Re: DS3 mux recommendation

2010-09-09 Thread sjk 
We use Adtran MX2820s which have been pretty reliable. They are designed
for medium density, so I am not sure if they'll be applicable to your
situation. We pull and trap a fair amount of snmp from them with no
problems.

Jay Nakamura wrote:
 I haven't researched stand alone DS3 mux in a long time and was
 wondering if anyone can recommend a DS3 Mux.  I have used Adtran
 before. (Long ago)  The products back then worked fine on line level
 but management interface was awful and if you threw too much SNMP at
 it and the management interface locked up.
 
 Are there anything better out there these days?
 
 TIA,
 
 -Jay

Re: U.S. Plans Cyber Shield for Utilities, Companies

2010-07-11 Thread sjk 
$100M is for the first phase, which I would think would be the initial
deployment of intrusions sensors with out of band data feeds, and the
building of a baseline traffic model. The real question is why do any
critical control networks ever touch anything remotely connected to a
public network? Laziness - that's why.

Tomas L. Byrnes wrote:
 Because no-one who could do it for less can afford to respond to government 
 contracts, and make sure they comply with all the applicable laws and 
 regulations, and keep the sort of records, and be prepared for the audits of 
 said records, required.
 
 As soon as you do business with the govt, the overhead goes through the roof.
 
 
 -Original Message-
 From: Patrick Giagnocavo [mailto:patr...@zill.net]
 Sent: Wednesday, July 07, 2010 7:02 PM
 To: nanog@nanog.org
 Subject: Re: U.S. Plans Cyber Shield for Utilities, Companies

 andrew.wallace wrote:
 Article:

 http://online.wsj.com/article/SB100014240527487045450045753529838504631
 08.html
 Why does it cost $100 million to install and configure OpenBSD on a
 bunch of old systems?

 --Patrick

Re: Strange practices?

2010-06-07 Thread sjk 
Hve seen it a few times -- usually with enterprise customers who are
unable to manage their own routers and one ISP which has problems
configuring BGP on their client facing equipment.


Dale Cornman wrote:
 Has anyone ever heard of a multi-homed enterprise not running bgp with
 either of 2 providers, but instead, each provider statically routes a block
 to their common customer and also each originates this block in BGP?   One
 of the ISP's in this case owns the block and has even provided a letter of
 authorization to the other, allowing them to announce it in BGP as well.
   I had personally never heard of this and am curious if this is a common
 practice as well as if this would potentially create any problems by 2
 Autonomous Systems both originating the same prefix.
 
 Thanks
 
 -Bill

Cyclops Down?

2009-12-15 Thread sjk 
Is anyone else seeing cyclops down -- or is it just me?

 mtr -c10 -r 131.179.96.253

4. osh-2828-peer.onshore.net 0.0%101.3   1.3   1.2   1.6   0.1
  5. ip65-47-181-105.z181-47-65.c  0.0%101.4   2.0   1.3   3.7   0.8
  6. ge11-1-4d0.mcr2.chicago-il.u  0.0%102.1   1.7   1.4   2.1   0.3
  7. ae1d0.mcr1.chicago-il.us.xo.  0.0%102.7  11.8   1.8  34.9  13.4
  8. 216.156.0.161.ptr.us.xo.net   0.0%10   62.2  62.3  62.0  62.8   0.3
  9. te-3-2-0.rar3.dallas-tx.us.x  0.0%10   61.1  61.8  61.0  64.2   1.0
 10. 207.88.12.46.ptr.us.xo.net0.0%10   61.6  61.6  60.7  63.8   1.1
 11. 207.88.12.158.ptr.us.xo.net   0.0%10   60.7  61.0  60.7  61.7   0.4
 12. lax-px1--xo-ge.cenic.net  0.0%10   60.5  60.8  60.4  61.4   0.4
 13. dc-lax-core1--lax-peer1-ge.c  0.0%10   61.5  61.5  61.1  62.1   0.4
 14. dc-lax-agg1--lax-core1-ge.ce  0.0%10   61.1  61.6  60.8  63.5   0.9
 15. dc-ucla--lax-agg1-ge-2.cenic  0.0%10   62.0  62.6  61.7  65.1   1.3
 16. border-2--core-1-ge.backbone  0.0%10   62.4  62.4  61.8  63.4   0.5
 17. core-1--mathsci-10ge.backbon  0.0%10   61.9  61.7  61.4  62.1   0.2
 18. ???  100.0100.0   0.0   0.0   0.0   0.0

Re: NetFlow analyzer software

2009-10-19 Thread sjk 
We currently use nfsen - http://nfsen.sourceforge.net/ -- It works
pretty well, not as fancy as others I've worked with, but provides the
basic analytical needs.

Michael J McCafferty wrote:
 All,
I am looking for decent netflow analyzer and reporting  software with good 
 support for AS data. 
ManagEngine's product crashes or locks up my browser when I try to 
 list/sort the AS info because it's too large of a list and there is no way to 
 tell it to show just the top x results.
Plixer's Scrutenizer, while it seems like it's a pretty decent product, is 
 no longer supporting Linux... We are a Linux shop (servers, desktops, 
 laptops). 
What else is there that I might want to look at?
 
 Thanks!
 Mike
 M5Hosting.com
 Sent from my Verizon Wireless BlackBerry

Re: Invalid prefix announcement from AS9035 for 129.77.0.0/16

2009-10-09 Thread sjk 
We are seeing the same ting with 66.146.192.0/19  66.251.224.0/19.
According to cyclopes this is still continuing. . .

Dylan Ebner wrote:
 We also received a notification that our IP block 67.135.55.0/24 (AS19629) is 
 being annouced by AS9035. Hopefully someone is receiving my emails.
 
 Thanks 
 
 
 Dylan Ebner, Network Engineer
 Consulting Radiologists, Ltd.
 1221 Nicollet Mall, Minneapolis, MN 55403
 ph. 612.573.2236 fax. 612.573.2250
 dylan.eb...@crlmed.com
 www.consultingradiologists.com
 
 
 -Original Message-
 From: Matthew Huff [mailto:mh...@ox.com] 
 Sent: Friday, October 09, 2009 7:28 AM
 To: nanog@nanog.org
 Subject: Invalid prefix announcement from AS9035 for 129.77.0.0/16
 
 About 4 hours ago BGPmon picked up a rogue announcement of 129.77.0.0 from 
 AS9035 (ASN-WIND Wind Telecomunicazioni spa) with an upstream of AS1267 
 (ASN-INFOSTRADA Infostrada S.p.A.). I don't see it now on any looking glass 
 sites. Hopefully this was just a typo that was quickly corrected. I would 
 appreciate if people have time and can double check let me know if any 
 announcements are active except from our AS6128/AS6395 upstreams.
 
 If this were to persist, what would be the best course of action to resolve 
 it, especially given that the AS was within RIPE.
 
 
 
 
 Matthew Huff   | One Manhattanville Rd OTA Management LLC | Purchase, NY 
 10577 http://www.ox.com  | Phone: 914-460-4039
 aim: matthewbhuff  | Fax:   914-460-4139

Residential BW Planning

2009-08-11 Thread sjk 
I am trying to perform some capacity planning for some of our
residential pops, but the old calcs I used to use seem useless -- as
they were adapted from the dialup days and relied upon a percentage of
users online (~50%) and a percentage of concurrent transmission (~19%).
My present scenario involves a micro-pop terminating 250 residences
where users are expecting 4 mb/s. So I am looking for some baseline to
begin at, so I am wondering what others are doing.

Any thoughts are appreciated.

Thanks
--steve

Re: DOS in progress ?

2009-08-06 Thread sjk 
We are presently seeing some weird FB behavior -- timeouts and retry
issues. We've had several reports from our users and just began
investigating. Any info you have would be appreciated.

--sjk

Jorge Amodio wrote:
 Are folks seeing any major DOS in progress ?
 
 Twitter seems to be under one and FB is flaky.

Re: cisco.com

2009-08-04 Thread sjk 
We have seen the route for cisco withdrawn from 208 and 2828. Facebook
seems fine

Dominic J. Eidson wrote:
 
 Both work from Austin, TX.
 
 
 
  - d.
 
 On Tue, 4 Aug 2009, Alex Nderitu wrote:
 
 Facebook seems to also be affected.


 -Original Message-
 From: R. Benjamin Kessler r...@mnsginc.com
 To: nanog@nanog.org
 Subject: cisco.com
 Date: Tue, 4 Aug 2009 09:34:46 -0400


 Hey Gang -

 I'm unable to get to cisco.com from multiple places on the 'net
 (including downforeveryoneorjustme.com); any ideas on the cause and ETR?

 Thanks,

 Ben

Re: cisco.com

2009-08-04 Thread sjk 
Seeing them off of Sprint now. . . weird

sjk wrote:
 We have seen the route for cisco withdrawn from 208 and 2828. Facebook
 seems fine

Re: Anomalies with AS13214 ?

2009-07-28 Thread sjk 


Russell Heilling wrote:
 2009/5/11 Ricardo Oliveira rvel...@cs.ucla.edu:
 Hi all,

 First, thanks for using Cyclops, and thanks for all the Cyclops users that
 drop me a message about this.

 It seems some router in AS13214 decided to originate all the prefixes and
 send them to AS48285 in the Caymans, all the ASPATHs are 48285 13214.
 The first announcement was on 2009-05-11 11:03:11 UTC and last on 2009-05-11
 12:16:32 UTC, there were 266,289 prefixes leaked (they were withdrawn
 afterwards)
 
 It looks like AS13214 are misbehaving again...  We have just started
 receiving cyclops alerts indicating that AS13214 is announcing our
 prefixes again:

We are seeing the same thing for two of our prefixes:

Offending attribute:  66.251.224.0/19-13214

Offending attribute:  66.146.192.0/19-48285

Pretty annoying

--steve

DSX cross-connect solution

2009-05-04 Thread sjk 
I am trying to find hardware for a rebuild of our DS1 cross-connect
frame and can't seem to find much out there. We've got ~300 DS1s that
need to be x-connected between our M13s and I'm seeking an easy to
manage solution. I've looked at the Telect panels but I'm concerned that
my staff can't deal with wirewrap terminations. Has anyone seen, simply,
a high density 66 field that can fit in a 23 rack?

TIA -- steve