Re: Cellular enabled console server

2017-02-25 Thread Yucong Sun 
opengear is just atom based linux,at least the one i used.

On Sun, Feb 26, 2017 at 1:29 PM Ryan Gelobter  wrote:

> > +1  OpenGear all the time - just ensure you are patching/manageing
> them(!)
>
> Why do you say that? I'd love some details before buying opengear.
>
> On Sat, Feb 25, 2017 at 6:38 AM,  wrote:
>
> > Hi,
> >
> > > OpenGear all the way.  Models for every need.
> >
> > +1  OpenGear all the time - just ensure you are patching/manageing
> them(!)
> >
> > alan
> >
>

Re: Any Github Experts online ?

2017-02-22 Thread Yucong Sun 
use GIT_CURL_VERBOSE=1 GIT_TRACE=1 git   will print out full
trace.  you can also try other environment variables from
https://git-scm.com/book/tr/v2/Git-Internals-Environment-Variables

In my experiences, this is usually caused by MTU discovery issue.

On Thu, Feb 23, 2017 at 7:40 AM, Bob Evans  wrote:
> Hello NANOGers,
>
> I have one customer that claims that 2 out of 17 downloads using the git
> command on github's service are slow and poor on our network when compared
> to others.
>
> However, when not using the git command , but using a simple web page link
> to a large zipped file from github, its always nice and fast. Using the
> git command 8% of the time being slow is unacceptable. Github just doesnt
> responds lethargically at best. BTW, have you seen how many hex digits a
> github ticket number is ?
>
> Of course Github says try a different ISP...Customer tries to tell me
> comcast is better ! What ! I dont believe it. No help from Github NOC - we
> have asked and asked... And we peer with Github and for some reason they
> do not transmit the Prefixes of the IP range that the customer uses for
> the git command.  github.com resolve IPv4 is not in the prefix list. So
> the exit is transits.
>
> I need more clues. Is it the resources the git command uses when checking
> files for dates etc ?
>
> Thank You
> Bob Evans
> CTO
>
>
>
>
>
>

Re: External BGP Controller for L3 Switch BGP routing

2017-01-15 Thread Yucong Sun 
In my setup, I use an BIRD instance to combine multiple internet full
tables,  i use some filter to generate some override route to send to my L3
switch to do routing.  The L3 switch is configured with the default route
to the main transit provider , if BIRD is down, the route would be
unoptimized, but everything else remain operable until i fixed that BIRD
instance.

I've asked around about why there isn't a L3 switch capable of handling
full tables, I really don't understand the difference/logic behind it.

On Sun, Jan 15, 2017 at 10:43 PM Tore Anderson  wrote:

> Hi Saku,
>
> > >
> https://www.redpill-linpro.com/sysadvent/2016/12/09/slimming-routing-table.html
> >
> > ---
> > As described in a prevous post, we’re testing a HPE Altoline 6920 in
> > our lab. The Altoline 6920 is, like other switches based on the
> > Broadcom Trident II chipset, able to handle up to 720 Gbps of
> > throughput, packing 48x10GbE + 6x40GbE ports in a compact 1RU chassis.
> > Its price is in all likelihood a single-digit percentage of the price
> > of a traditional Internet router with a comparable throughput rating.
> > ---
> >
> > This makes it sound like small-FIB router is single-digit percentage
> > cost of full-FIB.
>
> Do you know of any traditional «Internet scale» router that can do ~720
> Gbps of throughput for less than 10x the price of a Trident II box? Or
> even <100kUSD? (Disregarding any volume discounts.)
>
> > Also having Trident in Internet facing interface may be suspect,
> > especially if you need to go from fast interface to slow or busy
> > interface, due to very minor packet buffers. This obviously won't be
> > much of a problem in inside-DC traffic.
>
> Quite the opposite, changing between different interface speeds happens
> very commonly inside the data centre (and most of the time it's done by
> shallow-buffered switches using Trident II or similar chips).
>
> One ubiquitous configuration has the servers and any external uplinks
> attached with 10GE to leaf switches which in turn connects to a 40GE
> spine layer with. In this config server<->server and server<->Internet
> packets will need to change speed twice:
>
> [server]-10GE-(leafX)-40GE-(spine)-40GE-(leafY)-10GE-[server/internet]
>
> I suppose you could for example use a couple of MX240s or something as
> a special-purpose leaf layer for external connectivity.
> MPC5E-40G10G-IRB or something towards the 40GE spines and any regular
> 10GE MPC towards the exits. That way you'd only have one
> shallow-buffered speed conversion remaining. But I'm very sceptical if
> something like this makes sense after taking the cost/benefit ratio
> into account.
>
> Tore
>

Re: What's the meaning of virtual POP ?

2016-08-23 Thread Yucong Sun 
Thanks for the explanation.

I understand on layer 2 or like william point out (on anything other than
IP) it make total sense.

However on layer 3, with existing transit bandwith with said provider it
would be redudant. (Assume The one you wanted peer at site b is already
peering with your provider).

Cheers.

On Tue, Aug 23, 2016, 15:51 Rod Beck 
wrote:

> Yes, except it is done via Switched Ethernet and VLANs. The idea behind
> virtual peering. Your gear is in Amsterdam and someone gives you VLANs to
> LINX.
>
>
> - R.
>
>
> --
> *From:* NANOG  on behalf of William Herrin <
> b...@herrin.us>
> *Sent:* Wednesday, August 24, 2016 12:46 AM
> *To:* Yucong Sun
> *Cc:* NANOG
>
> *Subject:* Re: What's the meaning of virtual POP ?
> On Tue, Aug 23, 2016 at 6:31 PM, Yucong Sun  wrote:
> > I came across the idea of the virtual POP  , but the website for them
> have
> > way too much jargon to me[1][2][3], can someone explain it like i'm five
> > (:-D)?
>
> A virtual Point Of Presence means that you provide services at a
> location via someone else's facilities.
>
> The classic example was extending a PRI for dialup modems inside a
> particular local calling area via a point-to-point T1 back to your
> modem bank somewhere else that would have been a long distance call
> for those customers. If you put a modem bank in their local calling
> area, it's a POP. If you extend the circuit from their local calling
> area back to your modem bank elsewhere, it's a virtual POP.
>
> Modern examples of virtual POPs are much fancier but it's the same basic
> idea.
>
>
> > 1. Is virtual POP basically a L2VPN?
>
> It can be. Depends on what service you're extending from the "virtual"
> location.
>
>
> > 2. Do such vPOP have guaranteed latency/bandwidth?
>
> Depends on what you're extending and how.
>
>
> > 3. Is that really useful?
>
> It can be. It can let you dip your toes in a market without a large
> up-front investment in equipment and backhaul.
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin  her...@dirtside.com  b...@herrin.us
> Owner, Dirtside Systems . Web: <http://www.dirtside.com/>
> Dirtside Systems <http://www.dirtside.com/>
> www.dirtside.com
> Welcome! You are our 370,765 th guest. Dirtside builds ground systems and
> ground system software for the satellite and mobile communications
> industries.
>
>

What's the meaning of virtual POP ?

2016-08-23 Thread Yucong Sun 
Hi,

I came across the idea of the virtual POP  , but the website for them have
way too much jargon to me[1][2][3], can someone explain it like i'm five
(:-D)?

Specifically, my question is :

1. Is virtual POP basically a L2VPN?  That is, the provider will provide a
port at site A,that is somehow connected to LAN of site B ? What's
difference with vpop and layer 2 transport then?
2. Do such vPOP have guaranteed latency/bandwidth?
3. Is that really useful? If I'm already buying transit bandwidth/announce
my blocks from provider, the site B peers is already going to send traffic
through provider's backbone to site A, then what's the difference?

Thanks!

example
1. http://www.ixreach.com/services/colocation/virtual-pop/
2. http://www.interoute.com/network-box-virtual-pop-vpop
3. https://www.linx.net/join-linx/vpop

Re: Looking for VPS providers with BGP session

2015-12-08 Thread Yucong Sun 
I recommend http://www.quadranet.com/ ! I have been a happy customer
for almost two years,

I have a single dedicated server over there,  running full BGP feed
with them, It's a fairly extensive setup with multiple sessions,
automatic null routing and all the communities tinkering! Their NOC is
very friendly and very easy to work with!

On Mon, Dec 7, 2015 at 8:40 PM, Philippe Bonvin via NANOG
 wrote:
> Hello,
>
>
> I'm looking for providers around the world who are able to provide VPS with a 
> BGP session but it seems to be rather difficult to find. I have already found 
> a few with WHT/bgp.he.net/google but a little help would be appreciated.
>
>
> Does anyone have contact or know people who can offer such services ?
>
> If yes, please contact me off list.
>
>
> Our budget is quite low: around 50$/month/node +/- 50$ depending the transit 
> providers for a server with 1-2 CPU cores, 20 Go SSD or SAS and 1-2 Go RAM.
>
>
> I'll be happy to share my provider list we use with anyone who needs it.
>
>
> Thanks for your help,
>
> Philippe
>
> [EDSI-Tech Sarl]
> Philippe Bonvin, Directeur
> EDSI-Tech S?rl
> EPFL Innovation Park, Batiment C, 1015 Lausanne, Suisse | T?l?phone: +41 (0) 
> 21 566 14 15
> Savoie Technolac, 17 Avenue du Lac L?man, 73375 Le Bourget-du-Lac, France | 
> T?l?phone: +33 (0)4 86 15 44 78

Re: Project Fi and the Great Firewall

2015-11-14 Thread Yucong Sun 
This is what roaming data means, Your data packet is simply trunked to
your original operator to process.  So you will be having a US ip on
the web.

On Sun, Nov 15, 2015 at 12:02 PM, Yury Shefer  wrote:
> My team mate was traveling to China with his Nexus 6 (with Project Fi
> SIM-card) and was able to access Google services. The phone uses roaming
> data to access Google and your phone gets IP assigned by your home mobile
> network packet gateway (P-GW). There is no local data break-out.
>
> On Sat, Nov 14, 2015 at 6:00 PM, Sean Hunter  wrote:
>
>> Hello everyone,
>>
>> I come to you to humbly request your assistance, on or off list. This not
>> an urgent technical matter, but something I'm rather fascinated by at the
>> moment.
>>
>> While in China recently, I noticed that my Project Fi phone was accessing
>> Google. Not only Google, but Facebook, YouTube, Gmail, Twitter, and many
>> other normally perma-blocked websites. It's taken me a few days of sleep
>> deprived thinking to realize this, but I'm seeing the same or similar
>> 26.x.x.x addresses across countries I've visited, including China, Spain,
>> Malaysia, and Hong Kong.
>>
>> I'm not a cellular guy and I know even less about MVNO's, but I'm curious
>> if I'm inferring the technical operations of the network correctly. It
>> sounds like the local cellular companies are provisioning access upon
>> arrival, then packing up the packets and shipping them off at layer 2 or
>> below to Google, who's then handling the IP stack and up internet access.
>> I'm also assuming the Great Firewall then acts above these layers since
>> it's not blocking access on my phone.
>>
>> If my inference is correct, I'd be curious to see if those responsible for
>> the Great Firewall are aware of this deal Google has with a Chinese
>> cellular provider and the technical specifics of how it works. Might we be
>> seeing a softening of Great Firewall policies for foreigners, or just
>> another soon to be inspected or blocked flow of traffic?
>>
>> Anyway, I'd just love to hear from a knowledgeable engineer about how this
>> works.
>>
>> If you've read this far, thanks for your time and have a great day!
>>
>
>
>
> --
> Best regards,
> Yury.

Re: IPv6 Irony.

2015-10-13 Thread Yucong Sun 
I don't understand the strategy here, how is that getting more traffic
going-through IPv6 help its adoption by the mass?  IMHO it only helps
high-end, backbone type of network equipment producers sell more of
their big box with advanced IPv6 license.  It has absolutely no help
with the long tail crowd, which really need more push and incentive to
support ipv6.

Cheers.

Re: in-case anyone is interested, the pirate flag flies again.

2014-12-22 Thread Yucong Sun 
CR one is fake, isn't it?

On Mon, Dec 22, 2014 at 3:55 AM, Nicolás  wrote:
> You could try this one:
> https://thepiratebay.cr/
>
> El 22/12/14 00:28, Miles Fidelman escribió:
>> Javier J wrote:
>>> http://www.thepiratebay.se/
>>
>> Doesn't seem to be reachable, though.
>>
>

Re: Charging fee for BGP prefix per /24?!

2014-12-10 Thread Yucong Sun 
if that is the intent, they should charge per prefix. Not per /24 eqiv.

On Wed, Dec 10, 2014, 00:20 Tore Anderson  wrote:

> * Yucong Sun
>
> > My recent inquiry to some network provider reveals that they are
> > charging fee for per /24 announced. Obvious that would means they get
> > to charge a lot with little to none efforts on their side.
> >
> > In a world we are charging total bytes transferred instead of bps on
> > uplinks, i can't say I'm surprised that much. But does anyone else had
> > same experience? Did you pay? Is this the new status quo now?
>
> Haven't encountered this myself, but putting a price on DFZ routing
> slots seems like a Good Thing to me.
>
> Tore
>

Re: Charging fee for BGP prefix per /24?!

2014-12-10 Thread Yucong Sun 
It is not the same thing though. In my case, they just say we want you to
buy our IP, if you don't and want use you own Arin allocated IP blocks
through bgp, then we got to charge you anyway!

Because why couldn't they?

On Wed, Dec 10, 2014, 00:21 Maximilian Baehring 
wrote:

> Europe: It costs 50 euros yearly fee per PI-Space Resource without the
> anouncment ppayable via a LIR. They cahreg - in my case - additional 25
> Euros for the financial transaction with Ripe. The cheapest possible
> anouncment is via TWO Route-Servers and the minimum required for this is a
> VPS (not openVZ which cannot run the routing daemon) Linux-KVM with Quagga!
> http://www.openpeering.nl/shoppinglist.shtml - http://www.ripe.net/lir-
> services/member-support/info/billing/billing-procedure-and-
> fee-schedule-2014
>
> mit freundlichem Gru&SZlig; / Yours sincerely
>
> Maximilian Baehring
> Hoelderlinstrasse 4
> 60316 Frankfurt a.M.
> Germany
> maximil...@baehring.at
> Fon: +49 (0)69 17320776
> Fon: +49 (0)176 65605075
> Fon: +49 (0)174 3639226
> Fax: +49 (0)69 67831634
>
> -BEGIN PGP PUBLIC KEY BLOCK-
> Version: GnuPG v2
>
> mQGiBFRbtw0RBACmtrehmuVpR0EiXlEcdl9AttnGlK7BvVidu+EEJAg8bpnzxZ3G
> nGF2Z4LDSnEJid4nDs4ey7lAlkQ0bVozcmutyCvQo2JXNwjtVlMFR3ePuHGcgn6i
> 55bFw2aMhth5d//3MoYAXk/PeFH2zZtWwq6WVIYN4YIIPLT/j7nEElndnwCglQHs
> jDVQcAGmqZeJBA+j2SwIIjMD/1yy/tq7qyQ2O12+f4mIVLNY6+lTmg9jQu3y0jiw
> fT7xKQ3e4YSsYUxZM03Uw8XHL9OqDhKROppx1D0ywSaHzdFi14VBU0B1rv5ZUFbF
> IkO06R8dFl8HOoEwaplPtr1e6b17oM0KkLRf15nPi39pmnr8IYtpArQTV83Twmgz
> L65vA/47+UZi618F5UafoXqmRPoSnz7Bcfrk84I8WmSDqXY/VqD35DdYFz0pzCY9
> R2wk7ivxfF/cbPSrq9WUqbDGlcso96FlbqWdtPROuQQqepn3giOxDTY5RqhG0M3d
> IVdja94U08K7ypbI7pPJbl8fb8wSJ0qHdRvnvx5HnHqXd/uA4LQsTWF4aW1pbGlh
> biBCYWVocmluZyA8bWF4aW1pbGlhbkBiYWVocmluZy5hdD6IYwQTEQIAIwUCVFu3
> DQIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEH2oe7epzbrju5cAn3P3
> 0/S+fIMLHYUCDBIpeEl/Cw5uAJ9smUUUHwh2M0SkJAxEmec4mpaDI7kBDQRUW7cN
> EAQAkHhbnFMtkJeMbyb9HnlwGRQ8/W2NV4mfHTce/c2ggtionOYcPi1BXBN2Nq/w
> knfQDAbnwrSk21xZ//BN8CE570cEGgLAN3ILyvmjXwBtLfKDpe/RYVskjxFgMtQ1
> lz7BiU9MfrVDWKNP1PJPSAAjcWPPgIJVzFjbIrOC1DKeR9sAAwUD/RsSBkJVmfA3
> NnK/vRnZMQ9sgUiXVYblJHXxnCvGVSz6rWRdR3jrQrALYeCkqbGEZAoX7PhLUwG5
> +c+nwhbKgnSI5VkwTxTf5To/sKfGY/ZU7uVKdNT3OG6fon5kSv+1neXD2ekFoD5G
> NV2DqzaXq4kjIi3gfgU0PpeMpHyNsyA7iEkEGBECAAkFAlRbtw0CGwwACgkQfah7
> t6nNuuMXqQCZAfBvDdJ/9S8qK6u/yVo6t9cxtpkAn3XJsfNKK4YwRgL68p6eK8uA
> +VIJ
> =kOqh
> -END PGP PUBLIC KEY BLOCK-
>
>
>
>
> -Original Message-
> From: NANOG [mailto:nanog-bounces+maximilian=baehring...@nanog.org] On
> Behalf Of Yucong Sun
> Sent: Mittwoch, 10. Dezember 2014 07:27
> To: NANOG
> Subject: Charging fee for BGP prefix per /24?!
>
> Hi,
>
> My recent inquiry to some network provider reveals that they are charging
> fee for per /24 announced. Obvious that would means they get to charge a
> lot with little to none efforts on their side.
>
> In a world we are charging total bytes transferred instead of bps on
> uplinks, i can't say I'm surprised that much. But does anyone else had same
> experience? Did you pay? Is this the new status quo now?
>
> Thanks.
>
>

Charging fee for BGP prefix per /24?!

2014-12-09 Thread Yucong Sun 
Hi,

My recent inquiry to some network provider reveals that they are
charging fee for per /24 announced. Obvious that would means they get
to charge a lot with little to none efforts on their side.

In a world we are charging total bytes transferred instead of bps on
uplinks, i can't say I'm surprised that much. But does anyone else had
same experience? Did you pay? Is this the new status quo now?

Thanks.

Re: Mikrotik RouterBoard and Ubiquiti Networks Routing and Switching Solutions

2014-08-11 Thread Yucong Sun 
EdgeRouter only support "hardware accelerated" routing with limited
features. If you start playing with firewall filters, gre tunnels etc you
would have to be careful about how they decrease your performance.

I personally tried to use a edgerouter to replace my j2350 with 300mbps
traffic. I first tried it at home to replace a NS5GT, But some
not-so-obvious problem has made me lost patient during the trail. My plan
to use it to replace j2350 is shelved for now..

I personally feel like at this level of traffic,  A entry level of linux
server (like dell r210) with adequate domain knowledge is the best
combination.  It would happily do most stuff you throw at it, if you know
how to use it.  Entry level hardware solution  tries to hide details from
user, because they want to target clueless consumers, but it sounds like a
 PITA for me.  If I had to learn new stuff, i better spend my time on some
real industrial stuff (like m7i/m10i ).

Re: [j-nsp] Viability of EX4300 in a primarily l3 environment?

2014-08-06 Thread Yucong Sun 
it appears not, ospf + ipv4 was not mentioned here:

http://www.juniper.net/techpubs/en_US/junos11.4/topics/concept/ex-series-software-licenses-overview.html#jd0e135


On Wed, Aug 6, 2014 at 7:54 PM, Paul S.  wrote:

> Correct me if I'm wrong, but doesn't OSPF require the AFL license anyway
> to be 'legitly' ran?
>
> Price difference might be a lot smaller depending on that.
>
>
> On 8/6/2014 午後 08:30, Yucong Sun wrote:
>
>> I used ex4200 to do exactly what you did before.  ex4200 releases is
>> pretty
>> rock solid, feature extensive, although with lower arp entry limits.
>>
>> Given the price difference maybe you can connect each l2 domain to its own
>> ex4200 and have them do ospf routing among selves, which maybe give you
>> better failure tolerances compare to a single core.
>>
>>
>> On Wed, Aug 6, 2014 at 6:35 PM, Giuliano Cardozo Medalha <
>> giuli...@wztech.com.br> wrote:
>>
>>  we are using ex4300 with the last release available
>>>
>>> the setup is pretty simple using virtual chassis, lag, L3 and poe
>>>
>>> it works pretty fine and we do not have any serious problems
>>>
>>> sometimes the poe controller goes down but we have a case oppened in jtac
>>> to try solve it
>>>
>>> Sent from my iPhone
>>>
>>>  On 06/08/2014, at 07:15, Sebastian Wiesinger <
>>>> juniper-...@ml.karotte.org>
>>>>
>>> wrote:
>>>
>>>> * Paul S.  [2014-08-02 05:18]:
>>>>
>>>>> Hi folks,
>>>>>
>>>>> We're considering the EX4300 to run routing (l3) for a few
>>>>> hypervisors of ours that are connected via l2.
>>>>>
>>>>> Primarily interested due to the rather massive arp limit (64, 000)
>>>>> on the switch, but we've been told (and searched for ourselves to
>>>>> find out) that the 4300 platform has been plagued by random issues
>>>>> since launch.
>>>>>
>>>> I don't have hands-on experience but I looked at the EX4300 platform
>>>> for a new deployment. If you look at the current release notes:
>>>>
>>>>
>>>>  http://www.juniper.net/techpubs/en_US/junos13.2/
>>> information-products/topic-collections/ex-qfx-series/
>>> release-notes/ex-qfx-series-junos-release-notes-13.2X51-D25.pdf
>>>
>>>> There are a lot of (serious) bugs still getting fixed so I'm not sure
>>>> how mature this platform is. One big reason for that is probably
>>>> because EX4300 uses other chips than the rest of the 4xxx series
>>>> (Broadcom).
>>>>
>>>> Regards
>>>>
>>>> Sebastian
>>>>
>>>> --
>>>> GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
>>>> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
>>>>
>>> SCYTHE.
>>>
>>>> -- Terry Pratchett, The Fifth Elephant
>>>> ___
>>>> juniper-nsp mailing list juniper-...@puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>
>>> ___
>>> juniper-nsp mailing list juniper-...@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>>  ___
>> juniper-nsp mailing list juniper-...@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>

LAX china unicom submarine cable cut?

2014-02-21 Thread Yucong Sun 
Well, ain't that great day to finish the week. Some one today me a
submarine cable is cut.

Most of the networks in LAX that has peering with CU looks congested to
hell now. Anyone else here seeing the same thing?

Re: OpenNTPProject.org

2014-02-17 Thread Yucong Sun 
Just for the reference, here is a more complete solution for Junos (took me
a while searching the web to figure it out), hope it helps someone.

policy-options {
prefix-list lo0.0-inet-address {
apply-path "interfaces lo0 unit 0 family inet address <*>";
}
prefix-list ntp-servers {
apply-path "system ntp server <*>";
}
}

firewall {
family inet {
filter lo-filter {
term ntp-allow {
from {
source-prefix-list {
ntp-servers;
lo0.0-inet-address;
}
protocol udp;
destination-port ntp;
}
then accept;
}
term ntp-other-discard {
from {
protocol udp;
destination-port ntp;
}
then {
discard;
}
}
term zz-accept {
then accept;
}
}
   }
}



On Sun, Feb 16, 2014 at 8:42 PM, Mark Tinka  wrote:

> On Monday, February 17, 2014 06:35:46 AM Lyndon Nerenberg
> wrote:
>
> > I was suggesting it as an alternative to just chopping
> > off NTP at your border.  Presumably it would be a
> > one-off thing until Juniper issues a patch.
>
> In Junos, applying the right filters to your router's
> control plane will fix the issue. You don't need to block
> NTP in the data plane.
>
> Mark.
>