Re: BGP full feed for testing purposes

2020-08-06 Thread Greg Sowell 
Sorry, it wasn't a bug; we had power issues at our DC a few days ago and
everything didn't come back up clean *sigh*.  Please test again when you
have a moment.

Thanks,
Greg

On Wed, Aug 5, 2020 at 4:15 PM Blažej Krajňák  wrote:

> Hi Lukasz,
>
> your feed is working well. Feed from Poland to me to Slovakia is better
> than expected :) It's my first live BGP full feed ever so I really
> appreciate you.
> Will this instance run for a longer time?
>
> btw:
> - converting RIS data via mrt2exabgp looks to be broken, it's falling on
> syntax error in source data. With routeviews.org data it's working but
> exabgp is single-thread (convergence takes some time) and use much more
> RAM to start with full feed config than I excepcted.
> - from gregsowell.com I received email with access credentials, however
> L2TP tunnel establishment is falling due to authentication error - looks
> like bug
>
>
> Thanks to everyone
> Blažej
>
> Dňa 2020-08-05 20:04 Łukasz Bromirski napísal(a):
> > Ah, one more thing:
> >
> >> On 5 Aug 2020, at 20:01, Łukasz Bromirski 
> >> wrote:
> >>
> >>
> >> …or you can do next best thing. Which is use AS 65001 and connect your
> >> router to AS 65000 under 94.246.173.181.
> >>
> >> Please note that’s just test instance, and it has conservative timers
> >> (3600/7200) to not overtax CPU.
> >>
> >> It’s test instance of CSR 1000v running 16.9.5.
> >>
> >> If there’ll be interest, I can setup similar box with IOS-XR and/or
> >> with IPv6.
> >
> > This is European feed from Poland, so YMMV, but it has 816,090
> > prefixes as we speak.
> >
> > Don’t kill me if it kills your router ;)
> >
> > —
> > ./
>


-- 

GregSowell.com
TheBrothersWISP.com
StrayaNet.com

Re: Telia network quality

2017-02-04 Thread Greg Sowell 
I've been using them out of Dallas for about 2.5 years now with very good
success.  Their NOC has been top notch in responding to our issues, though
I've seen repeated peering issues for them with a single provider, but
who's to say that's their fault and not the other parties?

On Thu, Feb 2, 2017 at 8:55 PM, Kaiser, Erich  wrote:

> I would say that information is not 100% accurate.  We use Telia for waves
> nationwide and also have several DIA ingest(transit) points from them.  If
> anything, the IRU carriers they are using may have a problem sometimes due
> to fiber cuts, but that is why you build redundant paths.
>
> They are very ontop of the ball when one of the waves goes down.  We
> actually don't utilize a ton of their transit due to the nature of our
> network design, because we are  connected to all of the major IXs.
>
> Erich Kaiser
> The Fusion Network
> er...@gotfusion.net
> Office: 630-621-4804
> Cell: 630-777-9291
>
>
>
> On Thu, Feb 2, 2017 at 10:12 AM, Don  wrote:
>
> > I heard Telia's quality had been on the decline lately as they were
> > signing on lots of high-capacity new customers, and Cloudflare had some
> > complaint about them a few months prior too. Does anybody have any
> insight
> > into whether this is still the case? I was trying to evaluate whether
> Telia
> > would be a good carrier to switch over to as a primary provider, as their
> > pricing does look pretty attractive.
> >
> > B/R
> > Don
>



-- 

GregSowell.com
TheBrothersWISP.com
StrayaNet.com

Re: automated site to site vpn recommendations

2016-06-29 Thread Greg Sowell 
Lorenzo did a MUM presentation(https://www.youtube.com/watch?v=VeZetH9uX_Y)
on how road warriors can can connect with a Mikrotik to automatically
configure VPN.  Pretty novel idea using inexpensive hardware.  It may not
be as user friendly as you need, though.

On Tue, Jun 28, 2016 at 11:21 AM, Richard Greasley 
wrote:

> Another option is Checkpoint Edge devices.
> We use them worldwide with little to no problems.
> They're centrally managed and support central logging which is a plus when
> trying to diagnose issues.
> They support dynamic IP addresses as well, so just plug it in and you
> should be good to go.
> Not the cheapest solution, but for sure they get the job done.
>
> Regards,
> Richard.
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Dan Stralka
> Sent: Monday, June 27, 2016 6:28 PM
> To: Karl Auer
> Cc: nanog@nanog.org
> Subject: Re: automated site to site vpn recommendations
>
> I would second Meraki for the situation you describe. I don't feel that
> they are the most capable platform, they're expensive, and don't always
> present you with all the information you'd need for troubleshooting.
> However, the VPN offers great dynamic tunneling, instant-on performance,
> and are by far the simplest platform to offer a field person.  They're also
> tenacious - I've had them connect to the cloud management platform and
> build a VPN under some trying circumstances.
>
> From a security standpoint, they will offer features that will impress for
> the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN
> tunnel control), and we've found they punch above their weight and their
> APs perform fantastically.
>
> We deploy them worldwide many times per year in similar use cases,
> sometimes with 150 users on the LAN. If your routing is simple, you can
> define your security policies, and don't need crazy throughput on your VPN,
> Meraki is the way to go.  Be careful though: they have to be continually
> licensed to work and can get pretty expensive if you go for the higher end
> gear.  Thus far, we've been able to stick to the cheaper stuff and
> accomplish our goals.
>
> Dan
>
> (end)
> On Jun 27, 2016 6:01 PM, "Karl Auer"  wrote:
>
> > On Mon, 2016-06-27 at 13:08 -0700, c b wrote:
> > > In some cases...
> >
> > The words "in some cases" are a problem with any supposedly plug and
> > play solution.
> >
> > > We really could use a simple solution that you
> > > just flip on, it calls home, and works...
> >
> > ...but still requiring someone to enter credentials of some sort,
> > right? Otherwise you have a device wandering about that provides look
> > -mum-no-hands access to your corporate network.
> >
> > MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB
> > for a wireless dongle or storage, and has a highly-scriptable operating
> > system. Not a bad platform.
> >
> > Regards, K.
> >
> > --
> > ~~~
> > Karl Auer (ka...@biplane.com.au)
> > http://www.biplane.com.au/kauer
> > http://twitter.com/kauer389
> >
> > GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> > Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
>
>
>
>


-- 

GregSowell.com
TheBrothersWISP.com

Re: Webmail / IMAPS software for end-user clients in 2016

2016-06-14 Thread Greg Sowell 
+1 for Zimbra

On Sun, Jun 12, 2016 at 12:53 PM, Jim Lucas  wrote:

> June 8 2016 6:08 PM, "Eric Kuhnke"  wrote:
> > If you had to put up a public facing webmail interface for people to use,
> > and maintain it for the foreseeable future (5-6 years), what would you
> use?
> >
> > Roundcube?
> > https://roundcube.net
> >
> > Rainloop?
> > http://www.rainloop.net
> >
> > Something else?
> >
> > Requirements:
> > Needs to be open souce and GPL, BSD or Apache licensed
> >
> > Email storage will be accessed via IMAP/TLS1.2
> >
> > Runs on a Debian based platform with apache2 or nginx
> >
> > Desktop browser CSS and mobile device CSS/HTML functionality on 4" to 7"
> > size screens with Chrome and Safari
>
> I work for an ISP, and recently we were faced with the same dilemma. We
> knew that our RoundCube was rather old and needed a facelift.  We started
> looking at new clients what I came across RainLoop.
>
> IMO RoundCube still doesn't have a decent working mobile theme.
>
> I went ahead and installed RainLoop on my personal server. Configuration
> was a breeze. The interface is very nice. And the mobile layout is very
> slick.
>
> I did come across a problem with displaying emails and when I emailed
> their support email, they were very quick to respond.  And within 24 hors
> they were able to write a fix for my specific issue and build a new release
> for me to download and test.
>
> I think that says something for their support team.
>
> Even if my office doesn't adopt RainLoop,  I will continue using it on my
> personal server for the forsee able future.
>
> --
> Jim Lucas
> C - 5414085189
> H - 5413234219
> http://cmsws.com
>



-- 

GregSowell.com
TheBrothersWISP.com

Re: CALEA

2016-05-09 Thread Greg Sowell 
I haven't had a request in ages...back then all of the links worked.
On May 9, 2016 3:02 PM, "Jeremy Austin"  wrote:

> On Thu, May 5, 2016 at 4:43 PM, Justin Wilson  wrote:
>
> > What is the community hearing about CALEA?
> >
>
> Crickets?
>
>
> --
> Jeremy Austin
>
> (907) 895-2311
> (907) 803-5422
> jhaus...@gmail.com
>
> Heritage NetWorks
> Whitestone Power & Communications
> Vertical Broadband, LLC
>
> Schedule a meeting: http://doodle.com/jermudgeon
>

Re: sub $500-750 CPE firewall for voip-centric application

2016-05-09 Thread Greg Sowell 
+1 for mikrotik,  been solid cpe for ages.
I know a lot of msps using fortigates also.
On May 8, 2016 11:43 AM, "Eygene Ryabinkin"  wrote:

> Fri, May 06, 2016 at 09:51:15PM +0200, Mark Tinka wrote:
> > On 6/May/16 21:40, Josh Reynolds wrote:
> > > I've been very happy with the 2.3 release. Modularizing everything and
> the
> > > new bootstrap GUI is very nice. Updated BSD code base is a godsend.
> >
> > I was just about to ask the experienced coders whether the new GUI in
> > 2.3 fixes a lot of problems of the past...
> >
> > And yes, 2.3 is running FreeBSD 10.3.
>
> Just use FreeBSD without pfSense stuff -- it is easier ;)) Modulo the
> absence of the network-based installation for FreeBSD via PXE [1] out
> of the box (well, it is doable, but I'd prefer to have an easier way
> and Linuxen have that), so large-scale stuff is a bit tough.  Was
> discussed several times in FBSD lists, big players have their own
> homegrown stuff from the early days of the universe, others are either
> not doing that or relying on the existing recipes.  And there are not
> sufficient others of the big $SCALE :(
>
> 
> [1] Something I'm trying to find the time for the past 5-6 years,
> should finally do that.
> 
> --
> Eygene Ryabinkin, National Research Centre "Kurchatov Institute"
>
> Always code as if the guy who ends up maintaining your code will be
> a violent psychopath who knows where you live.
>

Re: Shared cabinet "security"

2016-02-13 Thread Greg Sowell 
Mike,

I've seen people use shelves to segregate cabinets.  I've seen some that
screw from both sides and eat very little space.

Greg
On Feb 13, 2016 8:07 AM, "Mike Hammett"  wrote:

> Getting a cabinet in someone else's datacenter (Equinix, Coresite, Telx,
> etc.) and having sub-tenants. Most networks aren't going to need more than
> a handful of U in a datacenter, but the more significant the datacenter,
> the less likely they are to provide partial cabinets... which makes no
> sense. Sure, some networks need large chassis routers chewing up 10U - 20U,
> but there are far more networks that need routers that take up 1U, 2U,
> something like that. For many networks, the sheer cost of the space in the
> datacenter doubles their overall cost per megabit.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> - Original Message -
>
> From: "Bevan Slattery" 
> To: "Mike Hammett" 
> Cc: "North American Network Operators' Group" 
> Sent: Saturday, February 13, 2016 2:36:34 AM
> Subject: Re: Shared cabinet "security"
>
>
> Sorry. I'm not sure I get from which angle you are coming at this from.
> Happy to clarify for you and anyone interested if you can help me out here.
>
>
> Cheers
>
> [b]
>
> On 13 Feb 2016, at 12:58 PM, Mike Hammett < na...@ics-il.net > wrote:
>
>
>
>
>
> There are more options when you're not just using someone else's
> datacenter.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> - Original Message -
>
> From: "Bevan Slattery" < be...@slattery.net.au >
> To: "Mike Hammett" < na...@ics-il.net >
> Cc: "North American Network Operators' Group" < nanog@nanog.org >
> Sent: Friday, February 12, 2016 4:44:34 PM
> Subject: Re: Shared cabinet "security"
>
> In a past life we worked with our supplier to create physically separate
> sub-enclosures.1/2 and 1/3. Able to build in a separate and secure cable
> path for interconnects to the meet-me-room and connection to power supplies.
>
> Can be done and I think there are now rack suppliers that do this as
> standard. Been out of DC space for a few years now.
>
> [b]
>
> > On 13 Feb 2016, at 6:58 AM, Mike Hammett < na...@ics-il.net > wrote:
> >
> >
> > That moment when you hit send and remember a couple things…
> >
> > Of course labeling of the cables.
> >
> > Maybe colored wire loom for fiber and DACs in the vertical spaces to go
> along with the previously mentioned color scheme?
> >
> >
> >
> >
> > -
> > Mike Hammett
> > Intelligent Computing Solutions
> > http://www.ics-il.com
> >
> > Midwest-IX
> > http://www.midwest-ix.com
> >
> > - Original Message -
> >
> > From: "Mike Hammett" < na...@ics-il.net >
> > To: "North American Network Operators' Group" < nanog@nanog.org >
> > Sent: Friday, February 12, 2016 2:53:17 PM
> > Subject: Re: Shared cabinet "security"
> >
> >
> > I am finding a bunch of covers for the front. I do wish they stuck out
> more than an inch (like two).
> >
> http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/s_sf%20series%20security%20covers_96-035/96_035s_sf.ashx
> >
> > It looks like these guys stick out 1.5”. That may be workable…
> http://www.lowellmfg.com/tinymce/jscripts/tiny_mce/plugins/filemanager/files/1717-SSCV.pdf
> >
> > I guess those covers are really only useful for servers. That really
> wouldn’t work with a switch\router. Switches and routers are going to be
> the bulk of what we’re dealing with.
> >
> > I am finding locking power cables, but that seems to be specific to the
> PDU you’re using as it requires the other half of the lock on the PDU.
> >
> > I did come across colored power cords. I wonder with some enforced cable
> management, colored power cables, etc. we would have “good enough”? You get
> some 1U or 2U cable organizers, require cables to be secured to the
> management, vertical cables in shared spaces are bound together by
> customer, color of Velcro matches color of the power cord? Blue customer,
> green customer, red customer, etc. Could do the cat6 patch cables that way
> too, but that gets lost when moving to glass or DACs.
> >
> > I thought about a web cam that would record anyone coming into the
> cabinet, but Equinix doesn’t really allow pictures in their facilities, so
> that’s not going to fly. Door contacts should be helpful for an audit log
> of at least when the doors were opened or closed.
> >
> > Financial penalty from the violator to the victim if there’s an uh oh?
> >
> > I’m not trying to save someone from themselves. I’m not trying to lock
> the whole thing down. Just trying to prevent mistakes in a shared space.
> >
> >
> >
> >
> > -
> > Mike Hammett
> > Intelligent Computing Solutions
> > http://www.ics-il.com
> >
> > Midwest-IX
> > http://www.midwest-ix.com
> >
> > - Original

Re: Colo space at Cermak

2015-11-13 Thread Greg Sowell 
I would guess it has to do with competing with your landlord now.  I know
it's starting to happen more and more.

On Thu, Nov 12, 2015 at 8:32 PM, Mike Hammett  wrote:

> Has something happened the past couple months to cause a quick shortage of
> space at Cermak? I had an offer sent a few months ago (when I didn't need
> it) where a cab and five cross connects were cheaper than what five cross
> connects normally are, much less the cabinet value as well. Around that
> time I think cabinets were going for $700 or so for basic primary\redundant
> 20A. Now the cabinet is going for $1,800. It went from being the cheapest
> I've seen at Cermak to the most I've seen at Cermak in a matter of a few
> months. Two people with space in that building are citing an uptick in
> demand. Really? That much of a demand increase with hundreds of thousands
> of square feet coming online in the Chicago metro?
>
> Can anyone corroborate that story or are they just making stuff up hoping
> I agree to inflated cabinet prices?
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
>
>
> Midwest Internet Exchange
> http://www.midwest-ix.com
>
>
>
>


-- 

GregSowell.com
TheBrothersWISP.com