Re: ISP Shaping Hardware
We've used a few over the years. We had Packeteer Packetshapers originally but they became way too expensive once Bluecoat acquired them. $50,000 for an appliance to shape a 1 gig pipe. IIRC,$10,000 per year on maintenance at the time. These prices are after discount.We looked at the following to replace them. NetEqualizer Procera Exinda We went with Exinda and I like the solution. These days, I rely on it more for reporting and traffic/protocol analysis than for shaping, but the shaping does work as advertised. Keep in mind, these solutions can't shape on asymmetric traffic since they need to see the entire flow. If you have a pair of links, you'll need to cluster a pair of shapers so they can share flow information. I also have tested out the traffic shaping on PFSense VMs and it works. I never pushed production traffic through them but my home firewall is a PFSense VM and the shaping works there. Not sure how it would handle a large number of clients though. On 10/20/2014 12:55 AM, Skeeve Stevens wrote: Hey all, Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what. I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot. So I wanted to see what the current popular equipment out there is. ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd ske...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; http://twitter.com/networkceoau linkedin.com/in/skeeve experts360: https://expert360.com/profile/d54a9 twitter.com/theispguy ; blog: www.theispguy.com The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
Re: Muni Fiber and Politics
I might be misunderstanding this, but are you guys saying 10G Internet access to a tier 1 costs around $6,000 a month? I ask because I run a network for a small college and the best price I could get on 1Gbps Internet is about $5,500 a month with the fiber loop included which itself costs $2000-$2500.Or are you guys discussing a different type connection? The quotes I got were from Cogent, Lightpath, Level 3, Verizon ($8,000) and I think even ATT a few years back. I'm out in the NJ suburbs about 30 miles from Manhattan. If there is a cheaper way to get good bandwidth, I'm all ears. We're in Mahwah , NJ. Thanks, On 8/2/2014 3:39 AM, Mark Tinka wrote: On Friday, August 01, 2014 06:34:00 PM Owen DeLong wrote: Today, somewhere around $6,000 or more depending on provider, location, etc. That’s with IP transit included. With IP Transit included, perhaps. But 10Gbps ports are not expensive these days. Depends on whether you selling 10Gbps ports off a router line card or an Ethernet switch. Mark.
Re: Muni Fiber and Politics
Thanks , makes sense. I was looking on peeringdb.com for some locations nearby but they're all 20+ miles . However, there is a Telx a block from my house that I walk past everyday. Maybe a I can string along a 10G connection to my basement office :) On 8/2/2014 9:47 AM, Leo Bicknell wrote: On Aug 2, 2014, at 8:10 AM, Vlade Ristevski vrist...@ramapo.edu wrote: I might be misunderstanding this, but are you guys saying 10G Internet access to a tier 1 costs around $6,000 a month? I ask because I run a network for a small college and the best price I could get on 1Gbps Internet is about $5,500 a month with the fiber loop included which itself costs $2000-$2500.Or are you guys discussing a different type connection? The quotes I got were from Cogent, Lightpath, Level 3, Verizon ($8,000) and I think even ATT a few years back. I'm out in the NJ suburbs about 30 miles from Manhattan. If there is a cheaper way to get good bandwidth, I'm all ears. We're in Mahwah , NJ. I think a 10GE for $6,000 in bandwidth charges is possible, if you meet the provider. What that means is if you are in an Equinix, Coresite, Telehouse, or other sort of carrier neutral colocation point, and you're willing to make the cross connect appear at the providers cage, you can get bandwidth for that price. Basically it's the price when the provider has to do zero other work, already has a large pop, and is selling large wholesale chunks. Add in a local loop, cost for a smaller pop they have to maintain, engineering and so on and your price for 1GE 30 miles away from such places seems perfectly reasonable to me. It's kind of the difference between driving your pickup to the quarry to get a truck load of sand, vrs buying prepackaged sand at the local home improvement store.
Re: Ars Technica on IPv4 exhaustion
I think it depends on the environment. Many small to midsized colleges use some type of NAC for their dorms. Some of the most popular ones don't have support for IPv6. I know there are more, but here are a few: NetReg (and it's commercial variants such as Infoblox Authenticated DHCP) ImpulsePoint Safeconnect Nomadix Gateway (used in many hotel guest networks) Cisco Clean Access when Inline mode (product is EOL but could explain why many schools couldn't do IPv6 in the dorms over the years) In my specific case, we couldn't use 802.1x for wired ports until recently so we've always had to depend an IP based solution for NAC. In a dorm setting, where a lot of the wired hosts don't support 802.1x(Roku,printers,Bluray players) , options are limited . With newer switches supporting mac-address based authentication (MAB in Cisco world, Mac-Radius in Juniper), we can start planning for IPv6 in our dorms in at least a limited deployment. On 6/19/2014 1:53 PM, Edward Arthurs wrote: Thank You for responding. If mid to small companies have equipment made in the last 7 years, they will not need to replace equipment. Most net admins at the mid to small companies have no idea about IPV6. Cost is a major consideration at the mid to small size companies, if they need to upgrade equipment. The difference between IPV4 and IPV6 for someone not familiar is huge, 1. There is a totally new format dotted decimal to colon. 2. The 32 bit to 128 bit is/or can be quite challenging for some net admins. Thank You -Original Message- From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On Behalf Of Christopher Morrow Sent: Thursday, June 19, 2014 10:14 AM To: Edward Arthurs Cc: nanog list Subject: Re: Ars Technica on IPv4 exhaustion On Wed, Jun 18, 2014 at 9:13 PM, Edward Arthurs earth...@legacyinmate.com wrote: There are several obstacles to overcome, IMHO 1. The companies at the mid size and smaller levels have to invest in newer equipment that handles IPV6. if they have gear made in the last 7yrs it's likely already got the right bits for v6 support, right? 2. The network Admins at the above mentioned companies need to learn IPV6, most will want there company to pay the bill for this. for a large majority of the use cases it's just configure that other family on the interface and done. 3. The vendors that make said equipment should lower the cost of said equipment to prompt said companies into purchasing said equipment. the equipment in question does both v4 and v6 ... so why lower pricing? (also, see 'if made in the last 7 yrs, it's already done and you probably don't have to upgrade') There is a huge difference between IPV4 and IPV6 and there will be a lot of 'huge difference' ... pls quantify this. (unless you just mean colons instead of periods and letters in the address along with numbers)
Re: BGPMON Alert Questions
I just got the same alert for one of my prefixes one minute ago. On 4/2/2014 2:59 PM, Frank Bulk wrote: I received a similar notification about one of our prefixes also a few minutes ago. I couldn't find a looking glass for AS4761 or AS4651. But I also couldn't hit the websites for either AS, either. Frank -Original Message- From: Joseph Jenkins [mailto:j...@breathe-underwater.com] Sent: Wednesday, April 02, 2014 1:52 PM To: nanog@nanog.org Subject: BGPMON Alert Questions So I setup BGPMON for my prefixes and got an alert about someone in Thailand announcing my prefix. Everything looks fine to me and I've checked a bunch of different Looking Glasses and everything announcing correctly. I am assuming I should be contacting the provider about their misconfiguration and announcing my prefixes and get them to fix it. Any other recommendations? Is there a way I can verify what they are announcing just to make sure they are still doing it? Here is the alert for reference: Your prefix: 8.37.93.0/24: Update time: 2014-04-02 18:26 (UTC) Detected by #peers: 2 Detected prefix: 8.37.93.0/24 Announced by: AS4761 (INDOSAT-INP-AP INDOSAT Internet Network Provider,ID) Upstream AS: AS4651 (THAI-GATEWAY The Communications Authority of Thailand(CAT),TH) ASpath: 18356 9931 4651 4761 -- Vlad
Re: ISP inbound failover without BGP
I've been doing the suggestion below for many years using the IP addresses that Cogent gives us. All I needed to do is get LOA from them and submit it to my backup ISP. I've never had an issue with my Cogent IP's *not* being advertised by my other ISP and I really don't think there is very much management overhead for the customer once this is setup. I have an SNMP based alerting system (Cacti) set up so I can be alerted if too much traffic ever shifts to the backup link. The client getting their own ASN is the better way to go but you should be able to do the above until that comes through. On 3/3/2014 10:20 PM, Randy Carpenter wrote: Is there some technical reason that BGP is not an option? You could allow them to announce their ATT space via you as a secondary. -Randy - Original Message - This may sound like dumb question, but... I'm used to asking those. Here's the scenario Another ISP, say ATT, is the primary ISP for a customer. Customer has publicly accessible servers in their office, using the ATT address space. I am the customer's secondary ISP. Now, if ATT link fails, I can provide the customer outbound Internet access fairly easily. So they can surf and get to the Internet. What about the publicly accessible servers that have ATT addresses, though? One thought I had was having them use Dynamic DNS service. Are there any other solutions, short of using BGP multihoming and having them try to get their own ASN and IPv4 /24 block? It looks like a few router manufacturers have devices that might work, but it looks like a short DNS TTL (or Dynamic DNS) needs to be set so when the primary ISP fails, the secondary ISP address is advertised. -- Vlad
Re: 7206 VXR NPE-G1 throughput
Thanks for all the responses. It's been very helpful. Based on your collective feedback, I'm definitely going to retire the 7206 this summer. I'm looking at the ASR-1002-X and Juniper MX-5, MX-10. I may as well go with something 10Gig capable. My Cisco SE brought up an interesting alternative. This summer we're replacing our 6513 Sup720 with a pair of 6807 with redundant Sup 2Ts. It is where all our internal Fiber terminates and where internal routing happens. He said we can add extra memory and terminate our BGP sessions here and use that for our Internet connections. After thinking it over, I'd still rather have dedicated routers for our Internet access but I'm curious what you guys think about this suggestion. -- Vlad
Re: carrier comparison
I got the RFO today and what happened was: The Cogent NOC investigated and found that one of our customers connected through a Verizon aggregated circuit to the router was being DDOS attacked. This type of attack can send excessive traffic to a customer’s interface either deliberately or accidentally, causing a spike in the router’s CPU usage. The Cogent NOC shut down the attacked customer’s connection to the network restoring normal router operations and our Customer Service Group worked with the customer to resolve the DDOS issue. On 2/7/2014 4:42 PM, Faisal Imtiaz wrote: This is exactly what I thought had happenedThe outage that affected you was one our two routers up-stream from your connection to that provider. I am not trying to defend any Carrier, but there is no 'routing protocol' what will react to this kind of an issue. Regards. Faisal Imtiaz Snappy Internet Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net - Original Message - From: Vlade Ristevski vrist...@ramapo.edu Cc: nanog list nanog@nanog.org Sent: Friday, February 7, 2014 3:57:00 PM Subject: Re: carrier comparison We don't get a default route from them. At the time of the outage my bgp session was up and I had a full routing table from them. I didn't have much time to troubleshoot it in that state since we were down so I had to disable the session ASAP. Once the RFO comes in, I'll be asking a lot more questions about it. My only experience with BGP is as a customer so I'm not too familiar with the intricacies on the provider side. We had an outage in the AM the same day and we failed over just fine. I'm very curious why the same didn't happen in the evening. On 2/7/2014 3:03 PM, Bryan Socha wrote: Did you verify your problem was announcements on the other side of the outage? This sounds to me like you are using a bgp announced default route from cogent which is always sent.I think the problem was you were sending traffic out a path that was broken. Since you mentioned your outbound balancing this would explain some packet loss and not 100% loss. Bryan Socha Network Engineer DigitalOcean -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 -- Vlad
7206 VXR NPE-G1 throughput
We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. Answers on and off list are appreciated. Thanks, -- Vlad
Re: 7206 VXR NPE-G1 throughput
We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. We won't be doing any QOS or IPv6 on it but it does take a full BGP table. I just need it to last another year or two out of it if possible. I believe this platform goes End of Support in Spring 2016. On 2/10/2014 10:30 AM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Regards, Remco Bressers Signet B.V. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854
Re: 7206 VXR NPE-G1 throughput
Both the inside and outside interfaces are on the same NPE-G1 card. Thanks, On 2/10/2014 10:40 AM, Alain Hebert wrote: I have one but I never ran that much BW thru mine. But the CPU usage is what will kill you. Also the entire platform is rate for 1.8Gbs aggregated which mean depending on which interface you have, and which bus they are connected to, 900Mbps might be its limit. - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 02/10/14 10:30, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Regards, Remco Bressers Signet B.V. -- Vlad
Re: 7206 VXR NPE-G1 throughput
Thanks for the link. When I looked at it, the PPS and bandwidth didn't really match what I see on my network so I'm curious to see what people are actually seeing. It looks like their test is done using very small packets (64K). Our traffic is mostly web with a lot of Video (netflix , Hulu, youtube, Flash etc) so we're dealing with a lot less packets that are much larger. Based on the numbers I posted, we' would be at the BW limit without even coming close the PPS limit (if we were running the traffic through the 7206). On 2/10/2014 10:41 AM, joel jaeggli wrote: On 2/10/14, 7:17 AM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. I wouldn't expect a g1 to do much more than half a gig... https://supportforums.cisco.com/servlet/JiveServlet/download/561469-9512/routerperformance.pdf Answers on and off list are appreciated. Thanks, -- Vlad
Re: 7206 VXR NPE-G1 throughput
The ACL is a recent addition and we can probably do away with it. I didn't notice a significant increase in CPU or drops since adding it. But we usually peak at about 200Mbps on this link. The full routing table is a must since we're dual homed. On 2/10/2014 10:55 AM, Remco Bressers wrote: On 02/10/2014 04:43 PM, Vlade Ristevski wrote: We're still on the 12.4 train. I do use an ACL with less than 100 entries which handle BCP38 and block a few bad actors and private IPs on the Internet. I will be moving the BCP38 ACL closer to the hosts before the upgrade so the ACL will be a bit shorter in the future. We won't be doing any QOS or IPv6 on it but it does take a full BGP table. I just need it to last another year or two out of it if possible. I believe this platform goes End of Support in Spring 2016. On 2/10/2014 10:30 AM, Remco Bressers wrote: On 02/10/2014 04:17 PM, Vlade Ristevski wrote: We are looking to double the bandwidth on one of our circuits from 300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 card. These seem like very popular routers so I'm hoping a few people on this list have them deployed. If you or a customer have these deployed, how much bandwidth have you seen them handle? This will be handling dorm traffic at a college so it's mostly download. The 7206 handles our 300 Mbps circuit just fine, but we are moving it to our 600Mbps circuit. At peak we've seen the following numbers for that circuit: 30 second input rate 559982000 bits/sec, 55809 packets/sec 30 second output rate 55429000 bits/sec, 32598 packets/sec 267756984712 packets input, 25152556755 bytes, 0 no buffer This is the interface that connects to our provider. As you can see its almost all download traffic. Our ASR1002 handles it without a sweat but I'm a little skeptical of whether the 7206 will hold up. This depends on multiple variables. The 7200 is a single-CPU platform where CPU can go sky-high when using features like ACL's, QoS, IPv6 and you name it.. Also, changing from IOS 12.4 to 15 increased our CPU usage with another 10%+. Stick to the bare minimum of features you really need and you will be fine. Full routing and ACL 100+ entries? I would ditch the 7200+NPE-G1 or upgrade to an NPE-G2.. Regards, Remco Bressers Signet B.V. -- Vlad
Re: 7206 VXR NPE-G1 throughput
Are you suggesting getting the default gateway from both providers or getting the full table from one and using the default as a backup on the other (7206)? Thanks, On 2/10/2014 1:27 PM, Octavio Alvarez wrote: On 02/10/2014 08:05 AM, Vlade Ristevski wrote: The ACL is a recent addition and we can probably do away with it. I didn't notice a significant increase in CPU or drops since adding it. But we usually peak at about 200Mbps on this link. The full routing table is a must since we're dual homed. You don't necessarily need the full routing table for dual home, only for outgoing load balance. You can have BGP, filter your routes away, just leave a default gateway and still have dual homing. Your outgoing traffic will work as if it were active-standby, though. My 0.02. -- Vlad
Re: carrier comparison
I'm not setting it on my router locally but sending it over to Cogent as a community string per page 22 of their user guide. http://cogentco.com/files/docs/customer_service/guide/global_cogent_customer_user_guide.pdf They use it to manipulate how traffic gets back to me so that is incoming from my routers view. I also pad the AS for the networks that I prefer to come back through the other ISP.. On 2/7/2014 5:27 AM, Olivier Benghozi wrote: Hi Vlade, Well, if you are trying to balance the incoming traffic load with local-pref attribute, I can understand your disappointment :) Since it doesn't work at all this way: local-pref is local to an AS and deals with outgoing traffic only. B) We have our own AS and IP space. I advertise them to both Cogent and our other ISP. I use the local preference attribute to share the load for incoming traffic between both ISPs. In the last 5 outages over the last few years, this has happened twice. I'm waiting on the RFO so I can further investigate why this happened. I think someone mentioned this in a post a few months ago too. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854
Re: carrier comparison
We don't get a default route from them. At the time of the outage my bgp session was up and I had a full routing table from them. I didn't have much time to troubleshoot it in that state since we were down so I had to disable the session ASAP. Once the RFO comes in, I'll be asking a lot more questions about it. My only experience with BGP is as a customer so I'm not too familiar with the intricacies on the provider side. We had an outage in the AM the same day and we failed over just fine. I'm very curious why the same didn't happen in the evening. On 2/7/2014 3:03 PM, Bryan Socha wrote: Did you verify your problem was announcements on the other side of the outage? This sounds to me like you are using a bgp announced default route from cogent which is always sent.I think the problem was you were sending traffic out a path that was broken. Since you mentioned your outbound balancing this would explain some packet loss and not 100% loss. Bryan Socha Network Engineer DigitalOcean -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854
Re: carrier comparison
We have had Cogent over Verizon's Fiber for more than a few years now. Cogent goes down once at year at minimum. They had 2 outages in a single day a couple days ago in Northern NJ. One in the AM ..caused by a power outage in a vendor data center where Cogent is collocated. They went on to have another outage at around 9:30 PM on the same day for which I'm still waiting for an RFO. During this outage, they still were advertising our BGP routes so we didn't fail over to our 2nd provider. I notice that happens alot with them. When they go down, they still advertise your routes. As far as price goes, for us Cogent is cheap but Lightpath is cheaper. Our college is kind of far from things so we don't have a lot of outside fiber coming. The last mile fiber for both of our connections are different from our Internet providers. I've never had a big issue with the two working with each other. The only issue we had is I suspected we weren't getting as much bandwidth as we paid for. They had to work out where the policer and/or bottle neck was. This is the only issue we had in 5 years with this set up and it got resolved. IME, when there is a full outage, it's always been clear who the responsible party is. On 2/6/2014 10:17 AM, Adam Greene wrote: Hi, We're a small ISP / datacenter with a Time Warner fiber-based DIA contract that is coming up for renewal. We're getting much better pricing offers from Cogent, and are finding out what Level 3 can do for us as well. Both providers will use Time Warner fiber for last mile. My questions are: - Will we be sacrificing quality if we spring for Cogent? (yesterday's Cogent/Verizon thread provided some cold chills for my spine) - Is there a risk with contracting a carrier that utilizes another carrier (such as Time Warner) for the last mile? (i.e. if there is a downtime situation, are we going to be caught in a web of confusion and finger-pointing that delays problem resolution)? - How are peoples' experiences with L3 vs TWC? Although I assume everyone on the list would be interested in what others have to say about these questions, out of respect for the carriers in question, I encourage you to email frank opinions off list. Or if there are third party tools or resources you know that I could consult to deduce the answers to these questions myself, they are most welcome. Thanks, Adam
Re: carrier comparison
When I priced out providers 2 years ago for 500Mbps over 1 gig fiber link the list from most expensive to least expensive was: Verizon--XO--Cogent--Lightpath This is for Northern NJ. Abovenet and some of the other big providers couldn't reach our Campus. Lightpath ate the cost of running Fiber to our campus while the other weren't willing to do that. On 2/6/2014 11:28 AM, Patrick W. Gilmore wrote: On Feb 6, 2014, at 11:22, Joshua Goldbard j...@2600hz.com wrote: Cogent always has the cheapest rates Objectively, provably false.
Re: carrier comparison
B) We have our own AS and IP space. I advertise them to both Cogent and our other ISP. I use the local preference attribute to share the load for incoming traffic between both ISPs. In the last 5 outages over the last few years, this has happened twice. I'm waiting on the RFO so I can further investigate why this happened. I think someone mentioned this in a post a few months ago too. It sucks for us, because we're a small school and don't have someone in a NOC to monitor our networks 24x7. I literally had to get out of bed and disable our BGP session with them for us to get through the outage. I was getting around 90% packet loss from my home to our router. On 2/6/2014 4:57 PM, Eric Flanery (eric) wrote: Vlade, When you say that they still advertise your routes, do you mean: A: That you were having them originate your routes, and they failed to stop doing so when they had problems? Or... B: That routes you were originating continued to be propagated by them, even though your session with them was down? Or... C: Something else. I ask, as we are considering some cheap Cogent bandwidth in the not-too-distant future, to allow us to keep commit rates low on higher quality connections. 'A' wouldn't be a real problem, since we run our own AS and originate our own routes; 'B' could be potentially devastating. On Thu, Feb 6, 2014 at 8:04 AM, Vlade Ristevski vrist...@ramapo.edu mailto:vrist...@ramapo.edu wrote: We have had Cogent over Verizon's Fiber for more than a few years now. Cogent goes down once at year at minimum. They had 2 outages in a single day a couple days ago in Northern NJ. One in the AM ..caused by a power outage in a vendor data center where Cogent is collocated. They went on to have another outage at around 9:30 PM on the same day for which I'm still waiting for an RFO. During this outage, they still were advertising our BGP routes so we didn't fail over to our 2nd provider. I notice that happens alot with them. When they go down, they still advertise your routes. As far as price goes, for us Cogent is cheap but Lightpath is cheaper. Our college is kind of far from things so we don't have a lot of outside fiber coming. The last mile fiber for both of our connections are different from our Internet providers. I've never had a big issue with the two working with each other. The only issue we had is I suspected we weren't getting as much bandwidth as we paid for. They had to work out where the policer and/or bottle neck was. This is the only issue we had in 5 years with this set up and it got resolved. IME, when there is a full outage, it's always been clear who the responsible party is. On 2/6/2014 10:17 AM, Adam Greene wrote: Hi, We're a small ISP / datacenter with a Time Warner fiber-based DIA contract that is coming up for renewal. We're getting much better pricing offers from Cogent, and are finding out what Level 3 can do for us as well. Both providers will use Time Warner fiber for last mile. My questions are: - Will we be sacrificing quality if we spring for Cogent? (yesterday's Cogent/Verizon thread provided some cold chills for my spine) - Is there a risk with contracting a carrier that utilizes another carrier (such as Time Warner) for the last mile? (i.e. if there is a downtime situation, are we going to be caught in a web of confusion and finger-pointing that delays problem resolution)? - How are peoples' experiences with L3 vs TWC? Although I assume everyone on the list would be interested in what others have to say about these questions, out of respect for the carriers in question, I encourage you to email frank opinions off list. Or if there are third party tools or resources you know that I could consult to deduce the answers to these questions myself, they are most welcome. Thanks, Adam -- Vlad
Re: looking for a tool...
NTOP can do this is in real time. I believe Wireshark will also do what you are looking for. You can capture and analyze or open a .pcap file and analyze. I'm my version, you would do it be going to the following menu: Statistics -- Endpoints On 2/4/2014 12:34 AM, Mike wrote: Hello, I was wondering if anyone could point me in the direction of a tool capable of sniffing (or reading pcap files), and reporting on lan station thruput in terms of bits per second. Ideally I'd like to be able to generate a sorted report of the top users and top thruputs observed and so forth. The traffic is pppoe and I need to monitor it at a specific switchport where I can arrange span. Thank you. -- Vlad
Re: Proxy ARP detection
Cisco ASA's still have proxy ARP enabled by default when certain NAT types are configured. http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html Default Settings (8.3(1), 8.3(2), and 8.4(1)) The default behavior for identity NAT has proxy ARP disabled. You cannot configure this setting. (8.4(2) and later) The default behavior for identity NAT has proxy ARP enabled, matching other static NAT rules. You can disable proxy ARP if desired. See the Routing NAT Packets section for more information. On 1/15/2014 7:54 PM, Eric Rosen wrote: Cisco PIX's used to do this if the firewall had a route and saw a ARP request in that IP range it would proxy arp. - Original Message - On Jan 15, 2014, at 4:03 PM, Niels Bakker niels=na...@bakker.net wrote: * c...@bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]: This is where theory diverges nicely from practice. In some cases the offender broadcast his reply, and guess what else? A lot of routers listen to unsolicited ARP replies. I've never seen this. Please name vendor and product, if only so other subscribers to this list can avoid doing business with them. This was some time ago, but the two I was able to dig up from that case were both Junipers. Perhaps it’s something that only happens when proxy ARP is enabled? -c -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854
Re: Verizon FIOS IPv6?
My actiontec router has had that IPv6 page for a while now. I'm 20 minutes outside NYC. However when I enable it, I still don't get a broadband IPv6 address in the System Monitoring tab. On 1/8/2014 8:26 AM, George, Wes wrote: On 1/7/14, 11:10 PM, Adam Rothschild a...@latency.net wrote: I should probably add that there was a real router plugged into the ethernet port on the ONT, given a lack of support in the ActionTec code ... Interestingly, I have one of the later-generation ActionTecs, and VZ pushed a software update to it at some point and it sprouted IPv6 config. https://plus.google.com/u/0/+WesleyGeorge/posts/hZR5nRgKyQ4 And no, clicking ³enable² doesn¹t do anything, least it didn¹t last time I fiddled with it. They¹ve at least updated this page from ³later in 2012² to ³starting in 2013² but clearly that¹s still not very helpful. http://www.verizon.com/Support/Residential/Internet/HighSpeed/General+Suppo rt/Top+Questions/QuestionsOne/ATLAS8742.htm Wes George Anything below this line has been added by my company¹s mail server, I have no control over it. --- This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854
Re: Open source hardware
Sorry to get off topic, but is there a company that you can recommend? The price of the Cisco single mode GLC-LH-SMD= is killing me. I see a bunch of third party ones on Amazon and CDW but I'd to love to get my hands one that has the correct vendor code without going and trying them all. On 1/3/2014 7:48 AM, Ray Soucy wrote: You actually buy brand-name SFP's? That's like buying the gold-plated HDMI Monster Cable at Best Buy at markup ... I just find the the companies that the vendors contract to make their OEM SFP's and buy direct. Same SFP from the same factory except one has a Cisco sticker. ;-) You can even get them with the correct vendor code, been doing this for years and there is no difference in failure rate or quality and we go through hundreds of SFPs. Vlad Network Manager
Re: Vyatta to VyOS
This project looks interesting. Our 7206 VXR is at ends final days and replacing it with and ASR series is very expensive considering we're only pushing 600megs of Internet traffic with a full BGP table. When I go to the page linked below, I didn't see a mailing list, forum or very much documentation for it. Is there another site with this info? I'd love to test a few builds out but I never used Vyatta before. On 12/23/2013 10:18 AM, Ray Soucy wrote: Many here might be interested, In response to Brocade not giving the community edition of Vyatta much attention recently, some of the more active community members have created a fork of the GPL code used in Vyatta. It's called VyOS, and yesterday they released 1.0. http://vyos.net/ I've been playing with the development builds and it seems to be every bit as stable as the Vyatta releases. Will be interesting to see how the project unfolds :-) -- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854