Re: Route reflector/server appliance for access router aggregation
On the subject of route reflection, I've run into a few people happy with Quaggo or openBGPd on intel hardware. You can throw a 1U box together with dual PSUs, a bunch of ram, and SSD/CF disks for far less than a C or J setup and won't be wasting money on ASICs you aren't using. If I recall correctly this is what Any2 was using when I spoke to them some years ago, but perhaps someone here can offer more specifics. -Jack Carrozzo On Tue, Jul 13, 2010 at 8:13 AM, Eric Morin wrote: > Hi > > I working on a solution to offload my current internet facing, and soon > to be backbone, routers from terminating IBGP sessions from aggregation > network routers. I currently have 4948s (pizza box version of the > cat4500) in place, mostly bridging traffic, but some routing (OSPF, > couple dozen SVIs with HSRP). The 4948s surpasses all solution > requirements (I think) except when it comes to scaling the number of BGP > sessions to 80-100. The obvious solution is to replace with a much > larger platform (ASR1k, etc), which I am consider as an option but > capital is the killer. A more economical idea is to pair the 4948s with > a route reflector or server. I am looking for recommendations on > platforms that I should consider. I have seen the presentation from > NANOG48 on open source route server applications (Thanks!), and I am > considering a home grown solution, but I want to also consider any other > commercial appliances that we can drop in (with some lab work of course) > and buy support services on. I looked at a Vyatta appliance (2500 looks > good, but single power supply is disappointing). At each PoP I would > plan on having two reflectors/servers clustered, each paired with one > 4948. I have 7206 NPE-G2s coming out of service in the future that could > perhaps be used, but the timing wont work. > > > > If anyone has a recommendation on a platform, or general criticism of > the idea, please advise. Feedback, positive or negative, is always > welcome. > > > > > > Thanks in advance > > > > Eric RR Morin > > > >
Re: eBGP Multihop
>> The dev guys want to be able to poke at the BGP feeds directly and do *magic* that standard router aren't capable of. This should scare you in a significant manner. -Jack Carrozzo On Thu, Sep 2, 2010 at 5:30 AM, Graham Beneke wrote: > I have been asked to investigate moving an entire network to multi-hop on > all the eBGP sessions. Basically all upstreams, downstreams and peers will > eBGP with a route reflector located in the core. This RR will be some kind > of quagga or similar box. The dev guys want to be able to poke at the BGP > feeds directly and do *magic* that standard router aren't capable of. > > My gut feel is that this is a bad idea. Besides anything else it makes sane > link state detection very challenging - especially where we have multiple > sessions with a peer. > > Is their any BCP or operational experience that agrees or disagrees with my > gut. ;-) > > -- > Graham Beneke > >
Re: Looking Glass
FWIW Quagga works fine as a looking glass if you don't mind the telnet interface. Though, if you really want ssh, you could make a user on the machine whose login script runs 'vtysh' and logs out on exit, however it's admittedly less elegant. -Jack Carrozzo On Tue, Sep 7, 2010 at 4:09 PM, Jens Link wrote: > James Bensley writes: > > > Hmm, Google says you could use http://www.zebra.org/ to set your box > > up as a route, and then you can just view the routes from there? > > Aehm, Zebra is dead. Quagga it the successor. > > Last change date on zebra.org website is 5 years old. > > Jens > -- > - > | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | > | http://blog.quux.de | jabber: jensl...@guug.de | --- | > - > >
Re: Looking Glass
On Tue, Sep 7, 2010 at 6:35 PM, Nathan Stratton wrote: > > Anyone know of a good http looking glass that works with quagga? > I realize this is probably more hacking than you want to do, but Quagga can expose much of it's info via SNMP. Thus it would be fairly trivial to write an http front end to it if you were so motivated (or, have some interns on hand without enough to do). -Jack Carrozzo
Re: Convenience or slippery slope... or something else?
It's just a bunch of subdomain A records, what's it matter there are already thousands of such services in existence. -Jack Carrozzo On Fri, Sep 10, 2010 at 1:05 PM, Reese wrote: > A friend brought this to my attention: > > http://ipq.co/ > > He saw it at http://news.ycombinator.com/item?id=1678324 > > I'm not sure whether to shriek in joy or in pain. Will data from > this service - if it is a worthy service - propagate properly? > Play nicely with or break other people's toys? Is it a gimmick? > > Reese > > > >
Re: IPv6 tunnel brokers that provide BGP other than HE?
OCCAID has been doing this for a while but I don't see anything on their site about it. Might try contacting them. -Jack Carrozzo On Tue, Sep 21, 2010 at 11:04 AM, Owen DeLong wrote: > Not a complete solution, but, you could always do a second HE tunnel to a > different site for at least > some level of redundancy. > > Owen > > On Sep 21, 2010, at 7:12 AM, Matthew Huff wrote: > > > Neither of our upstream providers offer direct ipv6 although both claim > deployment in Q1 2011. In the meantime, we have a tunnel with BGP to HE > announcing our /48, but we are looking for redundancy. Is there anyone else > out there offering services like Hurricane Electric? > > > > > > > > > > Matthew Huff | One Manhattanville Rd > > OTA Management LLC | Purchase, NY 10577 > > http://www.ox.com | Phone: 914-460-4039 > > aim: matthewbhuff | Fax: 914-460-4139 > > > > > > > > >
Re: RIP Justification
Dynamic routing is hard, let's go shopping. Seriously though, I can't think of a topology I've ever encountered where RIP would have made more sense than OSPF or BGP, or if you're really die-hard, IS-IS. Let it die... My $0.02, -Jack On Thu, Sep 30, 2010 at 11:53 AM, John Kristoff wrote: > On Wed, 29 Sep 2010 13:20:48 -0700 > Jesse Loggins wrote: > > > OSPF. It seems that many Network Engineers consider RIP an old > > antiquated protocol that should be thrown in back of a closet "never > > to be seen or heard from again". Some even preferred using a more > > complex protocol like OSPF instead of RIP. I am of the opinion that > > Complexity depending on your perspective. The implementation might be > more complicated to code, but by and large the major implementations > after years of experience seem to be very stable now. If the physical > topology and stability is increasingly "interesting", RIP may be a more > complex protocol to use and troubleshoot than OSPF. In essence, > dealing with loops and topology changes in RIP involves a set of > incomplete and unsatisfactory hacks for more than the simplest of > environments. > > > every protocol has its place, which seems to be contrary to some > > engineers way of thinking. This leads to my question. What are your > > views of when and where the RIP protocol is useful? Please excuse me > > if this is the incorrect forum for such questions. > > As an implementation of distance vector, its at least useful as a teaching > tool about routing theory, history and implementations. > > John > >
Re: RIP Justification
Yes, clearly the next crowd of CCNAs will save the world. You know what they say about giving CCNAs enable... -Jack On Thu, Sep 30, 2010 at 2:37 PM, Marshall Eubanks wrote: > > On Sep 30, 2010, at 12:43 PM, Jack Carrozzo wrote: > > > Dynamic routing is hard, let's go shopping. > > > > Seriously though, I can't think of a topology I've ever encountered where > > RIP would have made more sense than OSPF or BGP, or if you're really > > die-hard, IS-IS. Let it die... > > But what about all of those students even now working on getting their Lab > RIP routing to work ? > Surely such a huge crowd-sourcing will solve any remaining problems with > the protocol by the end of the term! > > Regards > Marshall > > > > > My $0.02, > > > > -Jack > > > > On Thu, Sep 30, 2010 at 11:53 AM, John Kristoff wrote: > > > >> On Wed, 29 Sep 2010 13:20:48 -0700 > >> Jesse Loggins wrote: > >> > >>> OSPF. It seems that many Network Engineers consider RIP an old > >>> antiquated protocol that should be thrown in back of a closet "never > >>> to be seen or heard from again". Some even preferred using a more > >>> complex protocol like OSPF instead of RIP. I am of the opinion that > >> > >> Complexity depending on your perspective. The implementation might be > >> more complicated to code, but by and large the major implementations > >> after years of experience seem to be very stable now. If the physical > >> topology and stability is increasingly "interesting", RIP may be a more > >> complex protocol to use and troubleshoot than OSPF. In essence, > >> dealing with loops and topology changes in RIP involves a set of > >> incomplete and unsatisfactory hacks for more than the simplest of > >> environments. > >> > >>> every protocol has its place, which seems to be contrary to some > >>> engineers way of thinking. This leads to my question. What are your > >>> views of when and where the RIP protocol is useful? Please excuse me > >>> if this is the incorrect forum for such questions. > >> > >> As an implementation of distance vector, its at least useful as a > teaching > >> tool about routing theory, history and implementations. > >> > >> John > >> > >> > > > >
Re: RIP Justification
> > I was just curious - why would IS-IS be more die-hard than OSPF or iBGP? > It's like running apps on Solaris and Oracle these days instead of Linux and MySQL. Both options work if you know what you're doing, but it's way easier (and cheaper) to hire admins for the latter. When was the last time you ran into a younger neteng designing his topology who went "Yes! IS-IS!"? It works fine (very well in fact) but it's just less used. I know there are a lot of guys on here using IS-IS and I'm certainly not knocking it... -Jack
Re: RIP Justification
As it was explained to me, the main difference is that you can have $lots of prefixes in IS-IS without it falling over, whereas Dijkstra is far more resource-intensive and as such OSPF doesn't get too happy after $a_lot_less prefixes. Those numbers can be debated as you like, but I think if you were to redist bgp ospf on a lab machine you'd get the point. Disclaimer: I've never run IS-IS operationally, just in the lab. -Jack > Which makes no sense to me. I originally looked at both and thought OSPF to > be inferior to IS-IS. That being said, OSPF is supported on more (and > cheaper) hardware. IS-IS can have additional licensing with some hardware > (where OSPF does not) and is often considered a "service provider" protocol > by vendors. > > > Jack >
Re: RIP Justification
> Both OSPF and IS-IS use Dijkstra. IS-IS isn't as widely used because > of the ISO addressing. Atleast thats my take on it.. Sorry, my mistake. I'll go sit in my corner now... -Jack
Re: Hey Leber - you think Melissa is going to issue that refund properly or do we need to escalate this into legal actions against HE
Clearly we should all care deeply about this. -J On Tue, Oct 12, 2010 at 11:52 AM, Jeff Harper wrote: > http://tinyurl.com/275rhhu > > - Original Message - > > From: "todd glassey" > > To: nanog@nanog.org, m...@he.net, "Hurricane Electric LLC" < > melis...@he.net> > > Sent: Tuesday, October 12, 2010 10:47:02 AM > > Subject: Hey Leber - you think Melissa is going to issue that refund > properly or do we need to escalate this into > > legal actions against HE > > Mike Leber - I have been waiting for a response from Melissa in your > > accounting department since she insisted I sign the VISA release in > > order to refund our money after your company violated the Co-Lo > > agreement and shut the power down to ROW 4 in Suite 1200 with no > > warning > > or Customer Service Response... > > > > How long is this going to take to process? > > > > > > Todd Glassey > > > > > > -- > > //- > > > > > > This message may contain confidential and/or privileged information. > > If you are not the addressee or authorized to receive this for the > > addressee, you must not use, copy, disclose or take any action based > > on this message or any information herein. If you have received this > > message in error, please advise the sender immediately by reply e-mail > > and delete this message. > > > > Thank you for your cooperation. > >
Re: NTP Server
More than likely, it's more important that all your machines are synced accurately in time to each other, vs. a wider sync range that's statistically closer to the 'real' value. -Jack Carrozzo On Sun, Oct 24, 2010 at 1:09 PM, Randy Bush wrote: > > 1) How necessary do you believe in local NTP servers? Do you really > >need the logs to be perfectly accurate? > > what is "perfectly accurate?" perfection is not very realistic. to > what use do you put these logs? what precision and jitter are required > for that use? > > imiho, if you are just comparing router and server log files, run off > public. if you are trying to do fine-grained measurement, you are going > to invest a lot in clock and propagation research. > > > 2) If you do have a local NTP server, is it only for local internal > >use, or do you provide this NTP server to your clients as an added > >service? > > i would generally let customers chime off routers which are strat 2 or > 3. if a customer has other needs, then they can deal. if they are > really concerned, they should not bet on me anyway. > > > 3) If you do have a local NTP server, do you have a standby local NTP > >server or do you use the internet as your standby server? > > again, depends on your needs. > > randy > >
Re: DDOS attack via as702 87.118.210.122
Whois is hard, let's go shopping: ja...@anna ~ $ whois as701 # # The following results may also be obtained via: # http://whois.arin.net/rest/asns;q=as701?showDetails=true # ASNumber: 701 - 705 ASName: UUNET ASHandle: AS701 RegDate:1990-08-03 Updated:2008-07-24 Ref:http://whois.arin.net/rest/asn/AS701 OrgName:MCI Communications Services, Inc. d/b/a Verizon Business OrgId: MCICS Address:22001 Loudoun County Pkwy City: Ashburn StateProv: VA PostalCode: 20147 Country:US RegDate:2006-05-30 Updated:2009-12-07 Ref:http://whois.arin.net/rest/org/MCICS OrgTechHandle: JHU140-ARIN OrgTechName: Huffines, Jody OrgTechPhone: +1-703-886-6093 OrgTechEmail: jody.huffi...@verizonbusiness.com OrgTechRef:http://whois.arin.net/rest/poc/JHU140-ARIN OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: abuse-m...@verizonbusiness.com OrgAbuseRef:http://whois.arin.net/rest/poc/ABUSE3-ARIN OrgNOCHandle: OA12-ARIN OrgNOCName: UUnet Technologies, Inc., Technologies OrgNOCPhone: +1-800-900-0241 OrgNOCEmail: hel...@verizonbusiness.com OrgNOCRef:http://whois.arin.net/rest/poc/OA12-ARIN OrgTechHandle: SWIPP-ARIN OrgTechName: swipper OrgTechPhone: +1-800-900-0241 OrgTechEmail: swip...@verizonbusiness.com OrgTechRef:http://whois.arin.net/rest/poc/SWIPP-ARIN -Jack Carrozzo On Tue, Oct 26, 2010 at 7:51 AM, Serg Shubenkov wrote: > > Hello, list. > > Please send me off-list abuse contact for as702. > > -- > Serg Shubenkov, MAcomnet, Internet Dept., Head of Inet Department > phone: +7 495 7969392/9079, +7 916 5316625, mailto:s...@macomnet.net > icq uin: 101964103, Skype: serg.v.shubenkov > > > >
Re: DDOS attack via as702 87.118.210.122
Well, I whois'd 702, got no match, said "hm, I see 701 all over the place, lemmy take a look" and found: ASNumber: 701 - 705 ASName: UUNET etc. Sorry, it was left as an exercise to the reader - didn't mean to be flippant. -Jack CArrozzo On Tue, Oct 26, 2010 at 10:07 AM, Adrian Chadd wrote: > On Tue, Oct 26, 2010, Cutler James R wrote: > > Jack, > > > > I agree that whois is hard. Please explain how you knew to query AS701 > when Serg asked about AS702. > > Brainfart. I understand why people confuse 701 with 702. > > $ whois -h whois.ripe.net AS702 > > % Information related to 'AS702' > > aut-num:AS702 > as-name:AS702 > descr: Verizon Business EMEA - Commercial IP service provider in > Europe > > ... > > > > Adrian > > > > > > computer:~ me$ whois as702 > > > > No match for "AS702". > > >>> Last update of whois database: Tue, 26 Oct 2010 13:47:47 UTC <<< > > > > Regards. > > > > Cutler > > > > On Oct 26, 2010, at 9:22 AM, Jack Carrozzo wrote: > > > > > Whois is hard, let's go shopping: > > > > > > ja...@anna ~ $ whois as701 > > > > > > > > > -Jack Carrozzo > > > > > > On Tue, Oct 26, 2010 at 7:51 AM, Serg Shubenkov > wrote: > > > > > >> > > >> Hello, list. > > >> > > >> Please send me off-list abuse contact for as702. > > >> > > >> -- > > >> Serg Shubenkov, MAcomnet, Internet Dept., Head of Inet Department > > >> phone: +7 495 7969392/9079, +7 916 5316625, mailto:s...@macomnet.net > > >> icq uin: 101964103, Skype: serg.v.shubenkov > > >> > > >> > > >> > > >> > > > > James R. Cutler > > james.cut...@consultant.com > > > > > > > > > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid > Support - > - $24/pm+GST entry-level VPSes w/ capped bandwidth charges available in WA > - > >
Re: ipfix/netflow/sflow generator for Linux
IPtraf can be setup to look at flows per-block, per interface, per vlan, etc and export the data every minute / 5 minutes. Back in the day I had it scripted to dump data into rrdtool and give pretty graphs. See the man page, it's well written. Cheers, -Jack Carrozzo On Mon, Dec 6, 2010 at 2:15 PM, Thomas York wrote: > At my current place of work, we use all Linux routers. I need to do some IP > accounting/reporting and am currently trying to use Scrutinizer. > Scrutinizer > can use netstream, jstream, ipfix, netflow, and sflow data without qualms. > My only issue is that I can't seem to find any good software for Linux that > works with multiple interfaces to generate the flow information. I've tried > ndsad, nprobe, softflowd, host sflow, and ipcad without much luck. Most of > the software only works on one interface (which is useless as I need to do > accounting for numerous interfaces). > > > > I've had the best luck with ipcad. The only thing that seems to not work > with it is that it doesn't correctly give the interface number in the flow > information. It refers to all interfaces as interface 65535. I've tried the > config option for ipcad to map an interface directly to an SNMP interface > ID, but that option of the config file seems to be ignored. > > > > Ntop functionally does exactly what I need, but it's extremely buggy. It > segfaults after a few minutes, regardless of Linux distro or Ntop version. > So..any ideas on what I can do to get good flow information from our Linux > routers? > >
Re: Skype info
On Wed, Dec 22, 2010 at 3:29 PM, Paul Graydon wrote: > > >> Details are on their blog: http://bit.ly/edtjxB %wget http://blogs.skype.com/ -O/dev/null --2010-12-22 20:45:36-- http://blogs.skype.com/ Resolving blogs.skype.com... 204.9.163.155 Connecting to blogs.skype.com|204.9.163.155|:80... failed: Operation timed out. ... -Jack
Re: Skype info
"Creating new mega-supernodes as fast as they can!" Definitely using that in a meeting tomorrow. Cheers, -Jack On Wed, Dec 22, 2010 at 3:52 PM, Jeremy Parr wrote: > Skype downtime today > > Earlier today, we noticed that the number of people online on Skype > was falling, which wasn’t typical or expected, so we began to > investigate. > > Skype isn’t a network like a conventional phone or IM network – > instead, it relies on millions of individual connections between > computers and phones to keep things up and running. Some of these > computers are what we call ‘supernodes’ – they act a bit like phone > directories for Skype. If you want to talk to someone, and your Skype > app can’t find them immediately (for example, because they’re > connecting from a different location or from a different device) your > computer or phone will first try to find a supernode to figure out how > to reach them. > > Under normal circumstances, there are a large number of supernodes > available. Unfortunately, today, many of them were taken offline by a > problem affecting some versions of Skype. As Skype relies on being > able to maintain contact with supernodes, it may appear offline for > some of you. > > What are we doing to help? Our engineers are creating new > ‘mega-supernodes’ as fast as they can, which should gradually return > things to normal. This may take a few hours, and we sincerely > apologise for the disruption to your conversations. Some features, > like group video calling, may take longer to return to normal. > > Stay tuned to @skype on Twitter for the latest updates on the > situation – and many thanks for your continued patience in the > meantime. > > On 22 December 2010 15:46, Jack Carrozzo wrote: > > > > On Wed, Dec 22, 2010 at 3:29 PM, Paul Graydon >wrote: > > > > > > > > >> Details are on their blog: http://bit.ly/edtjxB > > > > > > %wget http://blogs.skype.com/ -O/dev/null > > --2010-12-22 20:45:36-- http://blogs.skype.com/ > > Resolving blogs.skype.com... 204.9.163.155 > > Connecting to blogs.skype.com|204.9.163.155|:80... failed: Operation > timed > > out. > > > > ... > > > > -Jack >
Re: Linux Router distro's with dual stack capability
Lots of people roll FreeBSD with Quagga/pf/ipfw for dual stack. See the freebsd-isp list. -Jack Carrozzo On Thu, Feb 11, 2010 at 3:23 AM, William Pitcock wrote: > On Wed, 2010-02-10 at 17:12 -0700, Blake Pfankuch wrote: >> Anyone have some insight on a good dual stack Linux (or BSD) router distro? >> Currently using IPCop but it lacks ipv6 support. I've used SmoothWall >> Express but not in some time and not sure how well it works with IPv6. Not >> looking for something huge, just something for the equivalent of a small >> branch office. Site to Site VPN support and NAT translation capability for >> a few public IP addresses to private addresses are the only requirements. >> Public or private responses are welcome! > > We are having moderate success with IPv6 on Vyatta, but we have seen > neighbour discovery glitches in the current production images. > > The prerelease subscription code crashes on our vyatta appliances, so we > haven't tested that yet. > > William > > >
Re: Linux Router distro's with dual stack capability
Also IIRC you can tune the hash cache / tree algorithm - ie if your traffic is mostly a few addresses then the default prefix search is fine (with the caching) but for more sparse traffic as you'd see at an edge, disabling the cache and using the other algo proved a lot faster. There's a paper on this I saw a few years ago, will forward if I find it. -Jack Carrozzo On Thu, Feb 11, 2010 at 7:41 PM, Richard A Steenbergen wrote: > On Thu, Feb 11, 2010 at 03:46:13PM -0800, Kevin Oberman wrote: >> Polling is excellent for low speed lines, but for Gig and faster, most >> newer interfaces support interrupt coalescing. This easily resolves the >> issue in hardware as interrupts are only issued when needed but limited >> to a reasonable rate, Polling does not use interrupts, but consumes >> system resources regardless of traffic. >> >> FreeBSD has supported polling for a long time (V6?) and interrupt >> coalescing since some release of V7. (Latest release is V8.) > > I'm pretty sure it's been around for a lot longer than that. I seem to > recall playing with both back in 4.x. Of course interrupt coalescing is > mostly a function of the NIC (though some driver involvement is required > to take advantage of it), so the quality of the implementations have > varied significantly over the years. The first generation GE NICs which > offered it didn't do a particularly good job with it though, so for > example it was still possible to cripple a box with high interrupt > rates while the same box would be perfectly fine with polling. > > That said, I think your use case for polling is backwards. As you say, > "normally" the NIC fires off an interrupt every time a packet is > received, and the kernel stops what it is doing to process the new > packet. On a low speed (or at least low traffic) interface this isn't a > problem, but as the packet/sec rate increases the amount of time wasted > as interrupt processing "overhead" becomes significant. For example, > even a GE interface is capable of doing 1.488 million packets/sec. > > By switching to a polling based model, you switch off the interrupt > generation completely and simply check the NIC for new packets a set > rate (for example, 1000 times/sec). This gives you a predictable and > consistent CPU use, so even if you had 1.488M/s interrupts coming in you > would still only be checking 1000 times/sec. If you did less than > 1000pps it would be a net increase in CPU, but if you do more (or ever > risk doing more, such as during a DoS attack) it could be a net benefit. > This is makes the most sense for people doing a lot of traffic > regardless. > > Of course the downside is higher latency, since you're delaying the > processing of the packet by some amount of time after it comes in. In > the 1000 times/sec example above, you could be delaying processing of > your packet by up to 1ms. For most applications this isn't enough to > cause any harm, but it's something to keep in mind. Interrupt coalescing > works around the problem of large interrupt rates by simply having the > NIC limit the number of interrupts it generates under load, giving you > the benefits of low-latency processing and low-interrupt rate under high > load. I haven't played with this stuff in many many years, so I'm sure > modern interrupt coalescing is much better than it used to be, and the > extra work of configuring polling and dealing with the potential > latency/jitter implications isn't worth the benefits for most people. :) > > -- > Richard A Steenbergen http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > >
Re: CYMRU Bogon Peering
I agree - quick setup and no issues. A++ Would Peer Again -Jack Carrozzo On Fri, Feb 12, 2010 at 4:10 PM, Steve Bertrand wrote: > Thomas Magill wrote: >> In efforts to further protect us against threats I am considering >> establishing Bogon peers to enable me to filter unallocated address >> space. I am just wondering if this is a worthwhile step to take and if >> anyone has ran into any issues or points of concern that I may want to >> take into account. Thanks in advance for any input. > > I've used the service for a couple of years, and I find it works > wonderfully. Newly distributed IANA blocks are removed promptly, so no > need to worry about that. > > I peer with Cymru on my RTBH trigger boxes, which then redistribute the > list to all edge gear which blackholes it (dest and source) thanks to uRPF. > > No manual config or rule manipulation. > > Steve > > >
Re: CYMRU Bogon Peering
Current list of prefixes Cymru considers bogon: http://www.cymru.com/Documents/bogon-bn-nonagg.txt Does that answer the question? -Jack Carrozzo On Fri, Feb 12, 2010 at 4:21 PM, Mr. James W. Laferriere wrote: > Hello All , > > On Fri, 12 Feb 2010, Bill Blackford wrote: >> >> On Fri, Feb 12, 2010 at 12:51 PM, Thomas Magill >> >> >>> wrote: >> >>> In efforts to further protect us against threats I am considering >>> establishing Bogon peers to enable me to filter unallocated address >>> space. I am just wondering if this is a worthwhile step to take and if >>> anyone has ran into any issues or points of concern that I may want to >>> take into account. Thanks in advance for any input. >>> >>> >>> >>> Thomas Magill >>> Network Engineer >>> Office: (858) 909-3777 >>> Cell: (858) 869-9685 >>> mailto:tmag...@providecommerce.com <mailto:tmag...@providecommerce.com> >>> provide-commerce >>> 4840 Eastgate Mall >>> San Diego, CA 92121 >> >> I've been doing this for some time on two routers injecting the null >> routes >> into my AS. No issues. Beats the heck out of trying to use ACLs. However, >> the prefix count is rapidly diminishing as more blocks are being released >> by >> the various RIRs hence being pulled from the bogon list. >> -b > > I've a question for the CYMRU Team , My reasoning for posting here > is to get a much wide knowledge base . > > Does or Is the 'Bogon Peering' Product(?) , Only at the IANA->RIR > allocations level ? F.E.: IANA has allocated 1.0.0.0/8 to RIPE . > > Or > > Does the product also include the actual remaining non-allocated > space at the RIR->EU level ? (**) F.E: RIPE has allocated 1.0.1.0/24 to > anubusstupidity, inc. > > Tia , JimL > > ps: I am Very well aware that (so far) there is no standard format for > returned requests from *whois daemons . > -- > +--+ > | James W. Laferriere | System Techniques | Give me VMS | > | Network&System Engineer | 3237 Holden Road | Give me Linux | > | bab...@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | > +--+ > >
Re: Redundant BGP for lower cost
If you want to keep it cheap, roll out another Quagga edge - one to each peer. Drop default into OSPF from both edges, iBGP over a GE between them. If one toasts you'll only lose half your routes for 1s-ish, or however long you set your OSPF keepalives. While you're at it, add extra fans and run the edge systems off solid state disks or CF cards. Or, buy $real hardware. -Jack Carrozzo On Thu, Mar 4, 2010 at 12:17 PM, Alex Thurlow wrote: > Let me preface this by saying that I'm not a full time network admin, but > we're a small company and I'm the only one handling this. Our budget is > also not huge, but we're at the point where extended downtime would cost us > enough money that we can spend some money to fix the problem. > > Here's my situation: I have two providers, each handing me gigabit > ethernet. I'm getting full BGP feeds and handling them with a Linux/Quagga > router. We max out at about 100kpps, as we're mostly pushing video which > gives us a large packet size. It works fine, and I've been happy with it so > far. But, we've gotten to the point where I want a backup router of some > sort in case something happens to that one, what with the fans and disks > that could fail. I see a few options. > > 1. Just set up another Quagga box and use keepalived or some other HA > solution. > 2. Buy a Cisco/Juniper/whatever and then have the Quagga box as backup. > 3. I have a 6500 behind the router that's just doing switching. Could I > have something switch that to static route all traffic to one of my > providers if something happened to the router? The 6500 has Sup1A with > MSFC2 running IOS native. > > On the Cisco side, I see that we could probably run a 7200VXR with NPE-G1 > (about $6000 on ebay). Moving to the Sup720, even used is probably out of > our price range. > > What do you guys think I should use here? > > Thanks, > Alex > > >
Re: Time for a lounge mailing list
lounge is good - off topic seems to say that *no* operational content will be discussed, whereas with "lounge" we can simply move long threads most people don't care about over there (ie: trolling, TDM, etc) -Jack Carrozzo On Wed, Mar 31, 2010 at 12:19 PM, Brandon Galbraith wrote: > nanog-c...@nanog.org? > > On Wed, Mar 31, 2010 at 11:13 AM, Azinger, Marla < > marla.azin...@frontiercorp.com> wrote: > >> I'm sending this to the proper request email. >> >> This is a decent idea that I support. >> >> NANOG Crew please read the below email and consider establishing a separate >> "socializing" email address so operational topics only exist on the current >> email list. >> >> Cheers >> Marla Azinger >> >> -Original Message- >> From: Daniel Senie [mailto:d...@senie.com] >> Sent: Wednesday, March 31, 2010 8:47 AM >> To: NANOG list >> Subject: Time for a lounge mailing list >> >> It's been clear for a very long time that the NANOG crowd likes to >> socialize. At NANOGs, social settings are where connections are made, beers >> consumed, sometimes scuba dives shared or other local attractions explored. >> It is certainly a good thing, and fosters much useful discussion among peers >> who become friends. >> >> That said, the nanog@nanog.org mailing list often is overrun with >> non-operational discussion. Certainly there are some good examples today, >> such as job titles, or arguing about the best way to rid the list of a >> troll. >> >> Creation of a second mailing list to handle non-operational, social traffic >> for the nanog crowd would be one way to keep the main list on topic. Might >> even boost productivity, as folks could more easily defer reading and >> responding to the non-operational stuff until their off-hours. >> >> So how about it? lou...@nanog.org? offto...@nanog.org? >> >> >> >> >> > > > -- > Brandon Galbraith > Voice: 630.492.0464 >
Re: Home CPE choice
Given a marked lack of $significant funding for home routing, I rock BSD boxen all over. At one point we had several doing OSPF in my apartment (because we could) but I moved and am now behind a single Sun Netra ($30) with BSD, natd, and iptables. Works beautifully. If you're only interested in real routing hardware, I'd probably go with the low-end cisco SOHO stuff, or if you still have a 2600 sitting around and only roll DSL, that will work nicely. -Jack Carrozzo On Wed, Mar 31, 2010 at 6:55 PM, Charles N Wyble wrote: > > Hopefully this e-mail is considered operational content :) > > > The recent thread on the new linkys kit and ipv6 support got me thinking > about CPE choice. > > What good off the shelf solutions are out there? Should one buy the high end > d-link/linksys/netgear products? I've had bad experiences with those > (netgear in particular). > > Should one get a "real" cisco router? The 877 or something? Maybe an ASA or > the new small business targeted ISR (can't recall the model number off hand > right now). There is mikrotik but I'm not so sure about the operating > system. > > Is there a market for a new breed of CPE running OpenWRT or pfsense on > hardware with enough CPU/RAM to not fall over? > > Granted that won't cost $79.00 at best buy. However it seems to me that > decent CPE is going to run a couple hundred dollars in order to have > sufficient ram/cpu. > > My current home router is a cisco 1841. I keep my 6mbps DSL line pretty much > saturated all the time. Often times my wife will be watching Hulu in the > living room, I'll be streaming music and running torrents (granted I have > tuned my Azures client fairly well) all at the same time and it's a good > experience. Running that kind of traffic load through my linksys would > cause it to need a reboot once or more a day. > > What are folks here running in SOHO environments that doesn't require too > frequent oil changes :) > > >
Re: Raised floor, Solid floor... or carpet?
"Our schedule for replacing the carpet was accelerated due to an approaching forced service contract expiration on our Roombas. The carpet pile was just getting to be too short for the Roombas to be efficient in their routes, and they would sometimes choke." Shear brilliance. That must be rather surprising to people used to standard facilities, seeing a hoard of Roombas stalking you... -Jack Carrozzo On Thu, Apr 1, 2010 at 11:55 AM, Scott Howard wrote: > Adding to the recent debate over raised v's solid floor, seem there's > another option that wasn't discussed... > > http://www.iphouse.com/ > > Scott. >
Re: Raised floor, Solid floor... or carpet?
>> Nice to see smaller companies take the time to put up a good April >> fool's joke as well. ...Wow I got totally owned. Retreating to my corner, -Jack Carrozzo On Thu, Apr 1, 2010 at 12:36 PM, Michael Holstein wrote: > >> Adding to the recent debate over raised v's solid floor, seem there's >> another option that wasn't discussed... >> >> http://www.iphouse.com/ >> > > Nice to see smaller companies take the time to put up a good April > fool's joke as well. > >
Re: Best Practice: 2routers, 2isp, 1AS
Could also just push default into OSPF from both ends (assuming you have the iBGP between both borders) if your goal is redundancy. -Jack Carrozzo On Wed, Apr 7, 2010 at 10:06 AM, Dylan Ebner wrote: > You can still use vrrp in the inside. We have a similar configuration to what > you have defined. Two routers, 4 ISPs, BGP annoucing 2 /24's. We get partial > routes and prepend on 3 of the isps to only use our primary. Our primary is > delivered via fiber and the backup isps are delivered via copper ethernet. We > use interface tracking with reachability to determine if we are having a > problem with one of our downstreams. This way, if we still have a link light, > but no traffic flow we can detect and adjust accordingly. > > > > Dylan > > -Original Message- > From: Beavis [mailto:pfu...@gmail.com] > Sent: Wednesday, April 07, 2010 12:42 AM > To: nanog@nanog.org > Subject: Re: Best Practice: 2routers, 2isp, 1AS > > thanks for the reply brian. :) > > sorry for a bit lack on the info, I was thinking of using VRRP. but my > 2 links are running on different interface-types isp1 runs via > ethernet while the other is on an ATM interface. I only have 1 router > that has an ATM interface. setting it to VRRP would cause me problems > if it was a physical failure. I have a small /24 to advertise on my > AS. I'll go and check on the "Performance Based Routing" you > recommend. > > > thanks, > -b > > On Tue, Apr 6, 2010 at 11:25 PM, Brian Feeny wrote: >> >> There are alot more questions that need to be asked. Like how much address >> space do you have to announce? What routes are you getting from each ISP? >> >> Assuming you are an end user, and knowing the very limited information I >> know at this point, I would make sure that these two routers LAN interfaces >> are in some sort of transit vlan/subnet with my downstream router, which >> would also be participating in iBGP. Alternately you could have that router >> do VRRP/HSRP with your two border routers, but I prefer iBGP. >> >> I would then setup both routers using OER (Optimized Edge Routing, i think >> now known as Performance Based Routing), to handle outbound. You could just >> announce your /24 out each provider (assuming that's what you had) to handle >> inbound, or if you have larger than that you could announce the aggregate >> out both and more specifics out each to do some type of balancing. >> >> Its hard to say there is a best practice here, as there are so many >> scenarios. I will say that I like OeR/PfR for edge customers who are dual >> homed. BGP is very arbitrary, and its nice to have some real metrics that >> mean something to play with :) >> >> Brian >> >> >> On Apr 7, 2010, at 1:14 AM, Beavis wrote: >> >>> Greetings! >>> >>> Want to ask out anybody on the list about a "best practice" of the >>> setup below: >>> >>> - 2 ISP's (A & B) >>> - 2 Routers (A & B) >>> >>> I want Router-A for ISP-A, Router-B for ISP-B and have Router-A & >>> Router-B talk and be able to pass routes on each side in an event of a >>> physical failure on one of the Routers. >>> >>> I was planning at first to setup a multi-home BGP, but I want to have >>> physical redundancy as well. >>> >>> ASCII-diag >>> >>> =--[RouterA]--isp1(bgp) >>> L | >>> A iBGP >>> N | >>> =--[RouterB]--isp2(bgp) >>> >>> Any recommendation would awesomely appreciated. >>> >>> -B >>> >>> >>> -- >>> () ascii ribbon campaign - against html e-mail >>> /\ www.asciiribbon.org - against proprietary attachments >>> >> >> > > > > -- > () ascii ribbon campaign - against html e-mail > /\ www.asciiribbon.org - against proprietary attachments > > > >
Re: Likely /8 Scenario - Carriers will TAKE what they want ?
Might want to save the we're-all-going-to-die for nanog-lounge or whatever was created and leave the more likely operational scenarios here. Just sayin' -J On Thu, Apr 8, 2010 at 2:53 PM, IPv3.com wrote: > Likely /8 Scenario - Carriers will TAKE what they want ? > > As /8s are needed by Carriers (not ISPs) they will likely be able to > just take them. > Who will stop them. They have the Imperial Walker Routers & Gear. > > http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt > > http://en.wikipedia.org/wiki/Walker_%28Star_Wars%29 > >
Re: Tracking down reverse for ip
ja...@anna ~ $ whois 12.43.95.126 AT&T WorldNet Services ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255 GARY SURDYKE MOTORCYCLE INC. ATT240-95-112 (NET-12-43-95-112-1) 12.43.95.112 - 12.43.95.127 ja...@anna ~ $ whois ATT240-95-112 OrgName:GARY SURDYKE MOTORCYCLE INC. OrgID: GSM-19 Address:2435 HIGHWAY 67 City: FESTUS StateProv: MO PostalCode: 63028 Country:US NetRange: 12.43.95.112 - 12.43.95.127 CIDR: 12.43.95.112/28 NetName:ATT240-95-112 NetHandle: NET-12-43-95-112-1 Parent: NET-12-0-0-0-1 NetType:Reassigned Comment: RegDate:2002-03-22 Updated:2002-03-22 RTechHandle: DB2308-ARIN RTechName: Burgess, Dennis RTechPhone: +1-636-931-8700 RTechEmail: dmburg...@surdyke.com OrgTechHandle: DB2308-ARIN OrgTechName: Burgess, Dennis OrgTechPhone: +1-636-931-8700 OrgTechEmail: dmburg...@surdyke.com -Jack Carrozzo On Thu, Apr 15, 2010 at 4:07 PM, Dennis Burgess wrote: > I have a customer that has an IP of 12.43.95.126. Currently, I can not > get any reverse on this IP. > > > > What is the best way to find out the responciable servers for this? > Thanx in advance. > > > > --- > Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE, > MTCTCE, MTCUME > Link Technologies, Inc -- Mikrotik & WISP Support Services > Office: 314-735-0270 Website: http://www.linktechs.net > <http://www.linktechs.net/> > LIVE On-Line Mikrotik Training <http://www.onlinemikrotiktraining.com> > - Author of "Learn RouterOS" <http://routerosbook.com/> > > > >
Re: DSL "aggregation".... NO
You can balance over DSL by putting different L2TPv3 tunnels over each physical device and agg it at someplace with real connections and such. It's possible to do it with GRE or OpenVPN too, but much less classy. Clearly the downside of this is that you need an agg machine on your end somewhere, but it gives you lots of control for sure. -Jack Carrozzo On Thu, Apr 15, 2010 at 5:05 PM, Bill Lewis wrote: > Group, > > Since I'm told that DSL aggregation / mux is currently not possible, we > are looking at doing stream splitting via a technology like FatPipe > uses. Anyone have this in production usage? Or something similar? > > Cisco has offered some ways to split via CEF, but most DSL carriers do > not have this turned on / available. > > > > Thank you, > > Bill > > Network dude > >
Re: Reverse DNS Question
> What is the purpose for this besides resolving name-based reverse lookups? Resolving the reverse lookups IS the reason they need the nameservers - how else do you reckon queries on one of your IPs would end up finding the correct answer? In the same manner that you tell your domain registrar where to find nameservers for that domain, you're telling ARIN what servers can handle a query for [your-ips].IN-ADDR.ARPA > Are there any definitive guides out there on how this works (besides the > ARIN site)? On setting up nameservers? Googling 'configuring BIND' will lead you on your way, unless you're already using a different nameserver daemon. As far as I know there are no ARIN-specific requirements to it. Cheers, -Jack Carrozzo > > I know this is really basic stuff but I don't know it and have never needed > to know it until now. > > Thanks > > -- > __ > James Martin > jamesmar...@ieee.org >
Re: ipv6 transit over tunneled connection
Occaid will generally transit you via two tunnels to their endpoints. I used them for a year with zero issues in addition to an HE tunnel. -Jack Carrozzo On Thu, May 13, 2010 at 6:18 PM, Michael Ulitskiy wrote: > Hello, > > We're in the early stage of planning ipv6 deployment - > learning/labbing/experimenting/etc. > We've got to the point when we're also planning to request initial ipv6 > allocation from ARIN. > So I wonder what ipv6 transit options I have if my upstreams do not support > native ipv6 connectivity? > I see Hurricane Electric tunnel broker BGP tunnel. Is there anything else? > Either free or commercial? > Thanks, > > Michael > >
Re: ipv6 transit over tunneled connection
I agree - if you can get native v6 transit then more power to you. But tunnels are sure better than no IPv6 connectivity in my mind. Aside from slight performance/efficiency issues, I've never had an issue. -Jack Carrozzo On Fri, May 14, 2010 at 2:29 PM, Franck Martin wrote: > > > - Original Message - > From: "Christopher Morrow" > To: "Michael Ulitskiy" > Cc: nanog@nanog.org > Sent: Thursday, 13 May, 2010 6:39:28 PM > Subject: Re: ipv6 transit over tunneled connection > > On Thu, May 13, 2010 at 6:18 PM, Michael Ulitskiy > wrote: > > Hello, > > > > We're in the early stage of planning ipv6 deployment - > > learning/labbing/experimenting/etc. We've got to the point when we're > > also planning to request initial ipv6 allocation from ARIN. > > So I wonder what ipv6 transit options I have if my upstreams do not > > support native ipv6 connectivity? > > I see Hurricane Electric tunnel broker BGP tunnel. Is there anything > > else? Either free or commercial? > > 1) see gblx/ntt/sprint/twt/vzb for transit-v6 > 2) tunnel inside your domain (your control, your MTU issues, your > alternate pathing of tunnels vs pipe) > 3) don't tunnel beyond your borders, really just don't > > tunnels are bad, always. > -chris > > I see so many times, that tunnels are bad for IPv6, but this is the way > IPv6 has been designed to work when you cannot get direct IPv6. So I would > not say tunnels are bad, but direct IPv6 is better (OECD document on IPv6 > states the use of tunnels). > > If the issue with tunnel is MTU, then a non-negligible part of IPv4 does > not work well with MTU different of 1500. With IPv6 we bring the concept of > jumbo packets, with large MTU. If we cannot work with non standard MTUs in > IPv6 tunnels, how will we work with jumbo packets? > >
Re: Advice regarding Cisco/Juniper/HP
A couple consulting gigs I did had 3Com stuff since it was cheap and they got educational deals. They were consulting me to put in Cisco gear ;-) This was admittedly 3-4 years ago. I've never met anyone who has told me positive stories about 3Com equipment, but I suppose I'm biased also from the horror stories. My $0.02, -Jack On Thu, Jun 17, 2010 at 10:18 AM, Andrew D Kirch wrote: > On 06/17/2010 09:52 AM, James Smith wrote: > >> So my questions to the NANOG community are: Would you recommend HP over >> Cisco or Juniper? >> > Not for core networking. > > How is HP's functionality and performance compared to Cisco or Juniper? >> > HP's Procurve switches have been around forever, they're about the same > quality as a 2xxx 3xxx Cisco, but nothing better > > Does anyone have any HP networking experiences they can share, good or >> bad? >> >> > never had any issues with them. > >
Re: BGP Tool for Simulation
Roll quagga / BGPd on *nix and bring up sessions with whatever you like. For full tables, you can either hack up a few lines of perl to output a bunch of 'network a.b.c.d' lines from any of the available text looking glasses into the bgpd conf, or just bring up ebgp-multihop session with one of your borders or one of your friends. Prefix lists, communities, etc are all supported. -Jack Carrozzo On Sun, Jun 27, 2010 at 9:32 PM, GIULIANOCM (UOL) wrote: > People, > > I am looking for a tool (free or not) to simulate BGP full internet route > table peering and injection using real CISCO and JUNIPER routers. > > We have found some power tools like Spirent or Agilent but they are a too > expensive to acquire for now. > > The main idea is to have a software tool for unix or linux system, that > supports to simulate a cloud a carrier or an ISP, to work with real routers, > establishing connection using BGP protocol and injecting on this real > routers the full internet routing table - ipv4 or ipv6. > > Do you know some collection of tools (software tools) that we can use to do > this kind of work ? > > It is possible to collect full internet routing table and inject it to a > real router using a software for simulate real conditions ? > > Besides, the tool will need some additional features in simulation like the > set of communities, local preference, med and other BGP attributes. > > What do you recommend for this tasks ? > > Thanks a lot, > > Giuliano > >
Re: OT: Voice Operators' Group forming
> Are you planning to favor this new group with any poetry readings ? I for one am looking forward to the haikus. -Jack Carrozzo > > Regards > Marshall > > On Jul 28, 2009, at 5:49 PM, Brandon Butterworth wrote: > >>> NAVOG works for me. >> >> I'd prefer Voice Operators' Group Online Network >> >> brandon >> >> > > >
Re: IPv6 in the ARIN region
OCCAID as well. -Jack Carrozzo On Tue, Oct 13, 2009 at 1:08 PM, Ryan Werber wrote: > You can add TiNet AS3257 to the list. > > > Ryan Werber > Sr. Network Engineer > Epik Networks > > > > -Original Message- > From: Seth Mattinen [mailto:se...@rollernet.us] > Sent: Tuesday, October 13, 2009 11:28 AM > To: nanog@nanog.org > Subject: IPv6 in the ARIN region > > New thread: who will route the full IPv6 table? So far I'm seeing PI > /48's out of 2620:0:/23 from: > > NTT, 2914 > AT&T, 7018 > Sprint, 1239 and 6175 > Hurricane, 6939 > Level 3, 3356 > Global Crossing, 3549 > Qwest, 209 > > Did I miss anyone? Qwest only carries one route (out of 4 total) though, > don't know if that's an exception or they only have one ARIN PI customer. > > ~Seth > >
Re: Speed Testing and Throughput testing
iperf is fairly standard and supports some handy features - http://en.wikipedia.org/wiki/Iperf -Jack Carrozzo On Mon, Nov 2, 2009 at 4:56 PM, Mark Urbach wrote: > Anyone have a good solution to get "accurate" speed results when testing at > 10/100/1000 Ethernet speeds? > > Do you have a server/software that customer can test too? > > > > Thanks, > Mark Urbach > PinPoint Communications, Inc. > 100 N. 12th St Suite 500 > Lincoln, NE 68508 > 402-438-6211 ext 1923 Office > 402-660-7982 Cell > mark.urb...@pnpt.com > [cid:image003.jpg@01CA5BD5.1A5CEE20] > >
Re: co-location and access to your server
The answer, as always, is "how much do you want to pay?" There are lots of cheap places that make it a hassle for you to get in so you use their remote hands, or just let you in on their terms so they don't have to keep the place open at night. -Jack Carrozzo On Wed, Jan 12, 2011 at 3:24 PM, Jeroen van Aart wrote: > Cruzio in Santa Cruz recently opened a little co-location facility. That > makes two of such facilities in Santa Cruz (the other being got.net), > which could be a good thing for competition. > > Their 1U offer comes with limited access to your server, only from 10AM to > 6 PM. I find that not acceptable. Why wait until 10 AM when a disk breaks at > 8 PM? But maybe I am being too picky. > > What is considered normal with regards to access to your co-located > server(s)? Especially when you're just co-locating one or a few servers. > > Thanks, > Jeroen > > -- > http://goldmark.org/jeff/stupid-disclaimers/ > http://linuxmafia.com/~rick/faq/plural-of-virus.html > >
Re: Dual Homed BGP for failover
You can just accept directly-connected peers from each network (or within 2 AS's, etc) then point a default at each one with different preferences. You can do with with two edges if you like also: iBGP between the edges, and push default into OSPF from both. WRT dynamic load balancing... generally if your network is large enough for two upstreams you'll have a pretty good distribution of flows so once you get the prefs and prepends setup the way you like, thing won't shift that rapidly. In my experience at least... -Jack Carrozzo On Tue, Jan 18, 2011 at 1:32 PM, Ahmed Yousuf wrote: > Hi, > > > > I'm looking at a setup where we use BGP to announce PI space to two > upstream > ISPs. ISP A provides a 30Mb/s connection and ISP B provides a 10Mb/s. > Originally the plan was to use ISP B's link as a backup and local pref > traffic outbound via ISP A and pref inbound using AS prepend via ISP A. > It > has now been requested to be able to distribute traffic across both links > rather than preference traffic to the higher speed link. We are going to > be > using Juniper SRX210s to do this. I have some questions: > > > > - Is this really a good idea, as the BGP process won't care what > the utilisation of the links are and you will see situations where the > lower > speed link gets used even though the high speed link utilisation is 0? > > > > - If we are doing this, I don't want to take a full routing table, > I would rather just take the ISPs routes and perhaps their connected > customers. One ISP has said they will only provide full routing table or > default. I really don't want to take a full table, is receiving default > only going to be a problem for my setup? > > > > - Any advice on how to avoid situations where the low bandwidth > link is being used even though there is 0 utilisation on the high bandwidth > link? > > > > Thanks > > > > Ahmed > >
Re: Dual Homed BGP for failover
On Tue, Jan 18, 2011 at 3:57 PM, Jack Bates wrote: > You should still be careful, as most processors keep a copy of filtered > routes as well, so while your forwarding table may not increase, your route > processor memory most likely will. > > I don't think this is the case, on IOS at least. Some years ago I was rocking some 7500s with $not_enough ram for multiple full tables, but with a prefix list to accept le 23 they worked fine. -Jack Carrozzo
Re: Dual Homed BGP for failover
Yep, the great thing about IOS without 'commit confirmed' is when you remove a bgp filter, it runs out of memory, reboots, brings up peers, runs out of memory, reboots... meanwhile if you're trying to get in over a public interface you're cursing John Chamber's very existence. Not that that's ever happened to me of course... -Jack Carrozzo On Tue, Jan 18, 2011 at 4:19 PM, Jack Bates wrote: > > > On 1/18/2011 3:03 PM, Jack Carrozzo wrote: > >> I don't think this is the case, on IOS at least. Some years ago I was >> rocking some 7500s with $not_enough ram for multiple full tables, but >> with a prefix list to accept le 23 they worked fine. >> >> > On JunOS, I know I can view pre and post filtered bgp updates ingress and > egress. I seem to recall seeing similar functionality introduced into IOS, > though I'm less certain. It's still always advisable to be careful. :) > > > Jack >
Re: anyone running GPS clocks in Southeastern Georgia?
As I understand it, they're trying to get the WAAS sat back online and working properly after it went on walkabout some time ago. It's currently in a nonstandard orbit while they work on it. I suppose it's just pure speculation that they'd only be working on the WAAS service since the NOTAM doesn't say anything about it, but if that were the case there wouldn't be any effect to timing. -Jack Carrozzo On Fri, Jan 21, 2011 at 12:31 PM, Robert E. Seastrom wrote: > > It is unclear from this NOTAM whether this is an intentional > perturbation of the satellite signals vs. a terrestrial transmitter > (my money is on the latter), but it illustrates why one might want > geographically dispersed time sources on one's network, as well as why > the current trend towards decommissioning LORAN (and in the future, > other navaids) in favor of reliance on a single source is a Bad Plan. > > I'd be curious to see what effects (if any) those who use > GPS-disciplined NTP references in Southeastern Georgia see from this > experiment. > > > https://www.faasafety.gov/files/notices/2011/Jan/GPS_Flight_Advisory_CSFTL11-01_Rel.pdf > > -r > > >
Re: anyone running GPS clocks in Southeastern Georgia?
On Fri, Jan 21, 2011 at 12:36 PM, Majdi S. Abbas wrote: > >Nahh, that was the western WAAS sat, IIRC. > >This is...Something Else Entirely. > Ahh, my mistake. Sitting in the back now, -Jack Carrozzo
Re: Ipv6 for the content provider
Bind and apache work with v6 out of the box, and have for years. As I understand it, when a client requests a particular domain of yours and gets an A and an , the client will default to the (assuming it's on a v6 network) and attempt to communicate as such. Failing that, it will fall back to the v4 A record. So in short, yes, it's as simple as telling the daemons to listen on your v6 addresses and adding the records. Just think how happy your 1 client/customer using IPv6 will be ;-) -Jack Carrozzo On Wed, Jan 26, 2011 at 1:22 PM, Charles N Wyble wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello, > > > All the recurring threads about prefix length, security posture, ddos, > consumer CPE support have been somewhat interesting to my service > provider alter ego. Ipv6 is definitely on folks minds this year. The > threads seem a lot less trollish as well. It appears some significant > progress is being made, and peoples opinions are firming up. Hopefully > this will help move ipv6 adoption forward. > > I have recently turned up an ipv6 tunnel with he.net and have end to end > connectivity. I'm using pfsense as my routing platform. It was pretty > easy (about 10 minutes of total work I think). So I can connect to > various ipv6 enabled sites on the interwebz. This seems to be the first > step in deployment. > > > For the most part, I'm a data center/application administrator/content > provider kind of guy. As such, I want to provide all my web content over > ipv6, and support ipv6 SMTP. What are folks doing in this regard? > > Do I just need to assign ip addresses to my servers, add records to > my DNS server and that's it? I'm running PowerDNS for DNS, Apache for > WWW. Postfix for SMTP. > > Feel free to point me at any good manuals and say RTFM :) > > > > - -- > Charles N Wyble (char...@knownelement.com) > Systems craftsman for the stars > http://www.knownelement.com > Mobile: 626 539 4344 > Office: 310 929 8793 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBAgAGBQJNQGZvAAoJEMvvG/TyLEAt9ykP/ROLSWz3LmAF78OMBEhWEMvX > MjOVR2QK6kQ3byV8WLro95tCOuyo8L8fUC60KyFh4XRsedb7xk6S8cTER80zmGzG > rOAFVpNyJ1QzCcf4MYpj8xHn9zM6Fywft4VzKQEgDvlV8yD0VZKJi+fNj4noZ5oK > tmM1s9Is5db3d5ldrC6M54TQJsbaZiuz+FrFtpkENraJIWlOeU3laM6kvwzvYpok > BKtnaY6zBq42QovpJ+MU+lmanCB6Z0r3e2cSB+N7XJL0Va/Y2IW/eZn35S+dE3xk > y7RPSZu2jDxJ6atQJVIBpjfL6oqUUr+0RHc+gX4VJyOrwpEuJQ/GvTiRDTUZkA0A > twhvQnS6yc5G8L+iwID4YqkVKNCFcJUtAHUntqmy1FqTe9iQSlZdUPPhKrkRE7zW > B2S2T0Lv6a/neHU5yfsGjiYbIAy7keXoiMPbR4ZJxC/KkogfWNgMZBVpjGVn0NI4 > COOymyFYgvQFiXIpvmpQn0iLFcWmmGdwV2DPvxMArdmfw2SeyipJiBSeeEbb4ZG4 > kw1LOrI7+OGnoDEByAtkZPh42wAbXbrSw9WeWvphAsQ2dAmASqXUKuHTDXd1laCC > yi37NTRmWACNHKcVEhpk3saJDCsPPVx6ECYfhSsSALZDn6696BvFXZnN2423Fmk7 > dtMKM38+rxz9r4IL5O+n > =Mi6R > -END PGP SIGNATURE- > >
Re: Need provider suggestions - BGP transit over GRE tunnel
The general way this works for a small shop is two transits - one cheap provider who you move most of your bits over, and one more expensive but reliable link. Prepend / localpref / whathaveyou to your hearts content until pleased with your bandwidth bill, and when your cheap link toasts you're all set. What you're suggesting with the GRE over commodity links would *work*, but: (a) By the time you convince a network that they should do this for you, you're likely going to be out as much money as just brining up directly connected transit and not pushing much traffic at them. (b) You're using the GRE setup as your backup... over a setup thats about 100x less reliable than your primary link. -Jack Carrozzo
Re: Best current looking glass software builds
If you don't mind mod_perl, the looking glass included with Rancid works OK with SSH. Don't know what you mean by "newer looking", since there's not much to the interface - you can just drop your logos and such in there. -Jack Carrozzo On Fri, Jan 28, 2011 at 10:36 AM, Peter Kranz wrote: > Anyone done a recent scan of newer looking glass software implementations > for apache? We've used cougar's for several years, but have been problems > with its SSH implementation lately. > > > > Peter Kranz > www.UnwiredLtd.com <http://www.unwiredltd.com/> > Desk: 510-868-1614 x100 > Mobile: 510-207- > pkr...@unwiredltd.com > > > >
Re: quietly....
On Mon, Jan 31, 2011 at 9:55 PM, Jimmy Hess wrote: > > IPv4's not dead yet; even the first RIR exhaustion probable in 3 - > 6 months doesn't end the IPv4 ride. > > There is some hope more IPv4 organizations will start thinking about > their plans for establishing connectivity with IPv6; so they can > commmunicate with IPv6-only hosts that will begin to emerge > later. > What organizations (eye networks) will do is layer NAT till the cows come home for some years to come. Buckle up! -Jack Carrozzo
Re: ipv6 transit over tunneled connection
We pick up v6 from HE currently (like the rest of the world). L3 offered us dual stack also, but they wanted money to set it up plus MRC. None of our Bits That Matter (tm) go over v6 anyhow. (I guess the right phrase would be "revenue producing bits"). -Jack Carrozzo On Mon, May 17, 2010 at 9:51 AM, Eric Van Tol wrote: > > -Original Message- > > From: Jared Mauch [mailto:ja...@puck.nether.net] > > Sent: Friday, May 14, 2010 2:49 PM > > To: Jack Carrozzo > > Cc: nanog@nanog.org > > Subject: Re: ipv6 transit over tunneled connection > > > > I'm curious what providers have not gotten their IPv6 > > plans/networks/customer ports enabled. > > > > I know that Comcast is doing their trials now (Thanks John!) and will be > > presenting at the upcoming NANOG about their experiences. > > > > What parts of the big "I" Internet are not enabled or ready? > > > > We don't see Savvis, Level3, or AboveNet with IPv6 capabilities in our > region (DC). Two years ago, neither Verizon or AT&T had IPv6, either. Not > sure about them now, as we no longer use them for transit. One would think > everyone would have v6 capabilities in the heart of government territory, > but okay. > > For whatever reason, Verio actually charges (or used to) for their IPv6 > separately from IPv4 and to top it all off, it wasn't significantly > discounted. > > -evt > > >
Re: Howto for BGP black holing/null routing
Maybe I read your question wrong, but null-routing things at your border is often not very useful if the traffic is flooding your transit links. Most transits publish their community lists - you just need to tag the prefix you want to blackhole with the right community. See example from HE: http://www.he.net/adm/blackhole.html <http://www.he.net/adm/blackhole.html>-Jack Carrozzo On Tue, Feb 22, 2011 at 4:42 PM, David Hubbard < dhubb...@dino.hostasaurus.com> wrote: > I was wondering if anyone has a howto floating around on the > step by step setup of having an internal bgp peer for sending > quick updates to border routers to null route sources of > undesirable traffic? I've seen it discussed on nanog from > time to time, typically suggesting using Zebra, but could > not search up a link on a step by step. > > Thanks, > > David > >
Re: Internet Edge Router replacement - IPv6 route table sizeconsiderations
Get a cheap J series, load it full of memory, forget about it. If you haven't played with Juniper gear before, you will be quite pleased. -Jack Carrozzo On Tue, Mar 8, 2011 at 8:58 PM, George Bonser wrote: > > > > -Original Message- > > From: Chris Enger [mailto:chr...@ci.hillsboro.or.us] > > Sent: Tuesday, March 08, 2011 5:18 PM > > To: 'jgood...@studio442.com.au'; 'nanog@nanog.org' > > Subject: RE: Internet Edge Router replacement - IPv6 route table > > sizeconsiderations > > > > Our Brocade reps pointed us to the CER 2000 series, and they can do up > > to 512k v4 or up to 128k v6. With other Brocade products they spell > > out the CAM profiles that are available, however I haven't found > > specifics on the CER series. > > > > Chris > > \ > > CER features are here: > > > http://www.brocade.com/products/all/routers/product-details/netiron-cer-2000-series/features.page > > >
Re: Alternatives to GSLB ?
Anycast works. [...] we are looking for ideas on > how to 1) ensure clients are routed to the closest geographical server 2) > ensure the client hits the server(s) with the shortest path. > No need to deal with that yourself when BGP eats that problem for breakfast lunch and dinner. -Jack Carrozzo
Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.
That's basically what compression is. Except rarely (read: never) does your Real Data (tm) fit just one equation, hence the various compression algorithms that look for patterns etc etc. -J On Wed, May 18, 2011 at 4:07 PM, Landon Stewart wrote: > Lets say you had a file that was 1,000,000,000 characters consisting of > 8,000,000,000bits. What if instead of transferring that file through the > interwebs you transmitted a mathematical equation to tell a computer on the > other end how to *construct* that file. First you'd feed the file into a > cruncher of some type to reduce the pattern of 8,000,000,000 bits into an > equation somehow. Sure this would take time, I realize that. The equation > would then be transmitted to the other computer where it would use its > mad-math-skillz to *figure out the answer* which would theoretically be the > same pattern of bits. Thus the same file would emerge on the other end. > > The real question here is how long would it take for a regular computer to > do this kind of math? > > Just a weird idea I had. If it's a good idea then please consider this > intellectual property. LOL > > > -- > Landon Stewart > SuperbHosting.Net by Superb Internet Corp. > Toll Free (US/Canada): 888-354-6128 x 4199 > Direct: 206-438-5879 > Web hosting and more "Ahead of the Rest": http://www.superbhosting.net >
Re: Ham Radio Networking (was Re: Rogers Canada using 7.0.0.0/8 for internal address space)
Nope, mostly HF (under 30mhz) gear at 300baud. Yes, you read that right. I've seen a couple shorter hops of fractional T1 on 900mhz or 9600baud AX.25 on 144mhz, but there just aren't enough links to use line of site frequencies. Push mad bits, -Jack Carrozzo On Thu, May 26, 2011 at 10:34 AM, Christopher Pilkington wrote: > On Thu, May 26, 2011 at 2:12 AM, Matthew Kaufman > wrote: > > You just need to move up in frequency a bit. My slowest ham-band link > runs at 12 Mbps and my fastest at over 100 Mbps. > > > > Good reminder that I should renumber the IPv4 portion of that network to > somewhere in 44.0.0.0/8 however. > > What hardware/frequencies/technology are you using for these links? > Repurposed commercial microwave gear? > > -cjp > >
Re: Ham Radio Networking (was Re: Rogers Canada using 7.0.0.0/8 for internal address space)
Me personally? No, but I have used it. IP over 9600baud serial actually isn't that bad for IRC when you're in the middle of the woods and all. You want slow... read about winlink2000, the email/messaging system for hams and emergency response. It's PSK on HF, meant to be reliable but if you get more than 400bps you are doing GREAT! It's so slow that you can run the software on two laptops using the sound cards, and they'll talk across the room via speakers and mics no problem. It sounds kinda like robots rapping. -Jack Carrozzo On Thu, May 26, 2011 at 11:06 AM, Christopher Pilkington wrote: > On Thu, May 26, 2011 at 11:03 AM, Jack Carrozzo wrote: > > Nope, mostly HF (under 30mhz) gear at 300baud. Yes, you read that right. > > You are running IP on this? And I though 1200 bauds half duplex was slow. >
Re: Ham Radio Networking (was Re: Rogers Canada using 7.0.0.0/8 for internal address space)
On Thu, May 26, 2011 at 4:54 PM, David Conrad wrote: > The decentralized nature of administration of 44/8 made this somewhat > intractable. It'll be interesting to see how this plays out in the future > address markets. > I reckon it'd be about as hard to get back 44/8 as 11/8, but with more neckbeards. Anytime the fcc tries to reclaim frequencies all these guys come out of the wood work with the magic phrase 'emergency communications' and some congressmen get on their side about it. It will be amusing to see, yes. -Jack Carrozzo > On May 26, 2011, at 10:19 AM, Carl Rosevear wrote: > > > Used to run IP over AX.25 using KA9Q JNOS back in the day. HF at 300 > > baud simplex / half-duplex and VHF 144 Mhz at 1200 with similar > > characteristics. I bought some 9600 baud gear at one point but never > > got it all put together before moving on to the regular internet and > > (somewhat unfortunately) not really looking back. I remember > > transferring some uuencoded gifs via smtp... a couple of days later, > > if you were lucky, it would complete. I learned about how protocols > > communicate watching packet traces in KA9Q JNOS when I was about 14 > > years old. It was really easy when there were guaranteed to be > > multiple seconds between packets. I remember being 14 and feeling > > pretty suave when I figured out how to telnet into an SMTP server to > > send mail... of course that is old hat but still good common > > troubleshooting these days! > > > > > > de KB7LIG > > > > --Carl > > > > > > On Thu, May 26, 2011 at 8:13 AM, Jack Carrozzo wrote: > >> Me personally? No, but I have used it. IP over 9600baud serial actually > >> isn't that bad for IRC when you're in the middle of the woods and all. > >> > >> You want slow... read about winlink2000, the email/messaging system for > hams > >> and emergency response. It's PSK on HF, meant to be reliable but if you > get > >> more than 400bps you are doing GREAT! It's so slow that you can run the > >> software on two laptops using the sound cards, and they'll talk across > the > >> room via speakers and mics no problem. It sounds kinda like robots > rapping. > >> > >> -Jack Carrozzo > >> > >> On Thu, May 26, 2011 at 11:06 AM, Christopher Pilkington >wrote: > >> > >>> On Thu, May 26, 2011 at 11:03 AM, Jack Carrozzo > wrote: > >>>> Nope, mostly HF (under 30mhz) gear at 300baud. Yes, you read that > right. > >>> > >>> You are running IP on this? And I though 1200 bauds half duplex was > slow. > >>> > >> > > > > > > > > -- > > Carl Rosevear > > Manager of Operations > > Skytap, Inc. > > direct (206) 588-8899 > > > > > > >
Re: Ham Radio Networking (was Re: Rogers Canada using 7.0.0.0/8 for internal address space)
I still have my TNC here on the shelf... not much use for pushing bits, but still handy to decode SCADA on 900mhz ;-) -Jack Carrozzo On Thu, May 26, 2011 at 9:00 PM, Sachs, Marcus Hans (Marc) < marcus.sa...@verizon.com> wrote: > > Since we are turning the clock backI launched my first AX.25 node in > 1985 when I was living at Ft. Belvoir, VA. It was part of the 144 MHz > "eastlink" network that ran from Maine to Miami. Somewhere on a 5-1/2" > floppy disk I have an ASCII map of that network. > > You really could hear the packets in those days, even at 1200 Baud. I used > to use a pair of 2M rigs plus a couple of TNCs to teach "datacom" as it was > called then. Lots of fun! > > > 73 de KJ4WA > > >
Re: inauguration streams review
Cell networks held up reasonably well for voice, though SMS and MMS delivery times approached an hour during the event. Switch load in almost the entire US was higher than midnight on New Years (which is generally the highest load of the year). Our network has been preparing since June, and I assume likewise for others. -Jack Carrozzo (Engineer at $large cell company whose policy doesn't allow me to specify) On Tue, Jan 20, 2009 at 2:28 PM, Mike Lyon wrote: > Better question is how well the cell systems are holding up in DC today??? > > But, that is slightly OT. > > -Mike > > > On Tue, Jan 20, 2009 at 11:24 AM, Fred Heutte > wrote: > >> Normally I wouldn't do this but given that it's of-the-moment... >> >> fh >> >> - >> >> >> http://www.salon.com/tech/giga_om/online_video/2009/01/20/a_quick_review_of_obamas_inauguration_streams/ >> >> Tuesday, January 20, 2009 08:02 PST >> A Quick Review of Obama's Inauguration Streams >> By Chris Albrecht >> >> You may have heard, but Barack Obama gets to ditch the "-elect" part of his >> title today as he will be sworn in (shortly) as >> our new President. We've already provided an comprehensive list of where to >> watch the inauguration online, but here's >> a quick review of what to expect from some of them, so far. >> >> C-Span's coverage is not very impressive. The video window was small, and >> choppy. Avoid. >> >> CBS is offering 7 HD streams of the event, and they look awesome. >> Definitely the best of the lot — worth watching. >> >> MSNBC, FOX (which is providing Hulu's feed) and ABC News's video is solid, >> nothing too flashy. They all work just fine >> (and I love that MSNBC allows embeds). >> >> Visit msnbc.com for Breaking News, World News, and News about the Economy >> >> I had problems with CNN. It was the only network that asked me to install >> an update to Flash as well as another plug-in. >> I skipped the second plug-in and it worked fine. The video's in widescreen, >> which is nice, and the Facebook >> integration gives you a running commentary. >> >> The Presidential Inauguration Committee's stream is pretty dull, offering >> just imagery and no commentary. >> >> If our internal stats are any indication, this is going to be a huge day >> for live-streaming, and it looks like for the most part, >> every network involved is holding up and the Internet won't crash (of >> course, we still have an hour to go). >> >> >> >
Re: inauguration streams review
I can't comment on revenue-generation, though access as a whole was quite high. We hardly had any voice IAs (Ineffective Attempts, or 'Busy' messages). Since data can be queued, the only thing that would cause data IAs are bad RF conditions - we had a TON of 'cell on wheels' in the area for the event so we had enough carrier space to cover it. In-network data response times were hardly affected, with switch loads well below 50%. In-network SMS were still getting to their destinations in under 5 seconds for the most part I don't have any numbers on MMS or mobile IP data at the moment, though I would have heard if something horrible had happened. I'm told that the out-of-network SMS queue was piling pretty high at one point, to delivery times up to an hour, though they all still got there. We can't control other network's switches obviously. This isn't trying to sound like an advertisement - *I'm* not affected either way if people sign up with us as I'm not in sales, however from my point of view it looks like we had the most solid network... Our guys were planning and setting things up since June. Cheers, -Jack Carrozzo On Wed, Jan 21, 2009 at 1:29 PM, Peter Beckman wrote: > On Tue, 20 Jan 2009, Jack Carrozzo wrote: > >> Cell networks held up reasonably well for voice, though SMS and MMS >> delivery times approached an hour during the event. Switch load in >> almost the entire US was higher than midnight on New Years (which is >> generally the highest load of the year). >> >> Our network has been preparing since June, and I assume likewise for >> others. > > Unfortunately for me Sprint did not seem to prepare or have enough > capacity for Voice, SMS or Data access. No live Twitter blogging! > > While I was able to get a few (maybe 5 between 10am and 2pm) text messages > out while standing near the Washington Monument, calls and data were an > impossibility, and SMS only seemed to have capacity available during lulls > in the Inaugural activity. > > It was disappointing as a customer -- I'm sure that, had the capacity been > there, the revenue from that single event would have made a significant > impact on any of the carrier's revenue, at least for the month. > >> -Jack Carrozzo >> (Engineer at $large cell company whose policy doesn't allow me to specify) > > (Google spills the beans!) I'm curious if you can find out -- did the > record traffic positively affect revenue for that period compared to last > year at the same time, or even last week on the same day? > > And from a more technical standpoint, did your $large cell company put up > temporary towers? I'm curious as to how your company added capacity to > handle the event, as well as how many "Network Busy" messages customers > got, if any. I know I got more of those messages than I did successful > communications. > > Beckman > --- > Peter Beckman Internet Guy > beck...@angryox.com http://www.angryox.com/ > --- >
Re: inauguration streams review
COWs are more or less full sites - so standard N concurrent voice calls per carrier (check out the CDMA standard if you're really interested), times the number of carriers. They can do 850+PCS all carrier if configured that way. If we can grab fiber from a nearby building that's best (hence why this takes so long to plan), however a lot of time we rely on OC3 microwave backhaul. I wasn't involved with the DC guys as I'm in Boston so I don't know specifics of this event. Re: security, I don't know since I wasn't involved though since all the planning started so far back I doubt there was much issue. -Jack Carrozzo On Wed, Jan 21, 2009 at 1:54 PM, Paul Stewart wrote: > Just curious on that note with COW .. did you have much security related > problems setting up stuff nearby? > > -Original Message- > From: Mike Lyon [mailto:mike.l...@gmail.com] > Sent: Wednesday, January 21, 2009 1:52 PM > To: Jack Carrozzo > Cc: nanog@nanog.org > Subject: Re: inauguration streams review > > How many simultaneous connections can each COW handle? What kind of > backhaul > connections do they have? > > -Mike > > > On Wed, Jan 21, 2009 at 10:49 AM, Jack Carrozzo > wrote: > >> I can't comment on revenue-generation, though access as a whole was > quite >> high. >> >> We hardly had any voice IAs (Ineffective Attempts, or 'Busy' >> messages). Since data can be queued, the only thing that would cause >> data IAs are bad RF conditions - we had a TON of 'cell on wheels' in >> the area for the event so we had enough carrier space to cover it. >> >> In-network data response times were hardly affected, with switch loads >> well below 50%. In-network SMS were still getting to their >> destinations in under 5 seconds for the most part I don't have any >> numbers on MMS or mobile IP data at the moment, though I would have >> heard if something horrible had happened. >> >> I'm told that the out-of-network SMS queue was piling pretty high at >> one point, to delivery times up to an hour, though they all still got >> there. We can't control other network's switches obviously. >> >> This isn't trying to sound like an advertisement - *I'm* not affected >> either way if people sign up with us as I'm not in sales, however from >> my point of view it looks like we had the most solid network... Our >> guys were planning and setting things up since June. >> >> Cheers, >> >> -Jack Carrozzo >> >> On Wed, Jan 21, 2009 at 1:29 PM, Peter Beckman >> wrote: >> > On Tue, 20 Jan 2009, Jack Carrozzo wrote: >> > >> >> Cell networks held up reasonably well for voice, though SMS and MMS >> >> delivery times approached an hour during the event. Switch load in >> >> almost the entire US was higher than midnight on New Years (which > is >> >> generally the highest load of the year). >> >> >> >> Our network has been preparing since June, and I assume likewise > for >> >> others. >> > >> > Unfortunately for me Sprint did not seem to prepare or have enough >> > capacity for Voice, SMS or Data access. No live Twitter blogging! >> > >> > While I was able to get a few (maybe 5 between 10am and 2pm) text >> messages >> > out while standing near the Washington Monument, calls and data > were an >> > impossibility, and SMS only seemed to have capacity available > during >> lulls >> > in the Inaugural activity. >> > >> > It was disappointing as a customer -- I'm sure that, had the > capacity >> been >> > there, the revenue from that single event would have made a > significant >> > impact on any of the carrier's revenue, at least for the month. >> > >> >> -Jack Carrozzo >> >> (Engineer at $large cell company whose policy doesn't allow me to >> specify) >> > >> > (Google spills the beans!) I'm curious if you can find out -- did > the >> > record traffic positively affect revenue for that period compared > to >> last >> > year at the same time, or even last week on the same day? >> > >> > And from a more technical standpoint, did your $large cell company > put >> up >> > temporary towers? I'm curious as to how your company added > capacity to >> > handle the event, as well as how many "Network Busy" messages > customers >> > got, if any. I know I got more of those messages than I did > suc
Re: BGP on Mac OS X?
'long as you have your compiler working, Quagga reportedly builds and runs out of the box: http://www.quagga.net/ No clue about OSX, but OpenBGPd works well on generic FreeBSD, you could give it a try: http://www.openbgpd.org/ -Jack Carrozzo On Sun, Jan 25, 2009 at 9:31 PM, wrote: > Does anyone known which open source BGP implementation I can get running on > Mac OS X Leopard with a minimum of fuss? > > This is for experimentation only (not for a production environment) so I am > not too concerned about scaling and performance. > > If any tweaking is needed to get it to compile / run on OS X, a pointer to a > website with instructions would be highly appreciated. > > -- Cayle. >
Re: Usage-Based Billing for DIA
I use netacct - can grab data per cidr block and dumps data into mysql. I wrote scripts from there to graph in rrdtool, bill on total usage, or bill on 95th percentile. http://netacct-mysql.gabrovo.com/ -Jack Carrozzo On Thu, Mar 5, 2009 at 7:41 PM, Jon Lewis wrote: > On Thu, 5 Mar 2009, Rodriguez, Mauricio wrote: > >> Looking at possibilities for an implementation of usage-based billing, it >> seems that the same techniques and tools always come up. I'm looking for >> some feedback from the list on experiences with these tools and techniques >> as well as alternatives that may not be listed here. >> >> +Techniques >> --Flow data (Netflow, SFlow, etc) analysis to determine 95th >> percentile traffic levels >> --SNMP polling of interface counters to determine 95th >> percentile traffic levels > > > I need to look into this in the near future as well. The problems I'm aware > of are: > > 1) we have customers on policed ports, and the interface snmp counters count > packets before service-policy. It doesn't seem right to bill for packets we > dropped :)...so this isn't useful data for billing purposes. > > 2) our customer agg gear (cisco 3550s) don't do netflow. Our bigger > switches the agg gear uplinks to does (6509 sup720-3bxls), but can't handle > export of full netflow, so we run sampled. It's still useful for abuse > tracking, but billing based on it would require some large assumptions and > multipliers...unlikely to be of use. > > The remaining option I'm aware of is to use monitor sessions to send a copy > of our traffic to a system/device which would then either generate "full" > netflow data or just distill the traffic into data xfered per IP/network. > What are people using for this on the several hundred mbit/s to a few > gigabits/s or more range? > > Are there other ways? > > -- > Jon Lewis | I route > Senior Network Engineer | therefore you are > Atlantic Net | > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ > >
