Re: L2VPN/L2transport, Cumulus Linux & hardware suggestion

2020-07-09 Thread Cummings, Chris 
The EX 4650 does indeed do 25G.

Chris

From: NANOG 
Date: Tuesday, July 7, 2020 at 16:10
To: Jürgen Jaritsch , nanog@nanog.org 
Subject: RE: L2VPN/L2transport, Cumulus Linux & hardware suggestion
Good luck with tunnelling LACP, no matter what boxes you have - LACP has (de 
facto) hard jitter requirements of under 1msec, or you'll be getting TCP resets 
coming out your ears due to mis-ordered packets.

For your requirements, although I hesitate to recommend them for 
enterprise/carrier use, Miktotik's EoIP protocol does a much better job of this 
than most "carrier-grade" implementations.

Otherwise, Juniper and Arista both come to mind, Juniper has the EX4650 that 
matches your h/w specs, and Arista has, oh, at least half a dozen boxes of 
various spec that comply, too.  Not 100% sure the Juniper EX does 25G, now that 
I think of it.

Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive
Winnipeg, MB, R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
athomp...@merlin.mb.ca
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.merlin.mb.ca=E,1,o0s1bKhLRD6liZS4E7uqx8L_J041eQu7PxSKcDhFF789AA4epdh0jA2ocQb3Muy1lOflaqq0cDB0hNdzN8eaUymLeSEkUXcpEIsdt7KL5XEHOMQ,=1

> -Original Message-
> From: NANOG  On Behalf Of
> Jürgen Jaritsch
> Sent: Tuesday, July 7, 2020 3:15 PM
> To: nanog@nanog.org
> Subject: L2VPN/L2transport, Cumulus Linux & hardware suggestion
>
> Dear folks,
>
> have anyone already tried to run VXLAN/EVPN + “Bridge Layer 2 Protocol
> Tunneling” on Cumulus Linux as an replacement for classic MPLS L2VPN/VPWS
> (“xconnect”, l2circuit, VLL) ?
>
> I need to provide transparent Ethernet P2P virtual leased lines to my
> customers and these have to support stuff like LLDP, STP, LACP, etc. The
> transport L2 network is not THAT big: max hops between VTEP is 4.
>
> Anyone have suggestions for the below hardware request?
> #) 1-3U L2/L3 box
> #) 48x SFP28 / 1/10/25G
> #) 6x QSFP28 / 100G
> #) VXLAN/EVPN with L2 tunneling support
> or
> #) MPLS VPWS/l2circuit
> #) Dual PSU
>
>
> thanks & best regards
> Jürgen
>

Re: Contact at Ubiquiti Networks?

2020-05-26 Thread Cummings, Chris 
For the carrier side of things Mikrotik is a fairly standard replacement for 
UBNT stuff. 

—
chris


From: NANOG  on behalf of Ben 
Date: Tuesday, May 26, 2020 at 09:55
To: NANOG list 
Subject: Re: Contact at Ubiquiti Networks?

Agree 1000% with the sentiments expressed by Mike.

Unfortunately despite much research I’ve been unable to find a suitable 
replacement vendor.  All the other vendors seem to want to ram cloud-management 
down your throat which I absolutely do not want.  My network, my control, not 
under the auspices of someone else’s magic cloud.


On 25 May 2020, at 21:21, Mike Hammett  wrote:

The company has mostly fallen apart. Their sales are going up, but their 
responsiveness and customer support have been declining over the last five 
years.


-
Mike Hammett
https://linkprotect.cudasvc.com/url?a=http://www.ics-il.com/=E,1,2cRoIhFvqTaan4SPyr09-SmXgOsZJQqCFi2FwhWYV9ctXyEZWBO-t0rHLwvNsOiA5SeA36NyXcXP_2fSpJbMxiprDZ9YWqKnpO9ZovATGA,,=1

https://linkprotect.cudasvc.com/url?a=http://www.midwest-ix.com/=E,1,M3kKzgV7y8ieeU8fd8NVQHbI9DhVc8yccaJyiS8ZXknqE1kDSQeehG8tE_4CzbJ4fsgKnMTSap_waGTIszwk6BOFZIswbKFfDndDlue95e6sf8_IFV2cbQ,,=1

https://linkprotect.cudasvc.com/url?a=http://www.thebrotherswisp.com/=E,1,dJU5lLTp7m78fqlcHBlm7fYrKz0Euf61wdKso7F8_yZvID2DEKRxAU4LlovT3UdfKKlrdIkw5QDN-uu-d2e69x8R3JOq7QxDis8It6FlO2sORiqExN7Y=1


From: "j k" 
To: "NANOG list" 
Sent: Monday, May 25, 2020 3:16:36 PM
Subject: Contact at Ubiquiti Networks?
Does anyone have a good contact at Ubiquity Networks? Finding a pattern I don't 
like. 


Joe Klein 
"inveniet viam, aut faciet" --- Seneca's Hercules Furens (Act II, Scene 1)
"I never lose. I either win or learn" - Nelson Mandela

Re: [EXT] Re: rack rails

2020-03-30 Thread Cummings, Chris 
Now that you say that, I think you're right. I am referring specifically to the 
EX4650 and they are the cheesy type where the rear half of the rail stays 
screwed in to the rack and the front half of the rail is attached to the 
switch. I assume it is the same on the QFX since they are very similar 
platforms. Basically they are that annoying type between rack ears and sliding 
rails where the device can separate completely from the rails. 

chris

On 3/30/20, 10:37, "NANOG on behalf of Chuck Anderson" 
 wrote:

On Mon, Mar 30, 2020 at 03:15:54PM +, Cummings, Chris wrote:
> Juniper's ToR switches have slide in rails. They are a bit frustrating 
compared to Dell easy rails, but they do the trick. 

You can slide the switch in/out while attached securely to the rails?  That 
is news to me and my QFX5k and QFX10k switches.

Re: rack rails

2020-03-30 Thread Cummings, Chris 
Juniper's ToR switches have slide in rails. They are a bit frustrating compared 
to Dell easy rails, but they do the trick. 

--
Chris

On 3/30/20, 10:14, "NANOG on behalf of Tore Anderson"  wrote:

* Luke Guillory

> I've had gear that came with a small rear support shelf that didn't had 
to the height, RGB Networks BNPs for example. I'm pretty sure we've used these 
with the BNPs one on top of the other. 
> 
> Page 16 in this PDF shows the shelf.
> 
> 
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.konturm.ru%2fcatalogy%2fdf%2fbnp2xr_installation_guide_3.7.1_20160222.pdf=E,1,YHvnT2TmvwvheJVrHCQw14VV7CjJT2p7KYuB3jRzPmiSMwf-OUsfPJGLzHZTEuIHdW7HhcOy47oSBKKQ2UMZdryM3hs-d8kUDoqJ34tTz5jw=1

Interesting, thanks! Such a shelf would do the trick if it is thin enough 
to fit in the tiny space between two devices mounted in adjacent rack units.

Do you know if it is possible to buy this kind of shelf from somewhere 
(without an accompanying device)?

Tore

Re: Dual Homed BGP

2020-01-24 Thread Cummings, Chris 
We have full tables from 2 ISPs at just one datacenter, and it is nice in the 
case of partial reachability issues—If one ISP loses access to routes to a 
destination but the other one doesn’t, for example. For us, the decision to do 
full tables was easy, as we are running 2 MX150s which can very easily handle 
the load and convergence is still less than a minute or so. As far as optimal 
path goes, full tables really doesn't help us much, so we made sure to get 
matching speed circuits just to make things simple. We have AT and 
CenturyLink, and most things prefer CenturyLink as they are pretty well peered 
due to all of their acquisitions. It would be interesting to see a distribution 
plot of ASPATH length, I would bet that a huge chunk  of our routes are only 
2-3 hops away.

/chris
 

On 1/24/20, 10:56, "NANOG on behalf of Ben Cannon"  wrote:

Honestly, this.  Your only real choice is what of 2 pipes to chuck it out 
of.

Full tables vs partial and a default don’t make the process much more 
intelligent for 1 site dual homed, and as mentioned routing policy will have 
more influence.

-Ben

> On Jan 24, 2020, at 8:47 AM, Mel Beckman  wrote:
> 
> It’s pretty pointless for a small ISP to get full routes, because the BGP 
tables are so highly manipulated. It’s better to just get “company” routes for 
each upstream, and then use your own traffic engineering via prepending and 
static or policy routes to balance the outbound traffic the way you like. 
> 
> -mel 
> 
>> On Jan 24, 2020, at 8:40 AM, Brian  wrote:
>> 
>> 
>> Hello all. I am having a hard time trying to articulate why a Dual Home 
ISP should have full tables. My understanding has always been that full tables 
when dual homed allow much more control. Especially in helping to prevent Async 
routes.
>> 
>> 
>> Am I crazy?

CenturyLink Technical Contact

2020-01-14 Thread Cummings, Chris 
Good Morning All,

Is there anyone on the list from CenturyLink that can contact me offline? We 
have a private circuit that has been down for 2+ weeks and there is no 
resolution in sight. We have, of course, been working through the NOC and 
through our sales team, but have hit road-blocks on all of the above. Is there 
anyone here who can help me with this Hail Mary?

Thank You!

Chris

Re: CenturyLink/Level3 feedback

2019-07-10 Thread Cummings, Chris 
I was always taught that “if you can't say anything nice, don't say nothing at 
all”—That being said, my last CenturyLink turnup was worse than my last AT 
turnup. Take that for what it is worth.



/chris

Re: DOs and DONTs for small ISP

2019-06-03 Thread Cummings, Chris 
Mehmet, I think this is a cool idea, perhaps a good format for the 
documentation would be something along the lines of an “awesome list”? 
(https://github.com/sindresorhus/awesome)

Chris

From: NANOG  on behalf of Mehmet Akcin 

Date: Monday, June 3, 2019 at 07:06
To: nanog 
Subject: DOs and DONTs for small ISP

hi there,

I know there are folks from lots of small ISPs here and I wanted to check-in on 
asking few advice points as I am involved building an ISP from green-field.

Usually, it's pretty straight forward to cover high-level important things, 
filters, routing policies, etc.but we all know the devil is in the details.

I am putting together a public DOs and DONTs blog post and would love to hear 
from those who have built ISPs and have recommendations from Billing to 
Interconnection, Routing policy to Out of the band  & console setup, Software 
recommendations, etc. Bottom line is that I would like to publish a checklist 
with these recommendations which I hope will be useful for all.

thanks in advance for your help and recommendation.

Mehmet

Re: Advertisement of Equinix Chicago IX Subnet

2019-03-27 Thread Cummings, Chris 
Not too sure about your topology, but I’ve had something similar bite me, so we 
typically put a prefix list inbound to deny receiving our internal prefixes 
from our peers. This probably doesn’t work as well if your network is less 
“eyeballish” than ours, however.

/chris



On Wed, Mar 27, 2019 at 4:37 PM -0500, "Graham Johnston" 
mailto:johnst...@westmancom.com>> wrote:

This afternoon at around 12:17 central time today we began learning the subnet 
for the Equinix IX in Chicago via a transit provider; we are on the IX as well. 
The subnet in question is 208.115.136.0/23. Using 
stat.ripe.net
 I can see that this subnet is also being learned by others, see the snip 
below. On our network this caused a nasty routing loop until we figured out 
what was wrong. My current best understanding is that because the route was 
learned via eBGP it trumped the OSPF learned route. As soon as I filtered the 
advertisement from my transit provider everything returned to normal. What am I 
doing that isn’t best practices that would have prevented this?

Thanks,
graham


RIPE Info
1 RRCs see 1 peers announcing 208.115.136.0/23 originated by 
AS32703

· ▼RRC00 in Amsterdam, Netherlands sees 1 ASN orginating 
208.115.136.0/23.AS32703

o
▼AS32703
 is seen as the origin by 1 peer.192.102.254.1

§  
▼192.102.254.1
 is announcing route 
AS395152
 
AS63297
 
AS6327
 
AS36280AS32703.

§  Origin: IGP

§  Next Hop: 192.102.254.1

§  Peer: 192.102.254.1

§  Community: 63297:1000

§  AS Path: 395152 63297 6327 36280 32703

§  Last Updated: 2019-03-27T17:17:19


Route-views
route-views.chicago.routeviews.org>
 show ip bgp 208.115.136.0
BGP routing table entry for 208.115.136.0/23
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  32709 32703
208.115.136.134 from 208.115.136.134 (63.134.128.248)
  Origin IGP, localpref 100, valid, external, best
  AddPath ID: RX 0, TX 64414249
  Last update: Wed Mar 27 17:16:09 2019

AT or Cogent Assistance

2019-03-02 Thread Cummings, Chris 
Good Evening,

Can anyone from AT or Cogent assist me? I cannot connect between two of my 
sites, and the issue appears to be either on AT’s network or between AT and 
Cogent according to traceroute. All Internet traffic at both sites appears to 
be functioning, other than this site to site connectivity:

Traceroute from side A, source IP 64.179.178.34:

FW-A# exec traceroute 12.166.160.250
traceroute to 12.166.160.250 (12.166.160.250), 32 hops max, 3 probe packets per 
hop, 84 byte packets
1  64.179.178.33   2.297 ms  2.098 ms  1.849 ms
2  208.117.98.138   1.590 ms  1.643 ms  2.012 ms
3  10.255.0.0  11.100 ms  19.099 ms  22.795 ms
4  216.16.3.155  18.779 ms  18.644 ms  18.694 ms
5  38.142.172.9   27.814 ms  27.903 ms  
27.844 ms
6  154.54.24.34   33.590 ms  33.645 ms  
33.625 ms
7  154.54.45.18   33.418 ms  33.639 ms  
33.808 ms
8  154.54.12.86   36.106 ms  35.741 ms  36.079 ms
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *

Traceroute from side B, source IP 12.166.160.250:

FW-B# exec traceroute 64.179.178.34
traceroute to 64.179.178.34 (64.179.178.34), 32 hops max, 3 probe packets per 
hop, 84 byte packets
1  12.166.160.249  0.148 ms  0.088 ms  0.082 ms
2  10.17.1.5  2.195 ms  2.281 ms  1.995 ms
3  10.17.0.5  4.179 ms  2.627 ms  3.879 ms
4  12.117.201.149  18.532 ms  18.482 ms  20.171 ms
5  12.122.158.170  87.847 ms * *
6  12.122.158.177  81.833 ms  86.028 ms  82.135 ms
7  12.122.5.229   88.562 ms  85.265 ms  84.468 ms
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *

Both IPs in question here are setup to respond to ICMP ping.

Thanks in advance!

/chris

RE: Network Speed Testing and Monitoring Platform

2019-01-16 Thread Cummings, Chris 
Depending on the Bandwidth needed, yes, but the Pi is limited at the NIC level 
because it is on a shared USB 2.0 Bus.

[cid:image001.jpg@01D42B24.779DE300]
Chris Cummings | Network Engineer
Coeur Mining, Inc.|  104 S. Michigan Ave. Suite 900 | Chicago, IL 60603
t: 312.489.5852 | m: 773.294.6496 | 
ccummi...@coeur.com
NYSE: CDE | www.coeur.com

Notice of Confidentiality: The contents of this e-mail message and any 
attachments are confidential and are intended solely for addressee. This 
transmission is sent in trust, for the sole purpose of delivery to the intended 
recipient.  If you have received this transmission in error, any use, 
reproduction or dissemination of this transmission is strictly prohibited.  If 
you are not the intended recipient, please immediately notify the sender by 
reply e-mail or phone, and delete this message and its attachments, if any.

P Please consider the environment before printing this e-mail.

From: NANOG  On Behalf Of Chris Kimball
Sent: Wednesday, January 16, 2019 11:27 AM
To: Colton Conor ; David Guo 
Cc: NANOG 
Subject: RE: Network Speed Testing and Monitoring Platform

Would a raspberry pi work for this?

Could 3D print a nice case with your logo for it.

From: NANOG mailto:nanog-boun...@nanog.org>> On Behalf 
Of Colton Conor
Sent: Wednesday, January 16, 2019 2:16 PM
To: David Guo mailto:da...@xtom.com>>
Cc: NANOG mailto:nanog@nanog.org>>
Subject: Re: Network Speed Testing and Monitoring Platform

Last time I setup Iperf3 it was semi difficult, and would be impossible trying 
to coach a soccer mom on how to setup over the phone.

I am leaning towards a CPE that has speed test built in, or a low cost, sub 
$100 device we could ship to the customer to install. Anyone know of something 
like that?

On Wed, Jan 16, 2019 at 10:55 AM David Guo 
mailto:da...@xtom.com>> wrote:
We ask our customers use iperf3 to test speed.

Get Outlook for 
iOS


From: NANOG mailto:nanog-boun...@nanog.org>> on behalf 
of Colton Conor mailto:colton.co...@gmail.com>>
Sent: Thursday, January 17, 2019 00:54
To: NANOG
Subject: Network Speed Testing and Monitoring Platform

As an internet service provider with many small business and residential 
customers, our most common tech support calls are speed related. Customers 
complaining on slow speeds, slowdowns, etc.

We have a SNMP and ping monitoring platform today, but that mainly tells us 
up-time and if data is flowing across the interface. We can of course see the 
link speed, but customer call in saying the are not getting that speed.

We are looking for a way to remotely test customers internet connections 
besides telling the customer to go to speedtest.net, or 
worse sending a tech out with a laptop to do the same thing.

What opensource and commercial options are out there?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - -

The information contained in this electronic message may be confidential, and 
the message is for the use of intended recipients only. If you are not the 
intended recipient, do not disseminate, copy, or disclose this communication or 
its contents. If you have received this communication in error, please 
immediately notify me by replying to the email or call MIS Alliance at 
617-500-1700 and permanently delete this communication.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

2019-01-12 Thread Cummings, Chris 
Can we please have a mod step in and shut this thread down? Any conversation of 
value is long gone.

/Chris



On Sat, Jan 12, 2019 at 5:25 PM -0600, "Viruthagiri Thirumavalavan" 
mailto:g...@dombox.org>> wrote:

I don't know why you are all try to defend a man who try to silence my work.

Are you saying this thread is necessary?

On Sun, Jan 13, 2019 at 4:46 AM Töma Gavrichenkov 
mailto:xima...@gmail.com>> wrote:
On Sun, Jan 13, 2019 at 12:51 AM Viruthagiri Thirumavalavan
mailto:g...@dombox.org>> wrote:
> 5 months back I posted my spam research on DMARC list.
> You have gone through only 50 words and judged my work.
> The whole thread gone haywire because of you. I was
> humiliated there and left.

By the way, since that you've left no traces of whatever piece of work
you've posted to that list. The website is empty, slides are removed
from Speakerdeck, etc.

In theory, I can easily recall a few cases in my life when going
through just 50 words was quite enough for a judgment.

> To be very honest, I don't like you.

Please keep our busy mailing list out of this information, though for
me it's a valuable piece of data that someone I don't know personally
doesn't like someone else.

> Although I don't like you, I still managed to respond politely in
> IETF lists. Again... In that list the only thing you did was
> attacking my work.

So, I've read the whole thread, and, as far as I can see, there was
nothing coming from John except for a balanced judgement.

> And then please tell me this man is not biased at all.

Sorry, he's not.

--
Töma


--
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

Hostwinds LLC. (AS54290) Contact

2018-12-17 Thread Cummings, Chris 
Good Morning,

If anyone from Hostwinds LLC, AS54290 is on the list, can you please contact me 
at ccummi...@coeur.com? Also, if anyone would like 
to send me contact info if you have it, it would be greatly appreciated.

Thanks!

Chris Cummings

RE: Oct. 3, 2018 EAS Presidential Alert test

2018-10-03 Thread Cummings, Chris 
Yes, I received an alert on AT, iPhone X.


Chris Cummings | Network Engineer
Coeur Mining, Inc.|  104 S. Michigan Ave. Suite 900 | Chicago, IL 60603
t: 312.489.5852 | m: 773.294.6496 | ccummi...@coeur.com
NYSE: CDE | www.coeur.com

Notice of Confidentiality: The contents of this e-mail message and any 
attachments are confidential and are intended solely for addressee. This 
transmission is sent in trust, for the sole purpose of delivery to the intended 
recipient.  If you have received this transmission in error, any use, 
reproduction or dissemination of this transmission is strictly prohibited.  If 
you are not the intended recipient, please immediately notify the sender by 
reply e-mail or phone, and delete this message and its attachments, if any.

 Please consider the environment before printing this e-mail.

-Original Message-
From: NANOG  On Behalf Of Andy Ringsmuth
Sent: Wednesday, October 3, 2018 1:53 PM
To: nanog@nanog.org
Subject: Oct. 3, 2018 EAS Presidential Alert test

Did anyone on AT or an iPhone receive the test today? I believe it was 
supposed to happen at 2:18 EDT, followed by one on broadcast radio at 2:20 EDT.

I’m in CDT, so 1:18 and 1:20 p.m. CDT.

Message was heard on my desk radio at 1:21:35 p.m. CDT but as of the sending of 
this at 1:52 p.m. CDT, nothing on phones. I have an office full of AT iPhones 
and not a single one of them alerted.

FEMA says 
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.fema.gov%2femergency-alert-test=E,1,fr72hHe6gedphTpcUqBwvpTK0WFmRjf7FqlICQnIEFygbifiMG8spgvX2tJfj2gVu_Q8AYt5R6lOtqjxEEMXT5lY17sbIBJWi2Q0YGTIM8k4qqc,=1

"Cell towers will broadcast the WEA test for approximately 30 minutes beginning 
at 2:18 p.m. EDT. During this time, WEA compatible cell phones that are 
switched on, within range of an active cell tower, and whose wireless provider 
participates in WEA should be capable of receiving the test message. Some cell 
phones will not receive the test message, and cell phones should only receive 
the message once."

My wife, with a Sprint iPhone, received the test.



Andy Ringsmuth
5609 Harding Drive
Lincoln, NE 68521-5831
(402) 304-0083
a...@andyring.com