Re: Colo in Africa

2019-07-16 Thread Sina Owolabi 
If Nigeria is a possible location, you have a few, off the top of my
head is any telco's colo (MTN, Airtel, Glo, or 9Mobile), and there's
RackCentre, MainOne and I think IPNX for colo (virtual and bare
metal).

On Tue, Jul 16, 2019 at 11:48 PM Ken Gilmour  wrote:
>
> What matters is whether or not we can get a facility in Africa to provide 
> service to our customers from Bare Metal Servers :)
>
> On Tue, 16 Jul 2019 at 16:07, C. A. Fillekes  wrote:
>>
>> Are they refreshing data they've already got, though?
>> This is the classic use case for client-side caching.
>>
>> On Tue, Jul 16, 2019 at 5:56 PM Ken Gilmour  wrote:
>>>
>>> We have a different use case to traditional analytics - We're aimed at 
>>> consumers and small businesses, so instead of a SOC with one big screen 
>>> refreshing 1 rows of only alert data every 30 seconds, we have 
>>> thousands of individuals refreshing all of their data every 30 seconds 
>>> because there are comparatively less alerts for individuals than 
>>> enterprises.
>>>
>>> What you "should" do often doesn't translate to what you "do" do.
>>>
>>> On Tue, 16 Jul 2019 at 11:23, Valdis Klētnieks  
>>> wrote:
>>>>
>>>> On Tue, 16 Jul 2019 10:39:59 -0600, Ken Gilmour said:
>>>>
>>>> > These are actual real problems we face. thousands of customers load and
>>>> > reload TBs of data every few seconds on their dashboards.
>>>>
>>>> If they're reloading TBs of data every few seconds, you really should have 
>>>> been
>>>> doing summaries during data ingestion and only reloading the summaries.
>>>> (Overlooking the fact that for dashboards, refreshing every few seconds is
>>>> usually pointless because you end up looking at short-term statistical 
>>>> spikes
>>>> rather than anything that you can react to at human speeds.  If you *care* 
>>>> in
>>>> real time that the number of probes on a port spiked to 457% of average 
>>>> for 2
>>>> seconds you need to be doing automated responses
>>>>
>>>> Custom queries are more painful - but those don't happen "every few 
>>>> seconds".



-- 

cordially yours,

Sina Owolabi

+2348176469061

Internet connectivity in Nigeria

2017-06-18 Thread Sina Owolabi 
Hi All

Currently having a terrible situation in Nigeria where the GLO1 and
MainOne cables appear to be both down.
Can anyone suggest a good Nigerian ISP with redundancies enough to
overcome at least two of the following dying out?

SAT-3
WACS
GLO1
ACE
MainOne

Please dont say MTN or any of the Nigerian telcos, except there are no
other options, customer service will leave you trying to commit bodily
harm.

Re: Internet connectivity in Nigeria

2017-06-18 Thread Sina Owolabi 
PCCW? I dont think I've heard of them

On Sun, Jun 18, 2017 at 8:10 PM, Rod Beck
 wrote:
>
> PCCW has a strong presence in Africa and they are easy to work with.
>
>
> - R.
>
> 
> From: NANOG  on behalf of Sina Owolabi
> 
> Sent: Sunday, June 18, 2017 8:59:41 PM
> To: nanog@nanog.org list
> Subject: Internet connectivity in Nigeria
>
> Hi All
>
> Currently having a terrible situation in Nigeria where the GLO1 and
> MainOne cables appear to be both down.
> Can anyone suggest a good Nigerian ISP with redundancies enough to
> overcome at least two of the following dying out?
>
> SAT-3
> WACS
> GLO1
> ACE
> MainOne
>
> Please dont say MTN or any of the Nigerian telcos, except there are no
> other options, customer service will leave you trying to commit bodily
> harm.

Re: Internet connectivity in Nigeria

2017-06-18 Thread Sina Owolabi 
Yes I just tried a very comforting traceroute

traceroute ip 63.223.7.7
Sun Jun 18 20:52:28.946 GMT
Tracing the route to 63.223.7.7
1 TenGE13-3.br03.chc01.pccwbtn.net (63.218.4.253) [MPLS: Label 24967
Exp 0] 182 msec
TenGE12-2.br03.chc01.pccwbtn.net (63.218.4.249) 182 msec
TenGE13-3.br03.chc01.pccwbtn.net (63.218.4.253) 182 msec
2 TenGE13-3.br03.chc01.pccwbtn.net (63.218.4.253) [MPLS: Label 24967
Exp 0] 181 msec
TenGE12-2.br03.chc01.pccwbtn.net (63.218.4.249) 182 msec 181 msec
3 TenGE15-0.cr04.chc01.pccwbtn.net (63.218.4.193) [MPLS: Label 5035
Exp 0] 181 msec 181 msec 181 msec
4 pos2-0.cr04.nyc02.pccwbtn.net (63.218.4.38) [MPLS: Label 20449 Exp
0] 181 msec 181 msec 180 msec
5 pos4-0.cr04.ldn01.pccwbtn.net (63.218.12.85) [MPLS: Label 24363 Exp
0] 181 msec 181 msec 181 msec
6 ge0-1.204.var01.los01.pccwbtn.net (63.223.7.41) 181 msec * 180 msec
read timed-out
Query Complete

On Sun, Jun 18, 2017 at 9:01 PM, Joel Jaeggli  wrote:
>
>
> Sent from my iPhone
>
> On Jun 18, 2017, at 12:29, Sina Owolabi  wrote:
>
> PCCW? I dont think I've heard of them
>
>
> Pccw would be sat3 glo1 and wacs maybe others.
>
> http://mediafiles.pccwglobal.com/images/downloads/Inf_map.pdf
>
> Their looking glass can give you some idea into their reach with Nigeria
> with a little experimentation.
>
> http://lookingglass.pccwglobal.com/
>
> That said sat3 and glo1 combined have something like an order of magnitude
> less capacity than wacs so the survival / utility of any of the older
> systems when losing the newest ones is probably less than complete.
>
>
> On Sun, Jun 18, 2017 at 8:10 PM, Rod Beck
>  wrote:
>
>
> PCCW has a strong presence in Africa and they are easy to work with.
>
>
>
> - R.
>
>
> 
>
> From: NANOG  on behalf of Sina Owolabi
>
> 
>
> Sent: Sunday, June 18, 2017 8:59:41 PM
>
> To: nanog@nanog.org list
>
> Subject: Internet connectivity in Nigeria
>
>
> Hi All
>
>
> Currently having a terrible situation in Nigeria where the GLO1 and
>
> MainOne cables appear to be both down.
>
> Can anyone suggest a good Nigerian ISP with redundancies enough to
>
> overcome at least two of the following dying out?
>
>
> SAT-3
>
> WACS
>
> GLO1
>
> ACE
>
> MainOne
>
>
> Please dont say MTN or any of the Nigerian telcos, except there are no
>
> other options, customer service will leave you trying to commit bodily
>
> harm.
>
>

Re: Is there a method or tool(s) to prove network outages?

2013-12-01 Thread Sina Owolabi 
No, I don't. 
Sent from my BlackBerry wireless device from MTN

-Original Message-
From: "Dobbins, Roland" 
Date: Sun, 1 Dec 2013 17:20:51 
To: nanog@nanog.org list
Subject: Re: Is there a method or tool(s) to prove network outages?


On Dec 1, 2013, at 11:56 PM, Notify Me  wrote:

> Is there some set of command incantations I can run who's output I can 
> collect and send to them (besides some sort of sustained ping)?

Do you have wireless CPE within your span of administrative control?

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton

Re: Is there a method or tool(s) to prove network outages?

2013-12-01 Thread Sina Owolabi 
I'm actually halfway through trying to setup a smokeping appliance. 

Sent from my BlackBerry wireless device from MTN

-Original Message-
From: joel jaeggli 
Date: Sun, 01 Dec 2013 09:38:39 
To: Dobbins, Roland; nanog@nanog.org list
Subject: Re: Is there a method or tool(s) to prove network outages?

On 12/1/13, 9:23 AM, Dobbins, Roland wrote:
> 
> On Dec 2, 2013, at 12:19 AM, joel jaeggli  wrote:
> 
>> Given a measurement target on the customer side and smokeping instance on 
>> your side you can actively measure the availability/latency/loss
>> rates between them.
> 
> I think he's actually the end-customer, and he's saying that his upstream 
> transit ISP won't accept non-RF-specific diags . . .

and if you don't control any of the air interfaces you don't get that.

> ---
> Roland Dobbins  // 
> 
> Luck is the residue of opportunity and design.
> 
>  -- John Milton
>

Re: Is there a method or tool(s) to prove network outages?

2013-12-01 Thread Sina Owolabi 
Thanks a lot, ill definitely consider it. 

Sent from my BlackBerry wireless device from MTN

-Original Message-
From: Andrew D Kirch 
Date: Sun, 01 Dec 2013 13:40:44 
To: 
Subject: Re: Is there a method or tool(s) to prove network outages?

Sina,

I'd recommend using Zenoss to monitor the remote end of the link at 
least with /Status/Ping.  You'll get alerts when Zenoss can't ping 
across the link, and may be able to set up SNMP traps on your router for 
the link itself going down.

DISCLOSURE: I work for Zenoss, however I used Zenoss core long before 
they decided to pay me money.

Good luck with dealing with your ISP, it's _ALWAYS_ a pain in situations 
like this.

Andrew


On 12/1/2013 11:56 AM, Notify Me wrote:
> Hi Everyone
>
> Please I have a very problematic radio link which goes out and back on
> again every few hours.
> The only way I know this is happening is from my gateway device: a Sophos
> UTM that sends email anytime there's been an outage.
>
> The ISP refuses to accept this as outage/instability proof, and I'm
> wondering if there's something I can run behind the gateway UTM that can
> provide output information over time.
> They seem to be a primarily Windows+Cisco shop (as is common here in the
> 4th world). We are primarily Linux.
>   Is there some set of command incantations I can run who's output I can
> collect and send to them (besides some sort of sustained ping)?
>
> Thanks in advance!
>
> Sina

Re: Is there a method or tool(s) to prove network outages?

2013-12-01 Thread Sina Owolabi 
Hmm. Great points. Didn't think of that. 

Sent from my BlackBerry wireless device from MTN

-Original Message-
From: Matt Palmer 
Date: Mon, 2 Dec 2013 06:50:31 
To: 
Subject: Re: Is there a method or tool(s) to prove network outages?

On Sun, Dec 01, 2013 at 05:56:51PM +0100, Notify Me wrote:
> Please I have a very problematic radio link which goes out and back on
> again every few hours.
> The only way I know this is happening is from my gateway device: a Sophos
> UTM that sends email anytime there's been an outage.
> 
> The ISP refuses to accept this as outage/instability proof, and I'm
> wondering if there's something I can run behind the gateway UTM that can
> provide output information over time.

I'm surprised nobody's mentioned the root question to answer before you go
off spending time setting up anything in particular: what *will* the ISP
accept (or be forced to accept) as outage/instability proof?  Contracts are
your first line of defence, but it's nigh-on universal that they don't cover
these sorts of situations well enough.  So you probably need to have a
discussion, as a follow-on from being told that your UTM's e-mails *aren't*
sufficient, to determine what *is* sufficient.

Once you've got that, only then can you evaluate appropriate methods of
gathering the necessary data to support a claim of an outage.  I like the
*idea* of smokeping, but when gathering data on complete service loss (which
was my use case for it as well) I found its methods of collecting and
displaying that data to be very suboptimal and counter-intuitive.

For something small and once-off like this, I'd probably just break out my
text editor and script up something that would collect the relevant data and
process it into the acceptable form.

- Matt

Re: Is there a method or tool(s) to prove network outages?

2013-12-01 Thread Sina Owolabi 
Its cyclical, but I have not tried to graph/measure its repetition before now 
(when I noticed the emails filling up my inbox). 
Body of tidal water..could be, but I wasn't involved in the installation so I 
can't actually tell where the antennas are pointing. 
Sent from my BlackBerry wireless device from MTN

-Original Message-
From: William Waites 
Date: Sun, 01 Dec 2013 20:14:46 
To: 
Cc: 
Subject: Re: Is there a method or tool(s) to prove network outages?

On Sun, 1 Dec 2013 17:56:51 +0100, Notify Me  said:

> I have a very problematic radio link which goes out and back on
> again every few hours.

Is "every few hours" regular/cyclical? Does the radio link cross a
tidal body of water?

-w

Re: Is there a method or tool(s) to prove network outages?

2013-12-01 Thread Sina Owolabi 
Thanks a lot for the in-depth insights, all. Ill be doing a lot of "sleuthing" 
in the next few days based on all this information. 
Sent from my BlackBerry wireless device from MTN

-Original Message-
From: Warren Bailey 
Date: Mon, 2 Dec 2013 03:09:13 
To: Dobbins, Roland; nanog@nanog.org
Subject: Re: Is there a method or tool(s) to prove network outages?

Keep in mind that inter web traffic has nothing to do with the overall
health of the radio link. In RF land, we really don¹t care what is going
over that link - just that we have enough RSL hitting the receiver to be
above threshold thus allowing the box to demodulate that signal. If your
radio is sitting at a threshold RSL of -108 and you¹re coming in at -105,
big trouble in little China (3dB fade murdered your link). Stop thinking
like a network engineer.. If your DS-1 was taking hits, an ICMP request
(or lack thereof) would mean little (read: zero) to me as an RF Engineer.
I want to see the BER/PER of the circuit over time so I can correlate
possible trouble with real world issues.

With that being said.. the tidal issue comes up a lot, and more times than
not I see someone who said ³Point that dish over there² and when it
magically works they have earned the title of ³Best RF Engineer in
History² until the tide rolls in and their link suddenly has ³issues². The
invention of cheap wireless has caused many people to believe they have in
depth wireless experience, and that is usually not the case.

Not trying to preach, but I¹ve spent a *TON* of time and other people¹s
money in multi path land.. If someone was responsible for the proper
design of the link multi path would not be a factor as it would be
addressed early on in the link. You are not going to gain much traction
with a wireless company when you call and tell them your pings aren¹t
working.. They are kind of like parents.. They just don¹t understand. ;)

//warren
Ps - I welcome any replies on or off list.. I know how frustrating it can
be to have a link that seems to work well until you look at it, so I
probably have a bit more compassion than others when talking about broken
Microwave/Satellite hops.

On 12/1/13, 5:40 PM, "Dobbins, Roland"  wrote:

>
>On Dec 2, 2013, at 6:26 AM, Warren Bailey
> wrote:
>
>> I would hold off on considering Multipath as a problem until you see
>>the RSL. 
>
>Concur. It could also be related to precipitation or other adverse
>conditions.
>
>Or, in fact, it could be related to the 'UTM' box and/or something else
>on the endpoint network.  It could be a periodic DDoS attack, or traffic
>causing an availability hit as an unintended consequence.
>
>It's difficult to say without data.  Since the OP has the ability to
>gather IP-level data on his own network, he should utilize whatever
>instrumentation and telemetry he can set up in order to diagnose the
>issue as accurately as possible.
>
>And the OP should dig out his SLA and see what it says about the
>obligations of his upstream.
>
>---
>Roland Dobbins  // 
>
> Luck is the residue of opportunity and design.
>
>  -- John Milton
>
>

Help Needed Segmenting Existing Network with Sophos UTM Cisco Catalyst switches and RHEL6 Hypervisors

2015-05-22 Thread Sina Owolabi 
Hi!


I am in a bit of a planning and implementation quandary and I'm hoping
to solicit implementation assistance on an already existing network
which needs to have segmentation and security.

I have only remote access to the network which comprises a number of
Red Hat Linux 6-based hypervisor servers (hosting a multiplicity of
virtual machines in different networks), a Sophos UTM gateway device
(specifically ASG220) serving as a router, and two Cisco Catalyst 2960
switches (one on the internet side of the UTM gateway, and the other
allowing access to the UTM from the RHEL6 hypervisors).


There are a number of subnets defined on both the hypervisors and the
virtual machines, all using the Sophos UTM as their gateway to each
other, and to the internet. My task is to properly segregate access
and traffic between the devices, which do not have VLANs defined on
them. Remotely.

My question is, can I create VLANs, and their trunk ports on the 2960
switches (especially on the LAN switch) that will segregate traffic
between the networks defined on the UTM, the hypervisors and their
guest machines, without causing network downtime?

Is it best to attack the switches first, creating the VLANs there,
before implementing VLANs on the UTM and the hypervisors?

I would be grateful for any planning assistance. The data center is a
long way away, and any downtime will be catastrophic.


Thanks in advance!

Re: Help Needed Segmenting Existing Network with Sophos UTM Cisco Catalyst switches and RHEL6 Hypervisors

2015-05-23 Thread Sina Owolabi 
Diagramming is a little difficult right now,  but think of the current
state as router-on-a-stick without VLANs, that needs to have VLANs setup.

On Sat, May 23, 2015, 6:57 AM olushile akintade  wrote:

> Can you provide a quick diagram with the current subnet and traffic path?
> On Fri, May 22, 2015 at 7:51 PM Sina Owolabi 
> wrote:
>
>> Hi!
>>
>>
>> I am in a bit of a planning and implementation quandary and I'm hoping
>> to solicit implementation assistance on an already existing network
>> which needs to have segmentation and security.
>>
>> I have only remote access to the network which comprises a number of
>> Red Hat Linux 6-based hypervisor servers (hosting a multiplicity of
>> virtual machines in different networks), a Sophos UTM gateway device
>> (specifically ASG220) serving as a router, and two Cisco Catalyst 2960
>> switches (one on the internet side of the UTM gateway, and the other
>> allowing access to the UTM from the RHEL6 hypervisors).
>>
>>
>> There are a number of subnets defined on both the hypervisors and the
>> virtual machines, all using the Sophos UTM as their gateway to each
>> other, and to the internet. My task is to properly segregate access
>> and traffic between the devices, which do not have VLANs defined on
>> them. Remotely.
>>
>> My question is, can I create VLANs, and their trunk ports on the 2960
>> switches (especially on the LAN switch) that will segregate traffic
>> between the networks defined on the UTM, the hypervisors and their
>> guest machines, without causing network downtime?
>>
>> Is it best to attack the switches first, creating the VLANs there,
>> before implementing VLANs on the UTM and the hypervisors?
>>
>> I would be grateful for any planning assistance. The data center is a
>> long way away, and any downtime will be catastrophic.
>>
>>
>> Thanks in advance!
>>
>

Re: Help Needed Segmenting Existing Network with Sophos UTM Cisco Catalyst switches and RHEL6 Hypervisors

2015-05-23 Thread Sina Owolabi 
Thanks Baldur. I am definitely planning on doing that.

Eric, no the VMs are not all segregated, they are all blended
together. You can find a 192.168 sharing the same physical host as a
10.10.
I've never played with OpenVSwitch before, though. Would introducing
it here lead to any further complexities?

On Sat, May 23, 2015 at 8:05 PM, Baldur Norddahl
 wrote:
> The answer to this one is easy. Yes, there is very likely a series of
> steps, that will achieve what you want remotely. But...
>
> "The data center is a long way away, and any downtime will be catastrophic".
>
> The slightest misstep and you will be down until you arrive at the site. So
> do not even think about trying this. You go there and you do it at night,
> when the impact of a mistake is less.
>
> Regards,
>
> Baldur

Re: eBay is looking for network heavies...

2015-06-11 Thread Sina Owolabi 
I'm curious. What reading and comprehension level does one need to be
considered a network heavy? No snark, I really would like to know.

On Thu, Jun 11, 2015, 6:01 AM Mark Foster  wrote:

>
>
> On 11/06/2015 4:46 p.m., Alex White-Robinson wrote:
> > Matthew Petach  wrote:
> >
> >> On a slightly different note, however--while it's good to
> >> have an appreciation of the past and how we got here,
> >> I think it's wise to also recognize we as an industry
> >> have some challenges bringing new blood in--and
> >> treating it too much like a sacred priesthood with
> >> cabalistic knowledge and initiation rites isn't going
> >> to help us bring new engineers into the field to
> >> take over for us crusty old farts when our eyes
> >> give out and we can't type into our 9600 baud
> >> serial consoles anymore.
> >>
> >> Matt
> >> CCOF #1999322002 [0]
> > I've seen very little attention paid to junior talent in the last few
> > years, and know a few people who would have been talented engineers that
> > never got a chance to show it.
> > They moved into other industries because of the lack of junior roles.
> >
> > I know very few people in network engineering that are under thirty, and
> > not that many under thirty five.
>
> An interesting statement; both my current network engineering team
> members are under 35 (and one is under 30) - i'm actually on the hunt
> for a slightly more senior resource at the moment to take up a vacant
> Team Leader role, and the candidates i've had apply are generally in
> their 30's.
>
> But perhaps New Zealand is a different audience to the North American
> continent. Fair enough.
>
> My career started as a Network Junior and i'm keen to facilitiate
> opportunities to move upward for others who're in similar circumstances
> to that which I was in ~10 years ago, surely i'm not that unusual...??
>
> Mark.
>
>
>

Whats' a good product for a high-density Wireless network setup?

2015-06-18 Thread Sina Owolabi 
Hi

We are profiling equipment and design for an expected high user density
network of multiple, close nit, residential/hostel units. Its going to be
8-10 buildings with possibly a over 1000 users at any given time.
We are looking at Ruckus and Ubiquiti as options to get over the high
number of devices we are definitely going to encounter.

How did you do it, and what would you advise for product and layout?

Thanks in advance!

Re: Whats' a good product for a high-density Wireless network setup?

2015-06-19 Thread Sina Owolabi 
Thanks! Everything is still in planning stage, though. Management is
leaning toward Ruckus.
Can I get suggestions for authentication and billing systems for wireless
users too?

Thanks for all the wisdom so far

On Fri, Jun 19, 2015 at 7:54 AM Bartek Krawczyk 
wrote:

> I've got really great experience with Aruba. Don't know if it fits
> your budged, though.
>
> Rebards,
>
> On 19 June 2015 at 08:24, Tyler Mills  wrote:
> > With that many users I cannot recommend Ubiquiti, Ruckus would be the way
> > to go.
> >
> > On Fri, Jun 19, 2015 at 1:58 AM Sina Owolabi 
> wrote:
> >
> >> Hi
> >>
> >> We are profiling equipment and design for an expected high user density
> >> network of multiple, close nit, residential/hostel units. Its going to
> be
> >> 8-10 buildings with possibly a over 1000 users at any given time.
> >> We are looking at Ruckus and Ubiquiti as options to get over the high
> >> number of devices we are definitely going to encounter.
> >>
> >> How did you do it, and what would you advise for product and layout?
> >>
> >> Thanks in advance!
> >>
> > --
> > Tyler W. Mills
> > Infrastructure and Network Engineer
> > Atlanta,  GA.
>
>
>
> --
> Bartek Krawczyk
>

Re: Whats' a good product for a high-density Wireless network setup?

2015-06-20 Thread Sina Owolabi 
Thanks everybody. I've been corrected on density... I've been informed that
it's to be a minimum of 1000 users per building.
That's 8,000 users. (8 buildings, not counting walkways and courtyards,
admin, etc.)
Does this qualify as high-density?

On Sat, Jun 20, 2015 at 5:33 AM Ray Soucy  wrote:

> Well, I could certainly be wrong, but it's news to me if UBNT started
> supporting DFS in the US.
>
> Your first screenshot is listing the UAP for 5240 which is channel 48,
> U-NII-1.  The second show 5825 which is the upper limit of U-NNI-3.  I
> don't see any U-NII-2 in what you posted.
>
> This forum post may be a bit out of date, but I haven't seen any
> announcement or information on the forums to indicate the situation has
> changed, and I'm pretty good at searching:
>
> https://community.ubnt.com/t5/UniFi-Wireless/DFS/m-p/700461#M54771
>
> From this thread it looks like the ability to configure DFS channels in the
> US was a UI bug and only showing for ZH anyway.  IIRC they actually got in
> a bit of trouble with the FCC over not restricting the use of these
> channels enough.
>
> Regardless of whether or not the FCC has cleared UBNT indoor products for
> U-NII-2 and U-NII-2-extended (and I haven't seen evidence of that yet),
> until you can configure APs to use those channels in the controller without
> violating FCC regulations I don't consider them usable.
>
> The UAP-AC doesn't seem to support DFS channels at all even without FCC
> restrictions, which kind of kills the point of AC, only 4 x 40 MHz or 2 x
> 80 MHz channels doesn't cut it when we're talking about density.
>
> Note we're talking about indoor wireless and there ARE some UBNT products
> for outdoor WISP use that do support DFS and have been cleared by the FCC,
> but we would only be looking at the UAP-PRO or UAP-AC in this case so maybe
> that's the point of confusion here.
>
>
>
>
> On Fri, Jun 19, 2015 at 11:36 PM, Faisal Imtiaz 
> wrote:
>
> > FCC Cert claims different.
> >
> > :)
> >
> > Faisal Imtiaz
> > Snappy Internet & Telecom
> > 7266 SW 48 Street
> > Miami, FL 33155
> > Tel: 305 663 5518 x 232
> >
> > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
> >
> > --
> >
> > *From: *"Josh Luthman" 
> > *To: *"Faisal Imtiaz" 
> > *Cc: *"NANOG list" , "Ray Soucy" 
> > *Sent: *Friday, June 19, 2015 9:16:37 PM
> >
> > *Subject: *Re: Whats' a good product for a high-density Wireless network
> > setup?
> >
> > Uhm he's not wrong...
> >
> > Josh Luthman
> > Office: 937-552-2340
> > Direct: 937-552-2343
> > 1100 Wayne St
> > Suite 1337
> > Troy, OH 45373
> > On Jun 19, 2015 9:13 PM, "Faisal Imtiaz" 
> wrote:
> >
> >> >>>The thing you need to watch out for with Ubiquiti is that they don't
> >> support DFS, so the entire U-NII-2 channel space is off limits for 5
> GHz.
> >>
> >> Huh 
> >>
> >> Please verify your facts before making blanket statements which are not
> >> accurate ...
> >>
> >>
> >>
> >> Faisal Imtiaz
> >> Snappy Internet & Telecom
> >>
> >>
> >> - Original Message -
> >> > From: "Ray Soucy" 
> >> > To: "Sina Owolabi" 
> >> > Cc: "nanog@nanog.org list" 
> >> > Sent: Friday, June 19, 2015 7:07:01 PM
> >> > Subject: Re: Whats' a good product for a high-density Wireless network
> >> setup?
> >> >
> >> > I know you don't want to hear this answer because of cost but I've had
> >> good
> >> > luck with Cisco for very high density (about 1,000 clients in a packed
> >> > auditorium actively using the network as they follow along with the
> >> > presenter).
> >> >
> >> > The thing you need to watch out for with Ubiquiti is that they don't
> >> > support DFS, so the entire U-NII-2 channel space is off limits for 5
> >> GHz.
> >> > That's pretty significant because you're limited to 9 x 20 MHz
> channels
> >> or
> >> > 4 x 40 MHz channels.  Keeping the power level down and creating small
> >> cells
> >> > is essential for high density, so with less channels your hands are
> >> really
> >> > tied in that case.  Also, avoid the Zero Handoff marketing nonsense
>

Re: Whats' a good product for a high-density Wireless network setup?

2015-06-20 Thread Sina Owolabi 
I'd be grateful for any information on how to calculate for large scale
wifi deployment

On Sat, Jun 20, 2015 at 2:01 PM Ray Soucy  wrote:

> Compared to the old model of just providing coverage, it's definitely
> higher density.  I think the point I was trying to make is that the old
> high density is the new normal, and what most on list would consider high
> density is more along the lines of stadium wireless.  I wouldn't really
> focus on the term too much, though.  It's just a distraction from the real
> question.
>
> The answer as always is "it depends".  Without detailed floor plans,
> survey information, and information on what kind of demand users will place
> on the network, there is really no way to tell you what solution will work
> well.
>
> If you need to service residential areas or hostel units you might be
> better off looking at some of the newer AP designs that have come out in
> the last year or so targeting that application, like the Cisco 702 or the
> Xirus 320.
>
> The general design of these units is that they're both a low-power AP and
> a small switch to provide residents with a few ports to plug in if they
> need to.  This allows you to have one cable drop to each room instead of
> having to run separate jacks for APs and wired connections.  The units are
> wall-mount and if you have a challenging RF environment this design can be
> really effective.
>
> I've never run Xirrus personally, but I think they were used for the last
> NANOG conference.
>
>
>
>
>
> On Sat, Jun 20, 2015 at 6:41 AM, Sina Owolabi 
> wrote:
>
>> Thanks everybody. I've been corrected on density... I've been informed
>> that it's to be a minimum of 1000 users per building.
>> That's 8,000 users. (8 buildings, not counting walkways and courtyards,
>> admin, etc.)
>> Does this qualify as high-density?
>>
>> On Sat, Jun 20, 2015 at 5:33 AM Ray Soucy  wrote:
>>
>>> Well, I could certainly be wrong, but it's news to me if UBNT started
>>> supporting DFS in the US.
>>>
>>> Your first screenshot is listing the UAP for 5240 which is channel 48,
>>> U-NII-1.  The second show 5825 which is the upper limit of U-NNI-3.  I
>>> don't see any U-NII-2 in what you posted.
>>>
>>> This forum post may be a bit out of date, but I haven't seen any
>>> announcement or information on the forums to indicate the situation has
>>> changed, and I'm pretty good at searching:
>>>
>>> https://community.ubnt.com/t5/UniFi-Wireless/DFS/m-p/700461#M54771
>>>
>>> From this thread it looks like the ability to configure DFS channels in
>>> the
>>> US was a UI bug and only showing for ZH anyway.  IIRC they actually got
>>> in
>>> a bit of trouble with the FCC over not restricting the use of these
>>> channels enough.
>>>
>>> Regardless of whether or not the FCC has cleared UBNT indoor products for
>>> U-NII-2 and U-NII-2-extended (and I haven't seen evidence of that yet),
>>> until you can configure APs to use those channels in the controller
>>> without
>>> violating FCC regulations I don't consider them usable.
>>>
>>> The UAP-AC doesn't seem to support DFS channels at all even without FCC
>>> restrictions, which kind of kills the point of AC, only 4 x 40 MHz or 2 x
>>> 80 MHz channels doesn't cut it when we're talking about density.
>>>
>>> Note we're talking about indoor wireless and there ARE some UBNT products
>>> for outdoor WISP use that do support DFS and have been cleared by the
>>> FCC,
>>> but we would only be looking at the UAP-PRO or UAP-AC in this case so
>>> maybe
>>> that's the point of confusion here.
>>>
>>>
>>>
>>>
>>> On Fri, Jun 19, 2015 at 11:36 PM, Faisal Imtiaz <
>>> fai...@snappytelecom.net>
>>> wrote:
>>>
>>> > FCC Cert claims different.
>>> >
>>> > :)
>>> >
>>> > Faisal Imtiaz
>>> > Snappy Internet & Telecom
>>> > 7266 SW 48 Street
>>> > Miami, FL 33155
>>> > Tel: 305 663 5518 x 232
>>> >
>>> > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>>> >
>>> > --
>>> >
>>> > *From: *"Josh Luthman" 
>>> > *To: *"Faisal Imtiaz" 
>>> > *Cc: *"NANOG list" , "Ray Soucy" 
>>

Help Needed Converting KVM network Non-VLAN network to VLANs, odd

2015-06-21 Thread Sina Owolabi 
Hi!

I apologize if this is not something I should have posted here, but I've
come to value the insights and experience of the people on this list a lot,
and I am hoping my problem isn't unique. I am also sorry for the long read.

I have been to the forums of the devices in play in this problem, and while
Red Hat has been a huge help, they all hand off when they hear about the
other devices in play.

Some background:
I have a Sophos UTM ASG220 serving as gateway device for a number of
networks, with a Cisco 2960 network switch, and a raft  of Red Hat 6.6
servers running KVM and hosting multiple guests, with the guests being on
different network subnets. The UTM has its LAN interface populated  with
multiple virtual interfaces (its really a stripped down, optimized
RHEL-type Linux machine under the hood) as gateways for all the network
subnets except for the primary network it was created with during
installation. I have VLANs defined on the switch, and the KVM hosts are
having bonded interfaces (mode 1, based on RHN support advice), VLAN sub
interfaces and bridges configured for each network, and each guest is
attached to its appropriate bridge and 8021q is setup. Without involving
the UTM, VLAN traffic transverses beautifully, between swich, KVM hosts and
guests, I have no issues there

That said, this is what is happening:
I am successful in generating new VLAN interfaces on the Sophos UTM (but
with a different IP address) to replace the existing gateway virtual IP
address (for instance, for test network, virtual interface gateway address
is 10.11.0.253, and the VLAN interface to replace it is 10.11.0.253). At
first instance the guests and the kvm host are able to ping the switch, the
newVLAN gateway interface and the old virtual gateway interface, after the
VLAN is in place. But if I try to remove the old virtual interface (eg
10.11.0.253), then networking starts acting weird. The switch VLAN address
(say 10.11.0.7) isunable toping or reach the guests (say 10.11.0.36) on the
VLAN, but it can reach the kvm host vlan bridge (say 10.11.0.4) address,
and it can reach the Sophos gateway (10.11.0.254,VLAN address). Even after
bring the gateway virtual interface (10.11.0.253) back up the situation
remainsfor a while. The guests can reach each other on the same VLAN, but
cannot ping the switch VLAN interface address, and cannot ping their VLAN
gateway address, or route traffic to other external networks). But the
guests can reach the LAN DNS servers, which are ona different subnet
entirely (192.168.2.0)! But theguests also can only reach the DNS servers
on the 192.168.2.0 subnet, they cannot reach all the addresses. Arping
responds to and from all network machines/devices while all this is going
on. This continued for a while even after rebooting the switch, and
bringing up and down the gateway network interfaces. Then suddenly things
started working again (but with the gateway virtual and VLAN addresses both
up).I am successful in generating anew VLAN interface (but with a different
IP address) to replace the existing gateway virtual IP address (for
instance, for test network, virtual interface gateway address is
10.11.0.253, and the VLAN interface to replace it is 10.11.0.253). At first
instance the guests and the kvm host are able to ping the switch, the
newVLAN gateway interface and the old virtual gateway interface, after the
VLAN is in place. But if I try to remove the old virtual interface (eg
10.11.0.253), then networking starts acting weird. The switch VLAN address
(say 10.11.0.7) isunable toping or reach the guests (say 10.11.0.36) on the
VLAN, but it can reach the kvm host vlan bridge (say 10.11.0.4) address,
and it can reach the gateway (10.11.0.254,VLAN address). Even after
bringing  the gateway virtual interface (10.11.0.253) back up the situation
remains for a while. The guests can reach each other on the same VLAN, but
cannot ping the switch VLAN interface address, and cannot ping their VLAN
gateway address, or route traffic to other external networks). But the
guests can reach the LAN DNS servers, which are on a different subnet
entirely (192.168.2.0)! The guests also can only reach the DNS servers on
the 192.168.2.0 subnet, they cannot reach all the addresses.

 Arping responds to and from all network machines/devices while all this is
going on.
 This continued for a while even after clearing the arp-caches,  rebooting
the switch, and bringing up and down the gateway network interfaces.

Then suddenly things started working again (but with the gateway virtual
and VLAN addresses both up).

I'd love some insight to what's happening and how I can fix this.

Re: Whats' a good product for a high-density Wireless network setup?

2015-06-21 Thread Sina Owolabi 
This has all been a very huge help, and I am thankful for all the insights
and reading material. I fee expert already!

On Mon, Jun 22, 2015 at 6:14 AM Mike Lyon  wrote:

> They also have an awesome DAS installation there as well.
>
> On Sun, Jun 21, 2015 at 10:08 PM, Mel Beckman  wrote:
>
> > I recently visited that installation. It's quite impressive and we are
> > employing the "down-low" AP placement strategy on another high density
> > project. The scheme uses human RF attenuation to enable closer AP
> spacing,
> > which in turn supports a higher channel re-use ratio.
> >
> >  -mel beckman
> >
> > > On Jun 21, 2015, at 10:03 PM, Mike Lyon  wrote:
> > >
> > > And Aruba also did a kick-ass wireless installation at the new Levi's
> > > Stadium in Santa Clara. Here is a White Paper on it:
> > >
> > > http://arubanetworks.com/wp-content/uploads/stadiumRFfund.pdf
> > >
> > > -Mike
> > >
> > >
> > >> On Sat, Jun 20, 2015 at 10:51 AM, John Todd  wrote:
> > >>
> > >>
> > >> On 20 Jun 2015, at 9:37, Sina Owolabi wrote:
> > >>
> > >> I'd be grateful for any information on how to calculate for large
> scale
> > >>> wifi deployment
> > >>>
> > >> [snip]
> > >>
> > >>
> > >> While it is vendor specific (and therefore subject to certain biases)
> > I’ve
> > >> found the Aruba VRD (Validated Reference Design) documentation fairly
> > clear
> > >> and applicable to many high-density environments.  It covers theory,
> > >> planning, and engineering.
> > >>
> > >>
> > >>
> >
> http://community.arubanetworks.com/t5/Validated-Reference-Design/Very-High-Density-802-11ac-Networks-Validated-Reference-Design/ta-p/230891
> > >>
> > >> I’m certain that Cisco, Xirrus, Ruckus, Ubiquiti, Areohive, etc. also
> > have
> > >> papers on the topic that (hopefully) have the same basic theory
> concepts
> > >> applied to their specific configuration syntax and special sauces.
> I’ve
> > >> had good experiences with Aruba with high-density auditorium usage on
> > >> several occasions, though I tend to turn off some of the proprietary
> > >> features to keep things simple.
> > >>
> > >> There are also some less-formal slide decks on the same topic from
> Aruba
> > >> that are a bit redundant but more conversational:
> > >>
> > >>
> > >>
> >
> http://www.wlanpros.com/wp-content/uploads/2014/03/Ultra-High-Density-WLAN-Design-Deployment-Chuck-Lukaszewski.pdf
> > >>
> > >>
> >
> http://community.arubanetworks.com/aruba/attachments/aruba/tkb@tkb/86/3/2012%20AH%20Vegas%20-%20WLAN%20Design%20for%20High%20Density.pdf
> > >>
> > >> JT
> > >>
> > >
> > >
> > >
> > > --
> > > Mike Lyon
> > > 408-621-4826
> > > mike.l...@gmail.com
> > >
> > > http://www.linkedin.com/in/mlyon
> >
>
>
>
> --
> Mike Lyon
> 408-621-4826
> mike.l...@gmail.com
>
> http://www.linkedin.com/in/mlyon
>

Re: Whats' a good product for a high-density Wireless network setup?

2015-06-21 Thread Sina Owolabi 
Well now. Being scared is part of the insight :-)
And until I see a "No!!! Don't do it!!" post...

On Mon, Jun 22, 2015 at 7:10 AM Randy Bush  wrote:

> > This has all been a very huge help, and I am thankful for all the
> > insights and reading material. I feel expert already!
>
> then you should be very scared
>
> randy, who has been doing it for years and knows he is a weenie
>