downward spiral of catering to complainers. Magic phrases
are traded
on dslreports and any retention-packages get spread across the entire
customer base.
Where there isn't market- sustainable competition, there is no actual
legislated monopoly
but rather ignorant local boards.


> This is why I suggested it might take regulatory action, or changes in
> state laws.
>

Also engage locality first, as Jared indicates. The problem in going to the
fed is that power
will be skewed to the larger entities. Competitive providers breathed a sign
of relief when
Verizontal lost their attempts to get statewide television franchising and
had to deal
locality-by-locality, just like the small guys did.  Would be worse if there
was a single
federal entity to buy off now that corporate campaign funding is both
anonymous and
unlimited.


>
> If I want to start up a coop, or convince my local county/state they should
> be a neutral provider of conduits/dark fiber as roads are rebuilt, etc..
> there are various barriers.  Even if the cost would be nominal.  I scaled-up
> some quotes to be an area-wide effort for fiber down every public road ROW,
> and came back with $100mil.  (you private road types need to shell out your
> own cash for that leg).
>
> The barriers to doing this as a project are well known.  Even if you don't
> like ars, they have decent articles on these topics:
>
>
> http://arstechnica.com/tech-policy/news/2010/01/municipal-fiber-needs-more-fdr-localism-fewer-state-bans.ars
>
>
> http://arstechnica.com/tech-policy/news/2009/06/monticello-appeals-court-win.ars
>
>
> http://arstechnica.com/old/content/2008/07/telco-wont-install-fiber-sues-to-keep-city-from-doing-it.ars
>
> Similar to the above, I could not even get Comcast to give me a quote to
> build to my area.  AT&T ... good luck getting any data from them.  I can
> tell they are filling in the gaps based on the trenching/boring going on,
> but there's no good way to motivate them.  And even if I decided to drop
> $10k to install a bunch of POTS service for 1 month to force a build, who
> knows if that build would bring the right level of service.  (As the POTS is
> regulated with a low install fee).
>
> The incentives are clearly skewed here, but without that $100mil, reaching
> the 125k properties (111k residences) in my local area may be tough.  (Note:
> there may be actual cost savings by not running down *every* public road,
> but using public road mileage and property counts seemed like a good method
> without actually designing the final fiber plant).
>
> My notes are here:
>
> http://puck.nether.net/~jared/blog/?p=84
>
> The reply I received from my elected reps:
>
> "Additionally, offering a millage to build a network for the general public
> may violate recent provisions within the Michigan Telecommunication Act."
>
>- Jared
>

In a country where government-supplied healthcare is viewed as evil, how can
people
honestly expect the less-important telecommunications to be allowed to be
"government
run" as neutral municipal networks? Any unbundling of local HFC or FTTP
loops will be
slow and problematic.

Re: Some truth about Comcast - WikiLeaks style

[Craig L Uebringer]

On Tue, Dec 14, 2010 at 1:53 AM, Rettke, Brian wrote:

> I don't see anything listed that indicates operation that is at all
> different from any other service provider network.
>

Yeah, the 30 day looks like a classic uptick in traffic toward the holidays.
Some bellhead beancounter maybe
took out capacity in the summer lull and ignored the engineers. Or they just
have stupidly-slow install intervals.
Same crap I've seen on loads of provider networks.


> The "capacity" issue listed is not an issue at all. It's simply inciting
> anger and the same rhetoric that pollutes the legitimate discussion of
> backbone network constraints.
>
> When you shout "conspiracy" without offering verifiable facts, and not
> accounting for the cost (and time) it takes to upgrade networks (much less
> the fact that it requires capacity upgrades on both sides, in this case
> between TATA and Comcast), it makes the whole argument invalid in my
> opinion.
>

If they wanted to be tru to the  claim of "wikileaks style" in the subject
line, they'd have an actual memo from
some executive stating the policy of purposefully starving traffic. Never
attribute to malice* *that which is
adequately explained by stupidity.


> That and the "backdoor santa" thing makes me believe the whole thread is
> designed to flame rather than promote the discourse that is the hallmark of
> NANOG. I really hope that there are moderators about to verify this: With
> these kinds of people about I'm less likely to post anything of substance.
>
> Sincerely,
>
> Brian
>
> -Original Message-
> From: Mikael Abrahamsson [mailto:swm...@swm.pp.se]
> Sent: Monday, December 13, 2010 11:45 PM
> To: nanog@nanog.org
> Subject: Re: Some truth about Comcast - WikiLeaks style
>
> On Mon, 13 Dec 2010, Backdoor Santa wrote:
>
> > Another thing to notice is the ratio of inbound versus outbound. Since
> > Comcast is primarily a broadband access network provider, they're going
> > to have millions of eyeballs (users) downloading content.
>
> Actually, there are plenty of access providers with 2:1 ratio (more ul
> than dl). It's not a matter if you're access provider or not, it's a
> matter if you offer decent upstream speed or not.
>
> In my experience, someone with 10/10 megabit/s ETTH compared to someone
> with 24/1 ADSL will download the same amount of data on average, but the
> 10/10 will have four (4) times more upload usage, bringing the ratio from
> 2:1 (Dl:Ul) on ADSL to 1:2 (Dl:Ul) on ETTH.
>
> So because Comcast is offering low upload speeds, they'll have low
> outgoing amount of traffic compared to incoming. With more and more ISPs
> offering more symmetric dl/ul speeds, we'll approach 1:1 ratio more and
> more...
>
> --
> Mikael Abrahamssonemail: swm...@swm.pp.se
>
>
>

Re: wikileaks unreachable

[Craig Labovitz]

http://asert.arbornetworks.com/2010/11/wikileaks-cablegate-attack/
and http://asert.arbornetworks.com/2010/11/round2-ddos-versus-wikileaks/

- Craig


On Dec 1, 2010, at 4:38 PM, Mike wrote:
> Just on an operational front, does anyone know the nature of the DDoS against 
> wikileaks? eg: spoofed source garbage, http get, synfloods, or ?
> 
> Mike-

Re: RIP Justification

[Craig]

We have a design for our wan where we use rip v2 and it works very well, we 
were using ospf but it was additional config, so in our case simple was better, 
and it works well..

I could discuss it more with you off-line if you like. 



On Sep 29, 2010, at 4:20 PM, Jesse Loggins  wrote:

> A group of engineers and I were having a design discussion about routing
> protocols including RIP and static routing and the justifications of use for
> each protocol. One very interesting discussion was surrounding RIP and its
> use versus a protocol like OSPF. It seems that many Network Engineers
> consider RIP an old antiquated protocol that should be thrown in back of a
> closet "never to be seen or heard from again". Some even preferred using a
> more complex protocol like OSPF instead of RIP. I am of the opinion that
> every protocol has its place, which seems to be contrary to some engineers
> way of thinking. This leads to my question. What are your views of when and
> where the RIP protocol is useful? Please excuse me if this is the incorrect
> forum for such questions.
> 
> -- 
> Jesse Loggins
> CCIE#14661 (R&S, Service Provider)

Re: Looking Glass

[Craig Van Tassle]

On Tue, 07 Sep 2010 17:09:21 +0300
Peter Rudasingwa  wrote:

> I have a linux (ubuntu) box and I would like to install a BGP looking 
> glass. Are there any out there for free and how can one go about it?
> Is linux the best OS to use?
> 
> Thanks,
> Peter R.

I have used Mult-Router Looking Glass in the past and it's been pretty
good. 

http://freshmeat.net/projects/mrlg4php/


-- 


signature.asc
Description: PGP signature

Re: ALU - 7750 SR-12/7/1

[Craig]

Work with the product. No issues so far, very solid.



On Jun 3, 2010, at 6:30 AM, "Uri Joskovitch"  
 wrote:




Hi

Any one working with Alcatel Lucent equipment 7750 SR-12/7/1.

Any issues with it?

Specifically in ATM.

Thanks

Uri

Re: Using private APNIC range in US

[Craig Vuljanic]

Chuck - Very true...
What about the time our old manager (MARTIN) gave your old organization that
Entire Class B 


On Fri, Mar 19, 2010 at 11:06 AM, Charles Mills  wrote:

> I love war stories.  I once got chewed out by a colleague  from
> another organization because we were using "their" address space.
>
> We were using 10.0.0.0/8.  Explanation of NAT and RFC1918 was met with
> a deer in the headlights look.
>
> On Fri, Mar 19, 2010 at 12:04 AM, Matt Shadbolt 
> wrote:
> > I once had a customer who for some reason had all their printers on
> public
> > addresses they didn't own. Not advertising them outside, but internally
> > whenever a user browsed to a external site that happened to be one of the
> > addresses used, they would just receive a HP or Konica login page :)
> >
> > They didn't mind though. No idea if they've changed it since.
> >
> >
> > On Fri, Mar 19, 2010 at 6:41 AM, Larry Sheldon 
> wrote:
> >
> >> On 3/18/2010 14:30, William Allen Simpson wrote:
> >> > On 3/18/10 2:35 PM, Jared Mauch wrote:
> >> >> Does anyone know if the University of Michigan or Cisco are going be
> >> updating their systems and documentation to no longer use 1.2.3.4 ?
> >> >>
> >> >> http://www.google.com/search?q=1.2.3.4+site%3Acisco.com
> >> >>
> >> >> I know that the University of Michigan utilize 1.2.3.4 for their
> captive
> >> portal login/logout pages as recently as monday when I was on the
> medical
> >> campus.
> >> >>
> >> > Dunno about cisco.
> >> >
> >> > med.umich.edu seems to run their own stuff, separately from umich.edu
> ,
> >> and
> >> > quite badly.  I've complained about their setup repeatedly over the
> past
> >> > several years.  No traction.
> >>
> >> Is it something about Medical Schools?
> >>
> >> When we were first putting together the campus network, Surgery was
> >> running a Token Ring (I thought "Vampire Tap" was a fitting item for
> >> their inventory) running in Class D space as I recall.
> >>
> >> > Should we try again, jointly?  ;-)
> >>
> >> Towards the end, there were people who insisted I must rout their net to
> >> the Internets.
> >>
> >> I declined.
> >> --
> >> Democracy: Three wolves and a sheep voting on the dinner menu.
> >> (A republic, using parliamentary law, protects the minority.)
> >>
> >> Requiescas in pace o email
> >> Ex turpi causa non oritur actio
> >> Eppure si rinfresca
> >>
> >> ICBM Targeting Information:  http://tinyurl.com/4sqczs
> >> http://tinyurl.com/7tp8ml
> >>
> >>
> >>
> >>
> >
>
>
>
> --
> =
> Charles L. Mills
> Westmoreland Co. ARES EC
> Amateur Radio Callsign W3YNI
> Email: w3y...@gmail.com
>
>

Re: Alcatel-Lucent

[Craig]

Very good routers. We have been using them for several years now. Very  
solid product, and very easy to setup services: ie vprn/ vpls/ epipe,  
etc.


The qos on the box is very scalable. I could talk more about them off  
line with you or discuss more over phone.






On Mar 4, 2010, at 5:22 PM, "Scott Weeks"   
wrote:





--- li...@iamchriswallace.com wrote:
I am hoping to get some peoples opinions on Alcatel-Lucent routers.   
We are looking at the 7750 SR line and the 7450 ESS line.  We are  
currently a Cisco shop but these would be deployed in a completely  
new network delivering mostly MPLS based services and DIA.  Any  
comments are welcome,  good and bad.

---


We deploy these.  They are very different from cisco (so there will  
be a big learning curve) and kick ass.  Be sure to go to  
7. as cflowd (their netflow) does not report correctly on  
things like ASN.


scott

Re: dark fiber

[Craig Vuljanic]

http://en.wikipedia.org/wiki/Dark_fibre



On Thu, Feb 11, 2010 at 11:13 AM, Deric Kwok wrote:

> Can I have question?
>
> What is dark fiber?
>
> Thank you
>
>
>
> On Wed, Feb 10, 2010 at 5:08 PM, James Jones 
> wrote:
> > I am doing some researchis there a way to find out where there is
> dark
> > fiber and who own's it?
> >
> >
>
>

Re: Traffic Statistics for Yesterday

[Craig Labovitz]

It was big (flash traffic roughly doubled globally at the peak), but  
not in the same ballpark as Obama inauguration.


A graph of July 7 flash traffic across 97 tier1/2 ISPs compared with  
the daily average:

http://farm3.static.flickr.com/2581/3704208402_34ca00597d.jpg?v=0

- Craig



On Jul 8, 2009, at 11:08 AM, Shon Elliott wrote:
Does anyone have any data on how the memorial event for Michael  
Jackson effected
the global backbones? This was seen as another inaugural type of  
traffic day to

most of the people I've talked to.

Fiber cut in SF area

[Craig Holland]

Just dropping a note that there is a fiber cut in the SF area (I have a
metro line down).  AboveNet is reporting issues and I've heard unconfirmed
reports that ATT and VZW are affected as well.

Rgs,
craig

Re: Network diagram software

[Craig Holland]

Mathias Wolkert wrote:

>>> OmniGraffle is the better Visio.

...except I've not found any good networking/systems stencils for
omnigraffle (even on graffletopia).  I tried to import the visio ones in 5.0
but that didn't work too well.  Someone out there have something for
omnigraffle that rivals the visio network stencils?

Thanks,
craig

Re: Comcast DNS

[Craig Holland]

*blush* at missing the original sarcasm.



--Original Message--
From: Craig Holland
To: NANOG
Sent: Dec 8, 2008 5:42 PM
Subject: Re: Comcast DNS

Hi...

> I find your report too specific.  Can you make it a bit more generic,
> perhaps by not including the name of the company that provides a myriad
> of web-based services?

Isn't 'specific' good for operations related stuff?  I mean if you are just
complaining about something for the sake of complaining or are giving
examples I can see where names wouldn't be necessary.

Rgs,
Craig

Re: Comcast DNS

[Craig Holland]

Hi...

> I find your report too specific.  Can you make it a bit more generic,
> perhaps by not including the name of the company that provides a myriad
> of web-based services?

Isn't 'specific' good for operations related stuff?  I mean if you are just
complaining about something for the sake of complaining or are giving
examples I can see where names wouldn't be necessary.

Rgs,
Craig

Re: Recommendation of Tools

[Craig Holland]

Hi...

> According to the 0.75 sorcecode ICMP is still the default prot used,
> and the definition of MTR from bitwizards homepage disagress with you:
> 
> "mtr combines the functionality of the 'traceroute' and 'ping'
> programs in a single network diagnostic tool.
> As mtr starts, it investigates the network connection between the
> host mtr runs on and a user-specified destination host. After it
> determines the address of each network hop between the machines, it
> sends a sequence ICMP ECHO requests to each one to determine the
> quality of the link to each machine. As it does this, it prints
> running statistics about each machine. For a preview take a look at
> the screenshots."
> 
> Even if you use UDP/TCP or whatever, the return packet will be ICMP
> and that will be ratelimited by any carrier worth there salt...

...recent attempts to get mtr working through a cisco fwsm got me sniffing,
and yes indeed, icmp is the protocol in play with mtr (both outbound and
inbound).


Rgs,
craig

Re: an over-the-top data center

[Craig Holland]

Just me, or is showing the floorplan not the typical behavior of a super-secure 
anything?


--Original Message--
From: Måns Nilsson
To: Steven M. Bellovin
To: NANOG
Sent: Nov 28, 2008 6:52 AM
Subject: Re: an over-the-top data center

--On fredag, fredag 28 nov 2008 08.34.33 -0500 "Steven M. Bellovin"
<[EMAIL PROTECTED]> wrote:

> http://royal.pingdom.com/2008/11/14/the-worlds-most-super-designed-data-c
> enter-fit-for-a-james-bond-villain/ (No, I don't know if it's real or
> not.)

It is.

The server space is outside the blastproof area. Go figure.

-- 
Måns NilssonM A C H I N A

I'm into SOFTWARE!

RE: ARIN Routing Registry vs RADB vs X

[Craig Holland]

They gave no particular reason.  I figured I'd ask ya'all before I
started to push back and use phrases like 'silly', 'ridiculous', and
'pointless' in my argument to them.

Thanks,
Craig

> -Original Message-
> From: Christian Koch [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 25, 2008 3:53 PM
> To: Craig Holland
> Cc: [EMAIL PROTECTED]
> Subject: Re: ARIN Routing Registry vs RADB vs X
> 
> Sounds ridiculous...radb mirrors arins db, I don't see why they are
> trying to force you to use radb.
> 
> You can query whois.radb.net and you will be able to see your arin
> objects...
> 
> Did they give you a reason on WHY you should have to use RADB?
> 
> 
> Christian
> 
> 
> 
> On Thu, Sep 25, 2008 at 6:38 PM, Craig Holland <[EMAIL PROTECTED]>
wrote:
> > Hi,
> >
> > I recently ran across a situation where a large ISP only accepts IRR
> > entries generated by RADB to build their path filters.  I use the
ARIN
> > Routing Registry.  Is this a common practice?  Should I convert over
to
> > RADB?
> >
> > Thanks,
> > Craig
> >
> >
> >

RE: ARIN Routing Registry vs RADB vs X

[Craig Holland]

Hi...

> Are you saying the ISP only accepts entries they can pull from the
RADB?
> Or
> only entries that originate with the RADB? 

...ones that only originate from RADB.  This is the part that I found
strange considering the ARIN records are in (show up in) RADB and they
are what most would consider a trusted source.

CH

> If the former, you're fine.
> Your
> ARIN records are in the RADB.
> 
> DS
> 
> 
> 

ARIN Routing Registry vs RADB vs X

[Craig Holland]

Hi,

I recently ran across a situation where a large ISP only accepts IRR
entries generated by RADB to build their path filters.  I use the ARIN
Routing Registry.  Is this a common practice?  Should I convert over to
RADB?

Thanks,
Craig

Sprint/Cogent Peering Issue?

[Craig Holland]

Hi,

We are seeing traffic getting dropped between our Cogent and Sprint
connect DC's.  One of them is getting shutdown, so we just have a Cogent
link there :|  Anyone seeing anything similar?

From: 91.102.40.18
traceroute to ops1.scc.rnmd.net (208.91.188.136), 30 hops max, 38 byte
packets
 1  v1-core-sw1 (91.102.40.5)  0.471 ms  0.422 ms  0.431 ms
 2  ge-0-1-0-pat2 (91.102.40.146)  0.376 ms  0.354 ms  0.335 ms
 3  fe-1-3-1-501-pat1 (91.102.40.208)  0.376 ms  0.344 ms  0.407 ms
 4  vl324.mpd01.lon01.atlas.cogentco.com (149.6.147.217)  0.745 ms
0.744 ms  0.740 ms
 5  te3-1.mpd02.lon01.atlas.cogentco.com (130.117.2.26)  0.717 ms
39.037 ms te1-8.ccr01.lon01.atlas.cogentco.com (130.117.3.226)  0.565 ms
 6  gi6-0-0.core01.lon01.atlas.cogentco.com (130.117.1.73)  0.592 ms
0.450 ms  0.483 ms
 7  213.206.131.29 (213.206.131.29)  0.581 ms  0.503 ms  0.483 ms
 8  sl-bb21-lon-3-0.sprintlink.net (213.206.129.152)  1.078 ms  0.905 ms
0.934 ms
 9  *
 
>From 208.91.188.138
traceroute to ops2.lnc.rnmd.net (91.102.40.18), 30 hops max, 38 byte
packets
 1  v1-core-sw1 (208.91.188.130)  0.600 ms  0.456 ms  2.105 ms
 2  f0-0-4-0-pat2 (207.0.21.114)  0.416 ms  0.466 ms  0.486 ms
 3  sl-st1-sc-2-6.sprintlink.net (144.228.111.25)  0.455 ms  0.224 ms
0.236 ms
 4  sl-crs2-sj-0-1-0-3.sprintlink.net (144.232.20.196)  1.482 ms  1.477
ms  1.232 ms
 5  sl-st20-sj-12-0-0.sprintlink.net (144.232.20.63)  2.482 ms  2.472 ms
2.485 ms
 6  po5-3.core01.sjc03.atlas.cogentco.com (154.54.13.49)  2.732 ms
2.472 ms  2.485 ms
 7  te3-1.mpd01.sjc03.atlas.cogentco.com (154.54.6.85)  2.705 ms  2.723
ms  2.735 ms
 8  vl3493.ccr02.sjc01.atlas.cogentco.com (154.54.6.109)  3.231 ms
vl3492.mpd01.sjc01.atlas.cogentco.com (154.54.6.105)  3.227 ms
vl3491.ccr02.sjc01.atlas.cogentco.com (154.54.6.101)  2.726 ms
 9  te9-3.mpd01.sfo01.atlas.cogentco.com (154.54.2.53)  3.968 ms  3.722
ms te8-3.ccr02.sfo01.atlas.cogentco.com (154.54.2.137)  3.988 ms
10  te9-2.ccr02.mci01.atlas.cogentco.com (154.54.24.118)  50.943 ms
te7-4.mpd01.mci01.atlas.cogentco.com (154.54.24.106)  50.944 ms  50.720
ms
11  te9-3.ccr02.ord01.atlas.cogentco.com (154.54.25.78)  50.669 ms
63.423 ms te9-3.mpd01.ord01.atlas.cogentco.com (154.54.25.82)  51.206 ms
12  te2-1.ccr02.bos01.atlas.cogentco.com (154.54.7.170)  78.172 ms
te3-3.mpd01.bos01.atlas.cogentco.com (154.54.7.82)  100.666 ms
te2-1.ccr02.bos01.atlas.cogentco.com (154.54.7.170)  78.176 ms
13  * * *

Thanks,
craig
 
____
Craig Holland
Rhythm NewMedia
Sr. Director Operations & Integration
YIM: cholland

Re: Level 3 TPA routing today?

[Craig Pierantozzi]

Some infrastructure blocks are not routed to portions of the network  
but should not affect ultimate reachability as long as the correct  
loopbacks and directly connected networks are advertised properly.


regards

On Aug 27, 2008, at 6:42 PM, William R. Lorenz wrote:


Has anyone noticed significant Level3 transit issues this evening?

[wrl@ ~]$ traceroute ae-23-52.car3.Chicago1.Level3.net
traceroute to ae-23-52.car3.Chicago1.Level3.net (4.68.101.39), 30  
hops max, 40 byte packets

[...]
4  ge-6-1-101.hsa1.Cleveland1.Level3.net (64.156.66.29)  2.627 ms !H
[wrl@ ~]$


[wrl@ ~]$ traceroute vlan79.csw2.Dallas1.Level3.net
traceroute to vlan79.csw2.Dallas1.Level3.net (4.68.19.126), 30 hops  
max, 40 byte packets

[...]
4  ge-6-1-101.hsa1.Cleveland1.Level3.net (64.156.66.29)  3.166 ms !H  
* *

[wrl@ ~]$

Re: Level 3 TPA routing today?

[Craig Pierantozzi]

Most likely the issue was communication between the NOC and the  
service management center. The NOC deals with the core facing events  
versus the SMC which takes the incoming calls from the customers. In  
this case the issue was identified and resolved in the NOC.


Perhaps the RFO was not posted internally or whomever you talked with  
didn't check the status updates or something. Lot's of things could  
have resulted in a tech not knowing about this type of issue.


Anyway, to tie up loose ends, there was a problem on a core router  
that was isolated and then repaired in Atlanta.


regards
-Craig

On Aug 27, 2008, at 5:02 PM, Jon Lewis wrote:


On Wed, 27 Aug 2008, David Hubbard wrote:


be.  The tech I spoke to this morning said he had no
knowledge of any issues yesterday, of course my ticket
also had none of the information I sent in to them
yesterday or even a clear description of what the
problem was


We opened a ticket for today's event and got the same response.

--
Jon Lewis   |  I route
Senior Network Engineer |  therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Native v6 with Level(3)?

[Craig Pierantozzi]

No rate limits, tunnel termination in DC, San Jose, Dallas,
Amsterdam, London. You can request termination to multiple
routers for diversity.

* Justin Shore was thought to have said:

> That's good to know.  Do you know if there are any rate-limits that 
> would apply to this trial service?  Any idea where the tunnel head-end 
> is?  Will they do a backup tunnel to another router?  I'll have to give 
> them a holler as soon as I'm ready to make the IPv6 jump.

Re: Native v6 with Level(3)?

[Craig Pierantozzi]

No native service available but there is a trial tunneled IPv6 service  
with best effort support with *no SLA* available to current Level 3  
Internet customers.  IPv6 is currently being provided via IPv4 tunnels  
to the customer's existing router and supported by a handful of  
engineers.


There is a simple service agreement addendum and form to fill out for  
relevant config bits.


-Craig

On Aug 22, 2008, at 5:22 PM, Kyle Murray wrote:


Here is the response I got from L3 when I inquired about IPV6:

"The answer to your questions is "no", we have not yet inplemented  
IPV6 for our customers yet.  IPV4 is the de facto on our backbone  
nad alledge router on which customers connectc."


Poor spelling aside, it seems they have not implemented it yet.  If  
someone manages to get them to implement, I would really like to  
hear about it.


-kyle

Kyle Murray
Network Manager
Digital Forest, Inc.

Re: Level3 BGP help

[Craig Pierantozzi]

* John Payne was thought to have said:
> 
> I thought perhaps we'd found the reason behind the tax^surcharge in  
> the other thread... a community tax :)

No, that's a pass through charge that goes to epperson.

Re: Level3 BGP help

[Craig Pierantozzi]

* Jon Lewis was thought to have said:

> If someone from Level3 could tell me why routes tagged with
> 
> 65000:0 and/or 65000:1239 don't actually stop those routes from being 
> advertised to 1239, I'd appreciate it.

You should start to see them disappear shortly. On route-views they're
starting to show as history entries. Bad community list on one router 
was the issue.

regards
-Craig

Re: Level3 newyork - london, anyone else seeing issues?

[Craig Pierantozzi]

On Jul 26, 2008, at 7:49 AM, John Menerick wrote:

I was seeing the same thing around the same time.  However, the  
"issue" corrected itself after 10 minutes.  Not quite long enough to  
get Level3 support on the phone.  Support's answer: "OOps, our  
bad."



John Menerick
http://www.icehax.us
twitter: aeonice
aim: glacilwing



I'm sorry to say that whoever said that didn't know the issue since it  
wasn't a level 3 problem. That router in NYC is the border and bgp was  
up and routing fine over that interface to another entity. Something  
was wrong on the return path on the other side past that customer  
access router.


I worked with Drew offline and after clearing one side, efforts were  
underway to contact the other entity and get it resolved when it  
returned to normal.


regards
-Craig

Re: Level3 newyork - london, anyone else seeing issues?

[Craig Pierantozzi]

Drew-

Contact me offlist, that CAR router is our border. We pass to 
another entity after that.

regards
-Craig

* Drew Weaver was thought to have said:

>   915 ms17 ms17 ms  ae-93-93.ebr3.Washington1.Level3.net 
> [4.69.134.173]
>  1022 ms18 ms18 ms  ae-3.ebr3.NewYork1.Level3.net [4.69.132.90]
>  1130 ms18 ms18 ms  ae-63-63.csw1.NewYork1.Level3.net 
> [4.69.134.98]
>  1218 ms19 ms19 ms  ae-13-69.car3.NewYork1.Level3.net [4.68.16.5]
>  13 *** Request timed out.

Savvis route loop

[Craig Holland]

Hi,

Could someone from Savvis contact me off-list please.  We have been
stuck behind a route-loop since last night's maintenance:

traceroute 208.91.191.1
traceroute to 208.91.191.1 (208.91.191.1), 64 hops max, 40 byte packets
 1  FE0-0-12.nav1.nyc.access.net (166.84.1.28)  0.443 ms  0.568 ms
0.456 ms
 2  port-channel1-128.l3core.nyc.access.net (166.84.66.1)  1.359 ms
1.000 ms  0.977 ms
 3  gi0-7.na21.b001105-3.jfk02.atlas.cogentco.com (38.102.195.129)
1.499 ms  1.788 ms  1.312 ms
 4  vl3608.mpd01.jfk02.atlas.cogentco.com (38.20.32.61)  1.861 ms  1.695
ms  3.223 ms
 5  vl3493.mpd03.jfk02.atlas.cogentco.com (154.54.5.226)  2.714 ms
te2-3.mpd03.jfk02.atlas.cogentco.com (154.54.3.1)  2.482 ms
vl3493.mpd03.jfk02.atlas.cogentco.com (154.54.5.226)  2.634 ms
 6  te8-3.mpd01.dca01.atlas.cogentco.com (154.54.5.98)  12.221 ms  8.209
ms  9.022 ms
 7  vl3498.mpd01.dca02.atlas.cogentco.com (154.54.7.6)  10.168 ms
vl3492.mpd01.dca02.atlas.cogentco.com (66.28.4.86)  8.746 ms  11.408 ms
 8  vl3496.mpd01.iad01.atlas.cogentco.com (154.54.5.46)  17.866 ms
vl3494.mpd01.iad01.atlas.cogentco.com (154.54.5.42)  11.052 ms
vl3497.mpd01.iad01.atlas.cogentco.com (154.54.5.66)  8.642 ms
 9  ber1-ge-7-43.virginiaequinix.savvis.net (208.173.10.181)  8.604 ms
8.954 ms ber1-ge-7-39.virginiaequinix.savvis.net (208.173.52.105)  8.373
ms
10  * cr1-tengig0-7-2-0.washington.savvis.net (204.70.197.242)  9.919 ms
10.052 ms
11  cr2-pos-0-0-5-0.sanfrancisco.savvis.net (204.70.200.194)  83.281 ms
82.172 ms  82.575 ms
12  pr1-so-0-0-0.PaloAltoPaix.savvis.net (204.70.200.193)  80.832 ms
82.515 ms  81.396 ms
13  pr3-so-0-0-0.PaloAltoPaix.savvis.net (204.70.199.106)  80.805 ms
81.499 ms  80.664 ms
14  206.24.241.202 (206.24.241.202)  94.556 ms  89.078 ms  90.265 ms
15  pr3-ge-3-0-0.PaloAltoPaix.savvis.net (206.24.241.201)  82.002 ms
81.618 ms  81.731 ms
16  206.24.241.202 (206.24.241.202)  82.548 ms  85.024 ms  90.215 ms
17  pr3-ge-3-0-0.PaloAltoPaix.savvis.net (206.24.241.201)  83.186 ms
84.437 ms  83.145 ms
18  206.24.241.202 (206.24.241.202)  94.735 ms  89.556 ms  89.939 ms
19  pr3-ge-3-0-0.PaloAltoPaix.savvis.net (206.24.241.201)  83.556 ms
84.091 ms  85.894 ms
20  206.24.241.202 (206.24.241.202)  88.289 ms  90.290 ms  89.362 ms

Thanks,
Craig

 
 

Craig Holland
Rhythm NewMedia
Sr. Director Operations & Integration
YIM: cholland

Re: Level3 IPv6 availability?

[Craig Pierantozzi]

Level 3 provides best effort IPv6 support with no SLA to current 
Internet customers. As mentioned IPv6 is currently being provided 
via tunnels to the customer's existing router.

There is a simple service agreement addendum and form to fill 
out for relevant config bits.

Sorry you get such a response from people that should know. *sigh*

regards
-Craig (Level 3 architecture)

* Jay Hennigan was thought to have said:

> Is anyone at Level3 who is familiar with IPv6, or anyone who is a Level3 
> IPv6 customer lurking here?  We are a Level3 BGP customer and our 
> contacts are giving us a deer-in-the-headlights stare when we want to 
> bring up our /32, claiming that they don't do IPv6 at all.  Not native, 
> not tunneled, zip, nada.
> 
> Yet, I see lots of AS3356 in the ipv6 routing tables, and there's this 
> from three years ago...
>