Re: Frontier AS5650 IPv6 Peering

[Jeff Richmond]

I am. Shoot me a message offline on what you need and I can put you in contact 
with our peering coordinator.

Thanks,
-Jeff

> On May 20, 2024, at 5:21 AM, Nick Olsen  wrote:
> 
> Anyone with a clue from 5650 monitoring this list?
> 
> I'm in the process of turning up a new transit circuit from 5650 and my 
> account management team has been less than helpful.
> 
> The normal contacts aren't getting me anywhere.
> 
> Thank you!

Re: Help with Frontier circuits AS5650

[Jeff Richmond]

Dennis, let me see if I can get someone to reach out to you to get this sorted 
out. Can you PM me the circuit IDs and ASN/Prefix info please?

Thanks,
-Jeff

> On Nov 20, 2023, at 9:53 AM, Dennis Burgess  wrote:
> 
> I have two frontier circuits that are not working correctly with BGP, 
> prefixes that are announced are not showing in the global table etc.  Any 
> frontier people can tell me where I can call to find someone that can assist. 
>  End users are currently down ☹been calling numbers for the past hour, no 
> one is picking up.
>  
> 
> Dennis Burgess
> 
> Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, 
> Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, 
> Enterprise Wireless Engineer
> Hurricane Electric: IPv6 Sage Level
> Cambium: ePMP
>  
> Author of "Learn RouterOS- Second Edition”
> Link Technologies, Inc -- Mikrotik & WISP Support Services
> Office: 314-735-0270  Website: http://www.linktechs.net 
> 
> Create your own Tickets via https://hd.linktechs.net 
> 
> Create Wireless Coverage’s with www.towercoverage.com 
> 
> Need MikroTik Cloud Management: https://cloud.linktechs.net 
> 
> Remote Winbox Service: http://rwb.linktechs.net 

Re: Any Frontier AS 5650 folks on here?

[Jeff Richmond]

David, reply to me off list and I will see if I can help you out.

Thanks,
-Jeff

> On Apr 19, 2023, at 9:21 AM, David Hubbard  
> wrote:
> 
> Have spent 90 minutes with tech support trying to get a peering issue a few 
> hundred miles away in front of the right department, and all I have to show 
> for it is broken local equipment lol.
>  
> Thanks,
>  
> David

Re: Strange connectivity issue Frontier EVPL

[Jeff Richmond]

Jay, I previously ran the engineering org over there, so sent this to my old 
team to look at, including the best engineer I know in regard to the RADs. Will 
pass along anything they come back with.

Thanks,
-Jeff

> On Nov 6, 2020, at 8:59 AM, Jay Hennigan  wrote:
> 
> We have a strange issue that defies logic. We have a NNI at our POP with 
> Frontier serving as an aggregation circuit with different customers on 
> different VLANs. It's working well to several customers.
> 
> Bringing up a new customer shows roughly half of the IP addresses unreachable 
> across the link, as if there's some kind of load-balancing or hashing 
> function that's mis-directing half of the traffic. It's consistent, if an 
> address is reachable it's always reachable. If it's not reachable, it's never 
> reachable. Everything ARPs fine.
> 
> The Frontier circuit is layer 2 so shouldn't care about IP addresses. 
> Frontier tech shows no trouble. They changed the RAD device on-premise. We've 
> triple-checked configurations, torn down and rebuilt subinterface, etc. with 
> no joy.
> 
> Any suggestions?
> 
> -- 
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV

Re: Frontier Internet Outage

[Jeff Richmond]

Matt, I will ping you direct, but for the public audience, we had a hardware 
issue this morning that was triggered during a config change on the peering 
routers. Should be resolved here very shortly.

Thanks,
-Jeff

> On May 2, 2016, at 4:47 AM, Matt Hoppes  
> wrote:
> 
> Is anyone else seeing major routing issues across the Frontier IP network 
> this morning?
> 
> I have been unable to get ahold of anyone at Frontier as of yet.

Re: Frontier: Blocking port 22 because of illegal files?

[Jeff Richmond]

All, I have reached out to Aaron privately for details, but we do not block 
port 22 traffic unless it is in direct response to an attack or related item. 
Please let me know directly if you have any specific questions.

Thanks,
-Jeff

 On Mar 26, 2015, at 7:09 AM, Livingood, Jason 
 jason_living...@cable.comcast.com wrote:
 
 ISPs are generally expected to disclose any port blocking. A quick Google 
 search shows this is Frontier’s list:
 http://www.frontierhelp.com/faq.cfm?qstid=277
 
 On 3/25/15, 10:31 PM, Aaron C. de Bruyn 
 aa...@heyaaron.commailto:aa...@heyaaron.com wrote:
 
 I've had a handful of clients contact me over the last week with
 trouble using SCP (usually WinSCP) to manage their website content on
 my servers.  Either they get timeout messages from WinSCP or a message
 saying they should switch to SFTP.
 
 After getting a few helpful users on the phone to run some quick
 tests, we found port 22 was blocked.
 
 When my customers contacted Frontier, they were told that port 22 was
 blocked because it is used to transfer illegal files.
 
 I called them, and got the same ridiculous excuse.
 
 Just a friendly heads-up to anyone from Frontier who might be
 listening, I have a few additional ports you may wish to block:
 
 80 - Allows users to use Google to search for illegal files
 443 - Allows users to use Google to search for illegal files in a secure 
 manner
 69 - Allows users to trivially transfer illegal files
 3389 - Allows users to connect to unlicensed Windows machines
 179 - Allows users to exchange routes to illegal file shares
 53 - Allows people to look up illegal names
 
 -A
 

Re: Anyone from frontiernet.net on here?

[Jeff Richmond]

All it looks like I am seeing packet loss there across all of our peering 
sessions with them, so looks like a problem on their network. I'll ask our NOC 
to open up a ticket with them though just to see if we can find out what the 
issue is.

Thanks,
-Jeff



On Jul 9, 2013, at 7:18 PM, Warren Bailey 
wbai...@satelliteintelligencegroup.com wrote:

 There are some decent sized attacks taking place on gear near London, I 
 believe. Could be a result of that?
 
 
 Sent from my Mobile Device.
 
 
  Original message 
 From: Janet Sullivan jan...@nairial.net
 Date: 07/09/2013 5:01 PM (GMT-08:00)
 To: nanog@nanog.org
 Subject: Anyone from frontiernet.net on here?
 
 
 I've been seeing really bad packet loss between PCCW and frontier, and so far 
 haven't been able to make any traction with anyone on either side.   I'm 
 betting that the ??? is a peering point either in London or Ashburn.
 
 uk.bgp4.net (0.0.0.0)Tue Jul  9 20:39:53 2013
 Keys:  Help   Display mode   Restart statistics   Order of fields   qu
 it   Packets   Pings
 Host  Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 212.111.33.230  0.0%431.7   0.7   0.5   1.8   0.3
 2. 212.111.33.237  0.0%432.3   1.9   1.1  22.7   3.3
 3. 63.218.13.221   0.0%432.3  15.6   1.1 230.3  45.9
 4. ???
 5. 74.40.2.17323.3%43  177.9 150.3 147.8 177.9   7.0
 6. 74.40.2.19320.9%43  149.9 149.9 149.1 161.2   2.1
 7. 74.40.3.24118.6%43  149.6 152.4 149.1 193.2   8.8
 8. 74.40.5.49 28.6%43  148.1 150.8 147.8 192.1   9.9
 9. 74.40.5.54 26.2%43  148.3 150.5 147.9 218.7  12.6
 10. 74.40.5.46 33.3%42  149.5 154.0 149.2 212.8  14.0
 11. 74.40.3.13716.7%42  147.4 148.7 146.9 163.0   4.1
 12. 74.40.1.15429.3%42  148.2 153.6 147.7 206.7  14.2
 13. 50.34.2.16235.7%42  150.2 150.4 149.8 156.3   1.2
 14. 50.46.150.55   26.2%42  150.7 151.0 150.5 152.0   0.4
 

Re: Global caches

[Jeff Richmond]

While I would agree with that, having peering helps but certainly doesn't 
replace a localized CDN. Certainly better than nothing though. It also of 
course depends on the size of your network. If you are paying to carry that 
traffic (leased backhaul, etc.) from your peering point to your customers, you 
are still paying the same amount to deliver that content to your users 
(excluding any transit savings if moving from transit to get that CDN content). 
That is where an on-net CDN really saves you significantly as you can bury it 
deep into your network. I can't speak specifics here but I can tell you that 
the CDNs we have are filled at off-peak, so it really does become a win-win 
from a technical perspective (business case and politics are a completely 
different conversation though). 

-Jeff

On Feb 4, 2013, at 6:50 AM, Simon Lockhart si...@slimey.org wrote:

 On Mon Feb 04, 2013 at 02:03:54PM +, Kyle Camilleri wrote:
 Does anybody know of any other CDN providers that offer similar caches?
 
 Most CDN providers also provide free access to super node caches at major
 datacentres and peering points - depending on where you are located, which
 datacentres you're in, and what your network looks like, you may find that 
 it's
 cheaper for you to interconnect with the CDNs within a datacentre 
 (particularly
 if you can do it via an IX), than the provide space and power for CDN nodes 
 within your own network.
 
 Simon
 

Re: Cheap Juniper Gear for Lab

[Jeff Richmond]

FWIW, when I took my JNCIE, I used all J-series running flow code (disabled) 
for my study pod and never had any issues. I have 9 physical routers plus a 
bunch of VRs on them. I agree there can be issues depending on what you are 
trying to do, but I am not sure why this is such a big deal if this is just a 
lab setup. I wouldn't test something on a J-series and expect to deploy it on 
M/MX/T in production or something, but that wasn't what the OP was asking to 
do. For a home lab I can't think of any reason not to use some J-series boxes. 

-Jeff

On Apr 11, 2012, at 1:29 PM, Leigh Porter wrote:

 
 On 11 Apr 2012, at 18:36, Carl Rosevear crosev...@skytap.com wrote:
 
 Yeah, I have to apply the term awful and annoying to the packet
 mode implementation on SRX/J-series. Anyway, I spent *hours* with JTAC
 on the phone trying to get the thing to just pass packets.  Best part
 was, I didn't know how to do it and nor did they!  I escalated, worked
 with many engineers.  My key statement was I just want my router to
 route.  Make it do what it is supposed to do.  No session tracking!
 This is not a firewall.  So, now it doesn't require valid sessions to
 pass packets but it does still appear to *track* sessions in some
 tables and I am, of course, very curious when some attack vector will
 fill up some table.
 
 
 I have had some rather odd issues with the SRX boxes but JTAC were pretty 
 good at turning around fixes for me for my specific issues.
 
 Since then I have had quite a lot of SRX boxes across the range running 
 various MPLS services including MPLS over GRE with fragmentation/reassembly 
 which has been working very well. Since 11.1R3 I've had no issues at all with 
 them.
 
 So yeah the new flow mode stuff had its issues, but as a *small* MPLS box it 
 is very functional. Of course in MPLS mode, you turn the flow stuff off..
 
 
 --
 Leigh Porter
 
 
 
 __
 This email has been scanned by the Symantec Email Security.cloud service.
 For more information please visit http://www.symanteccloud.com
 __
 

Re: Looking for a Tier 1 ISP Mentor for career advice.

[Jeff Richmond]

All excellent advice, but let me point out something else. I manage a team of 
backbone engineers and still do quite a bit of engineering work myself. When I 
interview, I never get caught up on certs or degrees. Now, do I ignore them? 
No, of course not. They do mean something and I know I worked hard for my 
JNCIE, so they add value. However, what I want to see is someone that is 
energetic and has a drive to learn, but the most important piece of my 
interviews once I am confident they meet my technical needs is the personality 
evaluation. I know my team works crappy hours, gets pulled 100 different 
directions and just really have a tough job sometimes. What I can't have is a 
toxic person added to the mix, no matter how ridiculously smart or qualified 
they might be. So there have been times I have turned away more qualified 
candidates just because I was not comfortable with their attitude or vibe. 
Hiring and firing is extremely difficult to correct if you make the wrong 
choice, and I have learned a thing or two over the years in this regard.

That said, there is something else to consider too. In most large companies, 
the managers don't always have a lot of power when it comes to salaries and in 
some cases, even promotions. So, without specific experience and a salary 
history, you may be artificially held down due to HR policies no matter how 
well you do. I know that has happened a number of times at various places I 
have worked, and it is frustrating both for the candidate and the manager. 
There are many places where it is better to actually leave the company and come 
back to get around the HR constraints regarding salary augments from internal 
promotions. So, just be aware that even though you are working hard and going 
above and beyond, you might not always get initially rewarded for it. However, 
in time it will almost always correct itself, but even so, keeping a positive 
attitude and having a desire to learn will always benefit you in the end one 
way or another. 

Of course, once you get to the point of being in the industry for a long time 
like most of us here, you'll look back and say what the heck was I thinking, I 
should have been an accountant. Heh :)

Best of luck,
-Jeff


On Nov 22, 2011, at 3:52 AM, David Swafford wrote:

 Scott's point is very true!  Motivation will help you go very far,
 much farther than certs/knowledge alone.  As a soon to be
 college-grad, be ready for the initial disappointment, :-), even
 though you'll have your CCNP, you have no real experience, so you'll
 start at the entry level.  That's not a bad thing, but you might see
 it as such.  The reason it is good, is that while at the entry level
 (networking that is, I'm not talking about a helpdesk), you'll get to
 touch and interact with a lot of different things with very little
 total responsibility.
 
 As you impress your peers, this will trickle up towards management,
 and eventually work it's way out into better tasks and larger
 responsibilities (try to not get caught up in the title).  I'm
 speaking from experience here, I'm a senior network engineer for a $2
 B company, yet only 25 years old, currently working on my R/S CCIE
 purely for the learning experience.  It took me nearly 4 years to move
 from an associate to a senior in my company, which is not common in
 that short of a time-frame for my employer, but that's where the
 motivation piece comes in -- expressing true passion, and learning
 things because they are cool/interest you will take you far.
 Learning on paper is what you're taught in college and it only works
 so far, but learning from hand-on, like the lab you've got built, is
 where you attain the knowledge/troubleshooting/experience that will
 help you succeed.
 
 A comment earlier in the thread mentioned should I learn active
 directory/exchange?  I hear this a lot from our fellow associate's on
 the team and to be honest, if you are learning something just to
 add it to your resume, that will be a waste of your time.  But, if you
 are learning it because you find it interesting  or just want to
 explore, then by all means go deep into it.  I personally go by the
 motto go full in or don't go at all.  So if I'm going to learn
 something, I'll get as deep as I can into it, and focus on just it for
 a little while, then I'll move to something else, and focus on just
 that.  If you try to focus on too many separate things, you'll become
 this odd ball of knowledge that can't really hold you own -- a tip in
 the industry that will get you far:  be able to take ownership, and
 fully run/own what you're working on.  Regardless of level/title/role,
 a person who takes initive (within the scope/dynamic of their
 position), will go far.
 
 Best of luck to you,
 David.
 
 
 On Mon, Nov 21, 2011 at 5:32 PM, Scott Weeks sur...@mauigateway.com wrote:
 
 
 --- tyler.ha...@gmail.com wrote:
 From: Tyler Haske tyler.ha...@gmail.com
 
 I'd love to have varied experience with a bunch 

Re: help needed - state of california needs a benchmark

[Jeff Richmond]

Mike, nothing is perfect, so let's just start with that. What the FCC has done 
to measure this is to partner with Sam Knows and then have friendly DSL subs 
for the participating telcos to run modified CPE firmware to test against their 
servers. We have been collecting data for this for the past couple of months, 
actually. More can be found here:

http://www.samknows.com/broadband/fcc_and_samknows

While even that I have issues with, it certainly is better than hitting that 
speedtest site where anything at all problematic on the customer LAN side of 
the CPE can cause erroneous results.

Good luck,
-Jeff


On Jan 29, 2011, at 10:00 AM, Mike wrote:

 Hello,
 
   My company is small clec / broadband provider serving rural communities 
 in northern California, and we are the recipient of a small grant from the 
 state thru our public utilities commission. We went out to 'middle of 
 nowhere' and deployed adsl2+ in fact (chalk one up for the good guys!), and 
 now that we're done, our state puc wants to gather performance data to 
 evaluate the result of our project and ensure we delivered what we said we 
 were going to. Bigger picture, our state is actively attempting to map 
 broadband availability and service levels available and this data will factor 
 into this overall picture, to be used for future grant/loan programs and 
 other support mechanisms, so this really is going to touch every provider who 
 serves end users in the state.
 
   The rub is, that they want to legislate that web based 'speedtest.com' 
 is the ONLY and MOST AUTHORITATIVE metric that trumps all other 
 considerations and that the provider is %100 at fault and responsible for 
 making fraudulent claims if speedtest.com doesn't agree. No discussion is 
 allowed or permitted about sync rates, packet loss, internet congestion, 
 provider route diversity, end user computer performance problems, far end 
 congestion issues, far end server issues or cpu loading, latency/rtt, or the 
 like. They are going to decide that the quality of any provider service, is 
 solely and exclusively resting on the numbers returned from 'speedtest.com' 
 alone, period.
 
   All of you in this audience, I think, probably immediately understand 
 the various problems with such an assertion. Its one of these situations 
 where - to the uninitiated - it SEEMS LIKE this is the right way to do this, 
 and it SEEMS LIKE there's some validity to whats going on - but in practice, 
 we engineering types know it's a far different animal and should not be used 
 for real live benchmarking of any kind where there is a demand for 
 statistical validity.
 
   My feeling is that - if there is a need for the state to do 
 benchmarking, then it outta be using statistically significant methodologies 
 for same along the same lines as any other benchmark or test done by other 
 government agencies and national standards bodies that are reproducible and 
 dependable. The question is, as a hotbutton issue, how do we go about getting 
 'the message' across, how do we go about engineering something that could be 
 considered statistically relevant, and most importantly, how do we get this 
 to be accepted by non-technical legislators and regulators?
 
 Mike-
 

Re: Good MPLS/VPLS book?

[Jeff Richmond]

FYI, the 3rd edition was released early. Was delivered this morning from 
Amazon. It has a whole new chapter on MPLS-TP (Ch. 17).

Hope this helps,
-Jeff

On Dec 26, 2010, at 7:29 AM, Brandon Kim wrote:

 
 Decisions decisions, I do have other MPLS books I have not finished. I 
 suppose I can finish them before
 picking this up and then getting the 3rd edition.might be good timing. 
 Good thing I didn't order the
 2nd edition the other day!
 
 
 
 
 
 
 Subject: Re: Good MPLS/VPLS book?
 From: franc...@menards.ca
 Date: Sat, 25 Dec 2010 20:42:24 -0500
 To: mounir.moha...@gmail.com
 CC: nanog@nanog.org
 
 Looks like a third edition is on the way slated for March 2011
 
 http://www.amazon.com/MPLS-Enabled-Applications-Developments-Technologies-Communications/dp/0470665459/ref=ntt_at_ep_dpt_2
 
 I would expect it to cover MPLS-TP and the struggling evolution of PBB-TE 
 ... anybody has any idea if this is in ?
 
 F.
 
 On 2010-12-24, at 7:47 AM, Mounir Mohamed wrote:
 
 The most comprehensive text is  MPLS Enabled Applications by Ina Minei
 
 http://www.amazon.com/MPLS-Enabled-Applications-Developments-Technologies-Communications/dp/0470986441/ref=sr_1_1?ie=UTF8qid=1293194786sr=8-1
 
 
 On Fri, Dec 24, 2010 at 12:49 AM, Michael Helmeste mhelm...@uvic.ca wrote:
 
 Does anyone have a favorite book or resource discussing MPLS and all
 associated Lego blocks (e.g. LDP, TE, VPLS, martini, mBGP et. al.)?
 
 I understand the basics of what MPLS is and how you create a circuit from
 A to B but I'm afraid it still escapes me when trying to figure out how
 someone would, say, create a multicast capable VPN with 5 edge points.
 
 Any pointers to a good way to reduce my level of ignorance on this subject
 would be appreciated. Vendor literature doesn't bother me as long as the
 concepts are there.
 
 Regards,
  Michael H.
 
 
 
 
 
 -- 
 Best Regards,
 Mounir Mohamed, CCIE#19573 (RS/SP)
 Senior Network Engineer, Core Team.
 NOOR Data Networks, SAE
 Mobile# +2-010-2345-956
 http://mounirmohamed.wordpress.com
 http://www.linkedin.com/in/mounirmohamed
 
 
 

Re: Juniper firewalls - SSG or SRX

[Jeff Richmond]

Count me in as well. I ditched my personal Netscreens and replaced with SRXs 
and we have done so as well at my day job. Other than a few quirky things, they 
are very nice. V6 support is still somewhat limited though, but I am using an 
SRX210H with ADSL2 PIM as my main router at home and it has been absolutely 
solid. Using it for both V4 (flow) and V6 (packet) routing, as well as doing a 
bunch of other things. It replaced my older NS5GT and SSG5. Configuration is so 
much easier now too. I almost forgot the pain of screenos. Ok, maybe not...

-Jeff

On Apr 19, 2010, at 9:39 PM, seph wrote:

 I'm with Owen. I have nothing good to say about ScreenOS. In contrast
 JunOS has been great.
 
 seph
 
 Owen DeLong o...@delong.com writes:
 
 Much.. Go SRX over SSG every time.  For anything that doesn't have an
 SRX analog, consider the J-series.
 
 SRX/J-Series == JunOS == Good.
 SSG Series == ScreenOS == @)#$*#@)$(*!)(@$...@$
 
 Just my $0.02 having dealt extensively with both environments over the
 years.
 
 Owen
 
 On Apr 19, 2010, at 5:32 PM, Jeffrey Negro wrote:
 
 Has anyone on Nanog had any hands on experience with the lower end of the
 new SRX series Junipers?  We're looking to purchase two new firewalls, and
 I'm debating going with SSG series or to make the jump to the SRX line.  Any
 input, especially about the learning curve jumping from ScreenOS to JunOS
 would be greatly appreciated.  Thank you in advance.
 
 Jeffrey
 

Re: Juniper firewalls - SSG or SRX

[Jeff Richmond]

I will admit I have the same issue with a both my BGP sessions over GRE as 
well, which is really annoying, but I only use this for remote hopping over to 
my other lab, not for anything I would ever do in production so I haven't 
bothered opening a case on it yet. Glad to know I am not the only one though. 
However, that said, everything else I am doing has been rock solid, so no 
complaints there.

-Jeff

On Apr 20, 2010, at 5:01 AM, Richard A Steenbergen wrote:

 On Tue, Apr 20, 2010 at 04:18:11AM -0700, Owen DeLong wrote:
 
 Interesting. My SRXes have been rock solid since upgrading to
 10.0R1.8.
 
 Not so much here. My basement SRX210 starts dropping bgp sessions over
 an IPSEC tunnel every 30 secs or so after around 1-1.5 days of uptime,
 and won't stop until you restart rpd (which buys you another day or so
 of functioning bgp). And about 1 out of every 4 times you do restart
 rpd, dhcpd will spin at 100% cpu until you restart that too. Even
 10.1S1.3 doesn't help these issues. It's a nice box in theory, and it
 has lots of potential, but lots and lots of unresolved bugs too. I knew
 things were off to a bad start when I tried to downgrade from the 10.0R1
 that shipped with the box to 9.6 after my first round of issues, and it
 crashed in the middle of the installer, wiping the config in the process
 and requiring a tftp boot of new code to recover. :)
 
 -- 
 Richard A Steenbergen r...@e-gerbil.net   http://www.e-gerbil.net/ras
 GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)