Re: CPE/NID options

[Shawn L via NANOG]

I believe RAD makes a device similar to the Accedian.  There's also the Metro 
Nid line from Accedian, but while they do a lot, they're pretty spendy.
 
Shawn
 

-Original Message-
From: "Tim Burke" 
Sent: Thursday, November 23, 2023 12:38am
To: "Ross Tajvar" 
Cc: "North American Network Operators' Group" 
Subject: Re: CPE/NID options



We are using EX2300-C’s, they do the trick very well. Fanless, flexible 
mounting options, dual 10G feeds, and a nice price point. 

Sent from my iPhone

> On Nov 22, 2023, at 22:44, Ross Tajvar  wrote:
> 
> 
> I'm evaluating CPEs for one of my clients, a regional ISP. Currently, we're 
> terminating the customer's service (L3) on our upstream equipment and 
> extending it over our own fiber to the customer's premise, where it lands in 
> a Juniper EX2200 or EX2300.
> 
> At a previous job, I used Accedian's ANTs on the customer prem side. I like 
> the ANT because it has a small footprint with only 2 ports, it's passively 
> cooled, it's very simple to operate, it's controlled centrally, etc. 
> Unfortunately, when I reached out to Accedian, they insisted that the 
> controller (which is required) started at $30k, which is a non-starter for us.
> 
> I'm not aware of any other products like this. Does anyone have a 
> recommendation for a simple L2* device to deploy to customer premises? Not 
> necessarily the exact same thing, but something similarly-featured would be 
> ideal.
> 
> *I'm not sure if the ANT is exactly "layer 2", but I don't know what else to 
> call it.

Strange IPSEC traffic

[Shawn L via NANOG]

Is anyone else seeing a lot of 'strange' IPSEC traffic?  We started seeing logs 
of IPSEC with invalid spi on Friday.  We're seeing it on pretty much all of our 
PE routers, none of which are setup to do anything VPN related.  Most are just 
routing local customer traffic.
 
decaps: rec'd IPSEC packet has invalid spi for destaddr=X.X.X.X, prot=50, 
spi=0x9D2D(2636972032), srcaddr=211.112.195.167, input 
interface=TenGigabitEthernet0/0/11
 
decaps: rec'd IPSEC packet has invalid spi for destaddr=Y.Y.Y.Y, prot=50, 
spi=0x1469(342425600), srcaddr=74.116.56.244, input 
interface=TenGigabitEthernet0/0/5
 
The destination address is always one of our customer's ip addresses.  The 
source seems to be all over the place, mostly Russia, Korea, China or south 
east asia.  It's not really impacting anything at the moment, just rather 
annoying.
 
Thanks
 
Shawn

RE: .US Harbors Prolific Malicious Link Shortening Service

[Shawn L via NANOG]

I personally own a .us domain name -- while it's a personal domain and doesn't 
do a lot of traffic, it's still a legitimate domain.


-Original Message-
From: "goemon--- via NANOG" 
Sent: Thursday, November 2, 2023 4:30pm
To: "NANOG list" 
Subject: .US Harbors Prolific Malicious Link Shortening Service



https://krebsonsecurity.com/2023/10/us-harbors-prolific-malicious-link-shortening-service/

"The NTIA recently published a proposal that would allow registrars to 
redact all registrant data from WHOIS registration records for .US 
domains. A broad array of industry groups have filed comments opposing the 
proposed changes, saying they threaten to remove the last vestiges of 
accountability for a top-level domain that is already overrun with 
cybercrime activity."

What hope is there when registrars are actively aiding and abeting criminal 
enterprises?

Are there any legitimate services running solely on .us domain names?

-Dan

Re: Spectrum networks IPv6 access issue

[Shawn L via NANOG]

We know the feeling well. Try porting from them…..


> On May 2, 2023, at 4:41 PM, Daniel Marks via NANOG  wrote:
> 
> My issue was just trying to convince Spectrum to look into the problem in 
> the first place, I brought the Atlas probe receipts because it’s such a 
> helpful tool, but wasn’t able to get through to anyone helpful (acct mgr, noc 
> email, even the escalation list) until I started lighting fires filing FCC 
> complaints and using social media (which thankfully worked).
> 
> Not sure how accurate it is (I hope it isn’t), but some of the techs I spoke 
> to said a lot of the internal tooling for troubleshooting is incapable of 
> dealing with IPv6, so they weren’t able to do things like run traceroutes to 
> confirm what I was seeing. My guess is that this issue was caught in a 
> catch-22 where they needed impossible to obtain proof on their end to 
> escalate to a team who can actually deal with the issue.
> 
> Sucks for us folk who went all in on v6 only to find out not even the ISP can 
> help us. 
> 
> -Daniel Marks
> 
>> On May 2, 2023, at 15:36, Jared Mauch  wrote:
>> 
>> 
>> 
 On May 2, 2023, at 2:43 PM, Daniel Marks via NANOG  wrote:
>>> 
>>> This has been “resolved", I finally got through to some awesome engineer at 
>>> Spectrum who has rerouted traffic while they work with their hardware 
>>> vendor (thanks Jake):
>> 
>> 
>> One of the tools that I’ve used in the past is the RIPE Atlas service to 
>> measure these things.  It’s helped me isolate IP space reachability issues 
>> for new announcements, because you can get enough of a random sample of 
>> hosts to isolate things, and enough data about that endpoint to launch 
>> follow-up measurements.
>> 
>> - Jared

RE: Can I do this in EVPN? (Multihome to more different CEs)

[Shawn L via NANOG]

You should be able to setup a VPLS between 3 (or more) devices.  Something like 
this --
 
Example: VFI on a PE Device
The following example shows a virtual forwarding instance (VFI) configuration:
Device(config)# l2 vfi vfi110 manual
Device(config-vfi)# vpn id 110
Device(config-vfi)# neighbor 172.16.10.2 4 encapsulation mpls
Device(config-vfi)# neighbor 10.16.33.33 encapsulation mpls
Device(config-vfi)# neighbor 198.51.100.44 encapsulation mpls
Device(config-vfi)# bridge-domain 100
Device(config-vfi)# end
 
The following example shows a VFI configuration for a hub-and-spoke 
configuration:
Device(config)# l2 vfi VPLSA manual
Device(config-vfi)# vpn id 110
Device(config-vfi)# neighbor 10.9.9.9 encapsulation mpls
Device(config-vfi)# neighbor 192.0.2.12 encapsulation mpls
Device(config-vfi)# neighbor 203.0.113.4 encapsulation mpls no-split-horizon
Device(config-vfi)# bridge-domain 100
Device(config-vfi)# end
 
-Original Message-
From: "Simon Lockhart" 
Sent: Thursday, February 9, 2023 2:47am
To: nanog@nanog.org
Subject: Can I do this in EVPN? (Multihome to more different CEs)



All,

I have a bit of a networking design challenge, and I thing EVPN is the right
answer, but despite spending the last week reading loads of resources about
it, I can't quite get my head around one aspect.

I'm trying to genericise the design a bit here, but what I've got is...

I have multiple layer two broadcast domains that I need to link together 
over a layer 3 network. The broadcast domains consist of multiple switches
carrying multiple vlans spanning multiple locations (think of it like a 
customer campus network).

I need to interconnect with each broadcast domain in two different locations.
(so two PEs to two CEs), and link it back to a datacentre in another city.

In the simple case, using EVPN, I see that I can run active-standby 
multihoming, configuring one ESI for the customer campus network. If one of my
PEs fails, or one of the customer CEs fails, then EVPN will fail over to the
other link.

However, the failure scenario I need to deal with is if a layer two link fails
between two locations within the customer campus, the two halves of the now
split broadcast domain still need to be able to communicate with the 
datacentre (but do not need to be able to communicate with each other).

Every example I can see for EVPN shows multihoming to a single CE, and I 
can't find anywhere an example which deals with a "split" ES.

Is there a solution to this problem?

Many thanks in advance,

Simon

Re: Spectrum (legacy TWC) Infrastructure - Contact Off List

[Shawn L via NANOG]

All i can say is good luck.  We see the 'trash-bag mod' on a lot of AT&T aerial 
boots and PEDs, as well as Charter/Spectrum/TWC gear.  A lot of times, they 
don't even get that.  Unless you know how to get in contact with a local tech, 
they will most likely not respond until the customer complains about their 
service being out.  In which case, the same tech that ran the 'low-level' drop 
between PEDs will likely come back and do it again.
 


-Original Message-
From: "Andy Brezinsky" 
Sent: Tuesday, January 31, 2023 5:27pm
To: nanog@nanog.org
Subject: Re: Spectrum (legacy TWC) Infrastructure - Contact Off List



Access to the right-of-way in most areas is granted through a CATV Franchise 
agreement with your municipality.  This agreement will include a contact for 
disputes.  As another avenue, contact the local government and ask them to deal 
with the safety issue in the public right of way and let them escalate with 
their contacts.
 
On 1/31/23 15:33, Gabriel Kuri via NANOG wrote:

Could someone from Spectrum who deals with the HFC infrastructure in Southern 
California, specifically the legacy Time Warner Cable area, contact me off list 
?
Apparently the local infrastructure crew thinks it's OK to leave cable running 
between two cans in a residential neighborhood since at least July 2022. But 
it's OK, because they've cautioned them off with orange cones, right ?
Multiple calls to regular customer service fall on deaf ears about a coax trunk 
cable run above ground on a street and sidewalk in the middle of a residential 
neighborhood.
Customer service says, "We don't know what you're talking about, we don't have 
cables running on the street". Can't seem to get a hold of the right people to 
come out and get it buried and get rid of the eyesore and safety hazard ...


Thanks,
Gabe

Re: Random shower thought: GBIC with LC connector...

[Shawn L via NANOG]

Those are Twin Gig Converter Modules.  They went in the 3560 series (and 
probably others).  You could either insert a 10 gig module, or the converter 
module and get 2 1-gig sfp slots.
 

-Original Message-
From: "Matt Erculiani" 
Sent: Tuesday, November 15, 2022 11:26am
To: "Mel Beckman" 
Cc: "North American Network Operators' Group" 
Subject: Re: Random shower thought: GBIC with LC connector...



I feel like I've seen GBIC sleeves that accept SFP modules very similar to 
QSFP+ CVRs, but I can't seem to find any evidence of these ever existing, so 
perhaps I'm misremembering. 
-Matt


On Tue, Nov 15, 2022 at 9:23 AM Mel Beckman <[ m...@beckman.org ]( 
mailto:m...@beckman.org )> wrote:Oh. And it’s not “OCD”. It’s “CDO”, with 
letters in ascending sequence. :)

 -mel via cell

 > On Nov 15, 2022, at 8:18 AM, Mel Beckman <[ m...@beckman.org ]( 
 > mailto:m...@beckman.org )> wrote:
 > 
 > No. GBIC stands for Great Big Inserted Cartridge. LC stands for Little 
 > Connector. Thus they are not compatible. 
 > 
 > -mel via cell
 > 
 >> On Nov 15, 2022, at 7:59 AM, Warren Kumari <[ war...@kumari.net ]( 
 >> mailto:war...@kumari.net )> wrote:
 >> 
 >> 
 >> Hi there all,
 >> 
 >> While looking through my big box of random optics I suddenly realized that 
 >> I'd never seen a GBIC with an LC connector, and I started wondering if 
 >> anyone else had / if such a thing actually exists.
 >> 
 >> Yes, I realize that this would be a fairly niche device - if you arrived 
 >> somewhere with a device that took GBICs and there was existing fiber with 
 >> LC connectors you could just replace the patch cable or use an LC-SC 
 >> convertor, but that doesn't really satisfy my curiosity.
 >> 
 >> A quick look through the GBIC MSA / SFF documentation implies that such a 
 >> thing *could* probably exist (there is a defined value for the 'LC' 
 >> connector), but I wasn't able to actually find any. It might not actually 
 >> be compliant with the specs (the document I found only lists SC fiber or 
 >> copper (coax with BNC, TNC or DB-9?!)), but that doesn't mean that no-one 
 >> made them.
 >> 
 >> So, has anyone seen a regular (30mm/1.2") GBIC with LC connectors? And, if 
 >> so, "pics or it didn't happen"... :-)
 >> 
 >> Obviously I don't have an actual use for this, it's just to satisfy my 
 >> (OCD) curiosity...
 >> W
 >> 
 >> 
-- 


Matt Erculiani
ERCUL-ARIN

RE: cogent - Sales practices

[Shawn L via NANOG]

I think they call me around once a week right now.  Even after I've told them 
we're not interested.  Every once in a while they switch the numbers they're 
calling from, just to keep things interesting.
 
Shawn


-Original Message-
From: "Dennis Burgess" 
Sent: Friday, August 5, 2022 4:20pm
To: "NANOG" 
Subject: cogent - Sales practices




So we just got an email from cogent, we have told them time and time again to 
stop calling and stop emailing.  We tell them are good on bandwidth and we 
don’t need any of their services.. They then sent us a e-mail stating that they 
saw us coming though one of their customers networks from us, and figured we 
would want to buy direct instead of going though one of their customers. Yes 
COGENT stated this; well at least one of their sales reps.  Sounds underhanded, 
shady, and unethical to me.Just figured I would post about it; see if I am 
making a mountain out of a mole hill 😊
 
Here is the e-mail:
 
"Hey (redacted) ,
Maybe there is a misunderstanding. (ISP’s name removed) is a cogent customer 
who we provide upstream to.
My initial inquiry was to see if it makes sense for Link Technologies to be 
utilizing our network instead of through (ISP’s name removed). That way we 
could be a direct network for you.
Would that be at all something that interests you?
 
Eric Gogerty | Global Account Manager | AS 174
Cogent Communications | Minneapolis, MN (United States Of America)| 
www.cogentco.com
Contact: 612-217-5506| email: egoge...@cogentco.com
The Internet, Unleashed!"
 
 
 
 

Dennis Burgess

 Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, 
Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, 
Enterprise Wireless Engineer
Hurricane Electric: IPv6 Sage Level
Cambium: ePMP 
 
Author of "Learn RouterOS- Second Edition” 
Link Technologies, Inc -- Mikrotik & WISP Support Services 
Office: 314-735-0270  Website: [ http://www.linktechs.net ]( 
http://www.linktechs.net/ )
Create Wireless Coverage’s with [ www.towercoverage.com ]( 
www.towercoverage.com )
Need MikroTik Cloud Management: [ https://cloud.linktechs.net ]( 
https://cloud.linktechs.net ) 
How did we do today?
[  ]( 
https://app.customerthermometer.com/?template=log_feedback&hash=5badbac1&embed_data=dGVtcGVyYXR1cmVfaWQ9MSZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ==&e=Anonymous&f=Dennis&l=Burgess&c=&c1=&c2=&c3=&c4=&c5=&c6=&c7=&c8=&c9=&c10=
 )[  ]( 
https://app.customerthermometer.com/?template=log_feedback&hash=675abe04&embed_data=dGVtcGVyYXR1cmVfaWQ9MiZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ==&e=Anonymous&f=Dennis&l=Burgess&c=&c1=&c2=&c3=&c4=&c5=&c6=&c7=&c8=&c9=&c10=
 )[  ]( 
https://app.customerthermometer.com/?template=log_feedback&hash=e42b48a5&embed_data=dGVtcGVyYXR1cmVfaWQ9MyZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ==&e=Anonymous&f=Dennis&l=Burgess&c=&c1=&c2=&c3=&c4=&c5=&c6=&c7=&c8=&c9=&c10=
 )[  ]( 
https://app.customerthermometer.com/?template=log_feedback&hash=ecaadcd3&embed_data=dGVtcGVyYXR1cmVfaWQ9NCZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ==&e=Anonymous&f=Dennis&l=Burgess&c=&c1=&c2=&c3=&c4=&c5=&c6=&c7=&c8=&c9=&c10=
 )
 

RE: Serious Juniper Hardware EoL Announcements

[Shawn L via NANOG]

With the current shortages and lead times, I almost feel like I did back in the 
beginning of my career --- 
 
Then it was "what can we do with what we can afford" now it's more like  "What 
can we do with what we have (or can actually get)"?
 
Shawn

-Original Message-
From: "Adam Thompson" 
Sent: Tuesday, June 14, 2022 12:36pm
To: "Mark Tinka" , "nanog@nanog.org" 
Subject: RE: Serious Juniper Hardware EoL Announcements



[Not specific to the Juniper EoLs...]

I sort of agree with Mark:

I've been sampling a fairly wide variety of sources in various parts of the 
global supply chain, and my synthesis of what they're saying is that we 
probably won't *consistently* have the ready availability of "stuff" (both 
electronic and not) we had pre-pandemic, for the rest of my career (10-15yrs), 
and maybe not in the lifetimes of anyone reading this today, either.

Whether those sources are accurate, their interpretation is accurate, my 
synthesis is accurate, whether I'm listening to the right people in the first 
place... all debatable. I sure hope the above conclusion is wrong.

One possible upside: it might slow down the incessant upgrade hamster-wheel 
we're all running on? Imagine having enough time to do your job thoroughly and 
properly... Yes, I know I'm dreaming :-).


Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
https://www.merlin.mb.ca
Chat with me on Teams: athomp...@merlin.mb.ca

> -Original Message-
> From: NANOG  On Behalf
> Of Mark Tinka
> Sent: Tuesday, June 14, 2022 11:19 AM
> To: nanog@nanog.org
> Subject: Re: Serious Juniper Hardware EoL Announcements
> 
> 
> 
> On 6/14/22 18:06, JASON BOTHE via NANOG wrote:
> 
> > Saw this coming a mile away. With chips and technology progressing
> despite ability to manufacture, I’m certain many are going to do this.
> 
> All this will do is keep these boxes off the open market, which will
> simply bump up open market prices, with no incentive for the majority
> of
> folk to buy directly from the OEM.
> 
> I suspect supply chain will improve within the next 12 months, but
> then
> regress and hit a massive crunch from around Q4'23 onward. How long
> for,
> I can't say...
> 
> Mark.

Re: Copper Termination Blocks

[Shawn L via NANOG]

I'd still go with telect-style blocks.  Wire-wrap on the front and amphenol on 
the back/bottom depending you application.  Way less space than 66 or 110.  

-Original Message-
From: "Dave Phelps" 
Sent: Thursday, April 14, 2022 4:27pm
To: "Mike Hammett" 
Cc: "NANOG" 
Subject: Re: Copper Termination Blocks




Hi Mike. I used Krone blocks back in the mid 90s. I really liked them.
I'm afraid now your long-term options now are probably straight old 66 or 110 
blocks. 66 blocks give some added flexibility. 110s are more efficient as far 
as space consumed compared to 66 blocks. Krone and 110s have a very similar 
profile. 
Depending on how much copper you're terminating, you may want to plan the frame 
layout for cross-connect field space before building the frame. You don't want 
to end up with too much cross-connect wire volume in too small an area. That 
can get troublesome. 
Happy to discuss specifics. Just ping me off-list.


On Thu, Apr 14, 2022 at 3:13 PM Mike Hammett <[ na...@ics-il.net ]( 
mailto:na...@ics-il.net )> wrote:I know I'm discussing what some consider 
ancient technology. I counter that it meets or exceeds the needs of many, many 
people.

 Currently, we use 100-pr Telect-style termination blocks. They don't offer 
much in terms of ease of use for testing and don't organize well on a 19" or 
23" rack.

 I was recommended to look at Krone blocks. They look just great. Easy to break 
into for testing with their "look both ways" plug as well as their 
preterminated blocks looked much easier to rack-mount.

 Well, Krone was bought by ADC. ADC was bought by Tyco Electronics. TE was 
bought by Commscope. Commscope discontinued everything I found interesting with 
no replacements.


 Some of the stuff is on eBay (even NIB), some not.

 Any recommendations for places to get old telco blocks, testers, mounts, etc.?

 Any recommendations for alternatives that are easier to source?




 -
 Mike Hammett
 Intelligent Computing Solutions
[ http://www.ics-il.com ]( http://www.ics-il.com )

 Midwest-IX
[ http://www.midwest-ix.com ]( http://www.midwest-ix.com )

Re: Any engineers from HE on the list?

[Shawn L via NANOG]

Thanks for all who've responded.  I was able to reach a very helpful engineer @ 
HE.
 
Shawn


-Original Message-
From: "Owen DeLong" 
Sent: Tuesday, March 22, 2022 2:15pm
To: "Shawn L" 
Subject: Re: Any engineers from HE on the list?


FWIW, [ supp...@he.net ]( mailto:supp...@he.net ) is usually fairly responsive.
Owen


On Mar 22, 2022, at 05:54, Shawn L via NANOG <[ nanog@nanog.org ]( 
mailto:nanog@nanog.org )> wrote:

Wondering if there are any engineers from HE (Hurricane Electric) on the list 
that could help with a strange traffic issue through your network
 
If so, please contact me off-list
 
Thanks
Shawn

Any engineers from HE on the list?

[Shawn L via NANOG]

Wondering if there are any engineers from HE (Hurricane Electric) on the list 
that could help with a strange traffic issue through your network
 
If so, please contact me off-list
 
Thanks

Shawn

Re: VPN recommendations?

[Shawn L via NANOG]

Meraki MX series?
 
I don't like the way they do their licensing (your license runs out, the box is 
a paper-weight) but they do really well at establishing site-to-site VPNs in 
some pretty challenging scenarios.  Dynamic IPs and NATs don't really cause 
them a problem.  Some CGNats do (AT&T I'm looking at you).
 
 
Shawn
 
-Original Message-
From: "Keith Stokes" 
Sent: Thursday, February 10, 2022 1:11pm
To: "William Herrin" 
Cc: "nanog@nanog.org" 
Subject: Re: VPN recommendations?


Pfsense on Netgate appliances?
I’ve used several of them, while not for this exact purpose they have done the 
roles but maybe not the amount of VPN traffic. 


--
Keith Stokes
SalonBiz, Inc

 On Feb 10, 2022, at 12:02 PM, William Herrin <[ b...@herrin.us ]( 
mailto:b...@herrin.us )> wrote:




Hi folks,
Do you have any recommendations for VPN appliances? Specifically: I need to 
build a site to site VPNs at speeds between 100mpbs and 1 gbit where all but 
one of the sites are behind an IPv4 NAT gateway with dynamic public IP 
addresses.
Normally I'd throw OpenVPN on a couple of Linux boxes and be happy but my 
customer insists on a network appliance. Site to site VPNs using IPSec and 
static IP addresses on the plaintext side are a dime a dozen but traversing NAT 
and dynamic IP addresses (and automatically re-establishing when the service 
goes out and comes back up with different addresses) is a hard requirement.
Thanks in advance,
Bill Herrin
 -- 







William Herrin
[ b...@herrin.us ]( mailto:b...@herrin.us )[ 
 ]( https://bill.herrin.us/ )
[ https://bill.herrin.us/ ]( https://bill.herrin.us/ )

Re: home router battery backup

[Shawn L via NANOG]

Yes.  In our scenario the ONT is basically an ethernet bridge and provides a 
SIP end-point for calls.  There are models that have the router built-into them 
as well, but we've chosen not to use them at this point.
 
The battery we install is designed to run the voice portion for ~ 8 hours 
(customers are offered a longer run-time battery for an additional fee).  
There's some sensor wires from the ONT to the UPS so that we know when power is 
out, the battery is low or needs to be replaced, etc.  It also tells the ONT to 
turn off ethernet services when the power is out to preserve battery for the 
phone portion.  Though that behavior can be changed in software.
 
 
 
-Original Message-
From: "Michael Thomas" 
Sent: Wednesday, January 12, 2022 2:48pm
To: nanog@nanog.org
Subject: Re: home router battery backup



 
On 1/12/22 10:54 AM, Shawn L via NANOG wrote:
In $dayjob I work for a telco that deploys fiber to the home.  If we are 
providing voice services over fiber a battery backup is installed (we maintain) 
that powers the customer's phone in the event of a power outage.  It does not 
power their router, etc.  99% of the customers do not install a UPS for their 
router, etc.  We try to explain that to customers, but we still get calls that 
they can't get on the Internet when their power is out.
So your voice is part of the modem which isn't a router? I assume it uses IP 
for voice. 

Mike

RE: home router battery backup

[Shawn L via NANOG]

In $dayjob I work for a telco that deploys fiber to the home.  If we are 
providing voice services over fiber a battery backup is installed (we maintain) 
that powers the customer's phone in the event of a power outage.  It does not 
power their router, etc.  99% of the customers do not install a UPS for their 
router, etc.  We try to explain that to customers, but we still get calls that 
they can't get on the Internet when their power is out.
 

-Original Message-
From: "Scott T Anderson via NANOG" 
Sent: Wednesday, January 12, 2022 12:35pm
To: "nanog@nanog.org" 
Subject: home router battery backup




Hi NANOG mailing list,
 
I am a graduate student, currently conducting research on how power outages 
affect home Internet users. I know that the FCC has a regulation since 2015 (47 
CFR Section 9.20) requiring ISPs to provide an option to voice customers to 
purchase a battery backup for emergency voice services during power outages. As 
this is only an option and only applies to customers who subscribe to voice 
services, I was wondering if anyone had any insights on the prevalence of 
battery backup for home modem/routers? I.e., what percentage of home users 
actually install a battery backup in their home modem/router or use an external 
UPS?
 
Thanks.
Scott
 
Reference for 47 CFR Section 9.20: [  
https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-9/subpart-H/section-9.20
 ]( 
https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-9/subpart-H/section-9.20
 )
 

RE: Anyone else getting the 'spam' bomb threat?

[Shawn L via NANOG]

we received it as well

-Original Message-
From: "Matt Hoppes" 
Sent: Tuesday, October 19, 2021 8:21am
To: "North American Network Operators' Group" 
Subject: Anyone else getting the 'spam' bomb threat?



I've now heard from several operators - our selves included - about 
getting an e-mail bomb threat to our datacenters asking for $5,000 USD 
or the "bomb will be detonated".

Is this being seen on a wide spread e-mail blast to the RIR contacts, or 
am I just unlucky to know like 6 other data center folks who have also 
gotten this e-mail?

 It seems like a very odd/bizarre spam/threat campaign which would 
carry significant jail time.

Re: Rack rails on network equipment

[Shawn L via NANOG]

Why about thinks like the Cisco 4500 switch series that are almost as long as a 
1u server.  But yet only has mounts for a relay type rack. 

As far as boot times, try a Asr920.  Wait 15 minutes and decide if it’s time to 
power cycle again or wait 5 more minutes 

Sent from my iPhone

> On Sep 25, 2021, at 5:22 PM, Michael Thomas  wrote:
> 
> 
>> On 9/25/21 2:08 PM, Jay Hennigan wrote:
>>> On 9/25/21 13:55, Baldur Norddahl wrote:
>>> 
>>> My personal itch is how new equipment seems to have even worse boot time 
>>> than previous generations. I am currently installing juniper acx710 and 
>>> while they are nice, they also make me wait 15 minutes to boot. This is a 
>>> tremendous waste of time during installation. I can not leave the site 
>>> without verification and typically I also have some tasks to do after boot.
>>> 
>>> Besides if you have a crash or power interruption, the customers are not 
>>> happy to wait additionally 15 minutes to get online again.
>> 
>> Switches in particular have a lot of ASICs that need to be loaded on boot. 
>> This takes time and they're really not optimized for speed on a process that 
>> occurs once.
> 
> It doesn't seem like it would take too many reboots to really mess with your 
> reliability numbers for uptime. And what on earth are the developers doing 
> with that kind of debug cycle time?
> 
> Mike
> 

Re: Fiber Network Equipment Commercial Norms

[Shawn L via NANOG]

This one is always a bit tricky. 
 
For example, if you have an apartment building with say 8 apartments, the 
provider can install a larger MDU in a centralized location and potentially 
utilized existing internal cabling in the building to get to each apartment 
that would like service.  It's a fairly quick and easy install.  Though someone 
(building owner usually) has to provide the power for the MDU.
 
In the same building, if you cannot install a large MDU somewhere, the provider 
needs to figure out how to get a fiber to each apartment that wants service.  
In most cases it's a pain.  In others, it's not possible or prohibitively 
expensive.  The customer doesn't want to pay that much for installation, 
because they only rent an apartment and could move out at any time.  The 
building owner doesn't want to pay it either.
 
In most cases, the owner is willing to provide a little power to be able to say 
"apartments in my building all have fiber Internet".  And potentially charge a 
little more in the rent.
 
Shawn


-Original Message-
From: "Grant Taylor via NANOG" 
Sent: Wednesday, September 22, 2021 1:01pm
To: nanog@nanog.org
Subject: Re: Fiber Network Equipment Commercial Norms



On 9/22/21 10:45 AM, Lady Benjamin Cannon of Glencoe, ASCE wrote:
> Half-penny pinching “mah powah” landlords are especially annoying in a 
> cosmic sense

I know someone who had a bit of a different experience.

Someone, purportedly the telco but I'm not sure who, had telco equipment 
in a building and the batteries hadn't been serviced in the better part 
of a decade and there was a strong smell of battery acid in the room.

I heard that building management put a hard line of something like 36 
hours for the equipment owner to address the problem, or at least 
respond with an acceptable time line, lest the building electrician 
would remove the batteries as a health and safety concern.

The equipment owner materialized and removed the batteries within 72 
hours. The bulk of the equipment was removed the following month.



-- 
Grant. . . .
unix || die

Anyone from an ISP that is part of ACAM / ACAM II ?

[Shawn L via NANOG]

Is there anyone on the list that's from an ISP that's participating in the ACAM 
or ACAM II programs?  If so, I'd like to ask a couple of questions (off-list) 
specifically about the speed testing requirements.
 

Thanks
 
Shawn
 

RE: Email and Web Hosting

[Shawn L via NANOG]

There's also Rackspace.  They have e-mail and web hosting, etc.


-Original Message-
From: "Ryan Finnesey via NANOG" 
Sent: Thursday, July 8, 2021 10:56pm
To: "Steve Saner" , "nanog@nanog.org" 
Subject: RE: Email and Web Hosting




If the client base wants to stick with basic IMAP/POP3 email Tucows/OpenSRS has 
a good platform.  Also a few years ago my company migrated business email 
accounts and domains from an ISP and moved them to Office 365 and did a revenue 
share with the ISP.  They where happy still got a bit of revenue  but did not 
have to support it.
 
Ryan
 
 

From: NANOG  On Behalf Of 
Steve Saner
Sent: Tuesday, July 6, 2021 10:42 AM
To: nanog@nanog.org
Subject: Email and Web Hosting
 
I hope this isn't too far off topic for this list.

 
We acquired a small ISP a couple years ago that has its roots in the "local 
ISPs" of the 90s. This ISP is still hosting email and web services for 
customers both on company domains as well as customer domains. There is some 
decent revenue coming from these services, but cost of maintenance is becoming 
a challenge. We are looking at migrating to another platform or completely 
discontinuing those services.

 
I'm wondering if others here have gone through that process and have any advice 
as to how to go about it. 

 
--
Steve Saner | Senior Network Engineer
ideatek INTERNET FREEDOM FOR ALL
Cell: 620-860-9433 | 111 Old Mill Lane, Buhler, KS 67522 | [ ideatek.com ]( 
http://www.ideatek.com/ )
This email transmission and any documents, files or previous email messages 
attached to it may contain confidential information. If the reader of this 
message is not the intended recipient or the employee or agent responsible for 
delivering the message to the intended recipient, you are hereby notified that 
any dissemination, distribution or copying of this communication is strictly 
prohibited. If you are not or believe you may not be the intended recipient, 
please advise the sender immediately by return email or by calling 
620.543.5026. Then, please take all steps necessary to permanently delete the 
email and all attachments from your computer system. No trees were affected by 
this transmission – though a few billion photons were mildly inconvenienced.

RE: New minimum speed for US broadband connections

[Shawn L via NANOG]

2.4 gbps down, 1.2 up.  So yes, you could 

-Original Message-
From: aar...@gvtc.com
Sent: Tuesday, June 1, 2021 12:18pm
To: "'Mark Tinka'" , nanog@nanog.org
Subject: RE: New minimum speed for US broadband connections



Yeah I thought gpon was 2.4 ghz down and 1.2 ghz up... so you could only 
honestly sell (1) 1 gbps symm service via that gpon interface correct? (without 
oversubscription)

I think ng-pon(2), xgs-pon and other variants allow for much more.

-Aaron

Re: New minimum speed for US broadband connections

[Shawn L via NANOG]

From the ISP side, I can tell you that when a customer signs up for service and 
you offer them a couple of choices of wireless routers, they almost always pick 
the cheapest one. 
 
If you give them a reasonable / good router when you hook-up their service, 
some will still put their old 15-year old netgear back in place after the 
install crew leaves because they 'like it better' or they think it's faster.
 


-Original Message-
From: "Mark Tinka" 
Sent: Tuesday, June 1, 2021 12:45am
To: nanog@nanog.org
Subject: Re: New minimum speed for US broadband connections




On 6/1/21 02:19, Eric Kuhnke wrote:

>
> d) may be using badly configured wifi things that stomp on each other, 
> sometimes provided by the ISP

Many times provided by the ISP.

Between turning up new customers everyday, and fixing problems with 
pre-existing ones, ISP's tend to do the absolute minimum with the 
AP's/routers they supply.

Mark.

RE: MPLS/MEF Switches and NIDs

[Shawn L via NANOG]

The Accedian boxes are nice, as long as you remember they're not switches or 
routers.  We've used them for specific use cases, but have to remember that 
there's things you just can't do on them.  Though things may have changed on 
them since we used them.
 
 
 
-Original Message-
From: aar...@gvtc.com
Sent: Friday, May 28, 2021 1:31pm
To: "'Colton Conor'" , "'NANOG'" 
Subject: RE: MPLS/MEF Switches and NIDs




Wow, ciena has the means to implement SR and MPLS services?  I mean they run 
the underlying LS IGP to signal those SID’s ??  I didn’t know that.  I may look 
at them in the future then.  I thought Ciena just did some sort of static 
mpls-tp or something…
 
We use Accedian as NID’s with SkyLight director for PAA (SLA stuff)…and uplink 
those into our network at (yester-year, Cisco ME3600’s and ASR9000’s), but now, 
ACX5048 and MX204
 
-Aaron


 

Re: Perhaps it's time to think about enhancements to the NANOG list...?

[Shawn L via NANOG]

Agreed.  Don't fix what isn't broken.


-Original Message-
From: "Mark Tinka" 
Sent: Saturday, March 20, 2021 4:33pm
To: "Randy Bush" , "Rod Beck" 
Cc: "North American Network Operators' Group" 
Subject: Re: Perhaps it's time to think about enhancements to the NANOG list...?




On 3/20/21 20:06, Randy Bush wrote:

> i do not find the volume or diversity on the nanog list problematic.
> in fact, i suspect its diversity and openness are major factors in
> it being the de facto global anything-ops list. perhaps we do not
> need to fix that.

Simple. As. That.

Mark.

Re: Famous operational issues

[Shawn L via NANOG]

That brings back memoriesI had a similar experience.  First month on the 
job, large Sun raid array storing ~ 5k of mailboxes dies in the middle of the 
afternoon.  So, I start troubleshooting and determine it's most likely a bad 
disk.  The CEO walked into the server room right about the time I had 20 disks 
laid out on a table.  He had a fit and called the desktop support guy to come 
and 'show me how to fix a pc'.
 
Never mind the fact that we had a 90% ready to go replacement box sitting at 
another site, and just needed to either go get it, or bring the disks to 
it. So we sat there until the desktop who was 30 minutes away guy got 
there.  He took one look at it and said 'never touched that thing before, looks 
like he knows what he's doing' and pointed to me.  4 hours later we were 
driving the new server to the data center strapped down in the back of a 
pickup.  Fun times.
 
 
-Original Message-
From: "Justin Streiner" 
Sent: Tuesday, February 23, 2021 5:11pm
To: "John Kristoff" 
Cc: "NANOG" 
Subject: Re: Famous operational issues



Beyond the widespread outages, I have so many personal war stories that it's 
hard to pick a favorite.
My first job out of college in the mid-late 90s was at an ISP in Pittsburgh 
that I joined pretty early in its existence, and everyone did a bit of 
everything. I was hired to do sysadmin stuff, networking, pretty much whatever 
was needed. About a year after I started, we brought up a new mail system with 
an external RAID enclosure for the mail store itself.  One day, we saw 
indications that one of the disks in the RAID enclosure was starting to fail, 
so I scheduled a maintenance window to replace the disk and let the controller 
rebuild the data and integrate it back into the RAID set.  No big worries, 
right?
It's Tuesday at about 2 AM.
Well, the kernel on the RAID controller itself decided that when I pulled the 
failing drive would be a fine time to panic, and more or less turn itself into 
a bit-blender, and take all the mailstore down with it.  After a few hours of 
watching fsck make no progress on anything, in terms of trying to un-fsck the 
mailstore, we made the decision in consultation with the CEO to pull the plug 
on trying to bring the old RAID enclosure back to life, and focus on finding 
suitable replacement hardware and rebuild from scratch.  We also discovered 
that the most recent backups of the mailstore were over a month old :(
I think our CEO ended up driving several hours to procure a suitable enclosure. 
 By the time we got the enclosure installed, filesystems built, and got 
whatever tape backups we had restored, and tested the integrity of the system, 
it was now Thursday around 8 AM. Coincidentally, that was the same day the 
company hosted a big VIP gathering (the mayor was there, along with lots of 
investors and other bigwigs), so I had to come back and put on a suit to hobnob 
with the VIPs after getting a total of 6 hours of sleep in about the previous 3 
days.  I still don't know how I got home that night without wrapping my vehicle 
around a utility pole (due to being over-tired, not due to alcohol).
Many painful lessons learned over that stretch of days, as often the case as a 
company grows from startup mode and builds more robust technology and business 
processes as a consequence of growth.
jms


On Tue, Feb 16, 2021 at 2:37 PM John Kristoff <[ j...@dataplane.org ]( 
mailto:j...@dataplane.org )> wrote:Friends,

 I'd like to start a thread about the most famous and widespread Internet
 operational issues, outages or implementation incompatibilities you
 have seen.

 Which examples would make up your top three?

 To get things started, I'd suggest the AS 7007 event is perhaps  the
 most notorious and likely to top many lists including mine.  So if
 that is one for you I'm asking for just two more.

 I'm particularly interested in this as the first step in developing a
 future NANOG session.  I'd be particularly interested in any issues
 that also identify key individuals that might still be around and
 interested in participating in a retrospective.  I already have someone
 that is willing to talk about AS 7007, which shouldn't be hard to guess
 who.

 Thanks in advance for your suggestions,

 John

Re: Cogent Layer 2

[Shawn L via NANOG]

When I last spoke to them, it sounded like they were using a bunch of LAG 
groups based on ip address because they _really_ wanted to know how many ip 
addresses we had and what kind of traffic we would be expecting (eyeball 
networks, big data transport, etc).


-Original Message-
From: "David Hubbard" 
Sent: Wednesday, October 14, 2020 1:46pm
To: "nanog@nanog.org" 
Subject: Re: Cogent Layer 2




I had a discussion with them about a point to point circuit last year and ran 
into some weirdness around how burstable it would be for specific IP to IP 
streams as our use case was cheap circuit / high speed data replication between 
given endpoints.  The sales rep was suggesting to me that I’d see specific 
source/destination IP pairs capped at 2gbps regardless of circuit speed, which 
suggested to me it was not actually a point to point wave but some type of 
encapsulated service.  We didn’t get into whether it was usable for non-IP, etc.
 
 
 

From: NANOG  on behalf 
of Mike Hammett 
Date: Wednesday, October 14, 2020 at 1:38 PM
To: "nanog@nanog.org" 
Subject: Cogent Layer 2

 


Are any legitimate beefs with Cogent limited to their IP policies, BGP session 
charges, and peering disputes? Meaning, would using them for layer 2 be 
reasonable?
 



 -
 Mike Hammett
[ Intelligent Computing Solutions ]( http://www.ics-il.com/ )
[  ]( https://www.facebook.com/ICSIL )[  ]( 
https://plus.google.com/+IntelligentComputingSolutionsDeKalb )[  ]( 
https://www.linkedin.com/company/intelligent-computing-solutions )[  ]( 
https://twitter.com/ICSIL )
[ Midwest Internet Exchange ]( http://www.midwest-ix.com/ )
[  ]( https://www.facebook.com/mdwestix )[  ]( 
https://www.linkedin.com/company/midwest-internet-exchange )[  ]( 
https://twitter.com/mdwestix )
[ The Brothers WISP ]( http://www.thebrotherswisp.com/ )
[  ]( https://www.facebook.com/thebrotherswisp )[  ]( 
https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg )

Re: Centurylink having a bad morning?

[Shawn L via NANOG]

We once moved a 3u server 30 miles between data centers this way.  Plug 
redundant psu into a ups and 2 people carried it out and put them in a vehicle. 
 


Sent from my iPhone

> On Sep 1, 2020, at 11:58 PM, Christopher Morrow  
> wrote:
> 
> On Tue, Sep 1, 2020 at 11:53 PM Alain Hebert  wrote:
>> 
>>As a coincidence...  I was *thinking* of moving a 90TB SAN (with 
>> mechanical's) to another rack that way...  skateboard, long fibers and long 
>> power cords =D
>> 
> 
> well, what you REALLY need is one of these:
>  https://www.cru-inc.com/products/wiebetech/hotplug_field_kit_product/
> 
> and 2-3 UPS... swap to the UPS, then just roll the stack over, plug to
> utility and done. (minus network transfer)

Re: questions asked during network engineer interview

[Shawn L via NANOG]

I completely agree.  One of the people I used to do interviews with would look 
through the resume, etc. and then say something like "this all looks good. Tell 
me about something you've done".  And we'd move on to talk about projects and 
how they tackled it, etc. 
 
We didn't give tests, just questions like  "if we asked you to do this, on 
something you haven't seen or used before, how would you go about it".   Or 
pretend I'm the customer.  I want to do this.  How would you go about it?  it 
wasn't about getting a 'correct' answer, it was about how they went about 
solving the problem.

-Original Message-
From: "Owen DeLong" 
Sent: Tuesday, July 14, 2020 1:33pm
To: "Michael Thomas" 
Cc: nanog@nanog.org
Subject: Re: questions asked during network engineer interview




On Jul 14, 2020, at 10:20 , Michael Thomas <[ m...@mtcc.com ]( 
mailto:m...@mtcc.com )> wrote:


 
On 7/13/20 8:16 PM, Greg Skinner via NANOG wrote:If you ever decide to revisit 
this subject, I recall it was covered here in [ this thread started by Bill 
Herrin ]( https://mailman.nanog.org/pipermail/nanog/2012-July/149687.html ).
My general feelings on the subject of tech interviews are summarized in the 
“interview anti-loop” section of [ this article by Steve Yegge ]( 
http://steve-yegge.blogspot.com/2008/03/get-that-job-at-google.html ).   
Although it is targeted to people seeking software engineering jobs at FANG 
(and FANG-like) companies, IMO the general tone is applicable to other tech 
careers, even network engineering.  I have seen numerous articles (and 
subsequent discussions) on this subject on forums such as Quora, Medium, and 
Hacker News.
 
That blog post is everything that is wrong with software interviews. It's fine 
to ask intricate algorithm questions for somebody fresh out of school because 
what else are you going to ask them? But for somebody who's years out of school 
and has lots of experience, the intricate details of various algorithms fade 
especially ones that you don't use very often, or are embedded in library 
routines you'd be fired for if you tried to reinvent them. Telling people they 
have to go back to school for stuff they won't be using on the job is 
offensive.I once failed a network engineering interview because I couldn’t 
recite the OSPF LSA types by number from memory. It was fine, the fact that was 
a key question in the interview convinced me that I had no more desire to work 
there than they had to hire me.



My personal method is to devise a problem and actually work with them... 
because that's what I (or others) are going to be doing. How well can they get 
the requirements? How do they zero in on how to solve it? You can take this as 
deep or shallow as you like. Often I'd give it as a homework assignment if I 
liked them.I prefer this approach as well. Depending on the level of 
interviewee, I like to pull up a real world scenario from my past and see how 
they approach it. I’m not nearly as concerned if they get to the right solution 
as I want to see how they go about identifying and solving the problem. Do they 
ask questions that narrow their focus and identify the issue, or do they start 
trying random things hoping to stumble across a solution without understanding 
the problem?
The former moves on to the next steps towards employment. The latter is dropped 
from consideration.



My personal theory is software interviewing is basically a hazing ritual where 
the interviewers are trying to fluff their own privates, and it's almost to a 
one male. I wrote this post a while ago:
[ http://rip-van-webble.blogspot.com/2013/07/interviews-as-hazing-rituals.html 
]( http://rip-van-webble.blogspot.com/2013/07/interviews-as-hazing-rituals.html 
)
MikeNot being a developer (at least not for the last 25+ years), I haven’t done 
many “software” interviews, but I’ve been through network and sysadmin 
interviews that ran the gamut. Frankly, the ones that seemed to be more about 
fluffing privates were the companies I put less focus on going forward. The 
interviewers that seemed to match my style and wanted to see me do real-world 
things like troubleshooting or solving design problems or identifying 
architectural flaws in a proposed solution usually resulted in mutual respect 
and I usually moved forward through the interview processes. On the few 
occasions where I got a job out of a fluffing interview, it almost universally 
turned out to be one I wished I hadn’t taken.
Owen

Re: Router Suggestions

[Shawn L via NANOG]

We _always_ have at least one spare, or something that could be (relatively) 
easily pressed into service as one. 
 
Even in the Midwest, we've had times where 'guaranteed next day replacement' is 
more like 2nd or third day due to weather conditions, the carrier routing it 
weird, or just plain the plane didn't come today issues.  We generally laugh 
when they try to offer us 4 hour contracts -- we know there's 0 chance they can 
meet them, and they never want to refund you when you need it and they can't.
 


-Original Message-
From: "Warren Kumari" 
Sent: Wednesday, June 17, 2020 6:50pm
To: "Owen DeLong" 
Cc: nanog@nanog.org
Subject: Re: Router Suggestions






On Tue, Jun 16, 2020 at 5:28 PM Owen DeLong <[ o...@delong.com ]( 
mailto:o...@delong.com )> wrote:

 > On Jun 16, 2020, at 1:51 PM, Mark Tinka <[ mark.ti...@seacom.mu ]( 
 > mailto:mark.ti...@seacom.mu )> wrote:
 > 
 > 
 > 
 > On 16/Jun/20 22:43, Owen DeLong wrote:
 > 
 >> Covering them all under vendor contract doesn’t necessarily guarantee that
 >> the vendor does, either. In general, if you can cover 10% of your hardware
 >> failing in the same 3-day period, you’re probably not going to do much 
 >> better
 >> with vendor support.
 > 
 > In my experience, our vendors have been able to abide by their
 > obligations when we've had successive failures in a short period of
 > time, as long as our subscription is up-to-date.
 > 
 > I am yet to be disappointed.
 > 

 Count your blessings… I once faced a situation where a vendor had shipped a 
batch of defective power supplies (10s of thousands of them). It wasn’t just my 
network facing successive failures
 in this case, but widespread across their entire customer base… By day 2, all 
of their depots were depleted and day 3 involved mapping out “how non-redundant 
can we make the power in our
 routers to cover the outages that we’re seeing without causing more outages 
than we solve?”

 It was a genuine nightmare.
Huh, was this in the early to mid 1990’s?
I had an incident in NYC area where one of the large (at the time) 
datacenter/IXPs had a power outage, and their transfer switch failed to switch 
over. Customers were annoyed, so they promised another test, which also failed, 
dropping power to the facility again... now customers were hopping mad...
The next test was *just* of the generator, but with all of the work they had 
done they had (somehow) gotten the transfer switch *really* confused / 
hardwired into an odd state. This resulted in the facility being powered by 
both the street power and the generator (at least for a few seconds until the 
generator went “Nope!”)
 These were of course not synchronized, and so 120V equipment saw 0V, then 
240V, then some weird harmonic, then other surprising values. .. most supplies 
kind of dealt with this OK, but one of the really common models of router, from 
the largest vendor upped and died. This resulted in a few hundred dead routers 
and way exceeded the vendors spares strategies.
A number of customers (myself included) had 4 hour replacement contracts, which 
the vendor really could not meet - so we agreed to take a new, much 
larger/better model as a replacement.
W

 I’ve had other situations involving early failures of just released line cards 
and such as well.

 As I said, YMMV, but I’m betting your vendor doesn’t stock a second copy of 
every piece of covered equipment in the local depot. They’re playing the 
statistical probabilities just
 like anyone else stocking their own spares pool. The biggest difference is 
that they’re
 spreading the risk across a (potentially) much wider sample size which may 
better normalize
 the numbers.

 Owen

-- 

I don't think the execution is relevant when it was obviously a bad idea in the 
first place.
This is like putting rabid weasels in your pants, and later expressing regret 
at having chosen those particular rabid weasels and that pair of pants.
   ---maf

Re: alternative to voip gateways

[Shawn L via NANOG]

Innomedia is decent as well, but again it all depends on loop lengths.
 
Might want to look at more of a carrier system.  Something like a Calix E7, E5 
or C7 line.  You could probably pick up a C7 chassis on the used market and 
fill it up with ADSL or VDSL cards that will push dial-tone at least 2x as far 
as they will push DSL.  At least in the 10 mile rage.  Although at some point, 
when you're out past DSL range things like old-school load coils will help with 
call quality.
 


-Original Message-
From: "Tarko Tikan" 
Sent: Saturday, May 2, 2020 3:48am
To: nanog@nanog.org
Subject: Re: alternative to voip gateways



hey,

> But this all results in a sh1te load of 48 port gateways (power is not
> a concern), but wondering if there is another solution that is more
> cost effective? Seems the regular NEC's Siemens and so on might have
> an option but I can imagine it will be far more expensive than a bunch
> of individual gateways.

Huawei was already suggested and Nokia ISAM also works very well for 
your application

https://www.nokia.com/networks/products/intelligent-services-access-manager-isam-voice/#overview

Majority of the small consumer gateways (including the 48p ones) will 
not work on long loops, they are ment to be used inside a building etc.


-- 
tarko

Re: Best way to get foreign ISPs to shut down DDoS reflectors?

[Shawn L via NANOG]

This brings up an interesting question -- what is "good DDoS protection" on an 
ISP scale?  Apart from having enough bandwidth to weather the attack and having 
upstream providers attempt to filter it for you/
 


-Original Message-
From: "Bottiger" 
Sent: Thursday, April 23, 2020 5:30pm
To: "Siyuan Miao" 
Cc: "North American Network Operators' Group" 
Subject: Re: Best way to get foreign ISPs to shut down DDoS reflectors?



We are unable to upgrade our bandwidth in those areas. There are no providers 
within our budget there at the moment. Surely there must be some way to get 
them to respond.


On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao <[ avel...@misaka.io ]( 
mailto:avel...@misaka.io )> wrote:
It won't work.
Get a good DDoS protection and forget about it.


On Fri, Apr 24, 2020 at 5:17 AM Bottiger <[ bottige...@gmail.com ]( 
mailto:bottige...@gmail.com )> wrote:
Is there a guide on how to get foreign ISPs to shut down reflectors used in 
DDoS attacks?
I've tried sending emails listed under abuse contacts for their regional 
registries. Either there is none listed, the email is full, email does not 
exist, or they do not reply. Same results when sending to whatever other email 
they have listed.
Example Networks:
CLARO S.A.
Telefonica
China Telecom
Korea Telecom

Re: rack rails

[Shawn L via NANOG]

That's a tough one.  In the telco space, the common sizes are 19" and 23".  19" 
for gear, 23" for fiber patch panels, etc.  There are also some 25" floating 
around (Nortel, I'm looking at you). 
 
Unfortunately, 19" gear fits in 19" racks.  It fits in 23" sometimes -- if the 
manufacture makes both size ears, or you have to use an adapter plate, which 
can be a pain, and expensive (for 25" you may as well find a local machine shop 
to make them for you, or it's cheaper to remove them and start over). 
 
Sometimes you can do 19" gear and 23" cable management in a 23" rack, which is 
nice.  There is also the telco proclivity to attach stand-offs on the back side 
of the rack for vertical cabling, which can take up even more space.
 
The one thing you really can't do is take servers, etc. designed for a cabinet 
or 4-post style rack and put them in a 2-post neatly.  There's adapters and 
things, but they're a pain as well.  At least with a 4-post square-hole rack 
you can get 80% of what you want to fit.  

-Original Message-
From: "Coy Hile" 
Sent: Monday, March 30, 2020 5:31pm
To: "Karsten Elfenbein" 
Cc: "NANOG" 
Subject: Re: rack rails




> On Mar 30, 2020, at 5:24 PM, Karsten Elfenbein  
> wrote:
> 
> Hi,
> 
> something like https://www.opencompute.org/projects/rack-and-power
> comes into my mind for that.
> Mounting on 4 posts should be the default. It is insane what some
> vendors want to mount on 2 posts only.
> 

That brings up an interesting question. As I understand it, the penchant for 
two-post mounts come from what are at least colloquially termed telco racks 
that are or were common when you had tons of modem banks and such. Are such 
mounts — much like DC power — still quite common in the service provider space, 
or do most use more or less normal racks? (That said, the 750mm wide (29.5in) 
racks that actually have room for high density cables inside the rack seem much 
more useful for a networking application than the 600mm wide version.)



--
Coy Hile
coy.h...@coyhile.com

Re: [EXT] Shining a light on ambulance chasers - Noction

[Shawn L via NANOG]

And here I actually went to their website (not Cogent -- they still call me all 
the time as well) to see what they sell.
 
 


-Original Message-
From: "Kaiser, Erich" 
Sent: Wednesday, March 25, 2020 5:50pm
To: "NANOG list" 
Subject: Re: [EXT] Shining a light on ambulance chasers - Noction




Cogent calls me about 2-3 times a week.  TIme to start re-routing their calls 
back to them..





Erich Kaiser

On Wed, Mar 25, 2020 at 3:29 PM Chuck Anderson <[ c...@wpi.edu ]( 
mailto:c...@wpi.edu )> wrote:Someone should tell them what happened to Cogent 
for scraping ARIN WHOIS.

 On Wed, Mar 25, 2020 at 04:13:51PM -0400, Rodney Joffe wrote:
 > Under the heading of sales spam from our community that is in even poorer 
 > taste, and sucks:
 > 
 > 
 > Begin forwarded message:
 > 
 > > From: Josh Ankin <[ jan...@noction.com ]( mailto:jan...@noction.com )>
 > > Subject: BGP Management
 > > Date: March 25, 2020 at 3:39:02 PM EDT
 > > To: [ rjo...@centergate.com ]( mailto:rjo...@centergate.com )
 > > Reply-To: [ jan...@noction.com ]( mailto:jan...@noction.com )
 > > 
 > > Hello Rodney,
 > >  
 > > I know things are pretty hectic right now with COVID-19 precautions being 
 > > taken everywhere. I hope it's not affecting your team too much, and most 
 > > importantly, I hope everyone is safe.
 > >  
 > > In recent months, I've been trying to bring your attention to BGP 
 > > optimization. However, our solution's other notable features can be of 
 > > utmost value at these uncertain times as the Internet traffic volumes and 
 > > patterns change
 > 
 > Etc Etc

Re: DSLAMs

[Shawn L via NANOG]

That's a tough one.  48 port dslams with internal splitters are easy.  When 
you're looking for more density you're almost always looking at external 
splitter shelves.  Could also look at the calix c7 platform -- tons around on 
the used market -- but then again, no splitters.
 

-Original Message-
From: "Dennis Lundström" 
Sent: Tuesday, December 31, 2019 12:32pm
To: "Nick Edwards" 
Cc: "NANOG" 
Subject: Re: DSLAMs




Found this one:

[ ftp://ftp2.dlink.com/SUPPORT/End_of_Life_Product_List_091519.pdf ]( 
ftp://ftp2.dlink.com/SUPPORT/End_of_Life_Product_List_091519.pdf )
Stating EOL 2015-04-14 for HW revision A1.
—Dennis



On Tue, Dec 31, 2019 at 10:27 Nick Edwards <[ nick.z.edwa...@gmail.com ]( 
mailto:nick.z.edwa...@gmail.com )> wrote:Howdy y'all

 Chasing some info, does dlink still sell DAS4672 - 672 port adsl2+ dslams?

 after simple IP based  units with pppoe pass through.
 We could buy a bunch of planet 48 ports, which we used before, but we
 hoping someone still puts out high capacity (320 plus port) units with
 inbuilt pots splitters

 thanks

Re: Elephant in the room - Akamai

[Shawn L via NANOG]

Same -- we had an Akamai cache for 15+ years.  Then we were notified that it 
was done and were sent boxes to pack our stuff up and send it back.
 
 
-Original Message-
From: "Jared Mauch" 
Sent: Saturday, December 7, 2019 2:05pm
To: "Seth Mattinen" 
Cc: nanog@nanog.org
Subject: Re: Elephant in the room - Akamai




> On Dec 7, 2019, at 12:06 PM, Seth Mattinen  wrote:
> 
> On 12/6/19 06:46, Fawcett, Nick via NANOG wrote:
>> We had three onsite Akamai caches a few months ago. They called us up and 
>> said they are removing that service and sent us boxes to pack up the 
>> hardware and ship back. We’ve had quite the increase in DIA traffic as a 
>> result of it.
> 
> 
> Same here, removed last month, and no more Akamai traffic over peering since.

This last part doesn’t sound right.

Can you send me details in private?

Thanks,

- Jared

Re: Cogent sales reps who actually respond

[Shawn L via NANOG]

I have one who calls me bi-weekly even though we have declined to purchase 
service from them at this time.  I'd be happy to provide contact details 
off-line.
 


-Original Message-
From: "Jon Sands" 
Sent: Monday, September 16, 2019 9:30am
To: nanog@nanog.org
Subject: Re: Cogent sales reps who actually respond



The last time I dealt with them, it took a little over 3 months to get 
them to turn up basic BGP service. To top it off the sales rep was fired 
in the middle of our deployment. Cogent seems to have higher rep 
turnover than anything else I've dealt with. Buckle up and have fun!

On 9/15/2019 4:13 PM, n...@as37662.com n...@as37662.com wrote:
>
> Hi fellow network operators,
>
> Do any orgs here have experience with a good Cogent rep? The rep we 
> got via Cogent's website is unresponsive to even basic questions. It 
> feels like we are dealing with a bot and copy-pasted replies.
>
> Thanks
> Ruldu
>

-- 
Jon Sands
MFI Labs
https://fohdeesha.com/

Re: IP Dslams

[Shawn L via NANOG]

The "newer" replacement for the 42xx series was the bitstorm 
(Bitstorm-RP2-152-AC), and they came in AC as well and 48 ports -- in a 1.5 U I 
think .
 

-Original Message-
From: "Blake Hudson" 
Sent: Friday, January 4, 2019 12:47pm
To: nanog@nanog.org
Subject: Re: IP Dslams


I was thinking the same thing. They're a few years out of support, but the 
Zhone 42xx IP DSLAM provides a 1Gbps ethernet uplink and 24 ADSL2+ DSL user 
ports per 1U chassis (stackable to achieve 192 ports total). Wish they were 
available in AC for non-telco use.
 [ http://support.zhone.com/support/manuals/docs/42/4200-A2-GN21-40.pdf ]( 
http://support.zhone.com/support/manuals/docs/42/4200-A2-GN21-40.pdf )

 You could pair these with a pfSense appliance (or an x86 PC running the free 
software) to provide DHCP, DNS, etc - or use the built in pfSense captive 
portal to provide additional authentication and accounting per user. pfSense 
can provide NAT and FW if needed, or these features can be disabled to use 
globally routable IP4/IP6 addresses.

 As far as support goes, backup your pfsense and DLSAM configs when you finish 
the project and the subscriber accounts and DSL modems could be maintained by a 
local admin through the pfSense web interface with no need to touch the DSLAMs 
or anything CLI.

 --Blake


Shawn L via NANOG wrote on 1/4/2019 8:59 AM:
Might want to look for old Zhone ip bitstorm dslams.  There should be a bunch 
on the used market.  They do all of the ATM conversions internally so you just 
need to feed them with ethernet.
 

 -Original Message-
 From: "Nick Edwards" [  ]( 
mailto:nick.z.edwa...@gmail.com )
 Sent: Friday, January 4, 2019 9:36am
 To: "Brandon Martin" [  ]( 
mailto:lists.na...@monmotha.net )
 Cc: "NANOG" [  ]( mailto:nanog@nanog.org )
 Subject: Re: IP Dslams




They don't have a large budget and although I'm yet to get prices on adtran's 
(understandable, holidays 'n all) I doubt it will fit within their budget, it's 
looking more like getting a few planet dslams and configuring a linux box as 
the bng, been 10 years since I've had to do that kind of setup, memories hazy, 
but I know it worked, and well, so thanks to all for suggestions but the 
adtrans and nokias are not for those on shoe string budgets, which wouldnt even 
allow me to include an asr1k for the bng, and although it would allow for, I'd 
rather not grab an ebay 7200/7300 :)


On Wed, Jan 2, 2019 at 10:52 PM Brandon Martin <[ lists.na...@monmotha.net ]( 
mailto:lists.na...@monmotha.net )> wrote:On 1/2/19 6:47 AM, Nick Edwards wrote:
 > There are 260 villas, and no coax.

 Is there a logical way to distribute the termination?  You might be able 
 to get better performance (not that you perhaps care, in this case) at 
 minimal additional cost if you can do building-local termination of each 
 customer circuit and then backhaul on e.g. bonded VDSL2 or G.FAST over 
 shorter distances (perhaps hopping building to building).

 I'm assuming there's no data grade copper or fiber if there's no coax. 
 Obviously if you've got those, distributed termination makes even more 
 sense.

 If you do want a centralized solution, an Adtran TA5006 (the small 
 chassis) with 6x 48 port VDSL2 combo modules (with or without vectoring, 
 depending on your needs) would do the job (though it fills the chassis 
 and doesn't allow for expansion, so the full-size TA5000 may be 
 desirable).  I've played (and am playing with) the same system but with 
 GPON termination and have been happy with it so far.
 -- 
 Brandon Martin

Re: IP Dslams

[Shawn L via NANOG]

Might want to look for old Zhone ip bitstorm dslams.  There should be a bunch 
on the used market.  They do all of the ATM conversions internally so you just 
need to feed them with ethernet.
 

-Original Message-
From: "Nick Edwards" 
Sent: Friday, January 4, 2019 9:36am
To: "Brandon Martin" 
Cc: "NANOG" 
Subject: Re: IP Dslams




They don't have a large budget and although I'm yet to get prices on adtran's 
(understandable, holidays 'n all) I doubt it will fit within their budget, it's 
looking more like getting a few planet dslams and configuring a linux box as 
the bng, been 10 years since I've had to do that kind of setup, memories hazy, 
but I know it worked, and well, so thanks to all for suggestions but the 
adtrans and nokias are not for those on shoe string budgets, which wouldnt even 
allow me to include an asr1k for the bng, and although it would allow for, I'd 
rather not grab an ebay 7200/7300 :)


On Wed, Jan 2, 2019 at 10:52 PM Brandon Martin <[ lists.na...@monmotha.net ]( 
mailto:lists.na...@monmotha.net )> wrote:On 1/2/19 6:47 AM, Nick Edwards wrote:
 > There are 260 villas, and no coax.

 Is there a logical way to distribute the termination?  You might be able 
 to get better performance (not that you perhaps care, in this case) at 
 minimal additional cost if you can do building-local termination of each 
 customer circuit and then backhaul on e.g. bonded VDSL2 or G.FAST over 
 shorter distances (perhaps hopping building to building).

 I'm assuming there's no data grade copper or fiber if there's no coax. 
 Obviously if you've got those, distributed termination makes even more 
 sense.

 If you do want a centralized solution, an Adtran TA5006 (the small 
 chassis) with 6x 48 port VDSL2 combo modules (with or without vectoring, 
 depending on your needs) would do the job (though it fills the chassis 
 and doesn't allow for expansion, so the full-size TA5000 may be 
 desirable).  I've played (and am playing with) the same system but with 
 GPON termination and have been happy with it so far.
 -- 
 Brandon Martin

Re: CenturyLink

[Shawn L via NANOG]

Speaking of GPS-enabled NTP appliances, etc. wondering what hardware people are 
using for this.
 
thanks
 

-Original Message-
From: "Raymond Burkholder" 
Sent: Saturday, December 29, 2018 12:01pm
To: "Matthew Huff" , "l...@satchell.net" , 
"nanog@nanog.org" 
Subject: Re: CenturyLink



On 2018-12-29 7:51 a.m., Matthew Huff wrote:
> We have two stratum-1 servers synced with GPS and a PTP feed from a provider 
> that also provides PTP to market data systems, but we still have to monitor 
> drift between system time and NIST time. Don't ask for the logic behind it, 
> it's a regulation, not a technical requirement.
>
On one occasion, due to bad firmware or a configuration issue, I have 
seen GPS stratum 1 diverge from NTP.  It was somewhat eye brow raising 
to the company.  My NTP monitored servers were shown to be diverging 
their GPS/NTP, but after looking at twice or thrice, it was the other 
way around.

Re: Extending network over a dry pair

[Shawn L via NANOG]

Actellis also makes some ethernet over dry pair gear.  The only issue is that 
they require repeaters like a T1 (different spacing though).  I'm guessing if 
you're doing T1 at that distance you already have repeater housings in the 
field at least.
 
 


-Original Message-
From: "Alfie Pates" 
Sent: Wednesday, December 12, 2018 4:42pm
To: nanog@nanog.org
Subject: Re: Extending network over a dry pair



Six miles is probably pushing it, but Proscend make some interesting Long-Range 
Ethernet SFP transciever which are VDSL based. They're horrendously documented 
and they draw *way* more power than the SFP specification allows.
They also make a version which is design to terminate VDSL broadband circuits - 
A couple of those found their way to my desk recently and it turns out that 
despite the horrendous documentation and sightly scary heat output (they come 
with a little paper note in the box which says something along the lines of 
"WARNING! MODULE GETS HOT - DO NOT TOUCH DURING OPERATION."), they do generally 
Just Work!
~a
On Wed, Dec 12, 2018, at 9:25 PM, Nick Bogle wrote:
A quick question for you guys; 
If you had a single dry pair (pair of copper wires originally for phones) to a 
remote site that was around 6 miles away, what would you use? We currently are 
just extending a T1 line to this site, but 1.5Mbps isn't cutting it anymore. 
Unfortunately it's a research site on a federally protected wildlife preserve 
so we can't run any new infrastructure (fiber etc) and it isn't in a 
geographical place where point to point wireless is practical. We were thinking 
there is some sort of network extender that uses some form of DSL for higher 
bandwidth capacity. 
Any suggestions?

RE: Are any of you starting to get AI robocalls?

[Shawn L via NANOG]

Honestly, most carriers I've talked to are fed up as well, and just want to 
find a way to make it stop.  As some one said, it's exactly like BCP38 ---  the 
carriers that care keep their clients from spoofing caller id, etc.  The ones 
that don't make everyone else look bad.

-Original Message-
From: "Keith Medcalf" 
Sent: Wednesday, April 4, 2018 7:04pm
To: "nanog@nanog.org" 
Subject: RE: Are any of you starting to get AI robocalls?



Why would the carriers want to do anything? They are making money from call 
termination fees.


---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

>-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Sean
>Pedersen
>Sent: Wednesday, 4 April, 2018 08:45
>To: nanog@nanog.org
>Subject: RE: Are any of you starting to get AI robocalls?
>
>Yep. Add it to the list of IRS scams, fake arrest warrants, credit
>repair, free vacations, etc. The rate of calls has increased
>dramatically in the past year, especially with the "neighborhood
>scam" where they spoof their CLID to a local area code and prefix +
> through  and blast you with calls, trying to trick you into
>thinking it's someone local and thus important or legitimate.
>
>I have a second phone I use for work and on-call, so that goes on DND
>from 6PM to 6AM with a VIP list of people/numbers that can ring
>through. No problems there, and somehow that number isn't (yet) on
>anyone's list, so I don't get many calls.
>
>On my personal cell, I started to use an app called Hiya that has
>been pretty successful. It's available for both iPhone and Android.
>It powers a lot of the carrier-specific apps like AT&T Call Protect,
>but unlike them, it doesn't suck. It's a giant database of reports
>that rate calling numbers and classify them as fraud, scam,
>neighborhood spoofing, etc. and you can flag them or route them right
>to voicemail. The only time it doesn’t work is when it hasn't updated
>its list in a little while and a few sneak through. They just
>realized a premium version that added some features. I haven't
>explored it yet.
>
>Went from about 20 calls a week to almost nothing.
>
>Carriers seem to be either uncapable or unwilling to address the
>issue other than the occasional lip-service reply about "taking
>customer's $variable seriously."
>
>-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of William
>Herrin
>Sent: Tuesday, April 3, 2018 3:32 PM
>To: nanog@nanog.org
>Subject: Are any of you starting to get AI robocalls?
>
>Howdy.
>
>Have any of you started to get AI robocalls? I've had a couple of
>calls recently where I get the connect silence of a predictive dialer
>followed by a woman speaking with call center background noise. She
>gives her name and asks how I'm doing. The first time it happened it
>seemed off for reasons I can't quite articulate, so I asked: "Are you
>a robot or a person?" She responded "yes" and then launched in to a
>sales pitch. The next time I asked, "where can I direct your call?"
>She responded "that's good" and launched in to her pitch.
>
>Regards,
>Bill Herrin
>
>
>--
>William Herrin  her...@dirtside.com b...@herrin.us
>Dirtside Systems . Web: 

Re: DSL CPE

[Shawn L via NANOG]

Sorry -- this got lost in the shuffle.
 
We were specifically comparing Comtrend AR5381u vs Zyxel 660HN being fed with 
either Calix ADSL 2+ or  Paradyne/Zhone Bitstorm ADSL2+.  All use the broadcom 
chipset but seem to interop slightly differently.  From our limited testing we 
determined that for the best speeds / quality on long loops order was like this
 
Zhone Bitstorm -> Zyxel 660HN
Zhone Bitstorm -> Comtrend AR5381u
Calix ADSL 2+ -> Zyxel 660HN
Calix ADSL 2+ -> Comtrend AR5381u
 
 

-Original Message-
From: "Mike Hammett" 
Sent: Sunday, January 14, 2018 9:48pm
To: "Shawn L" 
Cc: "NANOG" 
Subject: Re: DSL CPE



Any particular Zyxel models or just Zyxel in general perform better at longer 
lengths?


From: "Shawn L" 
To: "Mike Hammett" 
Cc: "NANOG" 
Sent: Tuesday, January 9, 2018 8:22:07 AM
Subject: RE: DSL CPE


At $dayjob we use both Comtrend and Zyxel modems.  Both have a 1-port modem 
that can be deployed in bridged mode. They both seem to work well with Calix 
gear.  We've found the Zyxel modems tend to work a little better at longer loop 
lengths.  But, for us at least, it's very easy to get custom firmware created 
and pre-deployed to comtrend modems at the factory / distributor. So we haven't 
completely decided between one brand and the other.  We started looking at 
Zyxel for increased speed at longer loop lengths and better wifi support.
 
There's a company a few exchanges over from us that has deployed the caix giga 
family and really likes it.  We haven't deployed them yet because they only 
work on the Calix E7 series (E7-2 and E7-20) and we still have a lot of C7 
series dslams in the network.
 
Shawn
 


-Original Message-
From: "Mike Hammett" 
Sent: Tuesday, January 9, 2018 8:50am
To: "NANOG" 
Subject: DSL CPE



After a few off-list responses (and a couple on) encouraging me to use NANOG, 
here we go... 


I've recently walked in to a voice\DSL CLEC that has basically been left to 
entropy for the last ten years. A lot of the core systems just work, but a lot 
of things aren't exactly managed the best. They run a Calix\Occam ADSL2+\VDSL 
infrastructure. For those of you doing DSL, what CPE are you using? I'm looking 
at one that's just a basic modem where I have a more sophisticated router (or 
ATA\voice gateway) behind it and then one more generic for residential settings 
with WiFi and all that jazz. We're kinda debating whether we go just dumb Wi-Fi 
or something more advanced\powerful. I've heard a lot of good about the Calix 
GigaFamily in that regard. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

RE: DSL CPE

[Shawn L via NANOG]

At $dayjob we use both Comtrend and Zyxel modems.  Both have a 1-port modem 
that can be deployed in bridged mode. They both seem to work well with Calix 
gear.  We've found the Zyxel modems tend to work a little better at longer loop 
lengths.  But, for us at least, it's very easy to get custom firmware created 
and pre-deployed to comtrend modems at the factory / distributor. So we haven't 
completely decided between one brand and the other.  We started looking at 
Zyxel for increased speed at longer loop lengths and better wifi support.
 
There's a company a few exchanges over from us that has deployed the caix giga 
family and really likes it.  We haven't deployed them yet because they only 
work on the Calix E7 series (E7-2 and E7-20) and we still have a lot of C7 
series dslams in the network.
 
Shawn



-Original Message-
From: "Mike Hammett" 
Sent: Tuesday, January 9, 2018 8:50am
To: "NANOG" 
Subject: DSL CPE



After a few off-list responses (and a couple on) encouraging me to use NANOG, 
here we go... 


I've recently walked in to a voice\DSL CLEC that has basically been left to 
entropy for the last ten years. A lot of the core systems just work, but a lot 
of things aren't exactly managed the best. They run a Calix\Occam ADSL2+\VDSL 
infrastructure. For those of you doing DSL, what CPE are you using? I'm looking 
at one that's just a basic modem where I have a more sophisticated router (or 
ATA\voice gateway) behind it and then one more generic for residential settings 
with WiFi and all that jazz. We're kinda debating whether we go just dumb Wi-Fi 
or something more advanced\powerful. I've heard a lot of good about the Calix 
GigaFamily in that regard. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

Re: RFC2544 Testing Equipment

[Shawn L via NANOG]

JDSU make some nice ones that we use to qualify cell tower back haul.  Not 
cheap though
 


-Original Message-
From: "Jeremy Austin" 
Sent: Tuesday, May 30, 2017 11:29am
To: "James Breeden" , "n...@flhsi.com" , 
"nanog@nanog.org" 
Subject: Re: RFC2544 Testing Equipment



JW, have you moved on to EtherSAM? That's what I'd be looking for myself.
On Tue, May 30, 2017 at 7:28 AM James Breeden  wrote:

> When we had to do this once in a blue moon, we just bought a pair of old
> Agilent Framescopes off ebay. They worked great but we had issues getting
> reporting out of them. They had RJ45 and SFP on them.
>
> -Original Message-
> From: NANOG [mailto:nanog-bounces+james=arenalgroup...@nanog.org] On
> Behalf Of Nick Olsen
> Sent: Tuesday, May 30, 2017 10:23 AM
> To: nanog@nanog.org
> Subject: RFC2544 Testing Equipment
>
> Greetings all,
>
> Looking for a good test set. Primary use will be testing L2 circuits
> (It'll technically be VPLS, But the test set will just see L2). Being able
> to test routed L3 would also be useful. Most of the sets I've seen are two
> sided, A "reflector" at the remote side, And the test set in hand run by
> the technician.
>
> Looking to test up to 1Gb/s at various packet sizes, Measure Packet loss,
> Jitter..etc. Primarily Copper, But if it had some form of optical port, I
> wouldn't complain. Outputting a report that we can provide to the customer
> would be useful, But isn't mandatory. Doesn't need anything fancy, Like
> MPLS awareness, VLAN ID's..etc.
>
>
> Nick Olsen
> Sr. Network Engineer
> Florida High Speed Internet
> (321) 205-1100 x106
>
>
>
>
>
>
>
>

RE: SoCal FIOS outage(?) / static IP readdressing

[Shawn L]

Depending on the area and conditions (rock, etc).  We're seeing
 
$4 /foot Aerial
$5-$7 /foot direct bury
$10 - $14 /foot directional bore
 
These are not including the fiber cable itself.
 


-Original Message-
From: "Luke Guillory" 
Sent: Wednesday, January 4, 2017 8:50am
To: "Jared Mauch" , "Baldur Norddahl" 

Cc: "nanog@nanog.org" 
Subject: RE: SoCal FIOS outage(?) / static IP readdressing



Our model is 15k a mile all in, this is for aerial not underground for our 
HFC/Coax builds. A partner of ours models their underground fiber builds at 30k 
a mile.

This is in south Louisiana so your market may vary as always.






Luke Guillory
Network Operations Manager

Tel: 985.536.1212
Fax: 985.536.0300
Email: lguill...@reservetele.com

Reserve Telecommunications
100 RTC Dr
Reserve, LA 70084

_

Disclaimer:
The information transmitted, including attachments, is intended only for the 
person(s) or entity to which it is addressed and may contain confidential 
and/or privileged material which should not disseminate, distribute or be 
copied. Please notify Luke Guillory immediately by e-mail if you have received 
this e-mail by mistake and delete this e-mail from your system. E-mail 
transmission cannot be guaranteed to be secure or error-free as information 
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or 
contain viruses. Luke Guillory therefore does not accept liability for any 
errors or omissions in the contents of this message, which arise as a result of 
e-mail transmission. .

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jared Mauch
Sent: Wednesday, January 04, 2017 7:37 AM
To: Baldur Norddahl
Cc: nanog@nanog.org
Subject: Re: SoCal FIOS outage(?) / static IP readdressing


> On Jan 4, 2017, at 7:54 AM, Baldur Norddahl  wrote:
>
> I solved this issue by making my own ISP.

I’ve been thinking of the same in my underserved area. Labor is $5/foot here 
and despite friends and colleagues telling me to move, it seems I have a sub-60 
month ROI (and sub-year for some areas I’ve modeled with modest uptake rates of 
15-20% where the other options are fixed wireless, Cellular data or dial).

Hope is to do a presentation in the fall or next year with progress. We have 
areas around here where Comcast, (AT&T or Frontier) don’t even serve. The 
municipality is off getting bids to build due to market failure by the 
incumbents to invest. municipal fiber is nigh on illegal here in Michigan but 
with no incumbent it is feasible and my hope is will lock out people who are 
unwilling to invest despite their market cap.

- Jared

RE: AS4233852001 advertising 192.0.0.0/2?

[Shawn L]

Looks like they're announcing quite a bit
 


-Original Message-
From: "Adam Greene" 
Sent: Monday, September 26, 2016 8:52am
To: nanog@nanog.org
Subject: AS4233852001 advertising 192.0.0.0/2?



We were alerted to this by https://radar.qrator.net.



This seems wrong from a number of angles .



Adam

Manage Outage Notifications?

[Shawn L]

What are people using to manage / send their outage notifications?  We're 
currently using a mostly manual process to identify customers that need to be 
aware of an outage and send out e-mail at $dayjob.  Looking for a way to 
automate it more.  I'd prefer something open source, but that's not a 
requirement.
 
Thanks

Re: automated site to site vpn recommendations

[Shawn L]

I believe they fixed this -- when I've spoken to tech support recently, I had 
to give them a tech support key so that they could access the devices I had 
questions about.
 


-Original Message-
From: "Paul Nash" 
Sent: Wednesday, June 29, 2016 8:55am
To: "Untitled 3" 
Subject: Re: automated site to site vpn recommendations



My biggest issue with Meraki is that their tech staff can run tcpdump on the 
wired or wireless interface of your Meraki box without having to leave their 
desk. I have no reason to believe that they are malicious, or in the pay of the 
NSA, but I am too paranoid to allow their equipment anywhere near me.

Yes, they work well and the cloud control panel makes remote support a breeze; 
you have to decide how you feel about the insecurity.

 paul

> On Jun 27, 2016, at 6:28 PM, Dan Stralka  wrote:
> 
> I would second Meraki for the situation you describe. I don't feel that
> they are the most capable platform, they're expensive, and don't always
> present you with all the information you'd need for troubleshooting.
> However, the VPN offers great dynamic tunneling, instant-on performance,
> and are by far the simplest platform to offer a field person. They're also
> tenacious - I've had them connect to the cloud management platform and
> build a VPN under some trying circumstances.
> 
> From a security standpoint, they will offer features that will impress for
> the price (Sourcefire, inability to use if stolen, 802.1x, and remote VPN
> tunnel control), and we've found they punch above their weight and their
> APs perform fantastically.
> 
> We deploy them worldwide many times per year in similar use cases,
> sometimes with 150 users on the LAN. If your routing is simple, you can
> define your security policies, and don't need crazy throughput on your VPN,
> Meraki is the way to go. Be careful though: they have to be continually
> licensed to work and can get pretty expensive if you go for the higher end
> gear. Thus far, we've been able to stick to the cheaper stuff and
> accomplish our goals.
> 
> Dan
> 
> (end)
> On Jun 27, 2016 6:01 PM, "Karl Auer"  wrote:
> 
>> On Mon, 2016-06-27 at 13:08 -0700, c b wrote:
>>> In some cases...
>> 
>> The words "in some cases" are a problem with any supposedly plug and
>> play solution.
>> 
>>> We really could use a simple solution that you
>>> just flip on, it calls home, and works...
>> 
>> ...but still requiring someone to enter credentials of some sort,
>> right? Otherwise you have a device wandering about that provides look
>> -mum-no-hands access to your corporate network.
>> 
>> MikroTik stuff is cheap as chips, small, comes with wifi, ethernet, USB
>> for a wireless dongle or storage, and has a highly-scriptable operating
>> system. Not a bad platform.
>> 
>> Regards, K.
>> 
>> --
>> ~~~
>> Karl Auer (ka...@biplane.com.au)
>> http://www.biplane.com.au/kauer
>> http://twitter.com/kauer389
>> 
>> GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
>> Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
>> 
>> 
>> 
>> 

RE: automated site to site vpn recommendations

[Shawn L]

We use the Meraki series -- MX @ the main office, and Z1 for the remote, or 
just 2 Z1 units if it's a small network and they work great.  
 
We've even gone so far as to utilize Avaya ip phones over the link so the 
teleworker's extension works wherever they are.  I have to say, compared to a 
PIX or ASA, etc. they are about the simplest VPN setup you'll ever come across. 
 We've even had cases where the Z1 was behind a fairly restrictive NAT, and it 
was able to establish a session and work great. 
 
Definitely not the cheapest, but if you can get by with just a couple of Z1s 
the cost isn't too bad.

Shawn
 
 
-Original Message-
From: "c b" 
Sent: Monday, June 27, 2016 4:08pm
To: "nanog@nanog.org" 
Subject: automated site to site vpn recommendations



Situation: We have salespeople/engineers holding temporary 
seminars/training/demonstrations in hotel meeting rooms.
Requirements: 
field people need a very plug-n-play, simple, reliable vpn back to corporate 
offices to present videos/slides/demonstrations. The materials are not 
accessible via the internet directly, they are in a contained environment at 
corporate HQ locations but not necessarily on the corp network.the solution 
should be able to provide wireless to attendees. In some cases, guest login 
will be fine but in some cases the attendees will have registered and provided 
login creds prior to the event, and these creds will need to be checked before 
providing accessthe solution should have the option to split tunnel internet 
traffic out, but in some cases they need all traffic tunneled and internet will 
be via our corporate offices (NDA/legal, don't ask, it's just a requirement 
provided)
Nice-to-have:
 field person should be able to not only access the presentation materials (in 
their contained network) but also the corporate network. Some early attempts 
required a user-vpn connection by the field person over the S2S VPN, but it 
made it clunky to switch back and forth. This isn't mandatory, but it would be 
nice to provide one solution providing dual-level access: restricted to 
attendees, less-restricted to field people
Tried this in the past with basic router/switch/wireless and captive portals 
because we had some inventory available... it was workable but not quick or 
easy. We really could use a simple solution that you just flip on, it calls 
home, and works... or as close to that as possible.
Have been looking at Meraki and a couple other low-touch solutions and they may 
do the trick, but we are hoping there are lower cost options that people have 
used successfully? We don't mind dealing with some off brands and even some 
custom coding (within reason) as long as the end result is a low-touch, 
reliable solution.
Thanks in advance.

RE: mrtg alternative

[Shawn L]

We use observium.  It has most of what you're looking for.   Used to use cacti 
but switched a couple of months ago


-Original Message-
From: "Baldur Norddahl" 
Sent: Friday, February 26, 2016 6:18pm
To: "nanog@nanog.org" 
Subject: mrtg alternative



Hi

I am currently using MRTG and RRD to make traffic graphs. I am searching
for more modern alternatives that allows the user to dynamically zoom and
scroll the timeline.

Bonus points if the user can customize the graphs directly in the
webbrowse. For example he might be able to add or remove individual peers
from the graph by simply clicking a checkbox.

What is the 2016 tool for this?

Regards,

Baldur

Re: Low density Juniper (or alternative) Edge

[Shawn L]

We use the Accedian Metro Nid in places.  They work well, but are layer 2 only 
-- at least the ones we got.  
 
 
-Original Message-
From: "Colton Conor" 
Sent: Wednesday, February 3, 2016 9:34am
To: "Nick Hilliard" 
Cc: "NANOG" 
Subject: Re: Low density Juniper (or alternative) Edge



I see Cisco and Juniper mentioned here, but what about all the smart NID
companies out there? I found these of MEF list:

Accedian, Altera, BTI Systems, Ciena (Nasdaq: CIEN
), Cisco (Nasdaq: CSCO
), Cyan, FibroLAN, Huawei,
Infinera (Nasdaq: INFN ),
Juniper Networks (NYSE: JNPR
), MRV, Omnitron,
Overture, PT Inovacao, Pulsecom, RAD Data Communications, Telco Systems,
Tellabs (Nasdaq: TLAB ),
Transition Networks and Transmode.

Some of these guys focus what seems like exclusively on ethernet NID
devices, and most all are MEF certified. Does anyone use the above vendors
NIDs?



On Wed, Feb 3, 2016 at 1:58 AM, Nick Hilliard  wrote:

> David Bass wrote:
> > Looking to see what others are using out there as an alternative to a
> > Cisco ME3600X? Also, what other vendors out there are playing in this
> > space?
> >
> > Need a full MPLS stack.
>
> Before choosing a box, you need to figure out:
>
> - how many ports you need, and of what speed
> - how much you're prepared to pay
> - how much rack real estate you're ok about dedicating per box
> - what sort of mpls features you need (vpls / l2vpn-pw / l3vpn / 6pe /
> 6vpe, etc)
> - whether rich qos is a requirement
> - whether you're ever going to need good quality LAG / ECMP support on
> the platform
> - what vendor software you're happy to work with
> - whether you're ok with per port licensing
>
> Typically the features that fall by the wayside first are: reasonable
> port buffers, qos knobs and decent lag/ecmp hashing support for mpls
> packets. The qos/port buffers tend to be more of a problem on the 10G
> platforms, but you didn't state whether you were interested in 1G or
> 10G, or how many ports you were looking for per box.
>
> E.g. the production evolution for the me3600 is the asr920, which is
> better is most aspects except for shared buffer space. This means that
> the me3600 has better qos support, if deeper buffers are what's
> important. OTOH, if you need to do fine-grained qos based on ACLs or
> ports, then this platform isn't for you.
>
> Most smaller mpls boxes don't load balance well over LAGs or ECMP
> because they lack the ability to inspect deep into the packet to get
> enough flow-aware entropy together to build a reasonable hash. If all
> your PE devices support flow-aware transport (rfc6391), you're fine, but
> very few smaller mpls boxes support this feature.
>
> If 10G is a requirement, then you need to make a choice between one of
> the merchant chipsets (e.g. broadcom trident range) and vendor specific
> chipsets. Many of the larger vendors support the merchant chipsets
> these days for 10G access, but feature support can be varied. E.g. some
> devices don't support vpls and never will. Some are a bit behind on
> product development and don't yet support features like l3vpn or 6PE or
> 6VPE, even though they are roadmapped.
>
> Nick
>

RE: Lawful Intercept Trusted 3rd Party

[Shawn L]

We're currently using Vantage Point out of North Dakota.  Haven't had to 
actually put anything into production as of yet though.
 
 
-Original Message-
From: "Crier, Brent" 
Sent: Tuesday, January 19, 2016 10:04am
To: "nanog@nanog.org" 
Subject: Lawful Intercept Trusted 3rd Party



Just wondering if anyone has had success with trusted 3rd party vendors for 
ISP/Telco CALEA compliance? If so any recommendations?

Thanks,
-Brent

Re: Favorite GPON Vendor?

[Shawn L]

We like Calix's gpon gear, especially the E7 series.  Though it's on the higher 
side price-wise than others.  Manageable through their CMS software, the web, 
or command line.  We tend to use their CMS software for most things, but the 
CLI is decent, and gives you access to anything you'd want.
 

-Original Message-
From: "Art Plato" 
Sent: Monday, November 9, 2015 2:38pm
To: 
Cc: nanog@nanog.org
Subject: Re: Favorite GPON Vendor?



Brian,
How complex is the troubleshooting side of the Adtran? We Use the Enablence 
Wave7 and getting any useful information from the CPE via the CLI is like 
pulling hens teeth. I have yet to see a way to view the actual throughput on 
the ethernet interfaces, only total bits passed, or the light levels at the CPE 
fiber interface. A bit annoying actually. It means a truck roll to get light 
levels at the CPE.

Art.

- Original Message -
From: "Brian R" 
To: "Eric Rogers" , "Jay Patel" 
Cc: nanog@nanog.org
Sent: Monday, November 9, 2015 2:25:44 PM
Subject: Re: Favorite GPON Vendor?

We use the Adtran ONT solutions. We are using AE (Active Ethernet) not GPON but 
the solutions are similar for Adtran. We are providing IP and Analog this way. 
If used in the specified scope only there have been very little problems. 
Adtran is constantly updating their firmware, this can be a positive and 
negative at times. LoL

The configuration is Adtran TA5000 with an Active Ethernet 24-Port Module 
(1187562F1) feeding an ONT TA324E (1287737G2) at the customer premise.
For power we are using the Cyber Power CSN27U12v-NA3 units.
The clam shell we are using to put the ONT in is TA350 ONT NID HSG SPLICE 
(1187770G1)
All of these part numbers should be available on Adtrans website to look up.

We are also testing some iPhotonix ONTs but have not gotten to the point we are 
sure we want to deploy them.

Brian

PS I will post this in voiceops as well (it may be more relevant there)


From: NANOG  on behalf of Eric Rogers 

Sent: Monday, November 9, 2015 10:09 AM
To: Jay Patel; nanog@nanog.org
Subject: RE: Favorite GPON Vendor?

I Personally would like to know as well. We are just getting into GPON and the 
equipment we have been evaluating is clunky at best... It came highly 
recommended and supposed to be stable.

Eric Rogers
PDS Connect
www.pdsconnect.me
(317) 831-3000 x200


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jay Patel
Sent: Monday, November 9, 2015 9:50 AM
To: nanog@nanog.org
Subject: Favorite GPON Vendor?

Who is your favorite GPON OLT/ONU Vendor? Why? I am looking for
recommendations

I apologize in advance , if you feel my question is inappropriate for this 
mailing list ( feel free to point me to right forum/mailing list).

Regards,
Jay.

Re: inexpensive url-filtering db

[Shawn L]

I've used Dan's Guardian before.  Usually in a K-12 setting


-Original Message-
From: "shawn wilson" 
Sent: Friday, October 16, 2015 11:10am
To: "MKS" 
Cc: "North American Network Operators Group" 
Subject: Re: inexpensive url-filtering db



On Oct 16, 2015 6:52 AM, "MKS"  wrote:

>
> Now I'm looking for an inexpensive url-filtering database, for integration
> into a squid like solution.

> Perhaps there is another mailing-list more relevant for this kind of
issues?

Squid like or squid? I'd ask on the squid list if there's nothing here.

Google Apps for ISPs -- Lingering fallout

[Shawn L]

I know there are others on this list who used Google Apps for ISPs and recently 
migrated off (as the service was discontinued).
 
We have had several cases where the user had a YouTube channel or Picasa photo 
albums, etc. that they created with their Google Apps for ISPs credentials.  
Now that the service is gone, those channels and albums still exist but the 
users are unable to login to them or manage them in any way because it tells 
them that their account has been disabled.
 
Of course, Google had been un-responsive to all of our (and the customer's) 
inquiries about how to fix this.
 
Has anyone else run into this and found a way around it?
 
thanks
 
 
Shawn

Re: Debian RWHOIS

[Shawn L]

We ran it for a while, then gave up and just updated the info on Arin.


-Original Message-
From: "Josh Luthman" 
Sent: Wednesday, July 8, 2015 3:56pm
To: "Dan White" 
Cc: "Josh Moore" , "nanog@nanog.org" 
Subject: Re: Debian RWHOIS



I think this is what you're asking for:

http://projects.arin.net/rwhois

Should be a ./configure && make && make install #per this
http://projects.arin.net/rwhois/docs/installation.html


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Jul 8, 2015 at 3:52 PM, Dan White  wrote:

> On 07/08/15 19:38 +, Josh Moore wrote:
>
>> Hello guys,
>>
>
> What do you use for ARIN resource assignments? I am looking to setup a
>> Debian-based RWHOIS server but don't see much information on it.
>>
>
> As of a couple of years ago when I looked around, there were no recent
> packaged versions of rwhoisd for Debian. We run a compiled version.
>
> --
> Dan White
>

Re: Google contact?

[Shawn L]

I'm replying on-list since it seems like a lot of people are in the same boat. 
 
Here's a summary of what happened to us.  Please feel free to jump in if you 
had a different experience, or have more information.
 
Google sent us a notice in December that as of June 8 they would be 
discontinuing the Google for ISPs program and that we had to find a different 
e-mail provider.  Unfortunately, they only sent this notice to the account that 
initially created the service, which was un-monitored.I have heard the same 
thing from others.  They did not include a notice about the discontinuation in 
their monthly billing, only in e-mail and only to the account that initiated 
the google service.
 
We actually found out about it some time in February.  I spoke with the Google 
contact listed in the e-mail and was told that they were indeed cancelling the 
service, but wasn't given a reason.  We also asked if it was possible to move 
to a different Google service, Google Apps for Business for example, but was 
told that it would be against their terms or service and would result in a 
cancellation of the service.
 
After a lot of research in Google's forums, it looked like a lot of other 
people were in the same boat we were.  We ended up talking with another e-mail 
provider and migrating all of our mail.  Several weeks ago we asked Google for 
an extension because the migration was taking longer than expected.  We were 
given until the 16th of June and told that no further extensions would be 
given.  I have spoken to one person who was given until the end of June.
 
Here is the original notice we received from google.  I hope this helps others 
in the same boat
 
 
December 10, 2014
 [ your-domain,com ]( http://baragatelephone.com )
 
 Subject: Notice of Non-Renewal of The Google Apps - ISP Partner Edition 
Agreement.
 
 Dear Administrator,
 Thank you for being a Google customer and for using Google Apps Partner 
Edition (collectively, "Partner Edition").
 As part of Google's integration plans, we have elected to discontinue 
providing the Partner Edition Services going forward. As provided in the 
Agreement between Google Inc. and [ your-domain.com ]( 
http://baragatelephone.com ), this letter serves as your formal notice that the 
Services will not be renewed, and our Agreement with you will terminate on June 
8, 2015.
 
 Any other Google services you have purchased (or resold, if applicable), in 
addition the Partner Edition product and services, will not be affected by this 
change. Please also note that this notice of non-renewal does not relieve you 
of any payment obligations you may have under the current Agreement and that 
you remain responsible for remitting any such owed payments in full by the 
applicable invoice due date for the Services.
 
 We have prepared an Administrator transition resource website ([ 
https://support.google.com/appstransition/go/admin ]( 
https://support.google.com/appstransition/go/admin )) and an End User resource 
website ([ https://support.google.com/appstransition ]( 
https://support.google.com/appstransition )) to assist you through the 
transition. This resource center presents some of the migration options 
available to you and provides instructions that you can share with your 
customers.
 
 We regret any inconvenience this may cause, and thank you again for your 
business. If you have any questions, please contact your Account Manager below.
 
 Account Manager:  John Coull
 Phone Number: [ 212- 565-3131 ]( tel:212-%20565-3131 )
 Email Address: [ joh...@google.com ]( mailto:joh...@google.com )
 
 Sincerely,
 Omid Kordestani
 Chief Business Officer
 
 
 


-Original Message-
From: "Marciano Lopes" 
Sent: Wednesday, June 17, 2015 11:48am
To: "Shawn L" 
Subject: Re: Google contact?




Hello Shawn!
 They cancelled ours as well.

What we can do?
 
Thanks!





 
 
Atenciosamente,
Marciano Lopes
GSURF
Fixo (48) 3254-8700 Ramal 6272
Móvel (48) 9125-5081
Atendimento 24h 0800-644-4833

2015-06-17 12:15 GMT-03:00 Shawn L <[ sha...@up.net ]( mailto:sha...@up.net )>:

 Google cancelled their ISP program as of the 8th of June.

 Feel free to contact me off-list for more info.  They cancelled ours as well.




 -Original Message-
 From: "Christopher Tyler" <[ ch...@totalhighspeed.net ]( 
mailto:ch...@totalhighspeed.net )>
 Sent: Wednesday, June 17, 2015 9:28am
 To: [ nanog@nanog.org ]( mailto:nanog@nanog.org )
 Subject: Google contact?



 Need some help.. Does anyone have an email contact at Google that they are 
willing to pass along?
 All of our [ mowisp.net ]( http://mowisp.net ) Apps for ISP accounts were 
disabled last night at about 8-9PM without notice and we are now getting 
swamped with calls. Possibly several hundred users affected.

 --
 Christopher Tyler
 MTCRE/MTCNA/MTCTCE/MTCWE
 Total Highspeed Internet Services
[ 417.851.1107 ]( tel:417.851.1107 )

RE: Google contact?

[Shawn L]

Google cancelled their ISP program as of the 8th of June.
 
Feel free to contact me off-list for more info.  They cancelled ours as well.


-Original Message-
From: "Christopher Tyler" 
Sent: Wednesday, June 17, 2015 9:28am
To: nanog@nanog.org
Subject: Google contact?



Need some help.. Does anyone have an email contact at Google that they are 
willing to pass along?
All of our mowisp.net Apps for ISP accounts were disabled last night at about 
8-9PM without notice and we are now getting swamped with calls. Possibly 
several hundred users affected.

-- 
Christopher Tyler 
MTCRE/MTCNA/MTCTCE/MTCWE 
Total Highspeed Internet Services 
417.851.1107

Re: DWDM and EDFA and DCM

[Shawn L]

Remember, distance ratings are just generalizations.  It all comes down to
power budget.  When fiber is laid there are slack loops for potential
future service and for use if a cable is cut,  splice cases -- because it's
hard to work with a fiber spool with more than 5 miles of cable on it,
other connectors, hand holes with slack coils, etc.  If the route is 80km
the actual fiber distance  could be more like 100 or 120km with all of the
slack.  Then you add on DB loss for every splice and connector.  As others
have said, the only way to really know is to shoot it with a power meter
and see what the end to end loss is, and then get the correct optics for
the path you have

On Wed, Apr 22, 2015 at 6:43 PM, Rodrigo 1telecom 
wrote:

> Nothing is wrong with the fiber... Attenuation is good... Gbics specs says
> -23db as a limit of your sensibility ...i have tried to put bidi sfp+ 80km
> on this fiber and have -25dbi on other side( not connect) this module have
> -20dbi sensibility ...
> This scenario have a 4 channels... And i use 2 10gb channels... C21 and
> c22 on side A and c51 and c52 on side B
>
> Enviado via iPhone 
> Grupo Connectoway
>
> > Em 22/04/2015, às 19:01, Evelio Vila  escreveu:
> >
> > I think the OP is asking about whether it should account for chromatic
> dispersion or not. Intramodal dispersion may very well be a limit on your
> link even the power budget (as presented before) is fine.  As Mikael said,
> I would stick to the specs from the manufacturer for that specific module,
> or rent an OTDR and make the measurements.
> >
> > --
> > Evelio
> >
> >> On Wed, Apr 22, 2015 at 1:51 PM, Baldur Norddahl <
> baldur.nordd...@gmail.com> wrote:
> >> First: buy a power meter. They are really cheap and the only way to know
> >> for sure how much signal you got. It will also tell you how much launch
> >> power you have. The fiberstore modules are listed as 0 to +5 dBm launch
> >> power - if you got lucky it might be +5 and if you got a lower end
> module
> >> it might be close to 0. Obviously this makes a huge difference for how
> much
> >> power you get on the other end. Also it is said that the laser will lose
> >> power over time.
> >>
> >> Second you need to think in terms of power budget, not distance. So you
> got
> >> 68 km and the module is rated for 80 km - but not all fiber is not born
> >> equal. A power meter allows you to measure the true link loss.
> >>
> >> Third you did not tell what DWDM multiplexer you are using. A 44 channel
> >> DWDM multiplexer from Fiberstore can have up to 4.5 dB insertion loss.
> You
> >> might have two of those on your link for a total of 9 dB loss. Your 80
> km
> >> module has a 23 dB link budget, so this leaves you with 23-9 = 14 dB
> >> budget. If your fiber has 0.25 dB loss per km, that is only 56 km.
> >>
> >> Regards,
> >>
> >> Baldur
> >
>

Charter NOC contact?

[Shawn L]

Can someone from Charter's NOC contact me off list?  We have a mutual
customer who's having issues and not getting anywhere going through normal
channels.

thanks

Charter Engineer

[Shawn L]

Could a Charter engineer with familiarity with Michigan contact me
off-list?  We have a mutual client who's having issues communicating
between sites.

Thanks

Re: VDSL CPE Mixed Results

[Shawn L]

I was going to ask if you've tested the cable pair at all.  If the pair is
bad, or even a little out of balance, bad scotch loks, etc. VDSL isn't
going to work properly.

We have customers that are definitely in-range for VDSL but who cannot get
it because there is a 26 gauge insert between two cross-connect cabinets in
the field

On Thu, Jan 15, 2015 at 8:15 AM, Scott Helms  wrote:

> I'm going to guess you're a CLEC from your website and a common problem
> I've seen in that scenario is that vectoring doesn't work between DSLAMs
> because it needs all pairs to be part of the vector group so that the DSLAM
> can mitigate FEXT.  DSLAM vendors have been working on system level, rather
> than DSLAM/binder level, vectoring for a while but cross vendor support is
> questionable at best.
>
> Read the section on system level vectoring especially:
> http://www.adtran.com/web/fileDownload/doc/32362
>
> If you are sharing binders with the ILEC and potentially other CLECs then
> you really need to talk to you ILEC rep and find out what they're doing for
> system level vectoring to see if there is an option for your DSLAMs to be
> included.  That benefits everyone and will _greatly_ increase performance.
> VDSL2 speeds will otherwise be unreachable unless the ILEC gives each CLEC
> their own binder, not very practical.
>
>
>
> Scott Helms
> Vice President of Technology
> ZCorum
> (678) 507-5000
> 
> http://twitter.com/kscotthelms
> 
>
> On Wed, Jan 14, 2015 at 9:29 AM, Stetson Blake <
> stetson.bl...@datayardworks.com> wrote:
>
> > Hey All,
> >
> > We have been deploying Adtran 838(shdsl) and 868(dsl) units in our metro
> > area with mixed results. The devices themselves are reliable and secure
> > it would seem, but the speeds were are able to get are not. ie. we have
> > deployed 'vdsl' and needed 3 lines to get up to 10x10 speeds. We are
> > using an Adtran TA5000 on the other end to terminate our connections.
> > The distance between the site and CO is not great (under 6k feet). What
> > gives? Are we provisioning wrong, using the wrong equipment, or a
> > combination of both?
> > If we were able to get the speeds others have been reporting from VDSL,
> > life would be great.
> > Anyone feel free to contact me off-list or on, this has had me
> > scratching my head for a while now.
> >
> > Thanks,
> >
> > --
> > Stetson Blake
> > Network Technician
> > DataYard
> > 130 West Second St.
> > Suite 250
> > Dayton, OH 45402
> >
> > http://datayardworks.com
> >
> >
> >
> >
> >
> >
>

Cisco Switch Matrix

[Shawn L]

Has anyone seen a good matrix of Cisco switches and their port-types, etc?
I'm looking for something where I can say 'I need a switch with X 10-gig
ports and Y 1-gig sfp ports, which models meet that criteria?'

I know I can look through all of the data sheets at cisco's website, but
there has to be a better way to see the specs of a large array of switches
at a glance.

thanks

Re: Carrier Grade NAT

[Shawn L]

Slightly off-topic but what are people using as a cpe device in a
dual-stack scenario like this?

On Friday, August 1, 2014, Lee Howard  wrote:

>
>
> On 7/30/14 3:45 PM, "joshua rayburn" >
> wrote:
>
> >
> >Starting in 3.10 code you can utilize Bulk Port Allocation to carve out
> >small consecutive port bundles for end users as to not mess up SIP
> >functionsand High Speed Logging to log individual customers ports for law
> >enforcement needs without overrunning your logging server.
>
>
> http://tools.ietf.org/html/rfc6056 documents a security concern with bulk
> port assignments.
>
> Lee
>
>
>

Fwd: Hurricane Electric packet loss

[Shawn L]

On our HE uplink, I'm seeing no packet loss until your hop #9
at that point I see alot


HOST:   Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- ***0.0%100.2   0.2   0.2   0.3   0.0
  2.|-- ***0.0%100.3   0.3   0.3   0.3   0.0
  3.|-- ***  0.0%104.4   4.5   4.3   4.6   0.0
  4.|-- gigabitethernet3-5.core1.  0.0%10   15.6  15.1  14.1  17.2   1.0
  5.|-- 10ge5-7.core1.mci3.he.net  0.0%10   26.2  26.7  26.2  30.1   1.0
  6.|-- 10ge5-1.core1.den1.he.net  0.0%10   39.7  39.7  39.5  40.2   0.0
  7.|-- 10ge14-5.core1.lax2.he.ne  0.0%10   66.8  65.9  63.5  68.4   1.6
  8.|-- 2001:504:13::3b0.0%10   73.0  73.0  72.8  73.1   0.0
  9.|-- 2402:7800:100:1::55   80.0%10   71.8  71.8  71.8  71.9   0.0
 10.|-- ten-0-5-0-0.cor01.syd04.n  0.0%10  228.0 228.1 227.9 228.3   0.0
 11.|-- ge-0-1-4.cor02.syd03.nsw.  0.0%10  228.4 228.4 228.3 228.6   0.0
 12.|-- 2402:7800:0:2::18a10.0%10  228.2 228.1 228.0 228.3   0.0
 13.|-- 2001:dcd:12::10   10.0%10  229.2 229.3 229.2 229.5   0.0



On Tue, Jul 22, 2014 at 2:48 AM, Wolfgang Nagele (AusRegistry)
 wrote:
> Hi,
>
> We’ve been customers of Hurricane Electric for a number of years now and
always been happy with their service.
>
> In recent months packet loss on some of their major routes has become a
very common (every few days) occurrence. Without knowledge of their network
I am unsure what’s the cause of it but we’ve seen it on the Tokyo - US
routes as well as the London - US routes. It reminds me of the Cogent
expansion which was carried out by unsustainable oversubscription which
eventually resulted in unusable service for a number of years. Having seen
some of the rates that HE has been selling for I can’t help but wonder if
they made the same mistake ...
>
> Here is an example of what’s going on again atm.
> HOST: prolocation01.ring.nlnog.ne Loss%   Snt   Last   Avg  Best  Wrst
StDev
>   1.|-- 2a00:d00:ff:136::253   0.0%110.3   0.3   0.3   0.4
0.0
>   2.|-- 2a00:d00:1:12::1   0.0%100.7   0.8   0.7   1.1
0.1
>   3.|-- hurricane-electric.nikhef  0.0%100.7   3.1   0.7   8.3
2.9
>   4.|-- 100ge9-1.core1.lon2.he.ne  0.0%109.8  12.6   8.0  19.2
4.1
>   5.|-- 100ge1-1.core1.nyc4.he.ne 10.0%10   74.7  74.6  73.7  80.8
2.3
>   6.|-- 10ge10-3.core1.lax1.he.ne 30.0%10  133.4 138.0 133.4 145.1
4.8
>   7.|-- 10ge1-3.core1.lax2.he.net 20.0%10  135.7 139.1 133.4 145.1
4.5
>   8.|-- 2001:504:13::3b   40.0%10  143.2 143.1 142.1 144.4
0.8
>   9.|-- 2402:7800:100:1::55   50.0%10  144.4 144.1 143.8 144.4
0.2
>  10.|-- 2402:7800:0:1::f6 60.0%10  298.7 298.4 298.2 298.7
0.2
>  11.|-- ge-0-1-4.cor02.syd03.nsw. 10.0%10  299.3 298.9 298.3 299.5
0.5
>  12.|-- 2402:7800:0:2::18a20.0%10  299.7 299.4 298.9 300.1
0.4
>  13.|-- 2001:dcd:12::10   30.0%10  299.8 299.5 298.8 300.0
0.5
>
> Is anybody else observing this as well?
>
> Cheers,
> Wolfgang

Re: Can anyone check this routing against Charter in WI?

[Shawn L]

It seems ok from here

traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets

 4  dtr02rhnlwi-bue-1.rhnl.wi.charter.com (96.34.16.250)  20.843 ms  21.236
ms  21.616 ms
 5  crr02euclwi-bue-7.eucl.wi.charter.com (96.34.17.32)  27.662 ms  36.047
ms  35.623 ms
 6  bbr02euclwi-bue-4.eucl.wi.charter.com (96.34.2.6)  29.236 ms  20.299
ms  22.945 ms
 7  bbr01chcgil-bue-1.chcg.il.charter.com (96.34.0.9)  42.318 ms  41.481
ms  41.870 ms
 8  prr01chcgil-bue-2.chcg.il.charter.com (96.34.3.9)  38.591 ms  39.788
ms  39.778 ms
 9  96-34-152-30.static.unas.mo.charter.com (96.34.152.30)  38.984 ms
38.960 ms  39.340 ms
10  209.85.244.3 (209.85.244.3)  37.632 ms 209.85.244.1 (209.85.244.1)
37.215 ms  36.797 ms
11  209.85.254.238 (209.85.254.238)  44.062 ms 72.14.237.133
(72.14.237.133)  44.463 ms 209.85.254.240 (209.85.254.240)  47.027 ms
12  72.14.238.104 (72.14.238.104)  49.036 ms 72.14.232.141 (72.14.232.141)
52.766 ms 209.85.248.214 (209.85.248.214)  50.605 ms
13  216.239.46.193 (216.239.46.193)  47.927 ms  47.469 ms 216.239.43.217
(216.239.43.217)  49.303 ms
14  * * *
15  google-public-dns-a.google.com (8.8.8.8)  51.746 ms  52.841 ms  48.300
ms



On Sat, Jun 14, 2014 at 1:01 PM, Mikeal Clark 
wrote:

> Hoping someone auditing the list can provide some insight or a back
> channel support option.
>
> I started having some good latency spikes last night, which have
> continued this morning, so I finally took a look at things and I am
> seeing a lot more routing than I expected.  Support is telling me this
> is normal but I don't remember this many replies on traceroute.  My
> speeds are about 1/5 the normal as well this morning and seeing some
> dropped packets even using a test sight inside Charter's network.
> This is just business cable so my support options are pretty limited.
>
> 410 ms14 ms13 ms
> dtr01shbywi-tge-0-3-0-23.shby.wi.charter.com [96.34.24.178]
>   518 ms11 ms17 ms  dtr01wbndwi-bue-2.wbnd.wi.charter.com
> [96.34.30.17]
>   612 ms11 ms11 ms  dtr02wbndwi-bue-1.wbnd.wi.charter.com
> [96.34.24.56]
>   717 ms11 ms11 ms  dtr02fdulwi-bue-3.fdul.wi.charter.com
> [96.34.30.19]
>   813 ms18 ms18 ms  dtr01fdulwi-bue-1.fdul.wi.charter.com
> [96.34.19.144]
>   919 ms14 ms15 ms  crr03fdulwi-bue-2.fdul.wi.charter.com
> [96.34.20.8]
>  1030 ms22 ms35 ms  crr02euclwi-bue-6.eucl.wi.charter.com
> [96.34.22.240]
>  1123 ms22 ms43 ms  bbr02euclwi-bue-4.eucl.wi.charter.com
> [96.34.2.6]
>  1222 ms34 ms19 ms  bbr01euclwi-bue-5.eucl.wi.charter.com
> [96.34.0.6]
>  1334 ms30 ms38 ms
> bbr01stcdmn-tge-0-0-0-3.stcd.mn.charter.com [96.34.0.115]
>  1442 ms43 ms52 ms  65.46.47.77
>  1578 ms78 ms92 ms  ae1d0.mcr2.minneapolis-mn.us.xo.net
> [216.156.1.86]
>  1693 ms82 ms82 ms  vb1711.rar3.denver-co.us.xo.net
> [216.156.0.173]
>  1781 ms95 ms82 ms  te-3-0-0.rar3.sanjose-ca.us.xo.net
> [207.88.12.58]
>  1883 ms82 ms98 ms  207.88.14.226.ptr.us.xo.net
> [207.88.14.226]
>  1981 ms78 ms78 ms  216.156.84.6.ptr.us.xo.net [216.156.84.6]
>  2077 ms78 ms88 ms
> xe-2-2-0-955.jnrt-edge02.prod1.netflix.com [69.53.225.30]
>  2186 ms78 ms78 ms  te1-8.csrt-agg02.prod1.netflix.com
> [69.53.225.10]
>  2279 ms78 ms82 ms  www.trynetflix.com [69.53.236.17]
>
>   412 ms11 ms 8 ms
> dtr01shbywi-tge-0-3-0-23.shby.wi.charter.com [96.34.24.178]
>   517 ms10 ms12 ms  dtr01wbndwi-bue-2.wbnd.wi.charter.com
> [96.34.30.17]
>   611 ms 9 ms15 ms  dtr02wbndwi-bue-1.wbnd.wi.charter.com
> [96.34.24.56]
>   715 ms18 ms18 ms  dtr02fdulwi-bue-3.fdul.wi.charter.com
> [96.34.30.19]
>   816 ms14 ms11 ms  dtr01fdulwi-bue-1.fdul.wi.charter.com
> [96.34.19.144]
>   920 ms14 ms15 ms  crr03fdulwi-bue-2.fdul.wi.charter.com
> [96.34.20.8]
>  1022 ms22 ms18 ms  crr02euclwi-bue-6.eucl.wi.charter.com
> [96.34.22.240]
>  1118 ms22 ms22 ms  bbr02euclwi-bue-4.eucl.wi.charter.com
> [96.34.2.6]
>  1235 ms30 ms31 ms  bbr01chcgil-bue-1.chcg.il.charter.com
> [96.34.0.9]
>  1327 ms27 ms27 ms  prr01chcgil-bue-2.chcg.il.charter.com
> [96.34.3.9]
>  1427 ms27 ms27 ms
> 96-34-152-30.static.unas.mo.charter.com [96.34.152.30]
>  1529 ms32 ms27 ms  209.85.244.1
>  1627 ms27 ms28 ms  209.85.254.238
>  1754 ms40 ms40 ms  209.85.248.214
>  1838 ms40 ms38 ms  216.239.43.217
>  19 *** Request timed out.
>  2044 ms40 ms40 ms  google-public-dns-a.google.com [8.8.8.8]
>

Re: FTTH ONTs and routers

[Shawn L]

Calix makes a number of ONTs some with residential gateways, some that are
just bridges


On Thu, May 15, 2014 at 1:24 PM, Aled Morris  wrote:

> I notice Cisco's new ME4600 ONT's come in two flavors, one (the
> "Residential GateWay") with all the bells and whistles that you'd expect in
> an all-in-one home router (voice ports, small ethernet switch, wifi access
> point) and another (the "Single Family Unit") that looks a lot more basic
> and is likely to be deployed as a bridge.
>
>
> http://www.cisco.com/c/en/us/products/collateral/switches/me-4600-series-multiservice-optical-access-platform/datasheet-c78-730446.html
>
> Aled
>
>
> On 15 May 2014 18:11, Jean-Francois Mezei  >wrote:
>
> >
> > It had been my impression that ONTs, like most other consumer modems,
> > came with built-in router capabilities (along with ATA for voice).
> >
> > The assertion that ONTs have built-in routing capabilities has been
> > challenged.
> >
> > Can anyone confirm whether ONTs generally have routing (aka: home router
> > that does the PPPoE or DHCP and then NAT for home) capabilities?
> >
> > Are there examples where a telco has deployed ONTs with the router
> > built-in and enabled ? Or would almost all FTTH deployments be made with
> > any routing disabled and the ONT acting as a pure ethernet bridge ?
> >
> >
> > (I appreciate your help on this as I am time constrained to do research).
> >
> >
>

Experience with Third-Party memory (Cisco)?

[Shawn L]

With all the talk lately about the growth in routes, I got to thinking
about upgrading the memory in a couple of my routers.

Does anyone have experience using third-party "guaranteed compatible"
memory.

With Cisco's discount it looks like I can upgrade for $5k vs $700 with
third party memory. I'm just wondering if others have used it, and how it's
performed, or if it isn't worth the risk.

thanks

Fwd: Getting pretty close to default IPv4 route maximum for 6500/7600 routers.

[Shawn L]

Do the ASR1k routers have this issue as well?  I searched around but
couldn't find any information.



-- Forwarded message --
From: Irwin, Kevin 
Date: Wed, May 7, 2014 at 10:39 AM
Subject: Re: Getting pretty close to default IPv4 route maximum for
6500/7600 routers.
To: "nanog@nanog.org" 


I¹m really surprised that most people have not hit this limit already,
especially on the 9K¹s, as it seems Cisco has some fuzzy math when it
comes to the 512K limit.

Also make sure you have spare cards when you reload after changing the
scaling, those old cards don¹t always like to come back.

On 5/6/14, 7:01 PM, "Larry Sheldon"  wrote:

>On 5/6/2014 10:39 AM, Drew Weaver wrote:
>
>> Just something to think about before it becomes a story the community
>> talks about for the next decade.
>
>Like we have for the last two?
>
>
>--
>Requiescas in pace o email   Two identifying characteristics
> of System Administrators:
>Ex turpi causa non oritur actio  Infallibility, and the ability to
> learn from their mistakes.
>   (Adapted from Stephen Pinker)

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you receive
this in error, please contact the sender and destroy any copies of this
document.

Re: BGPMON Alert Questions

[Shawn L]

I just received the same exact notification -- same AS announcing one of my
blocks.


On Wed, Apr 2, 2014 at 2:51 PM, Joseph Jenkins
wrote:

> So I setup BGPMON for my prefixes and got an alert about someone in
> Thailand announcing my prefix.  Everything looks fine to me and I've
> checked a bunch of different Looking Glasses and everything announcing
> correctly.
>
> I am assuming I should be contacting the provider about their
> misconfiguration and announcing my prefixes and get them to fix it.  Any
> other recommendations?
>
> Is there a way I can verify what they are announcing just to make sure they
> are still doing it?
>
> Here is the alert for reference:
>
> Your prefix:  8.37.93.0/24:
>
> Update time:  2014-04-02 18:26 (UTC)
>
> Detected by #peers:   2
>
> Detected prefix:  8.37.93.0/24
>
> Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network
> Provider,ID)
>
> Upstream AS:  AS4651 (THAI-GATEWAY The Communications Authority of
> Thailand(CAT),TH)
>
> ASpath:   18356 9931 4651 4761
>

Access Lists for Subscriber facing ports?

[Shawn L]

With all of the new worms / denial of service / exploits, etc. that are
coming out, I'm wondering what others are using for access-lists on
residential subscriber-facing ports.

We've always taken the stance of 'allow unless there is a compelling reason
not to', but with everything that is coming out lately, I'm not sure that's
the correct position any more.

thanks

Re: Fusion Splicer

[Shawn L]

It depends on what you mean by affordable and how much you're going to
use it.


On Tue, Mar 18, 2014 at 4:47 AM, Pui Edylie  wrote:

> Dear Member,
>
> Anyone can recommend a reliable and "affordable" fusion splicer please?
>
> Thanks!
>
>
>

Re: Cisco 7606 CPU Usage Problem

[Shawn L]

We had some similar issues whenever the BGP scanner process was running.
Ultimately we tracked down the issue to an access list that had the 'log'
statement appended to it, so it was logging all denies.  Removing that
cleared up the issue.


On Wed, Feb 5, 2014 at 2:34 AM, Shahab Vahabzadeh
wrote:

> Hi there,
> I have a Cisco 7606 with this module on it:
>
> WS-SUP32-GE-3B
>
>
> and I am using its own 8 port like this:
>
> 2 Port Layer two ether-channel uplink to my 4900 Cisco Switch and 1 Layer
> two uplink to Internet, and near 10 tunnel to my customers for internet
> exchange with BGP peering + some policy map for shaping tunnel interfaces.
> My ether-channel traffic on 600Mbps (each port 300Mbps) I get 90% cpu load
> and ping time problem on my router, what is the problem??
> And when I run: show processs cpu sorted
> I get a "Unknown" process eat the cpu process...
> I try lots of IOS version but it does not make difference.
>
> My IOS version is:
>
> c7600s3223-adventerprisek9-mz.150-1.S1.bin
>
>
>
> and some general configuration:
>
> no ip source-route
> > !
> > ip cef load-sharing algorithm original
> > no ip domain lookup
> > !
> > !
> > !
> > !
> > mls ip cef load-sharing full
> > no mls flow ip
> > no mls flow ipv6
> > mls qos
> > mls cef error action reset
> > multilink bundle-name authenticated
> > !
> > spanning-tree mode pvst
> > spanning-tree extend system-id
> > system flowcontrol bus auto
> > diagnostic bootup level minimal
> > port-channel load-balance src-ip
> > username admin secret 5 $1$g6WX$LaQbPyD3qIaHsF5qTqt8g0
> > !
> > redundancy
> >  main-cpu
> >   auto-sync running-config
> >  mode sso
> > !
> > !
> > !
> > !
> > vlan internal allocation policy ascending
> > vlan access-log ratelimit 2000
>
>
> Thanks
>
> --
> Regards,
> Shahab Vahabzadeh, Network Engineer and System Administrator
>
> Cell Phone: +1 (415) 871 0742
> PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81  C2EE 76A2 46C2 5367 BF90
>

Re: Meraki

[Shawn L]

If you have one of their routers, etc. you cannot lock yourself out of the
device.  You can always web to the 'inside' interface and make basic
configuration changes.  It's not going to let you do policy stuff, etc. but
will let you do enough to establish / re-establish network connectivity.


On Tue, Nov 19, 2013 at 4:34 PM, Warren Bailey <
wbai...@satelliteintelligencegroup.com> wrote:

> They give you a free ap for listening to their pitch.. We love them.
> Expensive.. But responsive and responsible.. Which is pretty hard to find
> in Wi-Fi land. Pretty interface and lots of little bells and whistles..
> They have my vote from what we evaluated (ubnt, Blahblahblah).
>
>
> Sent from my Mobile Device.
>
>
>  Original message 
> From: "Pedersen, Sean" 
> Date: 11/19/2013 12:00 PM (GMT-09:00)
> To: NANOG 
> Subject: RE: Meraki
>
>
> I started to look into them for personal and limited small business use,
> but stopped short when I realized their cloud management platform is
> subscription-based. Unless I've missed something, you cannot deploy your
> own internal management platform. It's all licensed through Meraki/Cisco,
> which means if you lose your Internet connection, you lose management
> access to your gear. That could be a deal-killer in certain environments.
> Maybe someone with more experience on the platform could correct me there.
>
> -Original Message-
> From: Hank Disuko [mailto:gourmetci...@hotmail.com]
> Sent: Tuesday, November 19, 2013 10:26 AM
> To: NANOG
> Subject: Meraki
>
> Hi folks,
>
> I've traditionally been a Cisco Catalyst shop for my switching gear.
>
> I am doing a significant hardware refresh in one of my offices, which will
> entail replacing about 20 access switches and a couple core devices.
>  Pretty simple L3 VLAN environment with VRRP/HSRP, on the physical end I
> have 1G fibre/copper and 10G fibre.  My core switch of choice will likely
> be the Cat 4500 series.
>
> I'm considering Cisco's Meraki platform for my access layer and I'm
> looking for deployment stories of folks that have deployed Meraki in the
> past...good/bad/ugly kinda stuff.
>
> I know Meraki hardcores were upset when Cisco acquired them, but not
> exactly sure why.
>
> Anyway, any thoughts would be useful.  Thanks!
>
> -Hank
>
>
>

Re: OT: Below grade fiber interconnect points

[Shawn L]

There are a couple of ways to do this.  If you're going to keep everything
below grade in a man hole or cable vault of some type, you definitely need
to have it in a sealed splicing enclosure.  That means instead of using a
patch panel, everything has to be fusion spliced.  You'll get less loss
because it's a direct splice, but changing things later becomes a pain.

The other option is to use an outdoor fiber patch cabinet / pedestal.
There are multiple outdoor rated above ground fiber cross connect cabinets
available that you could probably find an unobtrusive place to install.
Or, there are several manufacturers (3M, etc.) that make fiber cross
connects that fit in a plastic version of a standard telco pedestal which
you could pretty much place anywhere.




On Wed, Nov 13, 2013 at 9:04 PM, Justin M. Streiner  wrote:

> On Wed, 13 Nov 2013, Roy Hockett wrote:
>
>  Thank you for comments. Let me clarify the situation.  We have a building
>> that has been fiber cross connect
>> location and is being demolished.  This location has about 20 fiber cable
>> entering where we patch between
>> fiber paths.  If we relocated these cross connect field to another
>> building and that build is demolished we have
>> to do this all over again, so the desire was to have an independent
>> facility for the fiber cross connect field, but
>> I am guessing due to esthetics the below ground vault was selected, we
>> just learned of this selection and thus
>> my query to this group to find other that have dealt with similar
>> situations and if so, experience base recommendations,
>> and things to be aware of.
>>
>
> If the vault has a controlled environment and access, similar to what you
> would find inside of a comms room, that's one thing.  If it's more like a
> typical manhole (damp, dirty, dark, possible temperature extremes, other
> utilities/hazards), then the only thing that should be in there is a
> water-tight splice case.  Fiber patches need to be in a clean environment.
>
> Did this project provide any funds for relocation or replacement of the
> communications facilities that would be lost due to the demolition?  We've
> gone through this many times on our campus.
>
> jms
>
>