Re: 100G over 100 km of dark fiber
Hi Jared, Easiest thing would be breaking into sub-100G channels (e.g. 4x 25G) and using DWDM optics + Amp + Compensation + Pre-Amp to transport it across the 100km. Same parts for all configs: *) 1x Amplifier => 1 slot *) 1x 100km dispersion compensation => separate 1U *) 1x Pre-Amplifier => 1 slot Sample config per site: *) 1U chassis (4 slots) *) 1x Mgmt card => 1 slot *) [same parts for all configs] *) 1x 25G converter (100G client port split into 4x 25G SFP28 line ports) => 1 slot *) 1x 8 channel DWDM Mux/Demux => separate 1U *) 4x 25G SFP28 DWDM 10km *) 1x 100G QSFP28 SR/LR (this is only for the client port on the converter - you need a second one for your device) => footprint per site ~6200 USD for 1x 100G The above setup requires 3U of rack space per site and provides 4 more DWDM channels as spares for further upgrades and the DWDM unit will have an separate upgrade port, to expand the number of filters (if you do not want to replace the whole filter with a bigger one). If you you want to go for a solution which starts with 4x 100G you're on the 13k USD range (per site): *) 2U chassis (8 slots) *) 1x Mgmt card => 1 slot *) [same parts for all configs] *) 4x 25G converter (100G client port split into 4x 25G SFP28 line ports) => 4 slots *) 1x 16 channel DWDM Mux/Demux => separate 1U *) 16x 25G SFP28 DWDM 10km *) 4x 100G QSFP28 SR/LR (this is only for the client port on the converter - you need a second one for your device) => footprint per site ~13000 USD for 4x 100G Even expansion to 12x 100G is more or less "cheap": *) 5U chassis (16 slots) *) 1x Mgmt card => 1 slot *) [same parts for all configs] *) 12x 25G converter (100G client port split into 4x 25G SFP28 line ports) => 12 slots *) 1x 48 channel DWDM Mux/Demux => separate 1U *) 48x 25G SFP28 DWDM 10km *) 12x 100G QSFP28 SR/LR (this is only for the client port on the converter - you need a second one for your device) => footprint per site ~31000 USD for 12x 100G I typically go for Sintai, FS.com and Edgeoptics components. Regarding the compensation and AMPs stuff: it's just math, nothing else :). Best regards Jürgen
Anyone using Sintai?
Dear folks, is anyone using gear from Sintai? Happy to hear some feedback regarding stability and/or operation issues. Off-list replies are welcome. thanks & best regards Jürgen
AW: L2VPN/L2transport, Cumulus Linux & hardware suggestion
Dear Adam, yeah, forget about LACP - the bigger problem is all the LLDP and STP stuff, that gets interpreted at the UNI port. LACP is a bad example - but there are many other frames and protocols, which must work. Could be that a customer wants to run MPLS+LDP on his VLL (for whatever reason ...). > For your requirements, although I hesitate to recommend them for enterprise/carrier use, Miktotik's EoIP protocol does a much better job of this than most "carrier-grade" implementations. Not at wirespeed ... and not without causing other issues (single thread load, etc). > Juniper has the EX4650 that matches your h/w specs,... Not 100% sure the Juniper EX does 25G, now that I think of it. Yeah, EX4650 it does: 48x 1/10/25G + 6x 100G + MPLS It also supports Ethernet over MPLS (at least they say here: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/mpls-over view.html#id-mpls-feature-support-on-qfx-series-and-ex4600-switches) but at some of their sites they mention, that MPLS-based CCC are not support: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/mpls-over view.html#jd0e2531 " ... MPLS-based circuit cross-connects (CCC) are not supportedonly circuit-based pseudowires are supported. ..." There is also the QFX5120-48Y - 48x 1/10/25G + 8x 100G + MPLS In the past QFX wasn't the best idea for MPLS topics ... has this changed? > and Arista has, oh, at least half a dozen boxes of various spec that comply, too. Yeah, I already know them (do have some older 7050S). The call it "VXLAN P2P Pseudowire", but there is absolutely nothing in there CLI documentation :(. Looks like the feature is only support on the 7280 platform. Possible options: 7280SR2-48YC6 Do you have any experience with what they call "VXLAN P2P Pseudowire"? I can't even find a config example on the net :( thanks & best regards Jürgen -Ursprüngliche Nachricht- Von: Adam Thompson [mailto:athomp...@merlin.mb.ca] Gesendet: Dienstag, 7. Juli 2020 23:09 An: Jürgen Jaritsch ; nanog@nanog.org Betreff: RE: L2VPN/L2transport, Cumulus Linux & hardware suggestion Good luck with tunnelling LACP, no matter what boxes you have - LACP has (de facto) hard jitter requirements of under 1msec, or you'll be getting TCP resets coming out your ears due to mis-ordered packets. For your requirements, although I hesitate to recommend them for enterprise/carrier use, Miktotik's EoIP protocol does a much better job of this than most "carrier-grade" implementations. Otherwise, Juniper and Arista both come to mind, Juniper has the EX4650 that matches your h/w specs, and Arista has, oh, at least half a dozen boxes of various spec that comply, too. Not 100% sure the Juniper EX does 25G, now that I think of it. Adam Thompson Consultant, Infrastructure Services MERLIN 100 - 135 Innovation Drive Winnipeg, MB, R3T 6A8 (204) 977-6824 or 1-800-430-6404 (MB only) mailto:athomp...@merlin.mb.ca http://www.merlin.mb.ca > -Original Message- > From: NANOG <mailto:nanog-bounces+athompson=merlin.mb...@nanog.org> On Behalf > Of Jürgen Jaritsch > Sent: Tuesday, July 7, 2020 3:15 PM > To: mailto:nanog@nanog.org > Subject: L2VPN/L2transport, Cumulus Linux & hardware suggestion > > Dear folks, > > have anyone already tried to run VXLAN/EVPN + Bridge Layer 2 Protocol > Tunneling on Cumulus Linux as an replacement for classic MPLS > L2VPN/VPWS (xconnect, l2circuit, VLL) ? > > I need to provide transparent Ethernet P2P virtual leased lines to my > customers and these have to support stuff like LLDP, STP, LACP, etc. > The transport L2 network is not THAT big: max hops between VTEP is 4. > > Anyone have suggestions for the below hardware request? > #) 1-3U L2/L3 box > #) 48x SFP28 / 1/10/25G > #) 6x QSFP28 / 100G > #) VXLAN/EVPN with L2 tunneling support or > #) MPLS VPWS/l2circuit > #) Dual PSU > > > thanks & best regards > Jürgen >
L2VPN/L2transport, Cumulus Linux & hardware suggestion
Dear folks, have anyone already tried to run VXLAN/EVPN + Bridge Layer 2 Protocol Tunneling on Cumulus Linux as an replacement for classic MPLS L2VPN/VPWS (xconnect, l2circuit, VLL) ? I need to provide transparent Ethernet P2P virtual leased lines to my customers and these have to support stuff like LLDP, STP, LACP, etc. The transport L2 network is not THAT big: max hops between VTEP is 4. Anyone have suggestions for the below hardware request? #) 1-3U L2/L3 box #) 48x SFP28 / 1/10/25G #) 6x QSFP28 / 100G #) VXLAN/EVPN with L2 tunneling support or #) MPLS VPWS/l2circuit #) Dual PSU thanks & best regards Jürgen
Re: Marseille Colocation
+1 for the IX in Marseille! Cross-connect charges are always the same with IX: you need to buy the pre-cabling (see below) and afterwards you pay CC with MRC: Costs for pre-cabling from your rack to the MMR (NRC): 6 SMD pairs: 2.475,00 Eur 12 SMD pairs: 4.125,00 Eur 24 SMD pairs: 5.960,00 Eur Copper-CC pre-cabling from your rack to the MMR (NRC): 6x UTP/STP RJ45: 1.950,00 Eur 12x UTP/STP RJ45: 2.600,00 Eur 24x UTP/STP RJ45: 3.650,00 Eur Copper CC MRC (same building): 45,00 Eur Copper CC MRC (doesn't matter to which IX building on the IX campus): 85,00 Eur Copper CC MRC (between your own racks): 25,00 Eur SMD CC MRC (same building): 85,00 Eur SMD CC MRC (doesn't matter to which IX building on the IX campus): 85,00 Eur SMD CC MRC (between your own racks): 45,00 Eur I heard something about a raise from 85,00 to 95,00 Eur MRC, but as of yet I didn't have a proof for this. Connecting the CC to your equipment: 275,00 Eur NRC Best regards Jürgen
Netflix - wide ranges of wrongly blocked IP ranges
Dear list, is anyone else experiencing massive issues with Netflix caused by wrongly blocked IP ranges? Looks like Netflix started to block wide ranges of Colts IP assignments (EU & Switzerland). Im in touch with ~400 affected customers which are no longer able to play any video on the website (Ooops, something went wrong - Streaming error. Looks like youre using a Proxy blablabla). Is someone from Netflixs NOC on the list? Offnet feedback is welcome - Im able to provide IPs for verification and Im able to provide proof for no proxy configuration from Colt J. They do not use any type of CGNAT thanks & best regards JJ
Re: 1/2u 100g Metro-E Aggregation Switch
http://www.extremenetworks.com/wp-content/uploads/2014/10/ExtremeXOS_Feature _License_Requirements.pdf Page 18 - AFAIK there wasnt THAT huge change on features since 2014 Best, JJ
Re: Facebook more specific via Level3 ?
Hi Mike, Im running some DNS on my own for a few hundred users from an private community project. But this issue is also affecting DNS from smaller/other ISPs which do NOT use any forwarder but the root DNS. Best regards Jürgen
AW: Facebook more specific via Level3 ?
Hi, > (query facebook.com and fbcdn.com on 8.8.8.8 instead of regular recursive > resolving) and we get directed to Frankfurt or Amsterdam (never London or > Paris). This is exactly what I've implemented yesterday on my end :). Best regards Jürgen -Ursprüngliche Nachricht- Von: Radu-Adrian Feurdean [mailto:na...@radu-adrian.feurdean.net] Gesendet: Mittwoch, 22. März 2017 11:02 An: Jürgen Jaritsch <juer...@jaritsch.at>; Doug Porter <d...@fb.com>; nanog@nanog.org Betreff: Re: Facebook more specific via Level3 ? On Tue, Mar 21, 2017, at 20:38, Jürgen Jaritsch wrote: > I understand that FB is using some type of DNS geo-loadbalancing and > other mechanism to redirect users to (possibly) nearer mirrors. The > used DNS is directly requesting the root DNS and not any other public > DNS (e.g. not 8.8.8.8). Running some requests within 3 minutes gives > me the below > results: > > www.facebook.com => star-mini.c10r.facebook.com. => 31.13.77.36 > www.facebook.com => star-mini.c10r.facebook.com. => 157.240.2.35 > www.facebook.com => star-mini.c10r.facebook.com. => 31.13.93.36 > www.facebook.com => star-mini.c10r.facebook.com. => 31.13.76.68 Hi, the load-balancing definitely doesn't choose the *nearest* mirror. We are in France and unless we do dirty tricks, we *always* get directed to US sites (as far as LA), with horrible performance. Everything since end of December. As a consequence we let the dirty tricks in place (query facebook.com and fbcdn.com on 8.8.8.8 instead of regular recursive resolving) and we get directed to Frankfurt or Amsterdam (never London or Paris).
AW: Facebook more specific via Level3 ?
Hi Luke, please see https://mailman.nanog.org/pipermail/nanog/2017-March/090658.html ... I did some tests a few min ago and yes, I'm receiving the 31.13.77.x and 31.13.76.x via DNS for www.facebook.com. Best regards Jürgen -Ursprüngliche Nachricht- Von: Luke Guillory [mailto:lguill...@reservetele.com] Gesendet: Dienstag, 21. März 2017 20:38 An: Jürgen Jaritsch <juer...@jaritsch.at>; nanog@nanog.org Betreff: RE: Facebook more specific via Level3 ? Are they replying with that subnet via dns when requests are being made? Luke Guillory Network Operations Manager Tel:985.536.1212 Fax:985.536.0300 Email: lguill...@reservetele.com Reserve Telecommunications 100 RTC Dr Reserve, LA 70084 _ Disclaimer: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material which should not disseminate, distribute or be copied. Please notify Luke Guillory immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Luke Guillory therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. . -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jürgen Jaritsch Sent: Tuesday, March 21, 2017 2:24 PM To: nanog@nanog.org Subject: Re: Facebook more specific via Level3 ? Hi, > This specific, and many others, are only announced to peers in the > metro they originate in. To receive this prefix directly you'll need > to peer with us in Los Angeles. the point is: Level3 is exporting this prefix to the EU since ~1 week … Telia is learning it from Level3 and they also started to re-export it: Telia Looking Glass (http://lg.telia.net/?query=bgp=IPv4=31.13.71.0/24+exact r=Vienna) Command: show route protocol bgp 31.13.71.36 table inet.0 31.13.71.0/24 *[BGP/170] 18w5d 16:40:16, MED 0, localpref 150 AS path: 3356 32934 I, validation-state: unverified > to 80.239.128.178 via ae9.0 This is causing >120ms latency to Austrian (and some German ...) networks towards Facebook - current traceroute from source network 188.172.239.0/24: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. router 0.0% 40.5 0.5 0.5 0.6 0.0 2. 192.168.8.3 0.0% 40.6 0.7 0.6 0.8 0.1 3. 37.252.236.880.0% 4 37.3 34.2 30.6 37.3 2.9 4. er-03.00-09-23.anx04.vie.at.anexia-it.com0.0% 4 21.1 31.9 21.1 50.9 13.3 5. cr-02.0v-08-72.anx03.vie.at.anexia-it.com0.0% 4 23.2 25.9 20.4 31.6 5.1 6. win-b4-link.telia.net0.0% 4 22.1 25.0 22.1 30.1 3.5 7. level-ic-1573273-wien-b4.c.telia.net 0.0% 3 22.4 22.3 21.1 23.3 1.1 8. ae-3-3611.edge2.dallas1.level3.net 0.0% 3 150.5 150.6 150.4 150.8 0.2 9. facebook-in.edge2.dallas1.level3.net 0.0% 3 156.6 152.9 151.0 156.6 3.2 10. po102.psw02.dft4.tfbnw.net 0.0% 3 151.4 151.6 151.4 152.0 0.4 11. 173.252.67.570.0% 3 151.6 152.3 151.6 153.4 0.9 12. edge-star-mini-shv-01-dft4.facebook.com 0.0% 3 159.3 158.4 152.5 163.6 5.6 The admins of AS42473 started to drop the more specific from Level3 and now they get it from Telia (which is the Level3 re-export they learned). I guess you guys should talk to Level3 and ask them what the hell they are doing? :). Thanks & best regards Jürgen
AW: Facebook more specific via Level3 ?
Hi Doug, looks like this is also affecting other prefixes: 157.240.3.0/24 *[BGP/170] 18w5d 16:50:37, MED 0, localpref 150 AS path: 3356 32934 I, validation-state: unverified > to 80.239.128.178 via ae9.0 I understand that FB is using some type of DNS geo-loadbalancing and other mechanism to redirect users to (possibly) nearer mirrors. The used DNS is directly requesting the root DNS and not any other public DNS (e.g. not 8.8.8.8). Running some requests within 3 minutes gives me the below results: www.facebook.com => star-mini.c10r.facebook.com. => 31.13.77.36 www.facebook.com => star-mini.c10r.facebook.com. => 157.240.2.35 www.facebook.com => star-mini.c10r.facebook.com. => 31.13.93.36 www.facebook.com => star-mini.c10r.facebook.com. => 31.13.76.68 Trace to 31.13.77.36: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev [...] 6. win-b4-link.telia.net0.0% 3 21.5 27.5 21.5 35.7 7.3 7. level-ic-1573273-wien-b4.c.telia.net 0.0% 3 21.7 20.8 20.0 21.7 0.8 8. ae-1-9.edge2.sanjose3.level3.net 0.0% 3 177.1 179.8 177.1 182.6 2.8 9. 4.53.210.78 0.0% 3 178.3 178.8 178.3 179.2 0.5 10. po131.asw04.sjc1.tfbnw.net 0.0% 3 184.6 180.0 177.6 184.6 4.0 11. po241.psw02.sjc2.tfbnw.net 0.0% 3 177.8 177.6 177.3 177.8 0.3 12. 173.252.67.790.0% 3 176.3 177.4 176.3 177.9 0.9 13. edge-star-mini-shv-01-sjc2.facebook.com 0.0% 3 177.6 177.4 177.1 177.6 0.3 Trace to 157.240.2.35: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev [...] 6. win-b4-link.telia.net0.0% 3 20.9 25.8 20.8 35.8 8.6 7. level-ic-1573273-wien-b4.c.telia.net 0.0% 3 20.5 21.4 20.2 23.4 1.8 8. ??? 9. 4.15.85.102 0.0% 3 142.9 138.5 135.8 142.9 3.8 10. po121.asw01.ord3.tfbnw.net 0.0% 3 135.5 135.7 135.5 136.0 0.4 11. po211.psw01c.ort2.tfbnw.net 0.0% 2 136.1 135.7 135.3 136.1 0.6 12. 173.252.67.127 0.0% 2 151.6 147.6 143.6 151.6 5.7 13. edge-star-mini-shv-01-ort2.facebook.com 0.0% 2 136.0 135.9 135.8 136.0 0.2 Trace to 31.13.93.36 => this one is going via the FB DE-CIX peering and latency of 34ms is perfect: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. router 0.0% 50.5 0.5 0.5 0.6 0.0 2. 192.168.8.3 0.0% 40.7 0.7 0.7 0.8 0.1 3. 37.252.236.880.0% 4 37.8 38.0 31.8 46.1 6.0 4. er-03.00-09-23.anx04.vie.at.anexia-it.com0.0% 4 25.3 25.2 23.1 29.2 2.9 5. cr-02.0v-08-72.anx03.vie.at.anexia-it.com0.0% 4 21.3 30.4 20.6 40.1 10.9 6. cr-01.0v-08-73.anx25.fra.de.anexia-it.com0.0% 4 45.7 39.1 33.1 45.7 5.3 7. ae1.br02.fra1.tfbnw.net 0.0% 4 33.0 34.6 32.1 40.3 3.8 8. po114.asw01.fra2.tfbnw.net 0.0% 4 33.6 35.6 33.3 41.7 4.0 9. po211.psw01d.fra3.tfbnw.net 0.0% 4 40.8 36.6 32.9 40.8 3.4 10. 173.252.67.171 0.0% 4 41.2 35.6 33.3 41.2 3.7 11. edge-star-mini-shv-01-fra3.facebook.com 0.0% 4 34.6 33.9 33.2 34.6 0.6 Trace to 31.13.76.68: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev [...] 6. win-b4-link.telia.net0.0%14 28.9 24.7 20.3 29.3 3.5 7. level-ic-1573273-wien-b4.c.telia.net 0.0%14 22.8 22.5 20.0 30.9 3.7 8. ae-2-3613.edge1.seattle3.level3.net 0.0%13 195.2 189.2 186.0 195.2 3.5 9. 4.59.232.46 0.0%13 187.9 188.2 186.7 196.1 2.5 10. po101.psw03.sea1.tfbnw.net 0.0%13 194.7 188.3 186.5 194.7 2.0 11. 173.252.67.125 0.0%13 188.0 188.8 186.9 195.5 2.2 12. edge-star-mini-shv-01-sea1.facebook.com 0.0%13 186.6 189.0 186.2 196.0 3.1 Best regards Jürgen -Ursprüngliche Nachricht- Von: Doug Porter [mailto:d...@fb.com] Gesendet: Dienstag, 21. März 2017 18:41 An: Jürgen Jaritsch <juer...@jaritsch.at>; nanog@
Re: Facebook more specific via Level3 ?
Hi, > This specific, and many others, are only announced to peers in the > metro they originate in. To receive this prefix directly you'll > need to peer with us in Los Angeles. the point is: Level3 is exporting this prefix to the EU since ~1 week Telia is learning it from Level3 and they also started to re-export it: Telia Looking Glass (http://lg.telia.net/?query=bgp=IPv4=31.13.71.0/24+exact r=Vienna) Command: show route protocol bgp 31.13.71.36 table inet.0 31.13.71.0/24 *[BGP/170] 18w5d 16:40:16, MED 0, localpref 150 AS path: 3356 32934 I, validation-state: unverified > to 80.239.128.178 via ae9.0 This is causing >120ms latency to Austrian (and some German ...) networks towards Facebook - current traceroute from source network 188.172.239.0/24: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. router 0.0% 40.5 0.5 0.5 0.6 0.0 2. 192.168.8.3 0.0% 40.6 0.7 0.6 0.8 0.1 3. 37.252.236.880.0% 4 37.3 34.2 30.6 37.3 2.9 4. er-03.00-09-23.anx04.vie.at.anexia-it.com0.0% 4 21.1 31.9 21.1 50.9 13.3 5. cr-02.0v-08-72.anx03.vie.at.anexia-it.com0.0% 4 23.2 25.9 20.4 31.6 5.1 6. win-b4-link.telia.net0.0% 4 22.1 25.0 22.1 30.1 3.5 7. level-ic-1573273-wien-b4.c.telia.net 0.0% 3 22.4 22.3 21.1 23.3 1.1 8. ae-3-3611.edge2.dallas1.level3.net 0.0% 3 150.5 150.6 150.4 150.8 0.2 9. facebook-in.edge2.dallas1.level3.net 0.0% 3 156.6 152.9 151.0 156.6 3.2 10. po102.psw02.dft4.tfbnw.net 0.0% 3 151.4 151.6 151.4 152.0 0.4 11. 173.252.67.570.0% 3 151.6 152.3 151.6 153.4 0.9 12. edge-star-mini-shv-01-dft4.facebook.com 0.0% 3 159.3 158.4 152.5 163.6 5.6 The admins of AS42473 started to drop the more specific from Level3 and now they get it from Telia (which is the Level3 re-export they learned). I guess you guys should talk to Level3 and ask them what the hell they are doing? :). Thanks & best regards Jürgen
Facebook more specific via Level3 ?
Hi, is anyone else receiving Facebooks /24 more specific from Level3 (AS3356)? 31.13.70.0/24 *[BGP/170] 1w5d 17:21:28, MED 0, localpref 100, from a.b.c.d AS path: 3356 32934 I, validation-state: unverified This more specific is only visible via AS3356 Facebook isnt even announcing it via direct peering. Any Facebook admin on or off list available to get this debugged and tracked down? Thanks & best regards Jürgen
RE: Advertising rented IPv4 prefix from a different ASN.
Just create a more specific route obejct (for the /nn you plan to announce) at your RIR, ask the institute to sign a LOA and inform your upstreams. Announcing the more specific is nothing unusual. Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Andrew [and...@vianet.ca] Received: Freitag, 05 Aug. 2016, 15:33 To: nanog@nanog.org [nanog@nanog.org] Subject: Advertising rented IPv4 prefix from a different ASN. Hello List, I work for a medium sized ISP. We are entering an agreement to rent some IPv4 space from a local higher education institution. Being a multi-homed ISP we would like to advertise the rented prefix from our ASN. The prefix that will be advertised is a smaller subnet from the higher educations block; they will continue to advertise the larger prefix. What is the best way to accomplish this? Is there any way of doing this without having to tunnel the traffic through the origin ASN? I feel if we just adverse the prefix it get put on a bogon list for prefix hijacking. This space is rented long term but they are not interested in reassigning the space to us. They also want to keep advertising their prefix as one contiguous block. I appreciate any insight and information. Thank you for your time, Andrew.
AW: NANOG67 - Tipping point of community and sponsor bashing?
> Really? The x-connect is run through active equipment operated by the data > centre? Same drama in Chicago with Atlantic Metro ... you can purchase a SMF DF xcon for 800USD/month ... everything else is actively transported on an Ethernet platform with simple/stupid VLAN tagging. You're even receiving their STP packets best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mark Tinka Gesendet: Montag, 20. Juni 2016 10:13 An: Thomas Mangin; North American Network Operators' Group Betreff: Re: NANOG67 - Tipping point of community and sponsor bashing? On 20/Jun/16 09:59, Thomas Mangin wrote: > > > Telecity Manchester (UK), now Equinix Manchester, have charged MRC for > internal cabling since forever (in my case, forever being 2001 when I > first became customer). > They normally run their cables through their switches but when the > distance is short enough you can insist on a P2P. Really? The x-connect is run through active equipment operated by the data centre? Is this a specific service you purchased, or is this the way they deliver x-connects? Mark.
AW: AW: AW: Verizon and Level3 DNS flush
> Altering routing and/or adding capacity/capabilities to the existing > infrastructure is generally better Yes ... but as mentioned in one of the off-list replies: the original DNS are from a 3rd party and they had no chance to expand resources ... best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Roland Dobbins Gesendet: Donnerstag, 02. Juni 2016 11:30 An: nanog@nanog.org Betreff: Re: AW: AW: Verizon and Level3 DNS flush On Jun 2, 2016, at 3:42 PM, Jürgen Jaritsch <jjarit...@anexia-it.com> wrote: > it IS expected behavior that traffic will switch over to the new DNS. Altering routing and/or adding capacity/capabilities to the existing infrastructure is generally better, whenever possible, due to the cache-flushing challenges you're now experiencing. Sometimes it isn't possible, of course. --- Roland Dobbins <rdobb...@arbor.net>
AW: AW: Verizon and Level3 DNS flush
Hi Roland, the difference between old and new DNS are way more capacity and extra DDoS protection ... it IS expected behavior that traffic will switch over to the new DNS. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Roland Dobbins Gesendet: Donnerstag, 02. Juni 2016 10:38 An: nanog@nanog.org Betreff: Re: AW: Verizon and Level3 DNS flush On Jun 2, 2016, at 1:24 AM, Jürgen Jaritsch <jjarit...@anexia-it.com> wrote: > and that's the reason why we had to move over to a new NS set. Which the attackers (or their attack tools) will immediately discern, & shift their targeting accordingly. Playing games like this with addressing seldom, if ever, accomplishes anything useful in terms of successfully defending against DDoS attacks. --- Roland Dobbins <rdobb...@arbor.net>
AW: Verizon and Level3 DNS flush
Hi Mike, thanks for your (not so useful :)) answer ... I'm aware of things like TTL etc ... but the situation is that customer is receiving ~130gbit of DNS reflection attack to their original DNS and that's the reason why we had to move over to a new NS set. I'm not allowed to tell you the customers and/or project name but I guess many of you know them ... if you're reading Twitter or reddit you've probably recognized which global service is broken at the moment ... Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mike Gesendet: Mittwoch, 01. Juni 2016 20:17 An: nanog@nanog.org Betreff: Re: Verizon and Level3 DNS flush On 06/01/2016 10:59 AM, Jürgen Jaritsch wrote: > Dear NANOGers, > > is there anyone from Verizon and Level3 who can help me with DNS caching > issue? We're running a global service for a customer and we had to change to > NS IPs via Glue Records. At the moment at least Verizone and Level3 are > caching old NS records. Looking for DNS admins out there. > > > Please contact me off- or on-list! > I totally understand the desire to just be able to go ask major operators for a courtesy cache flush, but there are ways to update dns and procedures to engage that can eliminate the underlaying causes of same. Not that everyone, including myself, is prefect or godly (or has their name in the rfc...!), but at the same time, it's a learning experience being offered to you and I hope that whatever hole you shot in your foot heals soon and hopefull you never have to make another one like it. Mike-
Verizon and Level3 DNS flush
Dear NANOGers, is there anyone from Verizon and Level3 who can help me with DNS caching issue? We're running a global service for a customer and we had to change to NS IPs via Glue Records. At the moment at least Verizone and Level3 are caching old NS records. Looking for DNS admins out there. Please contact me off- or on-list! Thanks & best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com<mailto:jjarit...@anexia-it.com> Web: http://www.anexia-it.com<http://www.anexia-it.com/> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
AW: Need BGP route check (UPDATE)
Hi Matt, output from lg.he.net: core1.fmt2.he.net> show ip bgp routes detail 129.77.0.0/16 Number of BGP Routes matching display condition : 2 S:SUPPRESSED F:FILTERED s:STALE 1 Prefix: 129.77.0.0/16, Status: BI, Age: 1h0m28s NEXT_HOP: 216.66.50.106, Metric: 680, Learned from Peer: 216.218.252.148 (6939) LOCAL_PREF: 140, MED: 1, ORIGIN: igp, Weight: 0 AS_PATH: 46887 14607 14607 COMMUNITIES: 6939:1000 6939:1001 6939: 2 Prefix: 129.77.0.0/16, Status: I, Age: 1h0m28s NEXT_HOP: 216.66.32.6, Metric: 725, Learned from Peer: 216.218.252.212 (6939) LOCAL_PREF: 140, MED: 1, ORIGIN: igp, Weight: 0 AS_PATH: 46887 14607 14607 COMMUNITIES: 6939:1000 6939:1001 6939: Last update to IP routing table: 1h0m28s, 1 path(s) installed: # Entry cached for another 59 seconds. At least at this stage no special communities are visible but I don't know if HE removes existing communities. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Matthew Huff Gesendet: Freitag, 20. Mai 2016 18:11 An: Eric Tykwinski Cc: nanog@nanog.org Betreff: RE: Need BGP route check (UPDATE) >From responses I received, I have gotten a number of different answers. Some >are seeing our routes from 6128, some from 46887 and a few from both. The >response from Eric though was typical. Showing the IPv4 prefix only from >AS6128, but the IPv6 from both 6128 & 46887. I am guessing that 46887 might be set with a community to not export our IPv4 prefixes except to direct peers? Anyone directly peered with 46887 that could see the community for 129.77.0.0/16 and verify? Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669 > -Original Message- > From: Eric Tykwinski [mailto:eric-l...@truenet.com] > Sent: Friday, May 20, 2016 11:48 AM > To: Matthew Huff <mh...@ox.com> > Subject: RE: Need BGP route check > > Matt, > > show ip bgp 129.77.0.0/16 > BGP routing table entry for 129.77.0.0/16, version 161696687 > Paths: (2 available, best #2, table Default-IP-Routing-Table) > Advertised to update-groups: > 1 > 3356 6128 14607 > 4.59.140.65 from 4.59.140.65 (4.69.183.7) > Origin IGP, metric 0, localpref 100, valid, external > 174 6128 14607 > 38.104.114.73 from 38.104.114.73 (154.26.5.244) > Origin IGP, metric 105030, localpref 100, valid, external, best > Community: 174:21000 174:22013 > > show bgp ipv6 unicast 2620:0:2810::/48 > BGP routing table entry for 2620:0:2810::/48, version 18004880 > Paths: (2 available, best #1, table Global-IPv6-Table) > Advertised to update-groups: > 2 > 3356 6128 14607 > 2001:1900:2100::A2D (FE80::219:7FF:FEDD:2800) from > 2001:1900:2100::A2D > (4.69.183.7) > Origin IGP, metric 0, localpref 100, valid, external, best > Community: 3356:3 3356:22 3356:100 3356:123 3356:575 3356:2039 > 6128:3000 6128:3091 6128:4000 6128:5003 6128:5046 64600:4000 > 64600:65002 > 174 46887 14607 14607 > 2001:550:2:4::B:1 (FE80::D66D:50FF:FE5E:1D3) from 2001:550:2:4::B:1 > (154.26.5.244) > Origin IGP, metric 105030, localpref 100, valid, external > Community: 174:21001 174:22013 > > Sincerely, > > Eric Tykwinski > TrueNet, Inc. > P: 610-429-8300 > > > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Matthew Huff > Sent: Friday, May 20, 2016 11:32 AM > To: nanog@nanog.org > Subject: Need BGP route check > > One of our upstreams is apparently having problems, although they don't > appear to know about it. I've seen an alert at BGPmon.net about our > prefixes > being withdrawn, and I can't locate our prefixes through that provider > on > any routeviews. Can someone check to see what ASPATHS you are seeing > for our > prefixes? > > 129.77.0.0/16 > 2620:0:2810::/48 > > We should be advertised via AS6128 and AS46887 > > > Matthew Huff | 1 Manhattanville Rd Director of > Operations | > Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 > aim: matthewbhuff | Fax: 914-694-5669 > > >
AW: Need BGP route check
Hi Matt, NYC: > show route 129.77.0.0/16 AS path: 6939 46887 14607 14607 I, validation-state: unverified AS path: 1299 6939 6939 46887 14607 14607 I, validation-state: unverified > show route 2620:0:2810::/48 AS path: 6939 6128 14607 I, validation-state: unverified AS path: 1299 3356 6128 14607 I, validation-state: unverified LAX: #sh ip bgp 129.77.0.0/16 6939 46887 14607 14607 1299 6939 6939 46887 14607 14607 #sh ip bgp ipv6 uni 2620:0:2810::/48 6939 6128 14607 1299 3356 6128 14607 Hong Kong: #sh ip bgp 129.77.0.0/16 10026 6939 46887 14607 14607 3491 6128 14607 #sh ip bgp ipv6 uni 2620:0:2810::/48 3491 6128 14607 Frankfurt: > show route 129.77.0.0/16 AS path: 6939 46887 14607 14607 I, validation-state: unverified AS path: 3356 6128 14607 I, validation-state: unverified AS path: 3320 3356 6128 14607 I, validation-state: unverified AS path: 1299 6939 6939 46887 14607 14607 I, validation-state: unverified > show route 2620:0:2810::/48 AS path: 6939 6128 14607 I, validation-state: unverified AS path: 3356 6128 14607 I, validation-state: unverified AS path: 1299 6939 6128 14607 I, validation-state: unverified AS path: 3320 6939 6128 14607 I, validation-state: unverified best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Matthew Huff Gesendet: Freitag, 20. Mai 2016 17:32 An: nanog@nanog.org Betreff: Need BGP route check One of our upstreams is apparently having problems, although they don't appear to know about it. I've seen an alert at BGPmon.net about our prefixes being withdrawn, and I can't locate our prefixes through that provider on any routeviews. Can someone check to see what ASPATHS you are seeing for our prefixes? 129.77.0.0/16 2620:0:2810::/48 We should be advertised via AS6128 and AS46887 Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669
AW: mpls switches
Hi, L2VPN works also pretty well with the Extremes (X670). Only one thing doesn't work: LACP BPDU forwarding for the customer. This is caused by the method how Extreme let you configure the L2VPN on those small boxes. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Simon Lockhart Gesendet: Mittwoch, 13. April 2016 08:23 An: Colton Conor Cc: nanog@nanog.org Betreff: Re: mpls switches On Tue Apr 12, 2016 at 07:29:54PM -0500, Colton Conor wrote: > Someone told me to check out extreme networks, cisco or Ciena for the more > cost effective mpls kit. Any advice on which of the three would have the > most cost effective 10G MPLS switch? I'm using Extreme switches for VPLS - the X460 will give you up to 6 x 10G ports, and the X670 will give you 48 x 10G ports (and 4 x 40G ports). I've not tried them as P nodes (we use Cisco for that), or for any other MPLS features (L3VPN), but for VPLS they're working well for us. When we started using them, they were significantly cheaper than Cisco alternatives. Simon
RE: Figuring out traceroute
Looks like the device is always las-b3 (Los Angeles, border 3). As far as I know Telia works with IS-IS and multiple load balanced links from each bb (backbone) router to each border router. Usually they don't deal with L2 in case of customer BGP downlinks. Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Reza Motamedi [motam...@cs.uoregon.edu] Received: Freitag, 11 März 2016, 1:26 To: nanog@nanog.org [nanog@nanog.org] Subject: Figuring out traceroute Hi guys, This might seem a bit of a trivial question, but I guess there is no harm in asking. I am looking at a collection of traceroutes all go through the following consecutive hops (* >> 213.248.98.238), as shown here (I kept the DNSname just for completeness): + From >> To + (213.155.130.125:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.130.127:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.131.75:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.131.83:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.131.85:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.134.251:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.134.253:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.134.77:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.137.57:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (213.155.137.59:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.114.111:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.168:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.170:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.174:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.176:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.178:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.180:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.182:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.184:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.186:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.188:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.116.190:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.140.253:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) + (62.115.140.255:las-b3-link.telia.net) >> (213.248.98.238:b harti-ic-140621-las-b3.c.telia.net) Given the way traceroute works (most of the times), which reports back the ingress port of the router it hits, do you think it fair to assume that all the hops that I see on the `From` hop are all different ports of one router? I think the other explanation is that there is switch (or something that does not have IP footprint) between `From` side and `To` side. How probable do you think this second explanation is? Best Regards Reza Motamedi (R.M)
AW: Cogent - Google - HE Fun
Hi, mail from Cogent: >>>> Dear Cogent Customer, Thank you for contacting Cogent Customer Support for information about the Google IPv6 addresses you are unable to reach. Google uses transit providers to announce their IPv4 routes to Cogent. At this time however, Google has chosen not to announce their IPv6 routes to Cogent through transit providers. We apologize for any inconvenience this may cause you and will notify you if there is an update to the situation. <<<< Mail from Google: >>>> Unfortunately it seems that your transit provider does not have IPv6 connectivity with Google. We suggest you ask your transit provider to look for alternatives to interconnect with us. Google maintains an open interconnect policy for IPv6 and welcomes any network to peer with us for access via IPv6 (and IPv4). For those networks that aren't able, or chose not to peer with Google via IPv6, they are able to reach us through any of a large number of transit providers. For more information in how to peer directly with Google please visit https://peering.google.com <<<< best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-bounces+jjaritsch=anexia-it@nanog.org] Im Auftrag von Dennis Burgess Gesendet: Mittwoch, 09. März 2016 17:01 An: North American Network Operators' Group Betreff: Cogent - Google - HE Fun I just noticed that I am NOT getting IPV6 Google prefixes though Cogent at all. I was told google pulled all of their peering with Cogent? If I bring up a SIT tunnel with HE, I get the prefixes but at horrible speed and latency .. anyone else? [DennisBurgessSignature] www.linktechs.net<http://www.linktechs.net/> - 314-735-0270 x103 - dmburg...@linktechs.net<mailto:dmburg...@linktechs.net>
RE: mrtg alternative
PRTG since years ... And smokeping for special things ... Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Guillaume Tournat [guilla...@ironie.org] Received: Sonntag, 28 Feb. 2016, 11:39 To: Roberto Alvarado [ralvar...@anycast.cl]; nanog@nanog.org [nanog@nanog.org] Subject: Re: mrtg alternative Zabbix for monitoring/graphing/alerting Can be used for maps and SLA measurements too > Le 28 févr. 2016 à 00:27, Roberto Alvarado <ralvar...@anycast.cl> a écrit : > > Zabbix works for me > > > >> On 27-02-2016, at 18:12, Rafael Ganascim <rganas...@gmail.com> wrote: >> >> I like cacti: >> >> http://www.cacti.net >> >> >> >> 2016-02-26 20:18 GMT-03:00 Baldur Norddahl <baldur.nordd...@gmail.com>: >> >>> Hi >>> >>> I am currently using MRTG and RRD to make traffic graphs. I am searching >>> for more modern alternatives that allows the user to dynamically zoom and >>> scroll the timeline. >>> >>> Bonus points if the user can customize the graphs directly in the >>> webbrowse. For example he might be able to add or remove individual peers >>> from the graph by simply clicking a checkbox. >>> >>> What is the 2016 tool for this? >>> >>> Regards, >>> >>> Baldur >>>
Netflix spam after open connect appliance upgrade
Anyone else receiving update/upgrade notifications (after an open connect appliance upgrade) more than one time? cdn-...@netflix.com<mailto:cdn-...@netflix.com> is not responding so I try to reach someone from Netflix via NANOG ... if there's someone reading my message please contact me offlist. Thanks & best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com<mailto:jjarit...@anexia-it.com> Web: http://www.anexia-it.com<http://www.anexia-it.com/> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
AW: AW: AW: Peering Exchange
Hi Dovid, Yes, vitamin B often helps. But it doesn't matter - if the transit provider doesn't support it on an official way you do net get an SLA for the communities. They could stop working from one day to another ... Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Dovid Bender [mailto:do...@telecurve.com] Gesendet: Mittwoch, 27. Jänner 2016 15:23 An: Jürgen Jaritsch <j...@anexia.at>; NANOG <nanog-boun...@nanog.org>; i3D net - Martijn Schmidt <martijnschm...@i3d.net>; Andrey Yakovlev <andy.ya...@ya.ru>; Bernd Spiess <bernd.spi...@ip-it.com>; Colton Conor <colton.co...@gmail.com>; Hugo Slabbert <h...@slabnet.com> Cc: NANOG <nanog@nanog.org> Betreff: Re: AW: AW: Peering Exchange HE will if you know who to speak to... Regards, Dovid -Original Message- From: Jürgen Jaritsch <j...@anexia.at> Sender: "NANOG" <nanog-boun...@nanog.org>Date: Wed, 27 Jan 2016 14:20:31 To: i3D net - Martijn Schmidt<martijnschm...@i3d.net>; Andrey Yakovlev<andy.ya...@ya.ru>; Bernd Spiess<bernd.spi...@ip-it.com>; Colton Conor<colton.co...@gmail.com>; Hugo Slabbert<h...@slabnet.com> Cc: NANOG<nanog@nanog.org> Subject: AW: AW: Peering Exchange Hi Martjin, > I think nearly every major IP transit provider has built out a BGP action > community system to allow their customers to control prefix announcements in That’s also what I thought but the truth is: there are MANY major transit providers who simply doesn't support any community ... one of the most famous is Hurricane Electric :( Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von i3D.net - Martijn Schmidt Gesendet: Mittwoch, 27. Jänner 2016 15:01 An: Andrey Yakovlev <andy.ya...@ya.ru>; Bernd Spiess <bernd.spi...@ip-it.com>; Colton Conor <colton.co...@gmail.com>; Hugo Slabbert <h...@slabnet.com> Cc: NANOG <nanog@nanog.org> Betreff: Re: AW: Peering Exchange "We also had problems where transit customers said don't want to be exported to a certain IX point of presence while he wanted to be exported at a different location." That's a fairly normal request. I think nearly every major IP transit provider has built out a BGP action community system to allow their customers to control prefix announcements in the way you're describing it here (e.g. prepending and no-export to certain peers/upstreams). Of course outbound traffic from your customer to "the rest of the world" can not be controlled that way. Best regards, Martijn On 01/27/2016 02:23 AM, Andrey Yakovlev wrote: > Some companies present at some IX with no MLPE simply don't like to be listed > at all, and they prefer to be filtered out from LG servers. It's simply their > police and some big companies do not have a policy which is the same for > everyone peering, say, content provider X will peer with you if you reach > >80Mbps, could not always be true. I have lived a situation where someone > demanded to peer to a DC I happened to manage at that time because his > competitor was peering as well and sharing the same IX, but my company had no > real reason to peer from the NOC perspective and using another port would > just be a waste of time and money with no real advantage other than a barely > better latency. Manager said no thanks, as asked for our peering policy to > become private. Sometimes things just don't have a better explanation and > some people just don't want to accept a different policy to different players. > We also had problems where transit customers said don't want to be exported > to a certain IX point of presence while he wanted to be exported at a > different location. Who ever told him he could pick where we export who? > Nobody. In the end if you are seriously interested to join the IX you will > bet the full list for MLPEs, etc. Otherwise it's just the policy for the club. > > -- > ./andy > > > 26.01.2016, 22:23, "Bernd Spiess" <bernd.spi...@ip-it.com>: >>> Is there a way to browse a r
AW: AW: Peering Exchange
Hi Martjin, > I think nearly every major IP transit provider has built out a BGP action > community system to allow their customers to control prefix announcements in That’s also what I thought but the truth is: there are MANY major transit providers who simply doesn't support any community ... one of the most famous is Hurricane Electric :( Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von i3D.net - Martijn Schmidt Gesendet: Mittwoch, 27. Jänner 2016 15:01 An: Andrey Yakovlev <andy.ya...@ya.ru>; Bernd Spiess <bernd.spi...@ip-it.com>; Colton Conor <colton.co...@gmail.com>; Hugo Slabbert <h...@slabnet.com> Cc: NANOG <nanog@nanog.org> Betreff: Re: AW: Peering Exchange "We also had problems where transit customers said don't want to be exported to a certain IX point of presence while he wanted to be exported at a different location." That's a fairly normal request. I think nearly every major IP transit provider has built out a BGP action community system to allow their customers to control prefix announcements in the way you're describing it here (e.g. prepending and no-export to certain peers/upstreams). Of course outbound traffic from your customer to "the rest of the world" can not be controlled that way. Best regards, Martijn On 01/27/2016 02:23 AM, Andrey Yakovlev wrote: > Some companies present at some IX with no MLPE simply don't like to be listed > at all, and they prefer to be filtered out from LG servers. It's simply their > police and some big companies do not have a policy which is the same for > everyone peering, say, content provider X will peer with you if you reach > >80Mbps, could not always be true. I have lived a situation where someone > demanded to peer to a DC I happened to manage at that time because his > competitor was peering as well and sharing the same IX, but my company had no > real reason to peer from the NOC perspective and using another port would > just be a waste of time and money with no real advantage other than a barely > better latency. Manager said no thanks, as asked for our peering policy to > become private. Sometimes things just don't have a better explanation and > some people just don't want to accept a different policy to different players. > We also had problems where transit customers said don't want to be exported > to a certain IX point of presence while he wanted to be exported at a > different location. Who ever told him he could pick where we export who? > Nobody. In the end if you are seriously interested to join the IX you will > bet the full list for MLPEs, etc. Otherwise it's just the policy for the club. > > -- > ./andy > > > 26.01.2016, 22:23, "Bernd Spiess" <bernd.spi...@ip-it.com>: >>> Is there a way to browse a route server at >>> certain exchanges, and see who is and is not on the route server? >> Quite many ixp´s do so ... so you can verify yourself what is going on... >> Typical offer of a looking glass: >> You can see the sessions, you can see the amount of prefixes, >> You can see the prefix list and you can see the communities & more >> on these prefixes >> >> E.g.: >> https://lg.nyc.de-cix.net/ >> https://lg.dxb.de-cix.net/ >> https://lg.mrs.de-cix.net/ ... and others ... >> https://www.linx.net/pubtools/looking-glass.html >> https://tieatl-server1.telx.com/lg.pl >> etc... >> >> not sure why this should be hidden ... but yes: there are some >> ixp out there who does not show this information or just with a >> login ... >> >> Bernd >> (yes ... I do work for de-cix)
RE: Arista optics
Go with Solid Optics (www.solid-optics.com). I can share a good sales contact offlist. Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Alex Forster [a...@alexforster.com] Received: Mittwoch, 20 Jän. 2016, 17:41 To: North American Network Operators' Group [nanog@nanog.org] Subject: Arista optics Hi everyone! I'm trying to get buy-in to go with Arista for some new infrastructure, but the Arista optics just aren't in the ballpark for us at "proof-of-concept" volume. In Cisco-land, we've had great success using Finisar optics, and they've been an easy "sell" to management since many Cisco optics are just rebranded Finisar's. The relevant Arista optics I'm looking at are QSFP-100G-LR4 and SFP-10G-LR. Does anybody know what supplier(s) manufacture these optics for Arista? Alternatively, does anyone have any experience using third-party comparable optics (especially the 100G) in the battlefield? Since optics sales are pretty cut-throat, I do ask that you disclose if you have a financial interest in any of your suggestions. Thanks! Alex Forster
AW: Programmable SFP+ Transcievers
I don't know the US pricing ... but in the EU get it for less :). I buy hundreds of optics per year from them - since 18 months they are our exclusive partner for optic deliveries. I've to work with Juniper, Extreme Networks, Cisco, Brocade, Fortinet, Radware and HP. Whatever you need: they make it happen :). Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Denis Fondras Gesendet: Mittwoch, 20. Jänner 2016 20:11 An: nanog@nanog.org Betreff: Re: Programmable SFP+ Transcievers > How does Solid Optics compare on pricing? They don't list them on their > website. > Last time I checked, it was roughly US$90 for a SFP-10G-LR+-SO.
RE: route converge time
Hi, Why you not simply shut down the session upfront (before you turn down the link)? Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Baldur Norddahl [baldur.nordd...@gmail.com] Received: Sonntag, 29 Nov. 2015, 0:39 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: route converge time Hi The IP transit links are direct links (not multihop). It is my impression that a link down event is handled with no significant delay by the router that has the link. The problem is the other router, the one that has to go through the first router to access the link the went down. The transit links are not unstable and in fact they have never been down due to a fault. But we are a young network and still frequently have to change things while we build it out. There have been cases where I have had to take down the link for various reasons. There seems to be no way to do this without causing significant disruption to the network. Our routers are 2015 hardware. The spec has 2M IPv4 + 1M IPv6 routes in FIB and 10M routes in RIB. Route convergence time is specified as 15k routes/second. 8 GB ram on the route engines. Say transit T1 is connected to router R1 and transit T2 is connected to router R2. I believe the underlying problem is that due to MPLS L3VPN the next hop on R2 for routes out through T1 is not the transit provider router as usual. Instead it is the loopback IP of R1. This means that when T1 goes down, the next hop is still valid and R2 is unable to deactivate the invalid routes as a group operation due to invalid next hop. I am considering adding a loopback2 interface that has a trigger on the transit interface, such that a shutdown on loopback2 is triggered if the transit interface goes down. And then force next hop to be loopback2. That way our IGP will signal that the next hop is gone and that should invalidate all the routes as a group operation. Regards, Baldur
RE: route converge time
Route update via new policy could be more cpu intensive than dropping prefixes caused by session shutdown. Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Matthew Petach [mpet...@netflight.com] Received: Sonntag, 29 Nov. 2015, 2:21 CC: nanog@nanog.org [nanog@nanog.org] Subject: Re: route converge time Or, better yet, apply a REJECT-ALL type policy on the neighbor to deny all inbound/outbound prefixes; that way, you can keep the session up as long as possible, but gracefully bleed traffic off ahead of your work. Matt On Sat, Nov 28, 2015 at 3:46 PM, Jürgen Jaritsch <j...@anexia.at> wrote: > Hi, > > Why you not simply shut down the session upfront (before you turn down the > link)? > > Best regards > > > Jürgen Jaritsch > Head of Network & Infrastructure > > ANEXIA Internetdienstleistungs GmbH > > Telefon: +43-5-0556-300 > Telefax: +43-5-0556-500 > > E-Mail: j...@anexia.at > Web: http://www.anexia.at > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt > Geschäftsführer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > > -Original Message- > From: Baldur Norddahl [baldur.nordd...@gmail.com] > Received: Sonntag, 29 Nov. 2015, 0:39 > To: nanog@nanog.org [nanog@nanog.org] > Subject: Re: route converge time > > Hi > > The IP transit links are direct links (not multihop). It is my impression > that a link down event is handled with no significant delay by the router > that has the link. The problem is the other router, the one that has to go > through the first router to access the link the went down. > > The transit links are not unstable and in fact they have never been down > due to a fault. But we are a young network and still frequently have to > change things while we build it out. There have been cases where I have had > to take down the link for various reasons. There seems to be no way to do > this without causing significant disruption to the network. > > Our routers are 2015 hardware. The spec has 2M IPv4 + 1M IPv6 routes in FIB > and 10M routes in RIB. Route convergence time is specified as 15k > routes/second. 8 GB ram on the route engines. > > Say transit T1 is connected to router R1 and transit T2 is connected to > router R2. > > I believe the underlying problem is that due to MPLS L3VPN the next hop on > R2 for routes out through T1 is not the transit provider router as usual. > Instead it is the loopback IP of R1. This means that when T1 goes down, the > next hop is still valid and R2 is unable to deactivate the invalid routes > as a group operation due to invalid next hop. > > I am considering adding a loopback2 interface that has a trigger on the > transit interface, such that a shutdown on loopback2 is triggered if the > transit interface goes down. And then force next hop to be loopback2. That > way our IGP will signal that the next hop is gone and that should > invalidate all the routes as a group operation. > > Regards, > > Baldur >
AW: Uptick in spam
Hi, I added this two lines to our postfix header checks: /mike@sentex\.net/ DISCARD /jdenoy@jdlabs\.fr/ DISCARD Worked very well: # grep -i discard /var/log/mail.log | grep -iE "@jdlabs|@sentex" | wc -l 408 Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von John Peach Gesendet: Montag, 26. Oktober 2015 17:07 An: nanog@nanog.org Betreff: Re: Uptick in spam I added this to my postfix header_checks: /^Subject:.*\bFw: new message/ REJECT No more new messages please On Sat, 24 Oct 2015 21:13:58 -0700 anthony kasza <anthony.ka...@gmail.com> wrote: > Has there been a recent uptick in crap sent to the list or is it just > me? Is there anything that we can do to filter these messages with > junk links? > > -AK
AW: Cogent BGP Woes
Hi Justin, no issues in the past 6 months ... neither in Kiev nor in Dublin ... most of the time solved within 2-3 days. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Justin Wilson - MTIN Gesendet: Donnerstag, 15. Oktober 2015 20:38 An: NANOG <nanog@nanog.org> Betreff: Cogent BGP Woes Have the rest of you been having as hard a time I am having in turning up BgP sessions with Cogent? They have made it a sales order nowadays instead of support. I filled out the questionnaire on the support site over 3 weeks ago and was directed to sales. I am going on 3 weeks waiting on a session to be turned up. Just wondering if I am alone. Justin Wilson j...@mtin.net --- http://www.mtin.net Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com COO/Chairman Internet Exchange - Peering - Distributed Fabric
AW: AW: /27 the new /24
Hi Mike, it's not a bureaucracy problem ... if you're a big player and you have to decide about a 2-3 Mio invest to upgrade only a few of your POPs (and let's say you have hundreds of POPs) it will be hard to find the "right" decision. Some questions these decision makers have to think about: #) What are the future plans for this POP? #) How upgradeable / expandable is the new equipment? #) Does our engineers know everything they need to run & debug & fix this new equipment? #) TOC incl support contract over the complete lifetime? #) Product life cycle? (Is it outdated in two years??) #) Will we keep spare parts onsite or nearby? #) How long needs the vendor to deliver everything I need? #) Is it compatible with all the already installed equipment? #) Migration plan to move existing customers to the new equipment? There are a ton of additional questions ... but I guess I pointed out some of the most important. Big players can't only calculate the price of the equipment - most of the time all the surrounding stuff (installation, new cabinets, migrations, training of engineers, etc) is producing 0,5x to 1x of the equipment costs. To get some easy numbers: take the discounted price (no one pays list prices ...) of an equipment and take this price x2 => that will be a realistic number to get the box onsite, up and running. It's not all the time something simple like a router with 20 patch cords :(. Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mike Hammett Gesendet: Samstag, 03. Oktober 2015 04:53 Cc: NANOG <nanog@nanog.org> Betreff: Re: AW: /27 the new /24 A better truth may be that I have no idea about bureaucracies... which I'll happily admit to. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "Jürgen Jaritsch" <j...@anexia.at> To: "Mike Hammett" <na...@ics-il.net>, "NANOG" <nanog@nanog.org> Sent: Friday, October 2, 2015 2:25:10 PM Subject: AW: /27 the new /24 > Stop using old shit. Sorry, but the truth is: you have no idea about how earning revenue works and you obviously also have no idea about carrier grade networks. Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mike Hammett Gesendet: Freitag, 02. Oktober 2015 20:38 An: NANOG <nanog@nanog.org> Betreff: Re: /27 the new /24 Chances are the revenue passing scales to some degree as well. Small business with small bandwidth needs buys small and has small revenue. Big business with big bandwidth needs buys big and has big revenue to support big router. I can think of no reason why ten years goes by and you haven't had a need to throw out the old network for new. If your business hasn't scaled with the times, then you need to get rid of your Cat 6500 and get something more power, space, heat, etc. efficient. I saw someone replace a stack of Mikrotik CCRs with a pair of old Cisco routers. I don't know what they were at the moment, but they had GBICs, so they weren't exactly new. Each router had two 2500w power supplies. They'll be worse in every way (other than *possibly* BGP convergence). The old setup consumed at most 300 watts. The new setup requires $500/month in power... and is worse. Stop using old shit. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "William Herrin" <b...@herrin.us> To: "Mike Hammett" <na...@ics-il.net> Cc: "NANOG" <nanog@nanog.org> Sent: Friday, October 2, 2015 1:09:16 PM Subject: Re: /27 the new /24 On Fri, Oct 2, 2015 at 11:50 AM, Mike Hammett <na...@ics-il.net> wrote: > How many routers out there have this limitation? A $100 router > I bought ten years ago could manage many full tables. If > someone's network can't match that today, should I really have > any pity for them? Hi
AW: AW: /27 the new /24
Hi, yeah, of course there are newer models ... I mentioned the older ones (from the past 3-5 years). There are also Cisco routers available that are able to handle more than 1 Mio routes - of course also from Juniper. Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Youssef Bengelloun-Zahr [mailto:yous...@720.fr] Gesendet: Samstag, 03. Oktober 2015 11:03 An: Jürgen Jaritsch <j...@anexia.at> Cc: nanog@nanog.org; max...@netassist.ua Betreff: Re: AW: /27 the new /24 Hi, FYI, newer linecard models from BROCADE can hold 2 million routes. Probably others can do that now too. Disclaimer : I'm not working for them or defending them, just setting an information straight. My 2 cents. > Le 3 oct. 2015 à 10:33, Jürgen Jaritsch <j...@anexia.at> a écrit : > > As mentioned before: even the new SUP2T from Cisco is limited to 1Mio routes > ... > > There are MANY other vendors with the same limitations: Juniper, Brocade, etc > > And the solt equipment is not the 99USD trash from the super market at the > corner ... > > > Jürgen Jaritsch > Head of Network & Infrastructure > > ANEXIA Internetdienstleistungs GmbH > > Telefon: +43-5-0556-300 > Telefax: +43-5-0556-500 > > E-Mail: j...@anexia.at > Web: http://www.anexia.at > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt > Geschäftsführer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > > -Original Message- > From: Max Tulyev [max...@netassist.ua] > Received: Samstag, 03 Okt. 2015, 9:11 > To: nanog@nanog.org [nanog@nanog.org] > Subject: Re: AW: /27 the new /24 > > Which routers? DIR-300 with OpenWRT/Quagga? :) > > I think all above-the-trash level routers supports >1M routes, isn't it? > >> On 02.10.15 17:45, Jürgen Jaritsch wrote: >> Hi, >> >> this would at least help to get rid of many old routing engines around the >> world :) ... or people would keep their "learn nothing smaller than /24" >> filters in place. Also an option - but not for companies who act as an IP >> transit provider. >> >> >> best regards >> >> Jürgen Jaritsch >> Head of Network & Infrastructure >> >> ANEXIA Internetdienstleistungs GmbH >> >> Telefon: +43-5-0556-300 >> Telefax: +43-5-0556-500 >> >> E-Mail: jjarit...@anexia-it.com >> Web: http://www.anexia-it.com >> >> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt >> Geschäftsführer: Alexander Windbichler >> Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 >> >> >> -Ursprüngliche Nachricht- >> Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Justin Wilson - >> MTIN >> Gesendet: Freitag, 02. Oktober 2015 16:32 >> An: NANOG >> Betreff: /27 the new /24 >> >> I was in a discussion the other day and several Tier2 providers were talking >> about the idea of adjusting their BGP filters to accept prefixes smaller >> than a /24. A few were saying they thought about going down to as small as >> a /27. This was mainly due to more networks coming online and not having >> even a /24 of IPv4 space. The first argument is against this is the >> potential bloat the global routing table could have. Many folks have worked >> hard for years to summarize and such. others were saying they would do a /26 >> or bigger. >> >> However, what do we do about the new networks which want to do BGP but only >> can get small allocations from someone (either a RIR or one of their >> upstreams)? >> >> Just throwing that out there. Seems like an interesting discussion. >> >> >> Justin Wilson >> j...@mtin.net >> >> --- >> http://www.mtin.net Owner/CEO >> xISP Solutions- Consulting – Data Centers - Bandwidth >> >> http://www.midwest-ix.com COO/Chairman >> Internet Exchange - Peering - Distributed Fabric >
AW: AW: AW: /27 the new /24
Hi Mike, > but the boxes that have been there for 10 years have more than paid for > themselves (unless they're a shitty business). No question about that! But why should they throw them away if they can still print $$$ with these boxes? They have to change nothing till the global routing table reaches at least 768k ... so let's say this will happen in 12-18 months. They have enough time to prepare, migrate, etc ... and while all the side stories are happening they are still able to print $$$ with the "old shit". > What I was saying is that my little business with meager means (and revenues) > can afford a box to do it. This is definitely a question about sizing. Replacing a box with ~200 connected customers (only at this box!) is way more complex and this is nothing unrealistic. > If their business hasn't boomed, maybe it's time to replace that old 6500 > with a 4500x or a QFX-5100 or an x670 or whatever. 4500x => no MPLS features QFX-5100 => very nice box (I'm a big fan) but complicate (and expensive!) licensing. Extreme x670 => nice box too - we also use this. But it's simply too small and the BGP configuration on these boxes is horrible. It's also not possible to provide Ethernet over MPLS with LACP BPDU forwarding ... too less features. Nice for aggregation and POP interconnect. All three models are new and shiny but they can't replace a 6500/7600. Too less port density and too less features (people are still using SDH. You need SDH in an 6500/7600? Simply install the required line card ...). If you really plan to replace a 6509 or even a 6513 you have to go with something like Juniper MX480/960 (I'm in love ... :D) or Cisco Nexus 7k/9k. One thing that will more and more happen: physical separation. There will be boxes with 10G/40G/100G only and boxes with 100M/1G only. Why? It's easier for vendors to remove old compatibility requirements (like electrical interfaces). So what we did in the past 3 years (replacing old boxes with new boxes with 1G/10G interfaces) was useless - we'll get our "old shit" back in place and bring them up and running. Of course: the "old shit" will be reduced to do aggregation layer or to something like "multihop instance" to transport the customers access port to the "real big and powerful router". Solving this with Layer2 extensions (like VLANs) is not practicable because you'll ran into other problems (like STP instances, etc). Probably it makes sense to solve it with Layer2VPN (Ethernet over MPLS, etc) to transport the physical interface to a virtual interface. Lots of things to think about :(. > Your decreased power bill alone will pay it off. If it has boomed, then ten > years of revenues should get you whatever the bigger Ciscos are or an MX or > whatever the bigger Extremes are. Power is no argument. You get power starting at 0,10 Eur /kWh. Another 0,10 Eur / kWh for cooling and we talk about 0,20 Eur / kWh => Cisco 6513 (configured with 11 line cards + 2x SUP) with 2x 6kW PSU uses 3,8kW. 3,8kW * 24 hours * 30 days = 2.736 kWh per month. 2.736 * 0,20 Eur = 547,2 Eur per month for power consumption + cooling. If you have a good sales engineer you earn the revenue for this "side cost" with 1 customer :). Realistic calculation is: 10 customers are required to earn the money for the footprint. > Don't whine about my choices in gear I mentioned. I was just throwing things > out there. Old big, new small if no money or old big new big if money. Think the other way around: companies are earning Mio (or even Bil??) with the old equipment and everything is up and running. Only sometimes there is a small hick up because (of course!) also the "old shit" gets stuck from time to time and crashes. They did everything the right way (especially Level3 ...) from the commercial POV. > BTW: ROS 7 won't have multi-threaded BGP, but will be optimized to handle > full table imports in a significantly reduced time. Oh, and I'm not sure that > you couldn't do at least three nines with MT\UBNT. Well, no experience with > the EdgeRouters yet. Never tried the earlier versions - my last tests happened in the end of 2014. I think we're talking a little bit about different sizes: you're talking about the CCRs and EdgeRouters (which are nice of course - no question about that!) and I'm talking about customer access devices (not CEP!) at carrier grade networks. Boxes I'm talking about have at least a few hundred ports. I think it's very important what UBNT and MT does: they bring fresh wind at the customer/semi-pro market and they show up that you (as a vendor) could get in touch with customers and optimize your equipment with customers feedback. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556
RE: AW: /27 the new /24
As mentioned before: even the new SUP2T from Cisco is limited to 1Mio routes ... There are MANY other vendors with the same limitations: Juniper, Brocade, etc And the solt equipment is not the 99USD trash from the super market at the corner ... Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Max Tulyev [max...@netassist.ua] Received: Samstag, 03 Okt. 2015, 9:11 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: AW: /27 the new /24 Which routers? DIR-300 with OpenWRT/Quagga? :) I think all above-the-trash level routers supports >1M routes, isn't it? On 02.10.15 17:45, Jürgen Jaritsch wrote: > Hi, > > this would at least help to get rid of many old routing engines around the > world :) ... or people would keep their "learn nothing smaller than /24" > filters in place. Also an option - but not for companies who act as an IP > transit provider. > > > best regards > > Jürgen Jaritsch > Head of Network & Infrastructure > > ANEXIA Internetdienstleistungs GmbH > > Telefon: +43-5-0556-300 > Telefax: +43-5-0556-500 > > E-Mail: jjarit...@anexia-it.com > Web: http://www.anexia-it.com > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt > Geschäftsführer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > > -Ursprüngliche Nachricht- > Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Justin Wilson - > MTIN > Gesendet: Freitag, 02. Oktober 2015 16:32 > An: NANOG > Betreff: /27 the new /24 > > I was in a discussion the other day and several Tier2 providers were talking > about the idea of adjusting their BGP filters to accept prefixes smaller than > a /24. A few were saying they thought about going down to as small as a /27. > This was mainly due to more networks coming online and not having even a /24 > of IPv4 space. The first argument is against this is the potential bloat the > global routing table could have. Many folks have worked hard for years to > summarize and such. others were saying they would do a /26 or bigger. > > However, what do we do about the new networks which want to do BGP but only > can get small allocations from someone (either a RIR or one of their > upstreams)? > > Just throwing that out there. Seems like an interesting discussion. > > > Justin Wilson > j...@mtin.net > > --- > http://www.mtin.net Owner/CEO > xISP Solutions- Consulting – Data Centers - Bandwidth > > http://www.midwest-ix.com COO/Chairman > Internet Exchange - Peering - Distributed Fabric >
AW: /27 the new /24
Hi, this would at least help to get rid of many old routing engines around the world :) ... or people would keep their "learn nothing smaller than /24" filters in place. Also an option - but not for companies who act as an IP transit provider. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Justin Wilson - MTIN Gesendet: Freitag, 02. Oktober 2015 16:32 An: NANOG Betreff: /27 the new /24 I was in a discussion the other day and several Tier2 providers were talking about the idea of adjusting their BGP filters to accept prefixes smaller than a /24. A few were saying they thought about going down to as small as a /27. This was mainly due to more networks coming online and not having even a /24 of IPv4 space. The first argument is against this is the potential bloat the global routing table could have. Many folks have worked hard for years to summarize and such. others were saying they would do a /26 or bigger. However, what do we do about the new networks which want to do BGP but only can get small allocations from someone (either a RIR or one of their upstreams)? Just throwing that out there. Seems like an interesting discussion. Justin Wilson j...@mtin.net --- http://www.mtin.net Owner/CEO xISP Solutions- Consulting – Data Centers - Bandwidth http://www.midwest-ix.com COO/Chairman Internet Exchange - Peering - Distributed Fabric
AW: /27 the new /24
Welcome to the real world ... Cisco SUP720-3BXL Cisco RSP720-3BXL and even the new and shiny SUP2T only supports 1 Mio routes (dicvided to IPv4 MPLS, IPv4 VRF, IPv4 global routes, etc). I guess this is still the truth: there are at least a few ten thousand of these devices running big parts of the internet. Take a look at some big players network - e.g. Level3. Their customer access routers in Slovakia, Austria and Germany are still based on the Cisco 6500/7600 platform. Of course there are many other vendors and platforms available which do NOT have this limitations. But there are also at least a ton of vendors on the market with exactly the same limitation :(. best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mike Hammett Gesendet: Freitag, 02. Oktober 2015 17:51 Cc: NANOG Betreff: Re: /27 the new /24 How many routers out there have this limitation? A $100 router I bought ten years ago could manage many full tables. If someone's network can't match that today, should I really have any pity for them? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "Matthew Kaufman" <matt...@matthew.at> To: "Mike Hammett" <na...@ics-il.net> Cc: "NANOG" <nanog@nanog.org> Sent: Friday, October 2, 2015 10:48:29 AM Subject: Re: /27 the new /24 Cheaper than buying everyone TCAM Matthew Kaufman (Sent from my iPhone) > On Oct 2, 2015, at 8:32 AM, Mike Hammett <na...@ics-il.net> wrote: > > Much m ore than I'm willing to spend. ;-) > > > > > - > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > Midwest Internet Exchange > http://www.midwest-ix.com > > > - Original Message - > > From: "Matthew Kaufman" <matt...@matthew.at> > To: "Justin Wilson - MTIN" <li...@mtin.net> > Cc: "NANOG" <nanog@nanog.org> > Sent: Friday, October 2, 2015 9:48:33 AM > Subject: Re: /27 the new /24 > > A /24 isn't that expensive yet... > > Matthew Kaufman > > (Sent from my iPhone) > >> On Oct 2, 2015, at 7:32 AM, Justin Wilson - MTIN <li...@mtin.net> wrote: >> >> I was in a discussion the other day and several Tier2 providers were talking >> about the idea of adjusting their BGP filters to accept prefixes smaller >> than a /24. A few were saying they thought about going down to as small as a >> /27. This was mainly due to more networks coming online and not having even >> a /24 of IPv4 space. The first argument is against this is the potential >> bloat the global routing table could have. Many folks have worked hard for >> years to summarize and such. others were saying they would do a /26 or >> bigger. >> >> However, what do we do about the new networks which want to do BGP but only >> can get small allocations from someone (either a RIR or one of their >> upstreams)? >> >> Just throwing that out there. Seems like an interesting discussion. >> >> >> Justin Wilson >> j...@mtin.net >> >> --- >> http://www.mtin.net Owner/CEO >> xISP Solutions- Consulting – Data Centers - Bandwidth >> >> http://www.midwest-ix.com COO/Chairman >> Internet Exchange - Peering - Distributed Fabric >
AW: /27 the new /24
> Stop using old shit. Sorry, but the truth is: you have no idea about how earning revenue works and you obviously also have no idea about carrier grade networks. Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mike Hammett Gesendet: Freitag, 02. Oktober 2015 20:38 An: NANOG <nanog@nanog.org> Betreff: Re: /27 the new /24 Chances are the revenue passing scales to some degree as well. Small business with small bandwidth needs buys small and has small revenue. Big business with big bandwidth needs buys big and has big revenue to support big router. I can think of no reason why ten years goes by and you haven't had a need to throw out the old network for new. If your business hasn't scaled with the times, then you need to get rid of your Cat 6500 and get something more power, space, heat, etc. efficient. I saw someone replace a stack of Mikrotik CCRs with a pair of old Cisco routers. I don't know what they were at the moment, but they had GBICs, so they weren't exactly new. Each router had two 2500w power supplies. They'll be worse in every way (other than *possibly* BGP convergence). The old setup consumed at most 300 watts. The new setup requires $500/month in power... and is worse. Stop using old shit. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "William Herrin" <b...@herrin.us> To: "Mike Hammett" <na...@ics-il.net> Cc: "NANOG" <nanog@nanog.org> Sent: Friday, October 2, 2015 1:09:16 PM Subject: Re: /27 the new /24 On Fri, Oct 2, 2015 at 11:50 AM, Mike Hammett <na...@ics-il.net> wrote: > How many routers out there have this limitation? A $100 router > I bought ten years ago could manage many full tables. If > someone's network can't match that today, should I really have > any pity for them? Hi Mike, The technology doesn't work the way you think it does. Or more precisely, it only works the way you think it does on small (cheap) end-user routers. Those routers do everything in software on a general-purpose CPU using radix tries for the forwarding table (FIB). They don't have to (and can't) handle both high data rates and large routing tables at the same time. For a better understanding how the big iron works, check out https://www.pagiamtzis.com/cam/camintro/ . You'll occasionally see folks here talk about TCAM. This stands for Ternary Content Addressable Memory. It's a special circuit, different from DRAM and SRAM, used by most (but not all) big iron routers. The TCAM permits an O(1) route lookup instead of an O(log n) lookup. The architectural differences which balloon from there move the router cost from your $100 router into the hundreds of thousands of dollars. Your BGP advertisement doesn't just have to be carried on your $100 router. It also has to be carried on the half-million-dollar routers. That makes it expensive. Though out of date, this paper should help you better understand the systemic cost of a BGP route advertisement: http://bill.herrin.us/network/bgpcost.html Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: <http://www.dirtside.com/>
AW: AW: /27 the new /24
Hi Mike, sorry, this was probably sent to quick ... let me please explain my POV of your statement: I want to concentrate my detailed answer only to the backbone situation which is often handled by the 6500/7600 - I guess all of us know that the 6500/7600 has a ton of additional features ... 6-7 years in the past carriers (and/or big ISPs) had only n*1G backbone capacities built with platforms that only had n*100M interfaces another 3-5 years before. Their only invest in these 3-5 years was to add the Gig line cards, install some software updates and add new fibre optics (GBICs). Chassis, cabling, management interfaces etc could be remain in the cabinet - they only had to replace ONE line card (let's say for a few thousand bucks) and with this invest they were able to scale up their capacities. Of course: at some point they also had to replace the SUPs, PSUs, FANs, etc. But the invest in the surrounding stuff is nothing compared with completely new machines. So what all these companies did was buying a machine with an basic configuration and since 10(!) years they are able to expand this machines with (more or less) small and cheap upgrades. In backbone situations the 6500/7600 are definitely at the end of the resources the platform can provide. Most of the carriers (and of course also the bigger ISPs) had a real chance to evaluate a new model/vendor to ran future networks (with possibly also a very good scale-up path and scaling- and upgrade-options). Most of the before mentioned are already in an migration process (let's take a look at Seabone ... they are migration from Cisco to a mix of Juniper and Huawei). Summary: there are strict limitations within the Cisco 6500/7600 platform and these limitations forces the big players to move this boxes out (or move them into other parts of their network). The limitation with 1Mio routes is not a secret and the admins of these boxes decide what they want to use (e.g. 768k routes for IPv4 unicast and 256k routes for MPLS+VRF, etc). If the global routing table reaches the 768k mark (I guess this will happen in the next 12-18months) most of the boxes will crash again (as it happened in Aug 2014). Regarding the words "I have a small router which handles multiple full tables ...": push and pull a few full tables at the same time and you'll see what's happening: the CCRs are SLOW. And why? Because the software is not as good as it could be: the BGP daemon uses only one core of a 36(?) core CPU. Same problem in the past with the EoIP daemon (not sure if they fixed it on the CCRs - they fixed it on x86). Routerboards are nice and cool and to be honest: I'm a big fan of this stuff (also Ubiquiti). But with this boxes you're not able to ran a stable enterprise class carrier network with >99,5% uptime. And that’s thei MAIN reason why "the old shit" is still online :). Hopefully my words explained my hard "you know nothing" blabla ? Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mike Hammett Gesendet: Freitag, 02. Oktober 2015 21:33 Cc: NANOG <nanog@nanog.org> Betreff: Re: AW: /27 the new /24 Hrm. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "Jürgen Jaritsch" <j...@anexia.at> To: "Mike Hammett" <na...@ics-il.net>, "NANOG" <nanog@nanog.org> Sent: Friday, October 2, 2015 2:25:10 PM Subject: AW: /27 the new /24 > Stop using old shit. Sorry, but the truth is: you have no idea about how earning revenue works and you obviously also have no idea about carrier grade networks. Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Mike Hammett Gesendet: Freitag, 02. Oktober 2015 20:38 An: NANOG <nanog@nanog.org> Betreff: Re: /27 the new /24 Chances are the revenue passing scales to some degree as well. Small business with small bandwidth needs buys small and has small revenue. Big business with big bandwidth
RE: Prefix hijacking by AS20115
Cogent and Level3 will tell you that you are not their customer ...HE and XO will react. Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Paul S. [cont...@winterei.se] Received: Dienstag, 29 Sep. 2015, 6:57 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: Prefix hijacking by AS20115 +1, this is the only sensible advice here. NSPs actually do seem to care about not letting things like these happen. On 2015/09/29 01:24 PM, Hank Nussbacher wrote: > At 23:11 28/09/2015 -0400, Josh Luthman wrote: > >> Start announcing their prefixes? > > Contact the upstreams of AS20115 - Cogent, Level3, HE and XO. > > -Hank > > >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> On Sep 28, 2015 11:09 PM, "Seth Mattinen" <se...@rollernet.us> wrote: >> >> > On 9/28/15 18:30, William Herrin wrote: >> > >> >> On Mon, Sep 28, 2015 at 9:01 PM, Seth Mattinen <se...@rollernet.us> >> >> wrote: >> >> >> >>> I've got a problem where AS20115 continues to announce prefixes >> after BGP >> >>> neighbors were shutdown. They claim it's a wedged BGP process but >> aren't >> >>> in >> >>> any hurry to fix it outside of a maintenance window. >> >>> >> >> >> >> If they weren't lying to you, they'd fix it now. That's not the kind >> >> of problem that waits. >> >> >> >> Thing is: they lied to you. Long ago they "helpfully" programmed >> their >> >> router to announce your route regardless of whether you sent a route >> >> to them. They want to wait for a maintenance window to remove that >> >> configuration. >> >> >> >> >> >> I'm at a loss of what else I can do. They admit the problem but >> won't take >> >>> action saying it needs to wait for a maintenance window. Am I out >> of line >> >>> insisting that's an unacceptable response to a problem that >> results in >> >>> prefix/traffic hijacking? >> >>> >> >> >> >> Try dropping the link entirely. If they still announce your >> addresses, >> >> bring it back up but report it as emergency down, escalate, and call >> >> back every 10 minutes until the junior tech understands that it's >> time >> >> to call and wake up the guy who makes the decision to fix it now. >> >> >> >> >> > >> > I'm at the tail end here almost 8 hours later since the hijacking >> started. >> > Their NOC is just blowing me off now and they're happy to continue the >> > hijacking until it's convenient for them to have a maintenance >> window. And >> > that's apparently the final decision. >> > >> > ~Seth >> > >
AW: Facebook invisible in Italy
Hi, also down for us (Austria & Germany) and the OVH network. Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: jjarit...@anexia-it.com Web: http://www.anexia-it.com Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Marco Paesani Gesendet: Montag, 28. September 2015 22:35 An: nanog <nanog@nanog.org> Betreff: Facebook invisible in Italy Hi, some issues from FB network ?? Do you have some info ? Regards, -- Marco Paesani MPAE Srl Skype: mpaesani Mobile: +39 348 6019349 Success depends on the right choice ! Email: ma...@paesani.it
AW: High latency/packetloss in nyc/nj for cogent/level3/zayo?
Hi, wer're working with Telia and Hurricane in NYC and we only see some latency flaps in the HE network flapping from 0.3 to ~15ms. Nothing really bad. No visible packet loss. Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Fred Hollis Gesendet: Freitag, 04. September 2015 23:18 An: nanog@nanog.org Betreff: High latency/packetloss in nyc/nj for cogent/level3/zayo? Hi, Anyone also experiencing really high lancy and packetloss 80%+ in nyc/nj area for cogent/level3/zayo?
AW: High latency/packetloss in nyc/nj for cogent/level3/zayo?
Hi, I do see one of our offices down ... but ftw.nj.nyi.net is reachable without any issue for us (but the path differ from yours): Packets Pings HostLoss% Snt Last Avg Best Wrst StDev 1. cr-01.0v-00-05.anx32.nyc.us.anexia-it.com 0.0%470.5 5.4 0.4 80.3 17.4 2. cs70.nyi.net 0.0%470.9 6.7 0.8 118.0 21.4 3. cs70.cs80.v.ewr.nyinternet.net0.0%472.6 8.1 2.0 144.8 27.0 4. 96.47.77.142.static.nyinternet.net0.0%472.1 2.1 2.0 3.1 0.1 5. ftw.nj.nyi.net0.0%472.0 2.0 1.9 2.2 0.1 One other thing we do see: looks like Level3 is broken globally ... we can't send traffic from Europe via Level3 to the Asian region: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-03.0v-00-03.anx04.vie.at.anexia-it.com0.0% 1010.3 0.4 0.3 2.2 0.2 2. cr-04.0v-08-71.anx03.vie.at.anexia-it.com0.0% 1010.8 0.8 0.4 17.8 2.0 3. win-b4-link.telia.net0.0% 1010.5 1.6 0.5 29.1 4.0 4. level-ic-1573273-wien-b4.c.telia.net 0.0% 1010.5 3.6 0.4 85.3 12.1 5. ??? 6. 4.69.152.14499.0% 100 307.4 307.4 307.4 307.4 0.0 7. 4.53.208.10289.9% 100 253.8 255.7 251.3 265.8 3.9 8. TenGE4-2.br01.tok02.pccwbtn.net 87.9% 100 524.0 406.4 366.9 536.7 66.9 9. cr-01.0v-00-08.anx11.tyo.jp.anexia-it.com 91.9% 100 368.1 371.0 365.4 382.9 5.5 10. anx-lg-jp-tyo01.anexia-it.com 96.0% 100 368.9 368.6 366.9 369.3 1.1 We'll start a ticket with Level3 support ... hopefully they will share some information (in the next days ... ). Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Fred Hollis Gesendet: Freitag, 04. September 2015 23:34 An: nanog@nanog.org Betreff: Re: High latency/packetloss in nyc/nj for cogent/level3/zayo? 1.|-- hosted-by-i3d.net 0.0% 10 8.1 17.3 0.3 144.6 45.0 2.|-- 80ge.cr0-br2-br3.smartdc.rtd.i3d.net 0.0% 10 0.3 2.1 0.2 9.4 3.0 3.|-- 40ge.cr1-cr0.smartdc.rtd.i3d.net 0.0% 10 0.3 7.3 0.3 13.3 5.7 4.|-- ae51.edge4.London1.Level3.net 0.0% 10 10.6 14.2 7.6 30.4 7.5 5.|-- 4.69.156.9 90.0% 10 224.7 224.7 224.7 224.7 0.0 6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 8.|-- cs20.cs90.v.ewr.nyinternet.net 80.0% 10 169.4 168.8 168.1 169.4 0.9 9.|-- 96.47.77.134.static.nyinternet.net 90.0% 10 167.7 167.7 167.7 167.7 0.0 10.|-- ftw.nj.nyi.net 90.0% 10 169.4 169.4 169.4 169.4 0.0 Having this to almost every network located in NYC/NJ that is going through the said three carrier from many locations. On 04.09.2015 at 23:24 Jürgen Jaritsch wrote: > Hi, > > wer're working with Telia and Hurricane in NYC and we only see some latency > flaps in the HE network flapping from 0.3 to ~15ms. Nothing really bad. > No visible packet loss. > > > Best regards > > Jürgen Jaritsch > Head of Network & Infrastructure > > ANEXIA Internetdienstleistungs GmbH > > Telefon: +43-5-0556-300 > Telefax: +43-5-0556-500 > > E-Mail: j...@anexia.at > Web: http://www.anexia.at > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt > Geschäftsführer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 > > -Ursprüngliche Nachricht- > Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Fred Hollis > Gesendet: Freitag, 04. September 2015 23:18 > An: nanog@nanog.org > Betreff: High latency/packetloss in nyc/nj for cogent/level3/zayo? > > Hi, > > Anyone also experiencing really high lancy and packetloss 80%+ in nyc/nj > area for cogent/level3/zayo? >
AW: High latency/packetloss in nyc/nj for cogent/level3/zayo?
Surprise, surprise ... the cleaning staff stopped his worked and connected back in the correct cord ... Looks like everything went back to normal Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Jürgen Jaritsch Gesendet: Freitag, 04. September 2015 23:45 An: Fred Hollis <f...@web2objects.com>; nanog@nanog.org Betreff: AW: High latency/packetloss in nyc/nj for cogent/level3/zayo? Hi, I do see one of our offices down ... but ftw.nj.nyi.net is reachable without any issue for us (but the path differ from yours): Packets Pings HostLoss% Snt Last Avg Best Wrst StDev 1. cr-01.0v-00-05.anx32.nyc.us.anexia-it.com 0.0%470.5 5.4 0.4 80.3 17.4 2. cs70.nyi.net 0.0%470.9 6.7 0.8 118.0 21.4 3. cs70.cs80.v.ewr.nyinternet.net0.0%472.6 8.1 2.0 144.8 27.0 4. 96.47.77.142.static.nyinternet.net0.0%472.1 2.1 2.0 3.1 0.1 5. ftw.nj.nyi.net0.0%472.0 2.0 1.9 2.2 0.1 One other thing we do see: looks like Level3 is broken globally ... we can't send traffic from Europe via Level3 to the Asian region: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-03.0v-00-03.anx04.vie.at.anexia-it.com0.0% 1010.3 0.4 0.3 2.2 0.2 2. cr-04.0v-08-71.anx03.vie.at.anexia-it.com0.0% 1010.8 0.8 0.4 17.8 2.0 3. win-b4-link.telia.net0.0% 1010.5 1.6 0.5 29.1 4.0 4. level-ic-1573273-wien-b4.c.telia.net 0.0% 1010.5 3.6 0.4 85.3 12.1 5. ??? 6. 4.69.152.14499.0% 100 307.4 307.4 307.4 307.4 0.0 7. 4.53.208.10289.9% 100 253.8 255.7 251.3 265.8 3.9 8. TenGE4-2.br01.tok02.pccwbtn.net 87.9% 100 524.0 406.4 366.9 536.7 66.9 9. cr-01.0v-00-08.anx11.tyo.jp.anexia-it.com 91.9% 100 368.1 371.0 365.4 382.9 5.5 10. anx-lg-jp-tyo01.anexia-it.com 96.0% 100 368.9 368.6 366.9 369.3 1.1 We'll start a ticket with Level3 support ... hopefully they will share some information (in the next days ... ). Best regards Jürgen Jaritsch Head of Network & Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Fred Hollis Gesendet: Freitag, 04. September 2015 23:34 An: nanog@nanog.org Betreff: Re: High latency/packetloss in nyc/nj for cogent/level3/zayo? 1.|-- hosted-by-i3d.net 0.0% 10 8.1 17.3 0.3 144.6 45.0 2.|-- 80ge.cr0-br2-br3.smartdc.rtd.i3d.net 0.0% 10 0.3 2.1 0.2 9.4 3.0 3.|-- 40ge.cr1-cr0.smartdc.rtd.i3d.net 0.0% 10 0.3 7.3 0.3 13.3 5.7 4.|-- ae51.edge4.London1.Level3.net 0.0% 10 10.6 14.2 7.6 30.4 7.5 5.|-- 4.69.156.9 90.0% 10 224.7 224.7 224.7 224.7 0.0 6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 8.|-- cs20.cs90.v.ewr.nyinternet.net 80.0% 10 169.4 168.8 168.1 169.4 0.9 9.|-- 96.47.77.134.static.nyinternet.net 90.0% 10 167.7 167.7 167.7 167.7 0.0 10.|-- ftw.nj.nyi.net 90.0% 10 169.4 169.4 169.4 169.4 0.0 Having this to almost every network located in NYC/NJ that is going through the said three carrier from many locations. On 04.09.2015 at 23:24 Jürgen Jaritsch wrote: > Hi, > > wer're working with Telia and Hurricane in NYC and we only see some latency > flaps in the HE network flapping from 0.3 to ~15ms. Nothing really bad. > No visible packet loss. > > > Best regards > > Jürgen Jaritsch > Head of Network & Infrastructure > > ANEXIA Internetdienstleistungs GmbH > > Telefon: +43-5-0556-300 > Telefax: +43-5-0556-500 > > E-Mail: j...@anexia.at > Web: http://www.anexia.at > > Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt > Geschäftsführer: Alexander Windbichler > Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Num
AW: Branch Location Over The Internet
Patrick, which CCR did you test? Best regards -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Patrick Cole Gesendet: Mittwoch, 12. August 2015 00:49 An: Josh Luthman j...@imaginenetworksllc.com Cc: NANOG list nanog@nanog.org Betreff: Re: Branch Location Over The Internet Josh, Just an FYI, I've successfully used these two EoIP implementations on Linux: https://code.google.com/p/linux-eoip/ https://github.com/bbonev/eoip So I wouldn't say EoIP is Mikrotik only -- these interop perfectly with Mikrotik. I started using these due to stability problems we were having with CCRs. Pat Tue, Aug 11, 2015 at 06:32:55PM -0400, Josh Luthman wrote: Eoip is Mikrotik only Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Aug 11, 2015 6:28 PM, Colton Conor colton.co...@gmail.com wrote: EoIP seems to be what I am looking for, however this recent Mikrotik session says: EoIP could be a solution for tunneling L2 over L3. ? EoIP disadvantages: ? Fragmentation of L2 frames over multiple L3 packets ? Performance issues ? VPLS advantages: ? No fragmentation. ? 60% more performance then EoIP. So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol? On Tue, Aug 11, 2015 at 1:46 PM, J?rgen Jaritsch j...@anexia.at wrote: Hi, Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features. Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ... #) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling Etc etc Best regards J?rgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstra?e 140, 9020 Klagenfurt Gesch?ftsf?hrer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- *From:* Colton Conor [colton.co...@gmail.com] *Received:* Dienstag, 11 Aug. 2015, 20:23 *To:* NANOG [nanog@nanog.org] *Subject:* Branch Location Over The Internet We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80. They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location. We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site. Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address. What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier. If you were to do this with Juniper or Cisco gear what would you have at each location? What technology would you use? I know there is Pepewave and a
AW: Branch Location Over The Internet
Hi, Some facts: Dell R300, 1x Xeon CPU (Quadcore, 2,6GHz) 8GB Memory Intel X520 10G NIC RouterOS x86 installation (that’s the OS from the Mikrotik Routerboards) Max transfer-rate via EoIP: ~5,7GBit/s If you plan to use jumbo frames (everything with an payload 1500 byte): yes, packets will be split up, transferred and aggregated on the other end. So your end-to-end communication will transport ANY MTU size you want (splitted up to your max transportable MTU size on the WAN side … eg MTU 1472, etc). Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 Von: Colton Conor [mailto:colton.co...@gmail.com] Gesendet: Mittwoch, 12. August 2015 00:27 An: Jürgen Jaritsch j...@anexia.at Cc: nanog@nanog.org Betreff: Re: Branch Location Over The Internet EoIP seems to be what I am looking for, however this recent Mikrotik session says: EoIP could be a solution for tunneling L2 over L3. • EoIP disadvantages: – Fragmentation of L2 frames over multiple L3 packets – Performance issues • VPLS advantages: – No fragmentation. – 60% more performance then EoIP. So it sounds like VPLS might be better than EoIP? I can't find much about EoIP online, so is this a Mikrotik only protocol? On Tue, Aug 11, 2015 at 1:46 PM, Jürgen Jaritsch j...@anexia.atmailto:j...@anexia.at wrote: Hi, Mikrotik Routerboard + (encrypted) Ethernet over IP (EoIP). If required: MPLS+OSPF+BGP in the EoIP for additional features. Build the pseudo Layer2 with two dedicated boxes. In the HQ you can hand it over directly to the MX80 and at the new office you can work with small boxes like Cisco 7301 (also available with redundant PS) or if you need more ports: 19xx ... #) cheap setup #) can easily transport a few hundred Meg #) you can use refurb parts if required #) big community support for Mikrotik Routerboards #) encrypted transport possible #) works with dynamic IPs #) MPLS in the EoIP allows you to transport VRFs with BGP signaling Etc etc Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Colton Conor [colton.co...@gmail.commailto:colton.co...@gmail.com] Received: Dienstag, 11 Aug. 2015, 20:23 To: NANOG [nanog@nanog.orgmailto:nanog@nanog.org] Subject: Branch Location Over The Internet We have an enterprise that has a headquarter office with redundant fiber connections, its own ASN, its own /22 IP block from ARIN, and a couple of gigabit internet connections from multiple providers. The office is taking full BGP routes from tier 1 providers using a Juniper MX80. They are establishing their first branch location, and need the branch location to be able to securely communicate back to headquarters, AND be able to use a /24 of headquarters public IP addresses. Ideally the device at the HQ location would hand out public IP address using DHCP to the other side of the tunnel at the branch location. We know that in an ideal world it would be wise to get layer 2 transport connections from HQ to the branch location, but lets assume that is not an option. Please don't flood this thread about how it could be an option because it's not at this time. This setup will be temporary and in service for the next year until we get fiber to the branch site. Let's assume at the branch location we can get a DOCSIS cable internet connection from a incumbent cable provider such as Comcast, and that provider will give us a couple static IP address. Assume as a backup, we have a PPPoE DSL connection from the ILEC such as Verizon who gives us a dynamic IP address. What solution could we put at the HQ site and the branch site to achieve this? Ideally we would want the solution to load balance between the connections based on the connections speeds, and failover if one is down. The cable connection will be much faster speed (probably 150Mbps down and 10 Upload) compared to the DSL connection (10 download and 1 upload). If we need more speed we can upgrade the cable modem to a higher package, but for DSL that is the max speed so we might have to get multiple DSL lines. The cable solution could always be used as the primary, and the DSL connection could only be used as backup if that makes things easier. If you were to do this with Juniper or Cisco gear what would you have at each location? What
AW: Mac compatible SFP+/XFP programmer
I can also suggest you the Multi-Fiber-Tool from Solid Optics: http://www.solid-optics.com/tools/multi-fiber-tool/so-multi-fiber-tool-id1768.html Works great but I've never tested it with an Mac ... MacOS is at least listed as supported. Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Eric Rosenberry Gesendet: Dienstag, 04. August 2015 23:49 An: Eriks Rugelis er...@netideainc.ca Cc: NANOG nanog@nanog.org Betreff: Re: Mac compatible SFP+/XFP programmer I can attest to the quality of the Flexbox. It is fantastic! All of our employees have Mac's and they work great. Originally you had to use Java in FireFox to make it work, but they now have a Chrome app that works in Chrome which is even easier (don't have to get the right Java version loaded and click through a million security warnings). The workflow for how the box works is fantastic- You just go to their website and plug in the box and the UI is fully web based. The benefit here is that they are constantly updating different programming profiles for different manufacturer quirks. As soon as they make a change, it is available to you from the UI. If you run into any issues with optic compatibility, they can whip up a new profile and have it available immediately (not that I have actually had any issues, but I did have them add some XFP MRV profiles for me). It will also show you the history of any optic you have programmed which is nice I guess. The down side is naturally that I think it only works with their branded optics and also they are in control (i.e. if they decide to discontinue the service, or if you have no net access you are out of luck, but come on, we are all network engineers - finding Internet is not exactly hard). ;-) -Eric On Fri, Jul 31, 2015 at 8:57 AM, Eriks Rugelis er...@netideainc.ca wrote: A couple of months ago I purchased a Flexbox V3 and a pile of SFP and SFP+ for $dayjob. The parts arrived in less than a week and the Flexbox V3 (and webapp) works well with our Macs. We are a satisfied customer. Eriks --- Eriks Rugelis Sr. Consultant Netidea Inc. T: +1.416.876.0740 On Jul 30, 2015, at 14:48, Youssef Bengelloun-Zahr yous...@720.fr wrote: Hi, Flexoptics seems to do the trick but via a Web browser : https://www.flexoptix.net/en/flexbox-v3-transceiver-programmer.html From what I've heard, this thing does the Job. Best regards. Le 30 juil. 2015 à 20:28, Jason Lixfeld ja...@lixfeld.ca a écrit : Does anyone know where I might find a SFP+/XFP programmer with a Mac compatible programmer application? Thanks! -- *Eric Rosenberry* Principal Infrastructure Architect // Chief Bit Plumber
Prefix-Hijack by AS7514
Hi, does anyone else see some prefix hijacks from AS7514? They started to announce some of our /24 Thanks best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
AW: Prefix-Hijack by AS7514
We already informed AS2497 but I have no idea if they we'll cooperate. Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Hugo Slabbert [mailto:hslabb...@stargate.ca] Gesendet: Freitag, 17. Juli 2015 08:23 An: Jürgen Jaritsch j...@anexia.at Cc: 'nanog@nanog.org' nanog@nanog.org Betreff: Re: Prefix-Hijack by AS7514 Seeing the same; a /19. BGPMon reports an alert at 2015-07-17 05:29 (UTC) and that it's being accepted by 2497. -- Hugo Slabbert Stargate Connections - AS19171 -Original Message- Date: Fri, 17 Jul 2015 06:15:36 + From: Jürgen Jaritsch j...@anexia.at To: 'nanog@nanog.org' nanog@nanog.org Subject: Prefix-Hijack by AS7514 Hi, does anyone else see some prefix hijacks from AS7514? They started to announce some of our /24 Thanks best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
AW: AW: Prefix-Hijack by AS7514
Hi, we also sent them an mail, but their MX is not reachable for us :( best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Seiichi Kawamura [mailto:kawamu...@mesh.ad.jp] Gesendet: Freitag, 17. Juli 2015 08:29 An: Jürgen Jaritsch j...@anexia.at; Hugo Slabbert hslabb...@stargate.ca Cc: 'nanog@nanog.org' nanog@nanog.org Betreff: Re: AW: Prefix-Hijack by AS7514 I contacted 7514. They are aware. -Seiichi On 2015/07/17 15:23, Jürgen Jaritsch wrote: We already informed AS2497 but I have no idea if they we'll cooperate. Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Hugo Slabbert [mailto:hslabb...@stargate.ca] Gesendet: Freitag, 17. Juli 2015 08:23 An: Jürgen Jaritsch j...@anexia.at Cc: 'nanog@nanog.org' nanog@nanog.org Betreff: Re: Prefix-Hijack by AS7514 Seeing the same; a /19. BGPMon reports an alert at 2015-07-17 05:29 (UTC) and that it's being accepted by 2497. -- Hugo Slabbert Stargate Connections - AS19171 -Original Message- Date: Fri, 17 Jul 2015 06:15:36 + From: Jürgen Jaritsch j...@anexia.at To: 'nanog@nanog.org' nanog@nanog.org Subject: Prefix-Hijack by AS7514 Hi, does anyone else see some prefix hijacks from AS7514? They started to announce some of our /24 Thanks best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
AW: AW: Prefix-Hijack by AS7514
Hi, all affected prefixes starts with 37... no other prefixes from AS42473 are affected. Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Hank Nussbacher [mailto:h...@efes.iucc.ac.il] Gesendet: Freitag, 17. Juli 2015 08:33 An: Jürgen Jaritsch j...@anexia.at; Hugo Slabbert hslabb...@stargate.ca Cc: 'nanog@nanog.org' nanog@nanog.org Betreff: Re: AW: Prefix-Hijack by AS7514 At 06:23 17/07/2015 +, Jürgen Jaritsch wrote: We already informed AS2497 but I have no idea if they we'll cooperate. All prefixes I see have the first octet as being 2 digits rather than 3. That is common among about 30 different alerts I have received. Curious if this is common worldwide. -Hank Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Hugo Slabbert [mailto:hslabb...@stargate.ca] Gesendet: Freitag, 17. Juli 2015 08:23 An: Jürgen Jaritsch j...@anexia.at Cc: 'nanog@nanog.org' nanog@nanog.org Betreff: Re: Prefix-Hijack by AS7514 Seeing the same; a /19. BGPMon reports an alert at 2015-07-17 05:29 (UTC) and that it's being accepted by 2497. -- Hugo Slabbert Stargate Connections - AS19171 -Original Message- Date: Fri, 17 Jul 2015 06:15:36 + From: Jürgen Jaritsch j...@anexia.at To: 'nanog@nanog.org' nanog@nanog.org Subject: Prefix-Hijack by AS7514 Hi, does anyone else see some prefix hijacks from AS7514? They started to announce some of our /24 Thanks best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
AW: Prefix-Hijack by AS7514
Wolfgang, it's unfair ... you do not have to deal with hardware routers :). Install AS_PATH ACL and prefix list on a Cisco router (e.g. with an RSP720-3CXL) and you'll run into lots of pain ... best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Wolfgang Tremmel Gesendet: Freitag, 17. Juli 2015 12:48 An: nanog@nanog.org Betreff: Re: Prefix-Hijack by AS7514 On 17.07.2015, at 12:03, Mark Tinka mark.ti...@seacom.mu wrote: Some countries I know do this for their exchange points. But by-and-large, it is not scalable. Same goes for AS_PATH lists for peering. it does scale. We do this for all our routeservers at all exchange points we operate. In Frankfurt we have 745 peers on our routeservers. (And: we are not a country but an exchange point operator :-) best regards Wolfgang -- Wolfgang Tremmel e-mail: wolfgang.trem...@de-cix.net DE-CIX Management GmbH Lindleystr. 12, 60314 Frankfurt Geschaeftsfuehrer Harald A. SummaFax: +49 69 4056 2716 Registergericht AG Koeln, HRB 51135 http://www.de-cix.net Zentrale: Lichtstr. 43i, 50825 Koeln
AW: Level3 routing issue US west coast?
No idea about the final target ... I heard so much wrong information in the past 3 days ... Level3 didn't investigate in my packet loss report because there was another incident ongoing and so they thought my report was related to this issue. Even when I updated them AFTER they reported solved for the first issue they did nothing ... Other involved companies did nothing because of 100% incompetence ... It's simply frustrating .. :( Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Yang Yu [mailto:yang.yu.l...@gmail.com] Gesendet: Sonntag, 12. Juli 2015 23:42 An: Jürgen Jaritsch Cc: nanog@nanog.org Betreff: Re: Level3 routing issue US west coast? On Mon, Jul 13, 2015 at 4:14 AM, Jürgen Jaritsch j...@anexia.at wrote: One the DDoS targets was PCCW and their ports were congested ... this was the official explanation we got. Lots of discussion starts from here Can it be somehow related to the DDoS on Telegram (AS62041, AS59930)? 200Gbps SYN flood was what they said on twitter. I don't see 3491 as an upstream for either ASN any more. On a side note 3356 became upstream for 62041 about a week ago http://www.inmediahk.net/files/imagecache/w456/column_images/113252.png (the tweet has been deleted)
AW: Level3 routing issue US west coast?
One the DDoS targets was PCCW and their ports were congested ... this was the official explanation we got. Lots of discussion starts from here Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Donn Lasher Gesendet: Sonntag, 12. Juli 2015 18:13 An: nanog@nanog.org Betreff: Re: Level3 routing issue US west coast? While I can¹t say with any degree of certainty it's related, it¹s somewhat coincidental that one of one of their west coast customers (Daybreak Games / SOE) has been under a fairly hefty DDoS since mid-week. From what I recall see Daybreak/SOE only uses Level3. (Lots to talk about in that case.. They¹ve invaded his life.. Not sure I¹d react much better, albeit privately..) http://fortune.com/2015/07/10/john-smedley-vs-hackers/ http://eq2wire.com/2015/07/09/daybreak-ceo-to-convicted-lizard-squad-hacker -im-coming-for-you/ On 7/10/15, 11:05 AM, Mr. NPP mr@nopatentpending.com wrote: We took them down yesterday, and attempted to bring them back up midnight PST, and still massive packet loss. so they remain down for now. On Fri, Jul 10, 2015 at 9:44 AM, Jürgen Jaritsch j...@anexia.at wrote: Hi, No SLA broken cause A- and B-End were not directly our circuits ... but it helps a lot to place some new orders ... at other partners :). best regards Jürgen Jaritsch -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Jens Hoffmann Gesendet: Freitag, 10. Juli 2015 17:16 An: nanog@nanog.org Betreff: AW: Level3 routing issue US west coast Hi, Wow Level3 responded to me that they had an issue last night but they simply did nothing ... for at least 10 hours they did nothing to fix the issue: Any SLA broken? Probably not, that would be a reason to move. Kind regards, Jens
AW: Level3 routing issue US west coast
Hi Joseph, in the meantime I have ~20 verified paths which are affected and Level3 is simply not competent enough to reroute/drop the affected path ... FYI: my private ticket # is 9446435 ### There is also a new global ticket available: Network Event Detail Network Event Summary: Multiple devices were unreachable in Europe impacting IP services. Event Ticket ID:9446797 Market Area Affected: Multiple Markets in Europe Ticket Create Date: 7/10/15 11:15:39 AM GMT Impacted For: 12 minutes Event Status: Active Time Since Last Update: 1 hour 39 minutes 7/10/15 11:26:39 AM GMT The IP NOC reported multiple devices were simultaneously unreachable in Europe impacting IP services. The devices recovered without any intervention from Level 3 after an interruption lasting twelve minutes. Due to the possibility of additional impacted, the IP NOC will monitor services until the completion of multiple ongoing events in the region. A final update will be se ### best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Joseph Jenkins Gesendet: Freitag, 10. Juli 2015 14:55 An: nanog@nanog.org Betreff: Re: Level3 routing issue US west coast Level3 had an issue with one of their core routers in Los Angeles last night(7pm Pacific) and early this morning(1am Pacific). Last update to my trouble ticket had the issue still being reviewed by engineering, but that a core router was dropping packets. On Jul 10, 2015, at 3:59 AM, Jürgen Jaritsch j...@anexia.at wrote: Hi, does anyone else experience issues with the Level3 network at the US west coast? We see lots of broken paths like this: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-01.0v-00-03.anx01.klu.at.anexia-it.com0.0% 2310.6 0.5 0.2 18.1 1.2 2. cr-01.0v-08-06.anx01.klu.at.anexia-it.com0.0% 2310.5 9.9 0.3 361.1 40.1 3. cr-04.01-01-04.anx03.vie.at.anexia-it.com0.0% 2306.5 7.7 6.3 49.7 5.3 4. win-b4-link.telia.net0.0% 2306.6 6.8 6.4 20.2 1.5 5. level-ic-1573273-wien-b4.c.telia.net 0.0% 2306.6 9.3 6.3 69.1 9.6 6. ae-2-70.edge1.SanJose3.Level3.net 38.4% 230 164.8 165.0 164.5 194.9 2.6 7. ae-2-70.edge1.SanJose3.Level3.net 45.9% 230 164.7 164.8 164.5 174.1 0.9 8. 4.53.208.10234.3% 230 634.9 310.7 168.5 680.1 199.7 9. TenGE5-4.br01.seo01.pccwbtn.net 34.1% 230 412.0 455.2 304.9 954.6 203.4 10. sejong-telecom.ge5-3.br01.seo01.pccwbtn.net 40.6% 230 323.4 441.4 323.1 822.0 182.1 11. 211.115.201.92 38.4% 230 289.8 412.9 289.6 846.7 185.4 12. 61.250.89.2 35.8% 230 290.6 439.4 290.2 804.3 205.1 13. ??? Trace from NYC is also broken: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. cr-01.0v-00-05.anx32.nyc.us.anexia-it.com0.0%300.4 4.3 0.4 57.8 13.3 2. nyk-b5-link.telia.net0.0%300.3 0.4 0.3 0.9 0.1 3. ??? 4. ae-3-80.edge1.SanJose3.Level3.net 17.2%30 71.7 73.2 71.7 98.7 5.5 5. ae-3-80.edge1.SanJose3.Level3.net0.0%30 71.8 71.8 71.7 72.0 0.1 6. 4.53.208.10231.0%30 569.6 250.7 70.5 579.3 231.2 7. 63.218.250.73 31.0%30 672.6 355.5 178.0 672.6 232.1 At 10:24 UTC+2 it was even more broken: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-01.0v-00-03.anx01.klu.at.anexia-it.com0.0% 3260.4 0.5 0.3 39.7 2.2 2. cr-01.0v-08-06.anx01.klu.at.anexia-it.com0.0% 3260.5 6.7 0.3 198.1 26.3 3. cr-04.01-01-04.anx03.vie.at.anexia-it.com0.0% 3266.6 7.6 6.4 43.6 4.5 4. win-b4-link.telia.net0.0% 3266.7 7.4 6.3 43.1 3.2 5. level-ic-1573273-wien-b4.c.telia.net 0.0% 3266.9 9.2 6.3 73.2 10.1
Level3 routing issue US west coast
Hi, does anyone else experience issues with the Level3 network at the US west coast? We see lots of broken paths like this: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-01.0v-00-03.anx01.klu.at.anexia-it.com0.0% 2310.6 0.5 0.2 18.1 1.2 2. cr-01.0v-08-06.anx01.klu.at.anexia-it.com0.0% 2310.5 9.9 0.3 361.1 40.1 3. cr-04.01-01-04.anx03.vie.at.anexia-it.com0.0% 2306.5 7.7 6.3 49.7 5.3 4. win-b4-link.telia.net0.0% 2306.6 6.8 6.4 20.2 1.5 5. level-ic-1573273-wien-b4.c.telia.net 0.0% 2306.6 9.3 6.3 69.1 9.6 6. ae-2-70.edge1.SanJose3.Level3.net 38.4% 230 164.8 165.0 164.5 194.9 2.6 7. ae-2-70.edge1.SanJose3.Level3.net 45.9% 230 164.7 164.8 164.5 174.1 0.9 8. 4.53.208.10234.3% 230 634.9 310.7 168.5 680.1 199.7 9. TenGE5-4.br01.seo01.pccwbtn.net 34.1% 230 412.0 455.2 304.9 954.6 203.4 10. sejong-telecom.ge5-3.br01.seo01.pccwbtn.net 40.6% 230 323.4 441.4 323.1 822.0 182.1 11. 211.115.201.92 38.4% 230 289.8 412.9 289.6 846.7 185.4 12. 61.250.89.2 35.8% 230 290.6 439.4 290.2 804.3 205.1 13. ??? Trace from NYC is also broken: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. cr-01.0v-00-05.anx32.nyc.us.anexia-it.com0.0%300.4 4.3 0.4 57.8 13.3 2. nyk-b5-link.telia.net0.0%300.3 0.4 0.3 0.9 0.1 3. ??? 4. ae-3-80.edge1.SanJose3.Level3.net 17.2%30 71.7 73.2 71.7 98.7 5.5 5. ae-3-80.edge1.SanJose3.Level3.net0.0%30 71.8 71.8 71.7 72.0 0.1 6. 4.53.208.10231.0%30 569.6 250.7 70.5 579.3 231.2 7. 63.218.250.73 31.0%30 672.6 355.5 178.0 672.6 232.1 At 10:24 UTC+2 it was even more broken: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-01.0v-00-03.anx01.klu.at.anexia-it.com0.0% 3260.4 0.5 0.3 39.7 2.2 2. cr-01.0v-08-06.anx01.klu.at.anexia-it.com0.0% 3260.5 6.7 0.3 198.1 26.3 3. cr-04.01-01-04.anx03.vie.at.anexia-it.com0.0% 3266.6 7.6 6.4 43.6 4.5 4. win-b4-link.telia.net0.0% 3266.7 7.4 6.3 43.1 3.2 5. level-ic-1573273-wien-b4.c.telia.net 0.0% 3266.9 9.2 6.3 73.2 10.1 6. ae-1-60.edge5.LosAngeles1.Level3.net62.6% 326 164.7 165.5 164.5 176.7 1.5 ae-2-70.edge1.SanJose3.Level3.net 7. ae-1-60.edge5.LosAngeles1.Level3.net63.1% 326 164.8 165.8 164.6 204.2 3.9 ae-2-70.edge1.SanJose3.Level3.net 8. 205.129.5.7074.2% 326 799.9 487.2 169.0 799.9 305.7 4.53.208.102 9. TenGE5-4.br01.seo01.pccwbtn.net 77.2% 326 1359. 701.0 308.7 3716. 510.6 10. sejong-telecom.ge5-3.br01.seo01.pccwbtn.net 75.1% 326 960.4 643.0 323.4 960.4 307.6 11. 211.115.201.92 68.9% 326 925.3 674.2 289.8 932.3 296.6 12. 61.250.89.2 72.9% 326 928.5 637.2 291.9 928.5 304.3 13. ??? best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
AW: Level3 routing issue US west coast
Level3 is broken again ... Packets Pings HostLoss% Snt Last Avg Best Wrst StDev 1. 178.255.154.17 63.6%120.2 0.2 0.2 0.3 0.0 2. ge-6-14.car2.Prague1.Level3.net 0.0%12 58.1 123.3 0.4 338.6 117.2 3. ??? 4. 4.53.208.102 90.9%12 732.2 732.2 732.2 732.2 0.0 5. TenGE0-4-0-16.br02.hkg15.pccwbtn.net 81.8%12 871.8 867.2 862.6 871.8 6.5 6. TenGE0-4-0-16.br02.hkg15.pccwbtn.net 90.0%11 860.8 860.8 860.8 860.8 0.0 7. ? 80.0% 11 881.6 877.8 874.0 881.6 5.4 8. ??? Packets Pings HostLoss% Snt Last Avg Best Wrst StDev 1. er-04.0v-00-03.anx04.vie.at.anexia-it.com 0.0% 90.9 2.1 0.4 14.8 4.8 2. cr-04.0v-08-71.anx03.vie.at.anexia-it.com 0.0% 98.9 2.2 0.5 8.9 3.5 3. win-b4-link.telia.net 0.0% 80.5 0.6 0.5 1.3 0.3 4. level-ic-1573273-wien-b4.c.telia.net 0.0% 80.5 0.5 0.5 0.7 0.1 5. ae-4-90.edge1.SanJose3.Level3.net62.5% 8 160.7 159.6 158.7 160.7 1.0 6. ae-4-90.edge1.SanJose3.Level3.net50.0% 8 158.7 158.7 158.5 159.0 0.2 7. ??? 8. TenGE1-3.br01.seo01.pccwbtn.net 57.1% 8 870.6 871.0 867.4 875.0 3.8 9. ??? 10. sejong-telecom.ge5-3.br01.seo01.pccwbtn.net 85.7% 8 873.1 873.1 873.1 873.1 0.0 11. ??? 12. 61.250.89.2 80.0% 6 893.1 893.1 893.1 893.1 0.0 13. ??? Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Jürgen Jaritsch Gesendet: Freitag, 10. Juli 2015 18:45 An: Jens Hoffmann; nanog@nanog.org Betreff: AW: Level3 routing issue US west coast Hi, No SLA broken cause A- and B-End were not directly our circuits ... but it helps a lot to place some new orders ... at other partners :). best regards Jürgen Jaritsch -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Jens Hoffmann Gesendet: Freitag, 10. Juli 2015 17:16 An: nanog@nanog.org Betreff: AW: Level3 routing issue US west coast Hi, Wow Level3 responded to me that they had an issue last night but they simply did nothing ... for at least 10 hours they did nothing to fix the issue: Any SLA broken? Probably not, that would be a reason to move. Kind regards, Jens
AW: Level3 routing issue US west coast
Hi, sitting here and watching the packet loss coming and going :(. It changes every 10-25min. Looks like an massive issue in San Jose - routers out there sometimes have an latency from 5-6 SECONDS ... best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Ca By Gesendet: Freitag, 10. Juli 2015 15:42 An: Joseph Jenkins Cc: nanog@nanog.org Betreff: Re: Level3 routing issue US west coast On Friday, July 10, 2015, Joseph Jenkins j...@breathe-underwater.com wrote: Level3 had an issue with one of their core routers in Los Angeles last night(7pm Pacific) and early this morning(1am Pacific). Last update to my trouble ticket had the issue still being reviewed by engineering, but that a core router was dropping packets. I have seen this several times with level3. They confirm packets are dropping and sevice is degraded yet they refuse to take tactical corrective action for hours and hours. Makes me furious. CB On Jul 10, 2015, at 3:59 AM, Jürgen Jaritsch j...@anexia.at javascript:; wrote: Hi, does anyone else experience issues with the Level3 network at the US west coast? We see lots of broken paths like this: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-01.0v-00-03.anx01.klu.at.anexia-it.com0.0% 2310.6 0.5 0.2 18.1 1.2 2. cr-01.0v-08-06.anx01.klu.at.anexia-it.com0.0% 2310.5 9.9 0.3 361.1 40.1 3. cr-04.01-01-04.anx03.vie.at.anexia-it.com0.0% 2306.5 7.7 6.3 49.7 5.3 4. win-b4-link.telia.net0.0% 2306.6 6.8 6.4 20.2 1.5 5. level-ic-1573273-wien-b4.c.telia.net 0.0% 2306.6 9.3 6.3 69.1 9.6 6. ae-2-70.edge1.SanJose3.Level3.net 38.4% 230 164.8 165.0 164.5 194.9 2.6 7. ae-2-70.edge1.SanJose3.Level3.net 45.9% 230 164.7 164.8 164.5 174.1 0.9 8. 4.53.208.10234.3% 230 634.9 310.7 168.5 680.1 199.7 9. TenGE5-4.br01.seo01.pccwbtn.net 34.1% 230 412.0 455.2 304.9 954.6 203.4 10. sejong-telecom.ge5-3.br01.seo01.pccwbtn.net 40.6% 230 323.4 441.4 323.1 822.0 182.1 11. 211.115.201.92 38.4% 230 289.8 412.9 289.6 846.7 185.4 12. 61.250.89.2 35.8% 230 290.6 439.4 290.2 804.3 205.1 13. ??? Trace from NYC is also broken: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. cr-01.0v-00-05.anx32.nyc.us.anexia-it.com0.0%30 0.4 4.3 0.4 57.8 13.3 2. nyk-b5-link.telia.net0.0%30 0.3 0.4 0.3 0.9 0.1 3. ??? 4. ae-3-80.edge1.SanJose3.Level3.net 17.2%30 71.7 73.2 71.7 98.7 5.5 5. ae-3-80.edge1.SanJose3.Level3.net0.0%30 71.8 71.8 71.7 72.0 0.1 6. 4.53.208.10231.0%30 569.6 250.7 70.5 579.3 231.2 7. 63.218.250.73 31.0%30 672.6 355.5 178.0 672.6 232.1 At 10:24 UTC+2 it was even more broken: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-01.0v-00-03.anx01.klu.at.anexia-it.com0.0% 3260.4 0.5 0.3 39.7 2.2 2. cr-01.0v-08-06.anx01.klu.at.anexia-it.com0.0% 3260.5 6.7 0.3 198.1 26.3 3. cr-04.01-01-04.anx03.vie.at.anexia-it.com0.0% 3266.6 7.6 6.4 43.6 4.5 4. win-b4-link.telia.net0.0% 3266.7 7.4 6.3 43.1 3.2 5. level-ic-1573273-wien-b4.c.telia.net 0.0% 3266.9 9.2 6.3 73.2 10.1 6. ae-1-60.edge5.LosAngeles1.Level3.net62.6% 326 164.7 165.5 164.5 176.7 1.5 ae-2-70.edge1.SanJose3.Level3.net 7. ae-1-60.edge5.LosAngeles1.Level3.net63.1% 326 164.8 165.8 164.6 204.2 3.9 ae-2-70.edge1.SanJose3.Level3.net 8. 205.129.5.7074.2% 326 799.9 487.2 169.0 799.9 305.7 4.53.208.102 9. TenGE5-4.br01.seo01.pccwbtn.net 77.2% 326 1359. 701.0 308.7 3716. 510.6 10. sejong-telecom.ge5-3.br01.seo01.pccwbtn.net 75.1% 326 960.4
AW: Level3 routing issue US west coast
Hi, No SLA broken cause A- and B-End were not directly our circuits ... but it helps a lot to place some new orders ... at other partners :). best regards Jürgen Jaritsch -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Jens Hoffmann Gesendet: Freitag, 10. Juli 2015 17:16 An: nanog@nanog.org Betreff: AW: Level3 routing issue US west coast Hi, Wow Level3 responded to me that they had an issue last night but they simply did nothing ... for at least 10 hours they did nothing to fix the issue: Any SLA broken? Probably not, that would be a reason to move. Kind regards, Jens
AW: Level3 routing issue US west coast
Wow Level3 responded to me that they had an issue last night but they simply did nothing ... for at least 10 hours they did nothing to fix the issue: ### Event Case ID: 9446216 Location: Los Angeles, CA Impacted For: 10 hours 52 minutes ETR: Unknown Bridge: N/A 08:52 GMT - Event Conclusion Summary Start Time: 07/09 19:48 GMT Stop Time: 07/10 06:40 GMT Root Cause: A packet loss issue in Los Angeles, CA. Fix Action: The packet loss issue resolved before any action was taken. Summary: The IP NOC is currently investigated a packet loss issue in Los Angeles, CA that was impacting IP services. The packet loss issue resolved before any action was taken and the IP NOC deemed services are stable after monitoring was concluded. 07:53 GMT - The IP NOC is currently monitoring services after the packet loss issue resolved before any action was taken. An update will be sent when traffic is deemed stable or if status changes. 06:43 GMT - The IP NOC is currently investigating a packet loss issue in Los Angeles, CA that is impacting IP services. Troubleshooting efforts are ongoing with no estimated time to restore services available at this point. Please be advised that updates for this event will be relayed hourly unless otherwise noted. ### best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: Jürgen Jaritsch Gesendet: Freitag, 10. Juli 2015 15:47 An: 'Ca By'; Joseph Jenkins Cc: nanog@nanog.org Betreff: AW: Level3 routing issue US west coast Hi, sitting here and watching the packet loss coming and going :(. It changes every 10-25min. Looks like an massive issue in San Jose - routers out there sometimes have an latency from 5-6 SECONDS ... best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Ca By Gesendet: Freitag, 10. Juli 2015 15:42 An: Joseph Jenkins Cc: nanog@nanog.org Betreff: Re: Level3 routing issue US west coast On Friday, July 10, 2015, Joseph Jenkins j...@breathe-underwater.com wrote: Level3 had an issue with one of their core routers in Los Angeles last night(7pm Pacific) and early this morning(1am Pacific). Last update to my trouble ticket had the issue still being reviewed by engineering, but that a core router was dropping packets. I have seen this several times with level3. They confirm packets are dropping and sevice is degraded yet they refuse to take tactical corrective action for hours and hours. Makes me furious. CB On Jul 10, 2015, at 3:59 AM, Jürgen Jaritsch j...@anexia.at javascript:; wrote: Hi, does anyone else experience issues with the Level3 network at the US west coast? We see lots of broken paths like this: Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. er-01.0v-00-03.anx01.klu.at.anexia-it.com0.0% 2310.6 0.5 0.2 18.1 1.2 2. cr-01.0v-08-06.anx01.klu.at.anexia-it.com0.0% 2310.5 9.9 0.3 361.1 40.1 3. cr-04.01-01-04.anx03.vie.at.anexia-it.com0.0% 2306.5 7.7 6.3 49.7 5.3 4. win-b4-link.telia.net0.0% 2306.6 6.8 6.4 20.2 1.5 5. level-ic-1573273-wien-b4.c.telia.net 0.0% 2306.6 9.3 6.3 69.1 9.6 6. ae-2-70.edge1.SanJose3.Level3.net 38.4% 230 164.8 165.0 164.5 194.9 2.6 7. ae-2-70.edge1.SanJose3.Level3.net 45.9% 230 164.7 164.8 164.5 174.1 0.9 8. 4.53.208.10234.3% 230 634.9 310.7 168.5 680.1 199.7 9. TenGE5-4.br01.seo01.pccwbtn.net 34.1% 230 412.0 455.2 304.9 954.6 203.4 10. sejong-telecom.ge5-3.br01.seo01.pccwbtn.net 40.6% 230 323.4 441.4 323.1 822.0 182.1 11. 211.115.201.92 38.4% 230 289.8 412.9 289.6 846.7 185.4 12. 61.250.89.2 35.8% 230 290.6 439.4 290.2 804.3 205.1 13. ??? Trace from NYC is also broken: Packets Pings Host Loss% Snt Last Avg Best Wrst
AW: Core alignment fusion splicers
Hi, We do not have the new View-series but we're working with the IFS-10: http://www.innoinstrument.com/new/splicer/ifs10.php Easy to use. Works quite good under rough conditions. Not THAT expensive. Battery lifetime is ok. Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Ursprüngliche Nachricht- Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Peter Kranz Gesendet: Montag, 22. Juni 2015 22:58 An: nanog@nanog.org Betreff: Core alignment fusion splicers Curious if any of you have favorites when it comes to fusion splicers.. There is a huge range in price for units that appear to be very similar in both specifications and appearance. Currently considering standardizing on the INNO View 5 http://www.innoinstrument.com/new/splicer/view5.php , but we need enough of these units I'd love stories from the field before dropping the order. Peter Kranz www.UnwiredLtd.com http://www.unwiredltd.com/ Desk: 510-868-1614 x100 Mobile: 510-207- pkr...@unwiredltd.com mailto:pkr...@unwiredltd.com
RE: Anycast provider for SMTP?
I guess there is no real chance without conntrack ... I'll try to use something like LVS+mysql conntrack (no idea if this even exists ...) Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Joe Hamelin [j...@nethead.com] Received: Montag, 15 Juni 2015, 19:51 To: NANOG list [nanog@nanog.org] Subject: Anycast provider for SMTP? I have a mail system where there are two MX hosts, one in the US and one in Europe. Both have a DNS MX record metric of 10 so a bastardized round-robin takes place. This does not work so well when one site goes down. My solution will be to place a load balancer in a hosting site (virtual, of course) and have it provide HA. But what about HA for the LB? At first glance anycasting would seem to be a great idea but there is a problem of broken sessions when routes change. Have any of you seen something like this work in the wild? -- Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474
RE: Hardware monitoring
This is a product designed for use on Windows only, No. The monitoring itself requires windows as OS but only for the Mgmt service, DB service, etc. You do not need a client (like for Nagios/etc) to monitor other systems. You simply monitor devices via http (e.g. APIs, etc) or SNMP, etc. You can also integrate other coding languages (Perl, PHP, C++, etc) if you need something unsupported. Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Stephen Satchell [l...@satchell.net] Received: Sonntag, 14 Juni 2015, 19:37 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: Hardware monitoring On 06/14/2015 10:23 AM, Jürgen Jaritsch wrote: We're using PRTG from Paessler (http://www.paessler.com). This is a product designed for use on Windows only, no mention of ports to other operating systems. For some people, this is fine. For others, who don't want to mess with Windows at all, it's a concern. Looking at some of the product sheets, it looks boss at what it does. In particular, the David Letterman view is an interesting quick snapshot look at what is going on.
RE: Hardware monitoring
Hi, We're using PRTG from Paessler (http://www.paessler.com). We're monitoring 50k sensors (storage, network, hardware, applications, a/c, generators, door locks, liquid detection system in datacentres, etc) ... Best decision ever! Best regards Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Stephen Satchell [l...@satchell.net] Received: Sonntag, 14 Juni 2015, 17:57 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: Hardware monitoring Even cheaper, but a little more DYI, you can look into building a small Linux box, load MRTG (which you should be running anyway), and crafting small probe scripts that would feed the traffic grapher. For switch closures like on water-sensors, you will need an I/O board, but they are readily available and pretty easy to script. For temperature/voltage alarms, those same scripts can send alarm e-mail when particular values fall outside of the range. Ditto switch sensing. Also, there are SNMP-based solutions you may not have thought of. Have Cisco routers? The environmental sensors are available via SNMP. On 06/14/2015 08:43 AM, Ryan DiRocco wrote: Just for getting your feet wet and doing so on a (tiny) budget. If you want to monitor non-SNMP devices such as things like room temp probes, water leak detection, generator/ats/ups alarm outputs, etc . You could look into something like the APC AP9340 units These support APC's own temp/humidity probes, various user input, modbus rs-485 port, etc. They are very cheap (~$100) or so in ebay land and are quite easy to monitor via SNMP. User Guide: http://www.apcmedia.com/salestools/ASTE-6Z5QDH/ASTE-6Z5QDH_R1_EN.pdf -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Rafael Possamai Sent: Saturday, June 13, 2015 12:55 PM To: nanog@nanog.org Subject: Hardware monitoring Hi everyone, I know this is slightly off-topic, but since it's still related to the list, I thought I'd give it a try. I am wondering what systems are out there (open source, preferably) for data collection and processing of hardware health data (temperature, CPU clock, fan speeds, etc). Ideally brand agnostic and location agnostic as well. I know of Cacti, but it would require SNMP enabled devices AFAIK, so room/generator/misc monitors wouldn't necessarily be included. Thanks in advance. Rafael
RE: Hardware monitoring
No worries cause your answer wasn't totally wrong :) From my POV PRTG is nearly a 100% solution and you do not need much more tools to get an good view of your running inventory. Beside PRTG we're only running some tools for flow analysis, NetApp storage analysis, etc. In sum we're running 5 tools to monitor EVERYTHING (hardware, software, datacentre infra, etc). Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Stephen Satchell [l...@satchell.net] Received: Sonntag, 14 Juni 2015, 20:03 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: Hardware monitoring Appreciate the amplification. Cunningham's Law: The best way to get the right answer on the Internet is not to ask a question, it's to post the wrong answer. On 06/14/2015 10:46 AM, Jürgen Jaritsch wrote: This is a product designed for use on Windows only, No. The monitoring itself requires windows as OS but only for the Mgmt service, DB service, etc. You do not need a client (like for Nagios/etc) to monitor other systems. You simply monitor devices via http (e.g. APIs, etc) or SNMP, etc. You can also integrate other coding languages (Perl, PHP, C++, etc) if you need something unsupported. Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Stephen Satchell [l...@satchell.net] Received: Sonntag, 14 Juni 2015, 19:37 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: Hardware monitoring On 06/14/2015 10:23 AM, Jürgen Jaritsch wrote: We're using PRTG from Paessler (http://www.paessler.com). This is a product designed for use on Windows only, no mention of ports to other operating systems. For some people, this is fine. For others, who don't want to mess with Windows at all, it's a concern. Looking at some of the product sheets, it looks boss at what it does. In particular, the David Letterman view is an interesting quick snapshot look at what is going on.
RE: AS4788 Telecom Malaysia major route leak?
They should verify the GBLX customer ports as well ... Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
RE: Open letter to Level3 concerning the global routing issues on June 12th
The Level3 automatic prefix update feature is broken since 8-10 months and they are unable to fix it. I can provide ~10 ticket IDs with several discussions about the broken feature. We have to open a ticket with them for every new prefix we want to announce ... Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.at Web: http://www.anexia.at Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601 -Original Message- From: Grzegorz Janoszka [grzeg...@janoszka.pl] Received: Samstag, 13 Juni 2015, 13:51 To: nanog@nanog.org [nanog@nanog.org] Subject: Re: Open letter to Level3 concerning the global routing issues on June 12th On 2015-06-13 12:34, Mark Tinka wrote: I know the largest transit providers tend to be more relaxed for various reasons. Some rely on filters generated by IRR entries, others don't. Actually I had pretty good experiences with Level3 as it has been years as they could use IRR filters to update automatically your prefix list. I remember that Level3 was one of the first carriers to enable that feature and several years afterwards there were still global networks (tier1) that could only do static prefix-lists. -- Grzegorz Janoszka
Re: AS4788 Telecom Malaysia major route leak?
This is the official feedback: Level 3's network, alongside some other ISP's, experienced service disruptions affecting customers in Europe, Asia and multiple other markets. IP, Voice and Content Delivery Network (CDN) services were affected for Level 3. The root cause of the issue was isolated to a third party Internet Service Provider in Asia that leaked internet routes resulting in traffic being sent to a destination that could not route them, which affected IP, Voice and CDN services in multiple markets. The issue has been resolved, but the provider continues working to determine the specific root cause of the incident. At this time, customer services are restored with the exception of any that pose any possible risk to the Level 3 network. Maintaining a reliable, high-performing network for our customers is our top priority. Level 3 will continue to work with the provider to prevent a recurrence. Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
Re: AS4788 Telecom Malaysia major route leak?
http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/ Jürgen Jaritsch Head of Network Infrastructure ANEXIA Internetdienstleistungs GmbH Telefon: +43-5-0556-300 Telefax: +43-5-0556-500 E-Mail: j...@anexia.atmailto:j...@anexia.at Web: http://www.anexia.athttp://www.anexia.at/ Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt Geschäftsführer: Alexander Windbichler Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601