[uknof] ThreeUK

[James Bensley via uknof]

--- Begin Message ---
Anyone from ThreeUK on the list who can help with a peering query?

If yes, please can you contact me off list?

Cheers,
James.


--- End Message ---

Re: [uknof] Strange DKIM Failures via UKNOF

[James Bensley via uknof]

--- Begin Message ---
This issue affects me too, ever since I moved away from Gmail, my new provider 
(protonmail) seems more strict so I'm also getting mangled emails from UKNOF.

I'm on loads of mailman mailing lists and since switching email providers, I 
only have a problem with UKNOF. If anyone knows which mailman setting needs 
tweaking, I'd love to know. We could then ask the hosting provider to tweak 
said setting.

Cheers,
James.--- End Message ---

Re: [uknof] Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

[James Bensley via uknof]

--- Begin Message ---
On Monday, November 27th, 2023 at 05:03, Christopher Hawker 
 wrote:

> Hello everyone,
>
> Aftab Siddiqui is currently exploring the possibility of using Route Object 
> Authorisations (ROAs) as a potential replacement to LOAs.

Hi Christopher,

This survey was sent to the NANOG list and there someone responded saying that 
they have been in the service provider world for 10 years and only had to send 
a LoA once, with regards to authorisation for IP announcements.

I have been working in the SP world for 15-ish years and I have worked with all 
Tier 1's at different points, and I have never had to send a LoA.

My only experiences with LoA's is for DC cross-connects (in this context I have 
sent and received many). So the survey seems flawed in that the first question 
should be something like "do you send and accept LoA's regarding prefix 
announcements" because, the survey is based on the assumption that everyone is 
using LoAs for this, I think this initial assumption needs clarifying.

Cheers,
James.--- End Message ---

[uknof] *-in-IPv6 vs SR MPLS

[James Bensley via uknof]

--- Begin Message ---
Hi all,

I wonder if anyone has recently compared *-in-IPv6 against SR MPLS, for new 
service provider network deployments (where you have the typically requirements 
of L2 MPLS VPNs, L3 MPLS VPNs, some sort of label distribution method in the 
underlay, and a BGP free core).

There are a few problems with MPLS, and rather than trying to fix MPLS, 
removing MPLS could be nicer, and I think IPv6/4/Ethernet-in-IPv6 maybe 
achieves that.

The problems I have with MPLS are:

* Label space is limited to ~1M labels/20 bits -> IPv6 has ~128bits of space
* MPLS only has 3 bits for EXP -> IPv6 means no changes or "mapping" required 
from DSCP to EXP and back to DSCP
* MPLS has no payload protocol ID field -> IPv6 has a next header field, which 
removes the need for PW CW and the broken load-balancing we see today
* MPLS required an entropy label + ELI, or FAT label for better load-balancing 
-> multiple IPv6 addresses can be assigned to the same FEC to improve load 
balancing

Has anyone here seriously looked into *-in-IPv6 instead of rolling out SR MPLS, 
if yes, what did you find?

(Note: I discount SRv6 because that is very different to *-in-IPv6 and, it just 
introduces a whole new bunch of problems).

Cheers,
James.

--- End Message ---

Re: [uknof] Network Design Advice

[James Bensley via uknof]

--- Begin Message ---
--- Original Message ---
On Monday, October 2nd, 2023 at 14:26, Michael Sims via uknof 
 wrote:

Hey Mick,

> I am new to network design, I have mainly come from an operational 
> background. Honestly I’m struggling to wrap my head around all the parts you 
> need to consider in all designs. I feel I’m back to square one and need 
> mentoring. How did you all get confident with the designing role overall? 

This is such a huge topic I’m not sure how to address it in an email but, here 
are some starting points...

Firstly I tried to get a good understanding of the technology I was using:

1. I spent a lot of time in the lab (still do) really getting to know whatever 
technology I would have to work with. By “lab” I mean that sometimes I’m 
working at a company with a lab I can freely test stuff with, sometimes I’m 
working somewhere with no lab and have to “test in production”, sometimes I’m 
able to test on my home lab (which these days can just mean some virtual 
machines or containers on my laptop, gone are the days of physical home labs).

2. It meant (still does) reading the RFCs to understand how the technology is 
supposed to work. When I started out I found them intimidating but, you quickly 
got used to them, and now they are usually the first place I look.

3. It also meant (still does) reading the vendor documentation in great detail 
(because, they don’t always follow the RFCs, and because, RFCs are the theory 
but, vendor docs are how you implement it). The first time I had to set up some 
L2TP tunnels and terminate some ADSL subscribers on a Cisco 7200 during a 
maintenance window, I feel asleep several nights in a row in the run-up, with 
my laptop balanced on my chest, reading the Cisco documentation in bed until my 
brain couldn't take any more.

Having said all that, you can never know everything about a specific 
technology, you just need to get to a point where you feel you know what is 
needed to make something work, and that you can recognise when something 
probably isn’t going to work. Then you can flag it with your vendor, or during 
lab testing, and make it clear to all that need to know, this needs further 
clarifying.

Secondly, you need to gather the requirements for whatever you have to design. 
Requirements gathering and confirming is a key step; kick out much as you can 
to simplify the design (simplicity scales better, is easier to deploy, easier 
to support, easier to upgrade/migrate/decommission, etc). This also helps to 
meet your probably unrealistic due date and/or financial target. Whatever 
requirements you’re left with, apply your technical know-how to come up with a 
design that meets those requirements. Many customers and sales people like to 
overestimate what’s “needed”, and by when. You can usually either remove 
requirements entirely or stagger them, so that your initial design doesn’t need 
to be so burdening.

Thirdly, use every resource that is available to you; ask your vendor if your 
idea will work, ask your vendor if they have case studies from customers who 
have done something similar, ask your steak-holders (the support teams, 
deployment teams, your customer), try to test it in the lab, ask if others have 
done this before, if anyone sees any problems. Don’t think of design work as “I 
need to produce a perfect design, on my own”. No one person can know everything 
or foresee everything. I think of it as some sort of technical project manager 
type role (even though I’m the one configuring and deploying the devices), I 
try to get eyes from all the steak-holders/customers/vendors on the design, to 
find faults, and then address them together. So eventually I bring to the table 
this mature design but, it took input from many to get there (and I usually 
write that in there somewhere too, that the on-call engineers/the NOC/the field 
engineers/the vendor/the customer, have all seen and approved this design).


> And any suggestions for home revision?

If you work somewhere with existing designs for other “stuff”, start by reading 
those. At every company I have ever worked at, I have spent a non-trivial 
amount of time reading through the designs of stuff I’m not working on, to get 
an idea of how other networks work, to expand my horizons, to see if there is 
anything I can re-use in my own work. I also contact those people to hear their 
thoughts.

Also, do some Googling, you can find network designs freely available for 
download on the Internet. Also search for content related to the Cisco CCDE 
course, people publish their practice designs. You also don’t need to see “full 
designs” (whatever that means), if you’re working with technology X but, you 
don’t understand it, I’ve found some great blog posts over the years that 
helped me to understand it better than the RFCs or vendor docs. They blog post 
might be based on someone's real life experiences which means they open your 
eyes to issues you wouldn’t have 

Re: [uknof] Volunteering for the UKNOF PC

[James Bensley via uknof]

--- Begin Message ---
Hello everyone,

just a reminder that applications for joining the UKNOF PC are open as per the 
below email, and that we will stop accepting applications at the end of this 
calendar month.

If you have any questions, please let me know.

Thank you,
James.


--- Original Message ---
On Sunday, April 23rd, 2023 at 12:19, James Bensley  
wrote:


> 
> 
> Hello all,
> 
> For anyone who was not present at UKNOF51 in Manchester recently, we thanked 
> several volunteers who had stepped down from various UK roles and announced 
> that we are looking to fill some vacancies recently created. We are now 
> actively seeking new PC volunteers.
> 
> Who?
> Anyone can join the UKNOF PC. If you can spare a few hours a month and are 
> passionate about the UK networking community, you are probably a benefit to 
> UKNOF.
> 
> What?
> The UKNOF PC are responsible for the content of UKNOF events. This 
> encompasses everything from soliciting for talks, to reviewing abstracts, 
> providing editorial feedback on draft presentations, compiling the agenda, 
> incorporating survey feedback, suggesting new sources of content, and 
> whatever else you want to do add.
> 
> The average commitment per PC member is about 3 hours per month. In the lead 
> up to an event a few extra hours may be needed for last minute actions. We 
> understand that PC members are volunteers and have demanding lives of their 
> own and we don’t expect them to always be available.
> 
> When?
> We are looking for volunteers to start immediately. These are currently 
> indefinite volunteering positions, but we have recently introduced a charter 
> for the PC (here: https://www.uknof.org.uk/about-us/programme-committee/) 
> which we will enact soon, limiting terms to ensure a balance between 
> stability whilst also periodically shaking up the status quo.
> 
> Where?
> UKNOF events take place approximately 2-3 times per year. There is no 
> expectation that every PC member will be at all events. We need some members 
> to help in person on the day of a UKNOF event. So we need volunteers who are 
> willing and able to attend some of the events.
> 
> Why?
> The UK has a fantastic networking community, which UKNOF is a part of. 
> Volunteering for UKNOF is a way to contribute to UKNOF itself, to contribute 
> to the UK community, learn a few new skills, and get a chance to expand your 
> professional network.
> 
> How?
> Please send an email to p...@uknof.org.uk and write a few words about how you 
> think you could help, or any ideas you have, or changes you’d like to make. 
> If we send you some follow-up questions this is for us to understand better 
> how you would fit into the team. It will not be a competition. We do not 
> require any personal information about you. There are many types of diversity 
> so we want to ensure that we choose a range of candidates, who will provide a 
> mixture of professional backgrounds, industry opinions, alternative ideas, 
> and not develop a fossilising monoculture.
> 
> The candidates will be presented to the PC and we will review them all. Then 
> a shortlist will be made and presented to the board for final approval.
> 
> Further info:
> I am the current PC chair. You can email me if you have questions about any 
> aspect of UKNOF, not just volunteering for the PC. We also have current and 
> former PC members with whom I can connect you, if you want to hear their 
> experiences from being on the PC.
> 
> OK, I’ve said enough, over to you...
> 
> Kind regards,
> James Bensley.

--- End Message ---

[uknof] Volunteering for the UKNOF PC

[James Bensley via uknof]

--- Begin Message ---
Hello all,

For anyone who was not present at UKNOF51 in Manchester recently, we thanked 
several volunteers who had stepped down from various UK roles and announced 
that we are looking to fill some vacancies recently created. We are now 
actively seeking new PC volunteers.

Who?
Anyone can join the UKNOF PC. If you can spare a few hours a month and are 
passionate about the UK networking community, you are probably a benefit to 
UKNOF.

What?
The UKNOF PC are responsible for the content of UKNOF events. This encompasses 
everything from soliciting for talks, to reviewing abstracts, providing 
editorial feedback on draft presentations, compiling the agenda, incorporating 
survey feedback, suggesting new sources of content, and whatever else you want 
to do add.

The average commitment per PC member is about 3 hours per month. In the lead up 
to an event a few extra hours may be needed for last minute actions. We 
understand that PC members are volunteers and have demanding lives of their own 
and we don’t expect them to always be available.

When?
We are looking for volunteers to start immediately. These are currently 
indefinite volunteering positions, but we have recently introduced a charter 
for the PC (here: https://www.uknof.org.uk/about-us/programme-committee/) which 
we will enact soon, limiting terms to ensure a balance between stability whilst 
also periodically shaking up the status quo.

Where?
UKNOF events take place approximately 2-3 times per year. There is no 
expectation that every PC member will be at all events. We need some members to 
help in person on the day of a UKNOF event. So we need volunteers who are 
willing and able to attend some of the events.

Why?
The UK has a fantastic networking community, which UKNOF is a part of. 
Volunteering for UKNOF is a way to contribute to UKNOF itself, to contribute to 
the UK community, learn a few new skills, and get a chance to expand your 
professional network.

How?
Please send an email to p...@uknof.org.uk and write a few words about how you 
think you could help, or any ideas you have, or changes you’d like to make. If 
we send you some follow-up questions this is for us to understand better how 
you would fit into the team. It will not be a competition. We do not require 
any personal information about you. There are many types of diversity so we 
want to ensure that we choose a range of candidates, who will provide a mixture 
of professional backgrounds, industry opinions, alternative ideas, and not 
develop a fossilising monoculture.

The candidates will be presented to the PC and we will review them all. Then a 
shortlist will be made and presented to the board for final approval.

Further info:
I am the current PC chair. You can email me if you have questions about any 
aspect of UKNOF, not just volunteering for the PC. We also have current and 
former PC members with whom I can connect you, if you want to hear their 
experiences from being on the PC.

OK, I’ve said enough, over to you...

Kind regards,
James Bensley.

--- End Message ---

Re: [uknof] Pure L3 routing in EVPNs

[James Bensley via uknof]

--- Begin Message ---
Hi all,

just been having this discussion with someone directly via email, but I’m 
interested to hear any experiences from the wider community;

I'm interested to hear from anyone who has done extensive/scaled pure layer 3 
routing inside EVPNs .e.g, have you tried to put the DFZ into an EVPN VRF, what 
about multiple copies, multiple VRFs?

EVPN allows one to have a singe combined VPN technology for both L2 and L3 VPNs 
but it seems to me like virtually everyone is still using traditional MPLS L3 
VPNs (BGP AFI/SAFI 1/128 and 2/128) for their pure L3 forwarding requirements 
and EVPNs (BGP AFI/SAFI 25/70) for their pure L2 forwarding requirements.

Has anyone here done much pure L3 routing inside EVPNs, and with more four or 
five digit numbers of routes and VRFs?

Was it as stable as traditional L3 VPNs on your vendor of choice? Did it scale 
as expected? How was the memory usage on your RRs?

Any feedback is appreciated.

Cheers,
James.

--- End Message ---

[uknof] Pure L3 routing in EVPNs

[James Bensley via uknof]

--- Begin Message ---
Hi all,

just been having this discussion with someone directly via email, but I’m 
interested to hear any experiences from the wider community;

I'm interested to hear from anyone who has done extensive/scaled pure layer 3 
routing inside EVPNs .e.g, have you tried to put the DFZ into an EVPN VRF, what 
about multiple copies, multiple VRFs?

EVPN allows one to have a singe combined VPN technology for both L2 and L3 VPNs 
but it seems to me like virtually everyone is still using traditional MPLS L3 
VPNs (BGP AFI/SAFI 1/128 and 2/128) for their pure L3 forwarding requirements 
and EVPNs (BGP AFI/SAFI 25/70) for their pure L2 forwarding requirements.

Has anyone here done much pure L3 routing inside EVPNs, and with more four or 
five digit numbers of routes and VRFs?

Was it as stable as traditional L3 VPNs on your vendor of choice? Did it scale 
as expected? How was the memory usage on your RRs?

Any feedback is appreciated.

Cheers,
James.

--- End Message ---

[uknof] BGP attributes 20 & 21 in the DFZ

[James Bensley via uknof]

--- Begin Message ---
Hi all,

Can anyone think of a genuine reason to be seeing routes announced in the DFZ 
with BGP attributes 20 and 21? I assume it is just legacy equipment / legacy 
config floating around somewhere, which has been forgotten about. Are there any 
genuine reasons for this I might be missing?

https://github.com/DFZ-Name-and-Shame/dnas_stats/blob/main/2022/09/28/20220928.txt#L74

Cheers,
James.--- End Message ---

[uknof] NetLdn Talks

[James Bensley via uknof]

--- Begin Message ---
Hi all,

the holiday season is coming to a close so we're looking for more people to 
come and talk at NetLdn: https://netldn.uk/

We're a friendly, open, casual meet-up where everyone is welcome. We meet once 
a month after work in a private room upstairs at a London pub.

We're inviting everyone to come and talk about any area of networking that 
interests them. Have you been working on something that you find really 
interesting? Chances are others will too, so come tell NetLdn about it!

Presenting in front of an audience can be a scary thought, but NetLdn is a 
great launch pad to test your content and hone your presenting skills, before 
taking them to a bigger event like UKNOF, RIPE or LINX.

So if you've got an idea for a talk, and need that little push to turn it in to 
a presentation, please submit a response to our CFP: https://netldn.uk/cfp/

If you have any questions, please contact us using the email address 
he...@netldn.uk.

Cheers,
James.

--- End Message ---

Re: [uknof] Openreach 'Hardware' Shortages

[James Bensley]

Hi Charl,

I hope all is well with you?

A while back OR did declare a MBORC for OSAs due to hardware
shortages, but I thought they lifted that again, maybe not and I'm
misremembering?

Have a look through the MBORCs:
https://re.openreach.co.uk/cpportal/updates/cpzone-mborc

Also, this was discussed when it was first announce in the UK AltNet
Slack, worth joining if you're not already in there, a lot of good OR
knowledge is being exchanged: https://altnet.uk/

Cheers,
James.

Re: [uknof] Cisco 887VA "golden config" (for home)

[James Bensley]

Hi Tom,

I was using this on an 897 with Sky FTTC (via Openreach):
https://null.53bits.co.uk/uploads/hardware/Cisco%20897VAW-E-K9%20show-run.txt

A good tip is to ensure that you have the latest VDSL firmware from
cisco.com on your device. Also maybe enable the ADSL/VDSL controller
training log, and as much debugging as you can, so you can see why
it's dropping and when.

conf t
controller VDSL 0
 training log filename flash:vdsl.log
 end

debug ppp *

Also look under the "show controller x" commands.

Cheers,
James.

[uknof] Co-lo/Compute Donation Sought

[James Bensley]

Morning all,

Does anyone here have an old server in co-lo they want to donate to a
worth cause, or can perhaps donate a VM? The cause being a project I’m
working on to name and shame the worst offenders in the global BGP
DFZ?

https://twitter.com/bgp_shamer
https://twitter.com/bgp_shamer/status/1524416452866068486
https://github.com/DFZ-Name-and-Shame/dnas_stats/blob/main/2022/05/10/20220510.txt

Please contact me off list if you can help. I’m looking for something
I can have root access to, with about 8 cores / threads, and 8GBs of
RAM.

Cheers,
James.

[uknof] PC Volunteers Wanted

[James Bensley]

Hello all,

For anyone who was not present at UKNOF49 in Manchester recently, we
thanked several volunteers who had stepped down from the Programme
Committee and announced that we are looking to fill the vacancies
recently created. We are now actively seeking new PC volunteers.

Who?
Anyone can join the UKNOF PC. If you can spare a few hours a month and
are passionate about the UK networking community, you are probably a
benefit to UKNOF.

What?
The UKNOF PC are responsible for the content of UKNOF events. This
encompasses everything from soliciting for talks, to reviewing
abstracts, providing editorial feedback on draft presentations,
compiling the agenda, incorporating survey feedback, suggesting new
sources of content, and whatever else you want to do add.

The average commitment per PC member is about 3 hours per month. In
the lead up to an event a few extra hours may be needed for last
minute actions. We understand that PC members are volunteers and have
demanding lives of their own and we don’t expect them to always be
available.

When?
We are looking for volunteers to start immediately. These are
“indefinite” volunteering positions. But we are in the process of
introducing a maximum term for the chair and co-chair roles of the
various UKNOF committees. This may be extended to PC members in the
future.

Where?
UKNOF events take place approximately 3 times per year. There is no
expectation that every PC member will be at all events. We need some
members to help in person on the day of a UKNOF event. So we need
volunteers who are willing and able to attend some of the events.

Why?
The UK has a fantastic networking community, which UKNOF is a part of.
Volunteering for UKNOF is a way to contribute to UKNOF itself, to
contribute to the UK community, learn a few new skills, and get a
chance to expand your professional network.

How?
Please send an email to p...@uknof.org.uk and write a few words about
how you think you could help, or any ideas you have, or changes you’d
like to make. If we send you some follow-up questions this is for us
to understand better how you would fit into the team. It will not be a
competition. We do not require any personal information about you.
There are many types of diversity so we want to ensure that we choose
a range of candidates, who will provide a mixture of professional
backgrounds, industry opinions, alternative ideas, and not develop a
fossilising monoculture.

The candidates will be presented to the PC and we will review them
all. Then a shortlist will be made and presented to the board for
final approval.

Further info:
I am the current PC chair. You can email me if you have questions
about any aspect of UKNOF, not just volunteering for the PC. We also
have current and former PC members with whom I can connect you, if you
want to hear their experiences from being on the PC.

OK, I’ve said enough, I’m here to help, over to you...

Kind regards,
James Bensley.

Re: [uknof] COVID-19 offers of help and network changes

[James Bensley]

On Mon, 16 Mar 2020 at 22:24, James Bensley  wrote:
>
> On Mon, 16 Mar 2020 at 21:16, David Simmons  
> wrote:
> >
> > I like the idea of this. Especially assisting with things like data centre 
> > visit coordination to minimise operator visits. This we certainly could 
> > help with and would like to be helped with!
>
> On Mon, 16 Mar 2020 at 21:17, Chris Malton  wrote:
> >
> > In principle, I'm happy to help where I can.
>
> I just knocked this up (it shows!):
> https://docs.google.com/spreadsheets/d/
>
> It's editable by all, without needing a Google account.
>
> Please add your details and share the link with other individuals,
> companies, and communities. Please also add any columns/fields you
> feel necessary.

Hi All,

It's been a while since this spreadsheet first went up. I think that
virtually everyone who needed extra help as a result of COVID probably
has it in place by now.

Due to the fact that this spreadsheet contains lots of personal
contact info I'm proposing to delete it. In the early days it was
regularly accessed but now it's rarely accessed. Also I've seen that
it was accessed a few weeks ago by someone from a company, whom I know
works in marketing at that company, and that company definately
doesn't need any extra help from the commmunity as per the original
intention of the spreadsheet (they are well resourced).

I'm proposing to delete it because I think the original purpose has
been served, and so that we don't have a big dump of contact details
sitting publically on the Internet forever ready for a Cogent sales
person to find. If I receive no objections in the next 7 days I will
delete it.

Kind reagrds,
James.

[uknof] Openreach SOR for GEA

[James Bensley]

Hi All,

Are there any CPs on list who use OR GEA services and have to the SORs
portal? If yes, can you unicast me off-list, I'm looking for some
community assistance with an open SOR relating to GEA services.

Kind regards,
James Bensley.

Re: [uknof] Finding out future Openreach plans for a cabinet

[James Bensley]

On Sun, 4 Oct 2020 at 21:18, Subhi S Hashwa  wrote:
>
> Dear All,
>
> Hope this is on topic.

For which list? You've cross-posted this to two different lists. For
one of them, this is very on topic, for the other, no topic is on
topic.

> I am moving and the broadband ISP order (FTTC) has been cancelled due to not 
> enough capacity (Probably at the cabinet, the guy on the phone wasn't clear).
> Where would I find out information on what Openreach has planned for 
> upgrading the cabinet capacity? I can't imagine 400 new houses without proper 
> internet.

Who cancelled the order, you, or the ISP you were ordering from?
Caveat, I'm not an OR copper services expert; if the person you spoke
to said the capacity was a problem because OR returned the "W" waiters
flag, then it is in reference to the cabinet. In that case, how long
you will have to wait is anybody's guess. It generally means the
cabinet is full so you would think they'd upgrade capacity in that
area pretty soon but I think it can be anything from "1 month" to
"never".

Good luck :)

Cheers,
James.

Re: [uknof] Geo Location

[James Bensley]

On Tue, 11 Aug 2020 at 01:28, Ben Wragg  wrote:
>
> Hello,
>
>
>
> Wondering if anyone has any idea who to contact at Sky/Channel4/ITV.
>
>
>
> One of our down stream’s is using a recycled AS and they are appearing in the 
> Ukraine, need to get there AS re-cached!
>
>
>
>
>
> Kindest Regards
>
> Ben

Hi Ben,

If you haven't already had an off list response from someone then
please drop me an email off list and I'll help you with your query.

Cheers,
James.

Re: [uknof] GEA Cablelink "external"

[James Bensley]

On Fri, 22 May 2020 at 14:52, Simon Lockhart  wrote:
>
> You're confusing "Cablelink" with "GEA Cablelink". They're two very different
> things.

Ah sorry yeah you're right, it's even in the subject line!

I have no excuse.

Cheers,
James.

Re: [uknof] GEA Cablelink "external"

[James Bensley]

On Fri, 22 May 2020 at 13:21, Aled Morris  wrote:
>
> Hi BT GEA customers.
>
> Has anyone managed to order a GEA Cablelink with external presentation i.e. 
> not to an Access Locate rack inside the exchange but to a footway box outside?
>
> This is clearly shown as an option (top blue line) on the diagram on page 8 
> of SIN498.
>
> My Openreach "Customer Establishment Delivery Manager" won't let me order it 
> however - they claim I must have Access Locate in the exchange to order GEA 
> Cablelinks.
>
> It's not clear if (having got Access Locate) they would then let me order 
> some external links per the diagram and why such a restriction exists.
>
> Any help appreciated.

Hi Aled,

Where are you ordering the external variant cable-link to/from? I
presume you're requesting that one end is a handover chamber outside,
where are you requesting the other end be? They are a mixture of an
internal variant 3 (from your rack to an internal cable chamber) plus
pulling in a fibre from an external handover chamber which is spiced
onto the internal variable 3 cable-link, so one end should be an
Access Locate rack. Is the problem you have that you have an older
pre-Access Locate rack?

Cheers,
James.

Re: [uknof] COVID-19 offers of help and network changes

[James Bensley]

Hi all,

Firstly, You are all hero's for offering to help our industry and community.

Secondly, the NCSC have taken an interest in this spreadsheet. I
hadn't checked it in detail in a while because I was busy. Someone
added a column regarding SC/DV clearance. I have deleted this column.
Please do not re-add this.

People were putting in all sorts of clearance details regarding SC,
DV, BPPS, NPPV, DBS etc. I'm sure the intentions were only good,
however, in reality I don't think there is a practical benefit to
adding this info, but there is potential risk, which is why I have
removed it.

Kind regards,
James.

Re: [uknof] COVID-19 offers of help and network changes

[James Bensley]

Hi all,

As requested, a new column has been added with support level.

Cheers,
James.

Re: [uknof] COVID-19 offers of help and network changes

[James Bensley]

Hi all,

Does anyone have any objections to me putting a banner at the top of
the spreadsheet, stating words to the effect of "these contact details
are for priority 1 / severity 1 issues only".

In my head, that is clearly what we are all volunteering for, because
we've also got our own networks and lives to support, but we haven't
actually explicitly said that in this thread. it would be good to
clarify it. Are people offering to help with S4/P4 intermittent
Instagram connectivity or just when connectivity is completely down?

If this varies by person/company, and some people are happy to help
with more than S1/P1 issues, then it can be an extra column and people
can put their individual support levels?

Cheers,
James.

Re: [uknof] COVID-19 offers of help and network changes

[James Bensley]

On Mon, 16 Mar 2020 at 21:16, David Simmons  wrote:
>
> I like the idea of this. Especially assisting with things like data centre 
> visit coordination to minimise operator visits. This we certainly could help 
> with and would like to be helped with!

On Mon, 16 Mar 2020 at 21:17, Chris Malton  wrote:
>
> In principle, I'm happy to help where I can.

I just knocked this up (it shows!):
https://docs.google.com/spreadsheets/d/150ESj90liWd074Rbe-ZVxsBF5lbVZgwp2-JwtebTOWI/edit#gid=0

It's editable by all, without needing a Google account.

Please add your details and share the link with other individuals,
companies, and communities. Please also add any columns/fields you
feel necessary.

Cheers,
James.

Re: [uknof] COVID-19 offers of help and network changes

[James Bensley]

On Mon, 16 Mar 2020 at 20:01, Gavin Henry  wrote:
>
> I know everyone is probably extremely VoIP savvy, but if any one needs
> any help or advice about setups at home etc. feel free to reply here
> of off-list.
>
> If there's anything else I can help with, albeit being a small network
> operator, just let me know.

Count me in too, I was just drafting a similar email but you beat me
to it. My Mrs works in medical research and her lab is shutting down,
so given her recent increase in free time she has just registered to
volunteer at the local hospital to perform COVID-19 tests to help with
staff shortages; it has me wondering if there is any way I can use my
skill set to help.

I was wondering if it's worth making a public list somewhere like on a
public Google sheet, and any person or company or who is interested
can add themselves to the list (because non-list members can't see the
UKNOF archive, and the spreadsheet can be shared on other *NOF/*NOG
mailing lists too).

Yays / nays?

Cheers,
James.

Re: [uknof] Getting rid of old kit

[James Bensley]

On Wed, 6 Nov 2019 at 14:10, Gavin Henry  wrote:
> I think there
> are folks that buy old Juniper kit for resale?

Yes, Juniper ;) Although, that is usually as part of a new purchase,
they don't just buy old Juniper kit for nothing.

Seriously though, following Job's suggestion of a hackerspace, if you
want to donate them you could reach out to NetNI/NetMcr/NetLnd and see
if they have any young network engineers that could use them for a
home lab / cert training.

Cheers,
James.

Re: [uknof] Three hosed. Make it right please!

[James Bensley]

On Thu, 17 Oct 2019 at 06:12, Neil J. McRae  wrote:
>
>
> Anyone here from three?
>
> Network has been down for well over 5 hours - nothing on social media and 
> website has had  something added about maintenance on the website? 3G came 
> back for like 10 seconds then died again - 4G isn’t working at all nor is 
> roaming. My daughter can’t use her phone! Call the help desk and it’s not 
> open! Shambles!

I'm at RIPE79 in Rotterdam and my roaming has been dead all morning.

Seems to be GGSN and PGW issues:
https://twitter.com/PedroClarke1/status/1184736164571484160

Cheers,
James.

Re: [uknof] Talktalk wholesale xDSL radius session steering

[James Bensley]

On Fri, 4 Oct 2019 at 12:18, Paul Thornton  wrote:
>
> Hi all,
>
> Does anyone out there (a) have TTB as a wholesale DSL upstream provider,
> and (b) do RADIUS session steering with them?
>
> I am currently in what can only be described as a frustrating situation
> trying to implement this, with not much information forthcoming from TTB
> as to why things are not working as they should.  I've been grappling
> with this for some time now and really want it sorted!
>
> Any assistance would be very gratefully received.
>
> Thanks,
>
> Paul.

Hi Paul,

What exactly isn't working for you? Are you setting the attribute
Tunnel-Preference either per-user or per-group and TTB aren't honoring
it?

Cheers,
James.

Re: [uknof] Current State of Multicast on the Internet?

[James Bensley]

On Tue, 3 Sep 2019 at 11:09, Brandon Butterworth  wrote:
> The expensive bit that multicast would save is dslam to peering, not
> home tails, so if it was feasible this would be the ideal use case

I don't deny that a massive traffic reduction could be made from edge
to content source by using multicast, that's a fundamental advantage
of multicast. My qualm was that whilst Neil advocates the marvels of
multicast, presumably BT has a large unicast CDN base in addition and
so they are running both technologies (multicast and unicast)
simultaneously. How much more advantageous was it to run multicast AND
unicast simultaneously vs. putting some of that resource used to
implement and maintain multicast into unicasting everything only?
Would the economies of scale of going all in on unicast outweigh the
benefits of investing into two technologies?

> If you're paying BT 40quid/Mbit/s for backhaul and want to deliver a
> 30Mb/s UHD stream to 1000 subscribers on that dslam who pay 20quid
> would you like to multicast it if you could (30*40quid) or is unicast
> (30*40*1000quid) fine?

Have I miss-understood? In that case aren't you using the the
architecture you said was dated where multicast replication happens at
a few select aggregation points...

> This was problem we had dating back to adsl, traffic was tunneled to
> a few central aggregation points across very expensive bandwidth.
>
> Due the replication happening at the aggregation points the multicast
> was not able save that expensive bandwidth.

My query was about putting caches at the first hop of your customers;

On Tue, 3 Sep 2019 at 10:03, James Bensley  wrote:
> so in my eyes, the benefits to be had from
> the reduction in traffic levels due to multicast just isn't that great
> vs. the added complexity if you can plonk the content source on your
> network at the 1st hop your customers hit.

Sorry if it wasn't clearer, but I'm talking about something that isn't
really economically possible if you're paying BT for your ADSL/VDSL
backhaul. When I said 1st hop I didn't mean, you're a wholesale
customer of an ADSL/VDSL provider and get traffic over an expensive
NNI/L2TP session (or worse, a customer of a wholesaler ad infinitum.)
and so the first hop is an LNS device half a world away from the
end-site; in this case unicasting everything is a bit of a
non-starter. To be clearer, I was talking from the perspective of a
last mile provider (which BT are), trying to put unicast content nodes
as close to the access circuit as possible (which I'm sure the do).

> > I'm obviously not a fan :)
>
> It's technology not Taylor Swift, use what is of technical and economic
> benefit.

My query was on the technical and economic benefits of
multicast+unicast vs. only unicast.

Cheers,
James.

Re: [uknof] Current State of Multicast on the Internet?

[James Bensley]

On Tue, 3 Sep 2019 at 10:16, Paul Tweedy  wrote:
>
>
> > On 3 Sep 2019, at 09:48, James Bensley  wrote:
> >
> > It's interesting that the request came from someone from within the
> > Beeb. On their own website they allude that unless you're a customer
> > of one of the listed ISPs, you probably aren't getting a service
> > delivered via multicast (although, I'm not sure how up to date this
> > page is): http://www.bbc.co.uk/multicast/tv/home.shtml
>
> Very Not up-to-date :) In fact, we should have it edited to make clear it 
> documents a technical trial from many years ago. I’ll see where it’s hosted..
>
> Just to echo the point about linear, as-live TV not going away - live events 
> (Sport, News and others) are huge, getting bigger each year, and cause us, 
> the provider networks and the CDNs the greatest challenges in terms of 
> capacity and stability each year.
>
> The Beeb does a lot of multicast intra-network, for moving contribution AV 
> around the business, and that’s well understood and works nicely - it helps 
> if you use the same kit within the domain.
>
> The great hope of inter-domain multicast does seem to be dead, but the amount 
> of work going into making HTTP-esque delivery of live media work at scale 
> within the industry is considerable, and that has the benefit of sharing a 
> *lot* of existing technology, processes and domain knowledge with the 
> mostly-proven on-demand HLS/DASH/CMAF world. Offloading traffic as near as 
> possible to the consumer edge of the network - but achieving that at the 
> application rather than networking layers - is the ongoing trend.

Interesting, thanks for confirming.

I for one will raise my hand and say I'd like to see a UKNOF talk on
multicast within a content producer (not a service provider network).

Cheers,
James.

Re: [uknof] Current State of Multicast on the Internet?

[James Bensley]

On Mon, 2 Sep 2019 at 21:24, Ray Bellis  wrote:
>
>
>
> On 02/09/2019 21:18, Simon Lockhart wrote:
>
> > In my experience, the STB (or TV) writes the multicast stream to disk, in 
> > much
> > the same way that my Sky box does when I press pause.
>
> Duh, yes, I should have thought of that! :D

There was a conversation a while back about some multicast playout
system which split (non-live) content in to chunks and each chunk is
multicasted in a continual loop, to a separate multicast group. You
were basically unicast'ed the initial part of the stream until you
aligned to one of the multicast chunk loops and then dropped onto the
multicast group for that chunk, and at the end of the chunk, join the
group for the next chink etc. Anyone remember the details of that or
who it was?

Cheers,
James.

Re: [uknof] Current State of Multicast on the Internet?

[James Bensley]

On Tue, 3 Sep 2019 at 10:18, Neil J. McRae  wrote:
>
> Multicast has saved us hundreds of millions of pounds in delivering lTV

Who watches ITV :)

> which is still a substantially huge amount of traffic.

In definitive terms yes you can say hundreds of millions of pounds or
terabits of traffic, but what about relative terms? What relative
percentage of traffic and OPEX has it saved you across your core?

I'm didn't say it can't be done or that there aren't any benefits, but
things are never simple. E.g. if you ingest content from ITV via
unicast or multicast and multicast it to you STBs, the cost of the
ingestion, distribution across the network, multicast enabled BNGs,
CPEs, STBs, multicast trained staff, NOC, reporting and analytics, all
needs to cost less than the cost of plonking the required number ITV
caches around the network (because you have many other unicast caches
around the place, this isn't anything new operationally). If the
multicast solution is marginally cheaper you probably don't go for it,
but if it's way cheaper, now you have to open the jar labelled "should
we have two different solutions in operation simultaneously [multicast
ITV plus unicast whatever] to save $mega_bucks or pay the extra to
only have unicast services and reduced complexity"?

> The complexity is minimal
Agree to disagree then, finding good multicast people is hard. There
also aren't many good multicast enabled NMS's.

> The question that’s hard to answer is when does linear die? Too many of the 
> current content providers are tied to linear and will be for some time and 
> with the direction of freeing up radio spectrum multicast will have a huge 
> part in solving that problem.

But with IPv6 people are looking at mad ideas like assigning IPs
directly content, so multicast could be further sidelined with
anycast.

I won't be at UKNOF44 but I'm keen to talk more about this face to
face, UKNOF45 it shall have to be.

Cheers,
James.

Re: [uknof] Current State of Multicast on the Internet?

[James Bensley]

On Mon, 2 Sep 2019 at 17:49, Marek Isalski  wrote:
>
> > On 2 Sep 2019, at 17:37, Nicholas Humfrey  
> > wrote:
> > Is there any chance of multicast making a resurgence? If everyone has 
> > gigabit internet to their homes, will the network cores be able to cope 
> > with everyone watching 35 Mbps UHD (Live) television streams simultaneously?
>
> Isn't it all about on-demand streaming now, rather than broad-/multi-cast?  I 
> mean, who actually watches live TV these days?  It seems like building a 
> network for the future of video consumption (Millenial and Gen-Z) will need 
> CDN-type nodes as close as possible to distribution/aggregation nodes rather 
> than multicast across a backbone?  Maybe multicast still has a role to play 
> to deliver content to set-top boxes...?

This. It's costly to transport terabits of traffic from one end of
your network to the other, most ISPs want to drop it off as close to
the consumer as possible so in my eyes, the benefits to be had from
the reduction in traffic levels due to multicast just isn't that great
vs. the added complexity if you can plonk the content source on your
network at the 1st hop your customers hit.

Another problem with multicast is that it saves bandwidth across the
parts of the network where bandwidth is cheaper. At the end of the
day, bandwidth (for most ISPs) is most limited and hardest to increase
in the last mile, and even if it's multicast from the source to the
DSLAM/MSAN/OLT/access switch, it still needs to be replicated down
every access circuit that's subscribed to the multicast group, the
same as if it was unicast to each customer, so it's not saving any
bandwidth in those hard to upgrade and expensive to upgrade parts of
the network.

It's also possible increases the cost of a "dumb" access layer device
and CPE if they need to support multicast and increases the number of
test case for release cycles.

I'm obviously not a fan :)

Cheers,
James.

Re: [uknof] Current State of Multicast on the Internet?

[James Bensley]

On Mon, 2 Sep 2019 at 17:44, Job Snijders  wrote:
>
> Dear Nicholas,
>
> On Mon, Sep 2, 2019 at 6:37 PM Nicholas Humfrey  
> wrote:
>>
>> I came across this Stackoverflow question:
>> https://networkengineering.stackexchange.com/questions/47994/is-multicast-on-the-public-internet-possible-and-if-yes-how
>>
>> With accepted answer: "You cannot multicast on the public Internet"
>> Which I guess is generally true. But is there still a multicast VLAN 
>> available at LoNAP and LINX? Is anyone using it for anything?
>>
>> I also saw that Internet 2 "will begin the sunset of Interdomain Any Source 
>> Multicast (ASM)" - but in preference for Source Specific Multicast, so I 
>> guess the Multicast Internet exists in some parts of the world.
>>
>> Is there any chance of multicast making a resurgence? If everyone has 
>> gigabit internet to their homes, will the network cores be able to cope with 
>> everyone watching 35 Mbps UHD (Live) television streams simultaneously?

It's interesting that the request came from someone from within the
Beeb. On their own website they allude that unless you're a customer
of one of the listed ISPs, you probably aren't getting a service
delivered via multicast (although, I'm not sure how up to date this
page is): http://www.bbc.co.uk/multicast/tv/home.shtml

Cheers,
James.

Re: [uknof] 10Gbps NAT options ?

[James Bensley]

On Mon, 8 Jul 2019 at 11:56, John Bourke  wrote:
>
> Hi,
>
>
>
> What do people use for 2-10Gbps NAT ?  Do you maintain stateful NAT 
> redundancy across two boxes ?
>
>
>
> Thanks
>
>
>
> John

We had success in a former job using Palo Alto 5060s for this. We had
about 70k users behind them and they worked well. Some percentage of
those 70k users were remote workers so they were also acting as the
corporate VPN edge.

If you really want details scaling stats or performance stats, reach
out to the vendor, they can often provide such details under an NDA.

Cheers,
James.

Re: [uknof] 1Gbps CPE

[James Bensley]

On Mon, 1 Jul 2019 at 10:58, Leigh Harrison  wrote:
>
> Morning folks,
>
>
>
> We’re looking for a low(ish) cost 1Gbps CPE.  We’d normally go with a Cisco 
> device, but they’re priced too high for 1Gbps throughput.  A Juniper SRX 
> could cost in, but what other reliable options are there for us?  Mikrotik?
>
>
>
> Best, Leigh

Hi Leigh,

A good starting place is usually the requirements. What's the requirement?

IPv4 only, v6 only (SLAAC/DHCPv6?), dual stack, some sort of
transition method like 6in4/MAP-E/MAP-T?
NAT?
Some LAN ports maybe?
VLANs?
WiFi?
RJ45 WAN port or SFP cage?
SNMP?
QoS?
BGP?
VRRP?
OAM/CFM?

Cheers,
James.

Re: [uknof] Amsterdam data centre interconnects

[James Bensley]

On Fri, 31 May 2019 at 21:30, John Bourke
 wrote:
>
> Hello,
>
>
>
> Can you tell me who can provide Data Centre interconnects in Amsterdam ?

Hi John,

Do you require DCI between two or more DCs in Amsterdam or from a DC
in Amsterdam back to a DC in the UK?

If this is between DCs in Amsterdam it would probably be wise to post
this question to the NLNOG mailing list to get some local info. In
addition to the already mentioned, Ziggo or VodafoneZiggo may offer
this service, and possibly the Liberty Global parts of the network.
Also, KPN. What was the Hibernia network had a decent amount of DCs
on-net in NL, they are now owned by GTT so maybe GTT are worth a short
too?

Cheers,
James.

Re: [uknof] Unreasonable increasing in cross-connect pricing in LD4 Equinix Slough DC

[James Bensley]

On Fri, 24 May 2019 at 13:27, Fenton Bard  wrote:
>
> We won't ever charge cross connect rentals.

/me reaches for the popcorn.

Re: [uknof] Cisco 887VA - forwarding "kind of breaks" after a week

[James Bensley]

> On 22 May 2019, at 14:13, Tom Storey  wrote:
>
> Hey James,
>
> controller VDSL 0
>  operating mode vdsl2
>  firmware filename flash:VA_A_39m_B_38h3_24h_o.bin
>  modem UKfeature
> !
>
> This particular image was recommended to me by someone that is a bit more 
> familiar with BT last mile access than I am.
>
> IOS itself is down somewhere in the 15.6's. My usual response to wierd 
> behaviour is to try upping the IOS version and see if it goes away. That is 
> what I intend to try next - as soon as I can get my hands on a more recent 
> image. Seems strange that the modem would prevent DNS from working though?
>
> Tom

Hi tom,

On Wed, 22 May 2019 at 14:34, Neil J. McRae  wrote:
>
> Maybe all UDP?

^ this. I doubt the modem is smart enough to single out and only DNS
packets (although not impossible of course), in my experience it's
probably something like dropping all UDP packets, or all small IP
packets, or something more "generic".

Apart from an IOS and modem firmware upgrade, can you also crank up
the debugging voodoo to see if it happens just before/after/during a
PPP or IPoE session flap, or ATM line resync?

Cheers,
James.

Re: [uknof] Cisco 887VA - forwarding "kind of breaks" after a week

[James Bensley]

On Wed, 22 May 2019 at 09:48, Tom Storey  wrote:
>
> Hi all, wondering if anyone has come across this and knows how to fix it.
>
> I have a Cisco 887VA at home, hooked up to a BT supplied VDSL line (cabinet 
> at end of street), what I believe is called "fibre", but my ISP is Zen.
>
> Ive noticed that very consistently after about a week (7-8 days), forwarding 
> partially breaks in some way. Im not sure if it is the Cisco or something 
> somewhere else, but I didnt have the same issue with the Zen supplied 
> FritzBox, so seems coincidental that it is the Cisco...
>
> The biggest thing I have noticed is that DNS seems to break. e.g. I could 
> have an audio stream playing, and it will continue to stream just fine, but 
> you wont be able to browse or resolve any other hostnames. I can also still 
> ping anything by IP just fine.
>
> I have a friend that is working for a managed service provider who has an 
> installed base of these routers and says they are also working on much the 
> same issue.
>
> If anyone has any suggestions, Im all ears!
>
> Thanks
> Tom

Hi Tom,

On some of these smaller CPEs you can upgrade the modem firmware
seperatly from the IOS image. Are you running latest and greatest
modem firmware as well as IOS?

Cheers,
James.

Re: [uknof] NetLdn 1

[James Bensley]

On Fri, 5 Apr 2019 at 10:06, Tom Hill  wrote:
>
> On 02/04/2019 09:49, James Bensley wrote:
> > Similar to the Manchester chapter
>
>
> As "chapter" implies the two events are in some way related, I should
> point out that this is not the case. Both 'organisations' are entirely
> separate.
>
> NetMcr's organisers have of course been fully supportive of NetLdn and
> we wish their community all the best in emboldening our industry's
> social calendar, and wider tech industry reach. :)

Hi Tom and all,

Tom is completely right, the use of the word "chapter" is misleading.
NetLdn are not associated with NetMcr but equally fully support them
:)

Richard Patterson and I from the NetLdn team will be at UKNOF next
week, and Richard will also be at the IPv6 round-table. If anyone has
any questions or comments who is also at either of these events,
please come and talk to us or speak to us via the NetLdn mailing list
(https://groups.google.com/forum/#!forum/netldn) or email directly
(he...@netldn.uk). I’m keen to cease any further discussion of NetLdn
on the UKNOF mailing list and respect UKNOF policy.

Kind regards,
James.

[uknof] NetLdn 1

[James Bensley]

Hi All,

A group of keen networkers have banded together to start NetLdn, a
social event in London, for networkers by networkers.

NetLdn was founded following the success of NetMcr. Similar to the
Manchester chapter, we noticed a void in London’s techni-social
calendar. Whilst the majority of ‘meetings’ in London focus on
development, NetLdn focuses specifically on Network Engineers,
Architects, Technicians, or perhaps just anyone interested in the
profession.

These MeetUps aren't for recruitment or hiring, they aren't for buying
or selling products, or promotional activities. This is a purely
social event for likeminded technical people, where you are free and
safe to talk openly. Everyone is welcome to attend and enjoy.

The NetLdn events are going to be held on the second Thursday of each
month with the first meeting this month:

Date: Thursday the 11th of April 2019
Place: 4th Floor, 2 Fitzroy Place, 8 Mortimer St, London, W1T 3NA
Time: We start at 19.00 sharp, arrival is open from 18.30, expect to
finish around 21.00

Full details about the events can be found on our website
(https://netldn.uk/). This is a one-time post to UKNOF as this is
technically off-topic. There is a link to the NetLdn mailing list on
the website. We’re also on Twitter @netldn, we can send out Slack
invites for https://netldn.slack.com/ and you can join the MeetUp
group at https://www.meetup.com/NetLdn/


-- NetLdn1 Agenda --
RSVP is essential: https://www.meetup.com/NetLdn/events/259756046/
We’re limited to 50 attendees for this inaugural meeting but, we will
be moving to a bigger venue from the 2nd meeting onwards.

---
Talk 1: Why Netflix needs its own CDN

Netflix runs its own CDN (Open Connect) to deliver video to >130
million subscribers around the world. This talk will focus on the
motivations for doing so, some of the unique challenges, and the how’s
and whys.

Bio: Javed Vohra
Javed is a member of Netflix’s Network Engineering team having joined
5 years ago. He’s involved in the continued growth, evolution and day
to day operation of the Open Connect CDN around the world. Before
Netflix, he spent 8 years in the Network Design team at Sky, having
worked on numerous project, including Core, FTTC and IPv6 rollouts.

---
Talk 2: That time I accidentally started an ISP

Getting 1Gbit/s to the middle of nowhere can be struggle, but also a
lot of fun. Tales of how a small home network got wildly out of hand.

Bio: Nat Morris
Nat has been at Netflix for nearly 4 years and has written many of
their network configuration and automation toolsets from the ground
up. He works from home on a farm in rural Pembrokeshire. Before
Netflix, Nat led the customer engineer team at Cumulus, he also
volunteers at a local primary school teaching students to code.


Want to give a talk? There is an RFP link on the website:
https://netldn.uk/contact/
---


If you have any questions, please get in touch via the mailing list,
Twitter, Slack, or email he...@netldn.uk.

We hope to see you all soon,
Best regards,
The NetLdn Team (Bill, James, Javed and Richard).

Re: [uknof] Cisco NCS55xx in the wild?

[James Bensley]

On Fri, 29 Mar 2019 at 08:03, Leigh Harrison
 wrote:
>
> Morning all,
>
> Update to the below. We’ve been talking to the engineering teams at Cisco and 
> the limitations are soft limitations that are being slowly raised per 
> software release after exhaustive testing.
>
> The current limit of unique QoS policies per box that were running into, 
> which is 64 per NPU, so 128 in total is set to rise to 256 in the next 
> software release, which makes it far more relevant for the density of the box.
>
> I’ll keep you all posted as to how we get on. Currently, they seem like a 
> great box at a great price, but they have some design constraints to bear in 
> mind.
>
> Best, Leigh


Hi Leigh,

Having worked with Cisco ASR9Ks a lot, line card / NPU scaling limits
is something I have now gotten into the habit of always checking with
Cisco.

> Update to the below. We’ve been talking to the engineering teams at Cisco and 
> the limitations are soft limitations that are being slowly raised per 
> software release after exhaustive testing.

I guess the only problem with this is that you’ll have to be on
bleeding edge code to get the feature-bump or apply SMUs (yuk!).

When you say 64 per NPU, at what level does it apply? For example;
certain ASR9K cards will have a limit on the number of port level
policies you can apply, lets say its 64, but you can apply hundreds of
child and grandchild level policies. This means that if you have <64
physical interfaces everything is fine (rather than applying a policy
to every sub-interface you apply a 2/3/4 level policy to the physical
interface).

Is this the best idea ever? Maybe not, but if it is the difference
between QoS and no QoS and you need (read: "have sold") QoS then
that's what we have to do.

I don't know the fixed chassis NCS5Ks that well, only used the 5001s
and modular chassis but, if you ask your Cisco SE or equivalent, they
have NDA stats they can share with you about all manner of scaling
limits. In the case of my ASR9K experiences they were definitely worth
reading. I have discovered limits that were unexpectedly close to what
we were planning to use. Some of them so close, i.e. we planned to use
1900 instances of feature ‘x’ and it turns out the NPUs only supports
2000, which is just %5 difference, it’s actually worth my time scale
testing that feature in the lab because, NPUs are PPS bound flexible
performance pipelines and not ASIC + features-in-TCAM fixed
performance pipelines.

> I’ll keep you all posted as to how we get on. Currently, they seem like a 
> great box at a great price, but they have some design constraints to bear in 
> mind.

Good luck with your testing and keep us posted!

Cheers,
James.

Re: [uknof] Dark Fibre providers in London

[James Bensley]

On Thu, 7 Feb 2019 at 15:16, Simon Lockhart  wrote:
>
> On Thu Feb 07, 2019 at 01:54:10PM +, James Bensley wrote:
> > Between the DCs apart from Zayo, Colt have a good DF footprint.
>
> Yes, COLT have been mentioned a couple of times. Does anyone have a good sales
> contact there?

Sorry Simon, only just seen this - if you haven't been provided with a
PoC contact me off-list and I can point you at the guy I use there.

Cheers,
James.

Re: [uknof] Dark Fibre providers in London

[James Bensley]

On Thu, 7 Feb 2019 at 06:58, Simon Lockhart  wrote:
>
> All,
>
> It's a few years since I've been shopping for this, so I thought it worthwhile
> updating my list of suitable candidates...
>
> I'm looking for some dark fibre around London - probably two (or more) rings,
> the first linking some datacentres (Interxion LON1, Telehouse, Sovereign House
> and HEX), and the other(s) linking a number of BT Exchanges around London.
>
> I'm currently using Zayo for parts of this already, and am talking to them,
> but who else should I be looking at?
>
> Many thanks in advance,
>
> Simon

Hi Simon,

Between the DCs apart from Zayo, Colt have a good DF footprint.

Between the exchanges, are BT/OR off the cards - they are the obvious
choice there? If it doesn't need to be DF then the Openreach EBD
product for layer 2 Ethernet could be what you're after or
FilterConnect for wavelengths. If has to be DF then speak to your OR
account manager, DFA is AWOL right now but they might have something
for you. Also if this is the popular London exchanges like Poplar,
Faraday, Colindale etc. speak with other telcos which are in those
exchanges (e.g. your Virgin Media account manager).

Cheers,
James.

[uknof] RIPE77 Peering-Pre-Beering

[James Bensley]

Morning all,

Who's going to RIPE77?

I'm arriving in Amsterdam on the Sunday at about 5PM so if anyone
wants to meet up for some pre meeting beers and dinner let me know, or
if there is already such a gathering I'm free :)

Cheers,
James.

Re: [uknof] WHOIS Syntax Fail

[James Bensley]

On Fri, 24 Aug 2018 at 13:15, Andy Davidson  wrote:
>
> Hi,
>
> On 17/08/2018, 12:21, James Bensley  wrote:
> > For example - AS51551, I want to peer with them so I want their AS-SET
> > so that I can accept their routes, and all downstream customer routes.
>
> There’s a couple of subtleties missing from existing replies to the comments 
> in the thread you started, so I hope it’s ok to make some comments now.
>
> Firstly, the Internet thanks you for your secure approach to routing 
> configuration by filtering based on their IRR data.  For configuring prefix 
> filtering of your peers, in order to limit the effect of routing leaks on end 
> user enjoyment and security.  You are a knight of the peering realm and my 
> horse is forever at your disposal.
>
> Secondly, the AS-SET is something that the peer should communicate to you, 
> rather than something that you should ‘detect’.  It is possible that one peer 
> may wish to indicate that they wish to send you different prefixes to what 
> they send to someone else. For example they may send their global customer 
> routes to knights of the peering realm like you, so you should use 
> AS-65534:GLOBAL, whereas gutterick serfs should expect the regional or local 
> prefixes and therefore a different filter.  Or perhaps there is a 
> product/partner relationship that means they want to signal deaggregates or 
> additional transited networks to you which they do not want to send to other 
> peers.  The point I am trying to make is that your peering partner should 
> indicate the as-macro that they wish you to filter against in your BGP setup. 
>  That said, it’s reasonable to expect that if you are not negotiating 
> anything special to a peer’s usual behaviour you should get the peer’s usual 
> as-macro, but again they should explicitly communicate that rather than have 
> you detect it. The usual place to explicitly communicate your peering 
> preferences as a peering network is peeringdb and Job has made this point 
> already in this thread.
>
> Lastly, remember RPKI, especially if you want to build filters containing 
> prefixes being originated by networks in regions where there is poor IRR 
> adoption but more wide RPKI adoption.
>
>
> Best wishes,
> Andy

Thanks for the response Andy, its appreciated.

Re; RPKI - I'm on the case ;)

Cheers,
James.

Re: [uknof] WHOIS Syntax Fail

[James Bensley]

Hi All,

Thanks for all your responses.

Understood about the potential N:1 relationship between as-set and
aut-num, that makes sense.

Thanks for the pointers to IRR Explorer too.

I am interested in automating this stuff as someone mentioned so just
as a start I might be able to query one of [RIPE, PeeringDB, IRR
Exploring], if I get <> 1 AS-SET back, try the next one, then the next
etc., then contact someone manually if all three have method "fail".

Cheers,
James.

[uknof] WHOIS Syntax Fail

[James Bensley]

Morning All,

What am I doing wrong? I've had most of a coffee and still can't see
what I'm missing.

How do I search an IRR (RIPE specifically) for the AS-SET that
contains $ASN using native "whois" ?

For example - AS51551, I want to peer with them so I want their AS-SET
so that I can accept their routes, and all downstream customer routes.
I personally know it is called "AS-UPDATA" but I can't find any option
that will let me find that without knowing it in advance, or by
guessing it, e.g. most AS-SETs are called NETWORK-AS, AS-NETWORK,
ASNETWORK etc.

Is this not possible within the native whois client?

Cheers,
James.

Re: [uknof] 10G PE Router Options

[James Bensley]

On 7 March 2018 at 01:35, Colton Conor  wrote:
> In this day and age when providers are selling 1Gbps on 10G ports for sub 
> $400 a month (I am looking at you Cogent and HE.NET) , having an economical 
> PE that can aggregate multiple customers and not cost $20k seems like a great 
> option to me. The problem with a $20k PE is that support on it will be at 
> least $1k per year too!

General rule of thumb: router ports are expensive, switch ports are
cheap. If you have lots of customers with a "less than line rate"
service do not land them on a router. Land them on a cheap switch and
aggregate them up to a router. That was just an example, we don’t land
any customers on a router, because the ports are so much more
expensive. We have 1G and 10G access layer switches (or layer 1
extensions) with 40G up-links to PEs.

There are various design questions that would need to be fleshed out
before an appropriate choice can be made with regards to making that
jump to 10G ports. Do you customers want 10G ports because they have
1.1Gbps of traffic or 8Gbps of traffic? 1G is cheap as chips so you
can of course start to LAG customers. You need to evaluate your
traffic profiles (oversubscription and contention) and work out if you
oversubscribe your access layer connectivity. Do you need routers with
10G everywhere or just in some PoP and you backhaul from other PoPs to
where you have a 10G capable router? Many questions need to be
answered first which is taking this thread quite off topic (sorry
OP!).

Cheers,
James.

Re: [uknof] Juniper MX204/MX10003

[James Bensley]

On 6 March 2018 at 15:48, Simon Lockhart  wrote:
> All,
>
> Does anyone have any experience of the Juniper MX10003 and/or MX204? I’ve 
> always been a Cisco person for core network, and had been looking at ASR9k as 
> a 100G upgrade path for our core - but the MX10003 is coming in at under half 
> the price of an equivalent ASR9000 build. Equally, I’d been looking at the 
> ASR9901 as a border router upgrade, but the MX204 is stupidly cheap in 
> comparison.
>
> The one thing we’ve found from reading the spec sheets is that both routers 
> have more ports than the ASICs can support, so if you want to use the lower 
> speed ports you have to give up one or more of the 100G ports - but this 
> seems well documented and easy to work with.
>
> Any other gotchas that people are aware of? The Juniper sales pitch is 
> compelling, but I’ve not used them before to know what to be looking out for.

I know that anecdotal information isn't very helpful however, I have
been led to believe that the MX1 series aren't in a good state
(yet). That's all I can say I'm afraid.

We've been trying to get our hands on the ASR9901's but there is
simply no stock. I don't expect them to be cheap though. As you said,
Juniper are coming in cheaper. Depending on how many 100G ports you
need, why not just get some MX240s or MX480s? Like many modular
devices the chassis are the cheap part so ASR9000 chassis cost or MX
chassis cost won't really be a factor. You need to pit the vendors
against each other and see who'll do you the best price on fabric
cards and line cards :)

Also are you looking at 100G for the core or edge? The ASR9901 is an
edge box with 100G back-haul ports, it's not really a 100G core box.

Cheers,
James.

Re: [uknof] 10G PE Router Options

[James Bensley]

On 6 March 2018 at 12:22, Paul Bone  wrote:
> We need 4*10G Ports, multiple 1G SFP ports, IPv4 and IPv6 L3VPN, L2VPN
> etc…..we do not need any HQOS features on these devices.
>
>
>
> We use a fair few Cisco ME3600 but these only have 2*10G and are
> discontinued so at the moment, the CISCO ASR920 is looking the most cost
> effective solution but we are interested if anyone else has any ideas? We
> have Juniper MX in the network as well, which we like, but I don’t think
> there is a Juniper option as cost effective as the ASR920.

The ASR920s are great little boxes. If you want the same mix of 1G and
10G you have on the ME3600X/ME3800X devices then the 24x1G + 4x10G
ASR920 variants are working great for us with all the usual edge
features (IPv4/6, L3VPN, L2VPN P2P/P2M, BGP, QoS, Multicast, OSPF,
ISIS, LDP, FRR-LFA(r)).

A Cisco ASR9001 with the 20x1G MICs would be a good fit here too but
they are possibly too expensive.

>From Juniper look at the MX105, ACX5048 and QFX5100s.

Cheers,
James.

Re: [uknof] 'White Box' switching and OS - Any experiences worth sharing?

[James Bensley]

On 17 February 2018 at 10:11, Neil J. McRae  wrote:
> Deployed no but just a matter of time - I doubt there are huge latency 
> benefits that you don’t already see from the current plethora of optimised DC 
> switches and code that’s available and I’m totally unconvinced that low 
> buffer solutions are right for anything outside of the DC with today’s OTT 
> steaming needs mixed with a lot of the access technology in cable, DSL and 
> FTTP.
>
> Our requirement is only to run code we know we need to run- simplifies 
> security risks and stupid bugs in things we don’t use and allows focused 
> testing and telemetry in the end to end service.
>

Hi Neil,

Yeah I agree, I'd like to have only the exact features we need
running. Also we would be able to test the code in house against our
own requirements/standards.

I'm also keen on the idea of being able to add counters to anything we
want, something the traditional vendors are either reluctant or slow
to do. This also opens the possibility of "temporary" counters, if
they create a performance hit, we may only need them when
troubleshooting.

Cheers,
James.

Re: [uknof] 'White Box' switching and OS - Any experiences worth sharing?

[James Bensley]

On 17 February 2018 at 09:43, Neil J. McRae  wrote:
> However, you might want to look at P4 capable platforms which are looking
> very good for focused thin OS networking.

Are you using P4 at all Neil?

I'd be very keen to hear from anyone that is, what their experience has been.

I've downloaded the BMv2 target [1] and started playing around with
code that would run on x86 to test. However, when it came to real
hardware testing Barefoot Networks seem to have gone from one ASIC
which supports P4, from when I first looked into P4, to multiple ASICs
[2] but they don't seem to be in stock anywhere?!

If anyone has some P4 hardware, even in the lab, I'd love to hear
about your experiences. I've only tested it inside a VM which is
really more just letter one learn the syntax and architecture. I
wanted to test the impact of simplifying the forwarding pipeline to
the bare minimum to reduce latency, advanced/dynamic port buffers, and
iOAM. What have you managed to achieve with it that you couldn't
before?

Cheers,
James.

[1] https://github.com/p4lang/behavioral-model
[2] https://barefootnetworks.com/products/brief-tofino/

Re: [uknof] 'White Box' switching and OS - Any experiences worth sharing?

[James Bensley]

On 17 February 2018 at 01:15, Aftab Siddiqui  wrote:
> And they also have Cisco like CLI wrapper with ‘?’ help
>
> On Sat, 17 Feb 2018 at 4:27 am, Sascha Luck [ml]  wrote:
>>
>> Hi David,
>>
>> have a look at Cumulus Linux. I've played with this on VMs and
>> Mellanox switches and VXLAN/EVPN with unnumbered eBGP is working.
>> The've been good with implementing asked-for features too, like
>> "q-in-vxlan" (I've not tested that yet)

I was also going to mention Cumulus. I'm also not using it in
production and evaluating the VM version right now. As already
mentioned it supports EVPN with VXLAN. It has a standard Linux CLI (by
which I mean BASH-like), the "ip" command suite has been extended so
support all the extra features they have built into Cumulus Linux like
VXLAN, EVPN, MPLS etc so server guys interact with the switch CLI as
if were a server and/or edit plain text config files in /etc. It helps
to break down the barrier that some of our server guys have, where the
Cisco or Junos CLI is very alien for them. So although that's not an
API it does mean that your switch and server CLI is "the same", and
that you can use your Linux orchestration tool du jour like
Ansible/Salt/Puppet etc. to manage switches and servers alike.

There was a great preso at NetDev 2.2, definitely worth a watch if you
want to quickly get up to sped with EVPN in Cumulus:
https://www.netdevconf.org/2.2/session.html?prabhu-linuxbridge-tutorial

Cheers,
James.

Re: [uknof] BT NGA Exchange List

[James Bensley]

On 14 February 2018 at 16:15, Mike Jenkins  wrote:
> I'm sure that your Openreach account manager can send it to you

This is what I was thinking. Why aren't you asking OR?

If this opportunity does turn out to be viable for you it sounds like
you'll be engaging with them anyway. You might as well engage with OR
now and they might also be able to incentivise this deal for you.

I know OR are often pants but I'm sure even they can provide you with
a document/report they produce.

Cheers,
James.

Re: [uknof] Connectivity at mobile mast site ...

[James Bensley]

On 6 December 2017 at 20:39, Mark Boyce  wrote:
> Hi All
>
> Odd one, well for me at least.  Being asked if we can provide connectivity at 
> a mobile/etc mast;
>
> AB4 4AX - Mormond Hill in Aberdeenshire
>
> Client believes that the mast has an Arquiva DAB node there as well as 
> various mobile carriers. Which may have local backhaul rather than radio 
> links.
>
>
> Does anyone know how we’d find out who has POP’d the mast, if anyone?
>
> Cheers
> Mark

I believe that BT Openreach and VirginMedia both have mobile backhaul
products, so if you ask them for quotes to this site you might find
out if they have PoP'ed it already or not.

Cheers,
James.

Re: [uknof] AWS/GCP/Azure

[James Bensley]

On 21 November 2017 at 11:36, Clive Stone  wrote:
> this is what IX Reach can do easily.  Tried
> speaking to them? They interconnect with the Cloud providers, and you can
> buy the port from them and split it off how you like.  Steve is on this
> list, too.

Equinix also do this:
https://www.equinix.com/services/interconnection-connectivity/cloud-exchange/

I don't work for Equinix or dislike IXreach, just pointing out an
additional option, options are good :)

Cheers,
James.

[uknof] Industry Conferences

[James Bensley]

Hi All,

Hopefully this is considered on-topic/suitable content [1]; I wanted
to plug a couple of industry conferences that I recently learned of
(I’m sure others on here will have heard of them). If anyone has or
knows of a public list of such events/conferences I’d like to see it.
I have seen one before years ago but can’t find it now.

Like many I can’t make it in person to every UKNOF, NANOG, RIPE, LINX
meeting etc. so I usually watch them remotely but I don’t always know
when they are on, so these are two more in my calendar now.

Cheers,
James.


I recently came across https://wiki.geant.org/display/PMV/SIG-PMV [2]

“The GÉANT PMV SIG (SIG-PMV) is focusing on performance monitoring and
verification topics from both a research and operations perspective,
and in identifying and establishing best practises for wired/wireless
(campus) networks, and the networks that connect them.”


I also recently came across: https://inog.net/

“Help us build an inclusive and open Community of Practice around
network engineering. The Irish Network Operators Group (iNOG) is
re-birthing community focused on diversity, learning, sharing,
connecting, and having fun.”



[1] In light of the recent thread “Juniper SRX Available” I have read
https://wiki.uknof.org.uk/Charter and can’t see any clear reason that
it wouldn’t be. Please correct me if I am wrong.

[2] Full disclaimer, I am talking at this conference which is how I
came to hear about it but looking back over previous sessions I think
it would be of genuine interest to many on this list.

Re: [uknof] IPv6 Musings

[James Bensley]

On 26 October 2017 at 18:07, Paul Bone <paul.b...@bridgefibre.co.uk> wrote:
> Hi James
>
> We are definitely open to advice!
>
> We are keen to have a way to ensure each customer always gets the same
> prefix - not sure we can do that with solely DHCPv6?
>
> Thanks
>
> Paul
>
> Sent from my iPhone
>
> On 26 Oct 2017, at 17:49, James Bensley <jwbens...@gmail.com> wrote:
>
> Why not DHCPv6 out of curiosity?
>
> Cheers,
> James.

Hi Paul,

Still catching up on emails post-holiday. If you have Ethernet to the
CPE device then the tradition method of PPP + L2TP + RADIUS etc. adds
in lots of overhead, complexity and state.

In my opinion a clearer/simpler design would be to have the access
nodes insert the circuit ID into DHCP requests coming from the CPE
device and use PWHE to tunnel them back to a central box using
standard MPLS and use the circuit ID to match static IP mappings. PPP
and L2TP only exists in our network for ADSL based services and it’s
just another couple technologies (plus RADIUS) that engineers need to
know in addition to typical BGP/MPLS.

Cheers,
James.

Re: [uknof] IPv6 Musings

[James Bensley]

Why not DHCPv6 out of curiosity?

Cheers,
James.

Re: [uknof] Telehouse Fire Alarm

[James Bensley]

On 21 September 2017 at 17:42, Graham L. Stewart
 wrote:
> The night operations at Telehouse Metro are often asleep with the lights off
> in the reception when I arrive in the middle of the night. That prob says it
> all…..

These days I'm in Telehouse North/East/West more often during the
small hours of the night, and I don't find that so much there (but it
does still happen!). I used to be in and out of Global Switch 2 much
more regularly and I was almost always waking someone up either on
reception or in the security room. If you had say several late night
maintenance sessions on consecutive nights I'm sure they'd remember
you and start to form a grudge.

Cheers,
James.

Re: [uknof] Hosting Firewall Advice

[James Bensley]

On 2 June 2017 at 18:33, Tom Hill <tom.h...@bytemark.co.uk> wrote:
> On 02/06/17 15:02, James Bensley wrote:
>> virtual m0n0wawll boxes per customer
>
> m0n0wall was discontinued, and its replacement - OPNSense - is a far cry
> from the lovely, lightweight release that was m0n0wall. I'm very sad to
> see the end of it!


I haven't used it for a few years so I didn't know it was
discontinued, that is a shame, it was nice and lightweight and "just
worked".

Cheers,
James.

Re: [uknof] Hosting Firewall Advice

[James Bensley]

On 2 June 2017 at 14:46, David Derrick  wrote:
> On 02/06/2017 14:20, Paul Bone wrote:
>>
>> Just wondering what peoples thoughts are on the merits of a shared
>> hardware firewall (we are starting to hit overlapping IP issues) vs
>> virtual appliances or even a virtual Linux installation per client.
>
>
> Some firewalls can be split up into virtual instances which is a nice idea.
> Sonicwall have been promising it for a long time but I'll believe it when I
> see it. Checkpoints do this now but there are some limitations. Being unable
> to put IP addresses on a VPN tunnel interface for example. Don't know which
> other vendors offer it.
>
> Haven't used virtual appliances but that seems logical if you're offering
> virtual servers. Pretty sure you could get some eval copies to play with.

Yeah I guess if you wanted to continue down the dedicated hardware
route Cisco ASA's have virtual contexts, Juniper Netscreen's or SRX's
might support logical systems? Others probably have similar
functionality.

However if you have virtual infrastructure already and the tools and
staff in place to manage that, then if I was you I'd be migrating to
virtual firewalls.

You could use some small light weight firewalls on a per-customer
instance basis, we have done this successfully before with stuff like
virtual pfSense and virtual m0n0wawll boxes per customer. You could
also use a virtual and centralised multi-tenanted system (Palo Alto
offer this which we are currently evaluating, I'm sure others do too).

Cheers,
James.

Re: [uknof] Example of total DC loss

[James Bensley]

On 1 June 2017 at 11:50, Simon Green  wrote:
> Morning List :)
>
>
>
> I’m hunting for an examples of long duration data centre outages in the UK,
> from a day of downtime to total data centre loss (explosion or some other
> industrial accident).
>
>
>
> Is anyone aware of any tails they could share? Bigger and higher impact the
> better.
>
>
>
> Slightly more casually interested in BT exchanges as well.
>
>
>
> I’m aware of:
>
> · Several corporate incidents, including Three, Capita, and Vodafone
>
> · The Telecity power issues from a few years back, though they were
> less than a day
>


Not a DC outage but the Kings College outage was pretty serious, if
you have a SPoF be it a single RAID array or single DC, its a SPoF;

https://www.theregister.co.uk/2016/10/25/and_so_we_enter_day_seven_of_kings_college_london_major_it_outage/

https://www.theregister.co.uk/2016/11/15/after_kcl_kills_uniwide_backups_staff_get_order_to_never_make_their_own/

Cheers,
James.

Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[James Bensley]

On 20 March 2017 at 17:01, Mike Jenkins  wrote:
>> > Why not have the copper SFP as a default,
>>
>> Why not have fibre as default? - Seriously though, this is document in the 
>> SIN
>> documents, so for future reference, RTFM.
>>
>> "The client interface consists of a RJ-45 type socket for 10 Mbit/s and 100
>> Mbit/s EAD services or dual LC sockets for 1000 Mbit/s EAD services." -
>> http://www.btplc.com/sinet/SINs/pdf/492v1p8.pdf - Section
>> 4.2 Connector.
>>
>
> But the OP ordered his service from SSE - so there's a definite possibility 
> that their ordering process let him (incorrectly) order a copper gig 
> presentation

If the OP is informed when quoting/ordering the circuit with the
carrier that the tail is coming from OR > read the SIN doc.

When ordering a circuit with a carrier and the B end is off-net for
the carrier (which it sounds like it was), ask the carrier "Who's
providing the tails for this service? OR you say!" > read the SIN doc.

When ordering a circuit with a carrier and it is not explicity stated
that the circuit is on-net or that existing fibre will be used, ask
the carrier "Who's providing the tails for this service? OR you say!"
> read the SIN doc.

Cheers,
James.

Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP

[James Bensley]

On 20 March 2017 at 11:13, Gavin Henry  wrote:
> Why not have the copper SFP as a default,

Why not have fibre as default? - Seriously though, this is document in
the SIN documents, so for future reference, RTFM.

"The client interface consists of a RJ-45 type socket for 10 Mbit/s
and 100 Mbit/s EAD services or dual LC sockets for 1000 Mbit/s EAD
services." - http://www.btplc.com/sinet/SINs/pdf/492v1p8.pdf - Section
4.2 Connector.

Cheers,
James.

Re: [uknof] SonicWALL PPPoE Issues over Talk-Talk WFTTC Circuits

[James Bensley]

On 28 January 2017 at 23:41, Bjoern A. Zeeb
 wrote:
>> 28 Jan 2017 19:24:22 l2tp-rx T13092-51756-62.24.203.227 S17150-9461 PPP Tx
>> 8021:IPCP 01 00 000A ConfReq 03:IP 06 62.24.191.98  mcmfmt2@connect.username
>
>
> You tell CPE your IP address.

Which seems to be a TalkTalk IP?!

> But the CPE never ACKs.
> And the CPE also doesn’t send you a request for its local IP address end.

It does, here I believe:

28 Jan 2017 19:24:22 l2tp-rx T13092-51756-62.24.203.227 S17150-9461
PPP Rx FF03 8021:IPCP 01 01 0016 ConfReq 03:IP 06 0.0.0.0 81:DNS1 06
0.0.0.0 83:DNS2 06 0.0.0.0  mcmfmt2@connect.username

28 Jan 2017 19:24:22 l2tp-rx T13092-51756-62.24.203.227 S17150-9461
PPP Tx 8021:IPCP 03 01 0016 ConfNak 03:IP 06 46.17.214.185 81:DNS1 06
185.23.52.131 83:DNS2 06 185.23.52.132  mcmfmt2@connect.username

>> 28 Jan 2017 19:24:22 l2tp-rx T10838-3606-62.24.203.91 S24816-43992 PPP Rx
>> FF03 C021:LCP 08 B1 0040 ProtoRej  03 00 00 00 08 06 00 13 08 00 00 00
>> 00 08 04 00 00 00 71 q 72 r 73 s 74 t FD 12 A5 AD BA 38 8 8E BD FB 55 U 50 P
>> 18 10 00 F8 E0 00 00 17 03 03 00 50 P D6 07 80 20   81 D2 6F o 57 W B8 CC 9C
>> 2E . 0F
>> 28 Jan 2017 19:24:22 l2tp-rx T10838-3606-62.24.203.91 S43511-28544 PPP Rx
>> FF03 C021:LCP 08 E9 001C ProtoRej  03 00 00 00 08 06 00 13 08 00 00 00
>> 00 08 04 00 00 00 71 q 72 r 73 s 74 t
>
>
> Whatever those are I am confused about;

That CPE is trying to make some sort of  query I think.


> Seems the state machine on the CPE side is stuck?

Yeah it looks a bit flaky.



On 28 January 2017 at 15:12, Gareth Phillips
 wrote:
> · We’ve tried a RADIUS Filter-ID of "l" (lower case L) to stop MRU
> renegotiation and a similar hard coded setting on the L2TP LNS tunnel for
> those particular circuits.
>

Why have you done that? We are an LLU provider but also take wholesale
BT and TalkTalk connectivity to ensure total coverage. We force MRU
renegotiation for those wholesale circuits, particularly for BT where
their BRAS nodes seem to interfere; going through the whole PPP state
machine life cycle (including LCP, NCP, IPCP etc) part of the process
is performed between CPE and BRAS, then the L2TP tunnel is built, and
the later part is performed between CPE and LNS. Due to NOT having
performed the entire process with the BRAS we sometimes see side
effects so we always force MRU renegotiation to start most of the
process again with the CPE talking directly to the LNS.

What happens if you try this?

Also what do you see in your RADIUS log? Does the LNS report to RADIUS
that the authentication has been successful? From your output and
Bjoren's output it looks like auth is OK then negotiation fails near
the end of LCP.

Have you considered upgrading the firmware on you CPE and LNS devices?
Test it in the lab?

Cheers,
James.

Re: [uknof] Easynet / HE (maybe SixXS?) issue

[James Bensley]

On 23 January 2017 at 00:19, Tom Hill  wrote:
> Hi Raoul,
>
> On 20/01/17 21:43, Raoul Bhatia wrote:
>> I would be happy if somebody would be able to assist me with some
>> debugging,
>> and/or give me pointers to whom I would be able to connect to.
>
> I'm looking at this without being entirely awake, but at first glance it
> looks like a very similar issue that I had with IPv6 from Easynet in
> Germany, recently.
>
> Drop me a mail offlist and we'll compare output... I got some way to
> finding a responsive contact, but it's all disappeared into a black hole
> as it stands; if it's related, it would be worth joining forces. :)


If you guys still need a contact at EasyNet let me know off-list and
who your current contact is.

Cheers,
James.

Re: [uknof] Fwd: IPv6 adoption approaching 16% in UK

[James Bensley]

On 8 November 2016 at 00:22, Sean Keeney 
wrote pages of shit:
...
/Sean


Whinge much?


You are the enemy of the service catalogue.


James.

Re: [uknof] ISP Security architecture

[James Bensley]

On 15 September 2016 at 11:46, John Bourke
 wrote:
> Hi,
>
>
>
> Touchy subject, but can anyone share some war stories about how they keep
> raw Internet traffic away from ISP operational systems, which be definition
> need to talk to the equipment which carries that Internet traffic.


I'm not 100% certain of what you are looking for here but if you
search through the list archives for the c-nsp and j-nsp mailing lists
(others too I'm sure) you'll see many discussions about ISPs moving
the Internet into a dedicated L3VPN.

In that example keeping the internet traffic in a dedicated L3VPN and
say having a separate dedicated L3VPN for management traffic
segregates the two traffic types but the NMS/OSS/BSS systems still
have access to the routers (if you configure them to allow management
access from within that management L3VPN).

I’m not sure where the horror stories fit in to this that specifically
relate to the Internet? A decent ISP (IMO) should have good control
plane and infrastructure protection in place, so there should be no
threat. I think the main issues from the Internet into the ISPs
OSS/BSS systems is DDoS traffic, either targeted at the ISP or a
downstream customer that fills the pipes and they can’t even get
management access to their devices (perhaps no out of band
connectivity for example). But control plane attacks can come from
within the IPS, not just out on the Internet and can be fairly well
defended against.


Cheers,
James.

Re: [uknof] IOS XR tcpdump

[James Bensley]

On 17 August 2016 at 13:22, Job Snijders <j...@instituut.net> wrote:
> On Wed, Aug 17, 2016 at 01:05:52PM +0100, James Bensley wrote:
>> Is it ever too late to revive a thread?
>>
>> Marty (and anyone else interested) there is packet capturing features
>> inside the NP added in IOS-XR 5.3.3. It works for pretty much all
>> inbound packet drops but only some outbound packet drops.
>>
>> This are some example notes I made;
>> https://null.53bits.co.uk/index.php?page=asr9000-np-packet-capture
>
> Thank you for sharing this!
>
> Kind regards,
>
> Job

One thing I forgot to mention is that as I'm sure you probably know
already, come IOS-XR 6.1 on ASR9000's we should be able to use the
Linux containers to run actual tcpdump on the boxes.

Cheers,
James.

Re: [uknof] IOS XR tcpdump

[James Bensley]

On 10 July 2015 at 02:51, Marty Strong <ma...@cloudflare.com> wrote:
> Yay Cisco, lagging behind Juniper yet again!
>
> Thanks for the response.
>
> Regards,
> Marty Strong
> --
> CloudFlare - AS13335
> Network Engineer
> ma...@cloudflare.com
> +44 20 3514 6970 UK (Office)
> +44 7584 906 055 UK (Mobile)
> +1 888 993 5273 US (Office)
> smartflare (Skype)
>
> http://www.peeringdb.com/view.php?asn=13335
>
>> On 10 Jul 2015, at 04:17, James Bensley <jwbens...@gmail.com> wrote:
>>
>> On 30 June 2015 at 11:23, Marty Strong <ma...@cloudflare.com> wrote:
>>> Hey UKNOFers,
>>>
>>> Anybody know the Cisco IOS XR equivalent to "monitor traffic interface lo0" 
>>> on a Juniper?
>>>
>>> Searching around online I don’t see anything, and the Cisco documentation 
>>> is as lacking as some features in IOS /troll
>>
>> There isn't any such featre (as of yet) if you are talking about an
>> ASR9000 series device? If so then yeah, nothing yet. I am rather
>> shocked by this but I've been in contact with TAC over various issues
>> with IOS-XR and the ASR9K's and they have confirmed to me there is no
>> "proper" packet-capture feature yet.
>>
>> Even with Typhoon line cards and RSP440s. I would assume this feature
>> is perfectly possible and simply hasn't dropped yet, Cisco haven't
>> confirmed or denided that for me yet though.
>>
>> The best you can do is apply ACLs to the line card to check if a
>> packet that matches the ACL is either ingressing or egressing the PHY
>> or NP or FIA you assign the ACL to. This basically:
>> https://supportforums.cisco.com/document/122386/asr9000xr-how-capture-dropped-or-lost-packets
>>
>> Note before: that is a service affecting operation.
>>
>> You can run SPANs in IOS-XR if you have somewhere to SPAN a port to.
>>
>> Also you can use the interface "monitor" command, "monitor interface
>> xxx" which isn't great but sometimes anything is better than nothing.
>>
>> Cheers,
>> James,


Is it ever too late to revive a thread?

Marty (and anyone else interested) there is packet capturing features
inside the NP added in IOS-XR 5.3.3. It works for pretty much all
inbound packet drops but only some outbound packet drops.

This are some example notes I made;
https://null.53bits.co.uk/index.php?page=asr9000-np-packet-capture

Cheers,
James.

Re: [uknof] IX Cardiff call for CDN's

[James Bensley]

On 17 August 2016 at 10:09, Paul Webb  wrote:
> The IX Cardiff steering Group is interested in attracting CDN providers with 
> an offer of free hosting space and connectivity to the Cardiff IX.

Hi Paul,

Are you only offering free hosting space for CDN providers?

Kind regards,
James.

Re: [uknof] UKNOF mailing list migration

[James Bensley]

Thanks to everyone at LONAP for your efforst so far and to everyone
who his going to be carrying the torch moving forward.


Cheers,
James.

Re: [uknof] Virgin Ethernet Extension

[James Bensley]

Bit late to this thread.

Further to Charlie's input, if you take an NE/NE+ service request and
end-to-end MTU check beforehand if you need >1600 MTU. We've had
issues were a NE+ circuit for which the NTE supports an MTU up to 2032
won't go above something smaller (exact value escapes me right now) -
one of the MetNets it passes through is old with a low MTU.

We've also had NE+ circuits where we have asked if we can raise the
MTU to support jumbo frames, but we couldn't go above 4470 because
there are SDH/SONET MetNets in the middle, but this has been possible
on other circuits.

Also don't forget their SLAs are pants, 30ms or something. We've have
multiple VM NNI's and we've had issues where the PoP that feeds that
PoP that our NNI is on, has been congested so our NNI is affected
(packet loss across all VNO circuits there), increasing the latency on
them all from circa 10ms to just under 30ms so its still within SLA
but inter site delay is nearly 60ms for two sites on the same NNI
(which is no better than ADSL), and VM they have been very slow to
recover it.

Also most NE/NE+ circuits are pseudowires across their core. I think
the control-word is disabled by default. We have had several instances
where we have requested they enabled the pseudowire control-word for
that circuit and the issues have been reduced (like out of order
packets or jitter). Might be worth ordering all circuits with the
control-word enabled by default.


Cheers,
James.

Re: [uknof] Multi-tenant PBX Solution

[James Bensley]

I've had good success at a former job with
https://integrics.com/enswitch/ which is a multi-tenant PBX.

Its Asterix under the hood for call routing with their custom
application over the top for all the jazzy features. So its Asterix +
MySQL (you can use MariaDB) + Apache so you can virtuaise it and scale
it.

So you can pay for support but still extend Asterix as you please. We
built a custom hand set provisioning tool, added custom call features
directly in Asterix etc.


Cheers,
James.

Re: [uknof] BT Outage?

[James Bensley]

On 28 July 2016 at 06:40, Neil J. McRae  wrote:
>
> On 24 Jul 2016, at 17:48, Paul Webb 
> wrote:
>
> Well we’ve just moved all our lines to TTB from BT WBMC (mostly for better
> FTTC performance) and our main POP is THN….but not a blip last week,
> everything was fine …thank goodness we moved from BTW J
>
>  I think that's the funniest thing I've ever read!

Moving all your ADSL lines from the biggest wholesale LLU provider in
the UK to probably the second biggest. We thought about it for about 5
minutes because TalkTalk are offering significant cost savings, but
really, you moved all your eggs which were in one basket, to a new
single basket. You don't think it best to split across the two
instead?  ¯\_(ツ)_/¯


James.

Re: [uknof] ISPs in Spring Park, Corsham.

[James Bensley]

As per peeringdb, we (Updata) can provide this.

Will respond off-list.

James.

Re: [uknof] BT Outage?

[James Bensley]

On 21 July 2016 at 09:37, Mark Tinka  wrote:
> We are in Telehouse North on the 5th floor, and so far, not facing any
> issues...
>
> Mark.

We are in

TFM 17, 4th Floor
Star Suite, 3rd Floor
TFM 10, 3rd Floor
TFM 23, 2nd Floor
And somewhere else I have forgotten...

We have no power issues in any of these suits.

We are a WBMC customer, no issues today or yesterday, however we are
having issues with our IPX links with BT this morning.

Cheers,
James.

[uknof] UK Referendum Stats

[James Bensley]

Hi All,

I'm wondering if anyone had any interesting data to share from a networking
perspective around the referendum.

Just some ideas (most eyeball networks like us are only graphing traffic
volume);

- Did you see an increased/decreased level to/from social media sites over
your peering and transit pipes compared to the previous Thursdays?

- Did you see any change in evels over these days following the referendum
to social media sites compared to previous weeks (that doesn't look Euro
championship related) ?

- Did you see an increased level of traffic to/from news sites on the day,
over the following days?

If you're tracking DNS hits HTTP/S etc, see all questions above but for
number of hits/lookups instead of traffic volumes.

It would be interesting if someone could present a talk on any interesting
stats related to the referendum from the networking world, I hope that some
of the key players involed in delivering the Euros will be when it's over
(broadcasters, CDNs, carriers, social networking providers etc). It could
make for an interesting lightening talk.

We haven't seen anything notable in our traffic levels (which I think
mostly relates to our customer demographic, most public sector so mostly
only working during the day and the majority of the offices are empty at
the weekends).

Kind regards,
James.

[uknof] NETCONF/Yang/OpenConfig

[James Bensley]

Hi All,

Having spent some time at $dayjob trying to get the automation wheel
rolling (nearly 2 years now) and still getting nowhere I think it’s
time to move on (there is a shed load of other reasons too of course).
NETCONF/Yang/OpenConfig are the bread and butter of the future in my
opinion, I also believe that all engineers should be able to program
to some basic extent (I know, I’m like an evil dictator right?). So
with that in mind I am trying to find a new company to have me but one
that also has an interest in these technologies and shares my
ideologies about the service abstraction, data models and automation
who needs a new network engineer with some programming skills (to live
out my dream of near total network automation).

I’m not a fan of buzzwords but I think the rising “NetDevOps” phrase
describes the position I am looking for best, however it’s proving
very difficult to find openings. I only know of a handful of networks
that have openly expressed their interest in prioritising the same
ideas as me and not many of them have openings.

So my question to the list is, who else shares these ideas and has
open positions (or, who do you know of)?

Cheers,
James.

Re: [uknof] Bogon ASN Filter Policy

[James Bensley]

On 3 June 2016 at 13:41, Job Snijders  wrote:
> On Fri, Jun 03, 2016 at 12:27:29PM +0100, Tom Bird wrote:
>> On 03/06/16 10:26, Job Snijders wrote:
>> > Here are JunOS, IOS XR & BIRD examples:
>> >
>> > http://as2914.net/bogon_asns/configuration_examples.txt
>> >
>> > With your permission I'd like to add the IOS flavor
>>
>> Did we not establish some time ago that running these crazy regexes on
>> a full table was a really bad idea, particularly on CPU constrained
>> old IOS boxes?
>
> I've added a warning that the IOS snippet might not be suitable for
> all gear.

We have it running on 7600s with RSP-720-3CXLs and it's working fine.
It takes 5 minutes to process a full feed without this config, if it
takes an extra minute or two I don't care. Last time I reported one of
those 7600s a couple of months ago with a transit feed on it, I didn't
observe any noticeable delay beyond in the normal delay, in the
transit feed stabilising.


Cheers,
James.

Re: [uknof] Bogon ASN Filter Policy

[James Bensley]

On 3 June 2016 at 10:26, Job Snijders <j...@ntt.net> wrote:
> On Fri, Jun 03, 2016 at 10:12:42AM +0100, James Bensley wrote:
>> It's good to see the larger carriers doing this,
>
> GTT also committed
> http://mailman.nanog.org/pipermail/nanog/2016-June/086081.html

Even better! Just need to ensure everyone is applying prefix filters
too. Still seeing RFC1918 leakages from time to time.

> Here are JunOS, IOS XR & BIRD examples:
>
> http://as2914.net/bogon_asns/configuration_examples.txt

Many thanks! :)

Just an FYI with "passes-through" on IOS-XR support for "0" as a value
was |deprecated | doesn't work anymore | was "Cisco'ed" ] ...

as-path-set BOGONS-ASNs
  #rfc7607
  ios-regex '_0_',
  #2 to 4 byte ASN migrations
  passes-through '23456',
  #rfc5398
  passes-through '[64496..64511]',
  passes-through '[65536..65551]',
  #rfc6996
  passes-through '[64512..65534]',
  passes-through '[42..4294967294]',
  #rfc7300
  passes-through '65535',
  passes-through '4294967295',
  #IANA reserved
  passes-through '[65552..131071]'
end-set


> With your permission I'd like to add the IOS flavor

Yea sure, help your self.


Cheers,
James.

Re: [uknof] Bogon ASN Filter Policy

[James Bensley]

On 2 June 2016 at 20:56, Job Snijders  wrote:
> Dear fellow network operators,
>
> In July 2016, NTT Communications' Global IP Network AS2914 will deploy a
> new routing policy to block Bogon ASNs from its view of the default-free
> zone. This notification is provided as a courtesy to the network
> community at large.
>
> After the Bogon ASN filter policy has been deployed, AS 2914 will not
> accept route announcements from any eBGP neighbor which contains a Bogon
> ASN anywhere in the AS_PATH or its atomic aggregate attribute.
>
> The reasoning behind this policy is twofold:
>
> - Private or Reserved ASNs have no place in the public DFZ. Barring
>   these from the DFZ helps improve accountability and dampen
>   accidental exposure of internal routing artifacts.
>
> - All AS2914 devices support 4-byte ASNs. Any occurrence of "23456"
>   in the DFZ is a either a misconfiguration or software issue.
>
> We are undertaking this effort to improve the quality of routing data as
> part of the global ecosystem. This should improve the security posture
> and provide additional certainty [1] to those undertaking network
> troubleshooting.
>
> Bogon ASNs are currently defined as following:
>
> 0   # Reserved RFC7607
> 23456   # AS_TRANS RFC6793
> 64496-64511 # Reserved for use in docs and code RFC5398
> 64512-65534 # Reserved for Private Use RFC6996
> 65535   # Reserved RFC7300
> 65536-65551 # Reserved for use in docs and code RFC5398
> 65552-131071# Reserved
> 42-4294967294   # Reserved for Private Use RFC6996
> 4294967295  # Reserved RFC7300
>
> A current overview of what are considered Bogon ASNs is maintained at
> NTT's Routing Policies page [2]. The IANA Autonomous System Number
> Registry [3] is closely tracked and the NTT Bogon ASN definitions are
> updated accordingly.
>
> We encourage network operators to consider deploying similar policies.
> Configuration examples for various platforms can be found here [4].
>
> NTT staff is monitoring current occurrences of Bogon ASNs in the routing
> system and reaching out to impacted parties on a weekly basis.
>
> Kind regards,
>
> Job
>
> Contact persons:
>
> Job Snijders , Jared Mauch ,
> NTT Communications NOC 
>
> References:
> [1]: https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00
> [2]: http://www.us.ntt.net/support/policy/routing.cfm#bogon
> [3]: https://www.iana.org/assignments/as-numbers/as-numbers.xhtml
> [4]: http://as2914.net/bogon_asns/configuration_examples.txt


Hi Job,

Good effort from NTT. I work for an access provider and we have rolled
out the same policy already. There are definately valid arguments
against this (I think) however I think the arguments for this approach
outweigh them.

It's good to see the larger carriers doing this, at $dayjob we have
often see bogons IP prefixes coming from the larger carries (they
aren't filtering their customer announcements) and the same goes for
not dropping private ASNs in the path on prefixes receiveed from their
customer announcements.

This is the config we have used on IOS boxes;
https://null.53bits.co.uk/index.php?page=asn-filtering

I will fish out an IOS-XR config we have used too if anyone is
interested in doing the same.

Has anyone got a Junos config snippet they can share to do the same?
If not I can splurge it out in the lab but I'm feeling Friday lazy.

Cheers,
James.

Re: [uknof] IPv6 usage explosion

[James Bensley]

On 23 May 2016 at 11:14, Paul Mansfield <paul+uk...@mansfield.co.uk> wrote:
> On 23 May 2016 at 09:59, James Bensley <jwbens...@gmail.com> wrote:
>> as IPv4. On lots of our Cisco edge devices there are bugs present that
>> relate to IPv6 traffic processing problems, or just the fact that IPv6
>> is enabled. The Junos kit is more mature and seems pretty bug free. In
>
>
> we need early adopters to find the bugs. If people wait until v6 is
> really mature and solid, they'll be lagging in the skills and
> experience to successfully roll it out.
> now is a good time for ISPs to be rolling it out at least in trials,
> to test their equipment and train their own staff, whilst the
> customers adopting it tend to be the clueful ones who are aware it's
> imperfect and so likely to be a little more helpful and forgiving.

I definitely agree with you there. However with all these problems it
makes it difficult to make progress. I've had internal discussions
about pushing out IPv6 internally everywhere to save on v4, however I
get met with mostly resistance. $dayjob is more of a "managed service
provider" than a more traditional telco/ISP, which basically means "we
only do what's good for revenue, based on what customers say" - and of
corse a tiny fraction of customers jump up and say "I demand IPv6".

Lots of technical hurdles like buggy routers/switches/firewalls, buggy
applications or applications that simply don't support IPv6 or have
some IPv4 hard coded parts etc, that all adds up to management saying
"you see, it will take too much time/money/whatever, get back to
writing that report on how many reports you've been writing."

I wonder if there is scope at a UKNOF for someone to give an IPv6
story but from the other end of the spectrum. We've had some great
"We're rolling it out, this is how far we have got and how long to
finish" and also some "We rolled it out and this is how we did it" - I
wonder if anyone wants to give a talk on the business side of things,
how did they make it appeal to upper management, how did they get
their customers on board, how did they get their internal engineers on
board (I encounter no shortage of enigneering colleagues that don't
care / don't think its time yet), how did you sell it to customers
commercially?


Cheers,
James.

Re: [uknof] IPv6 usage explosion

[James Bensley]

> On 20 May 2016, at 10:16, Tim Chown  wrote:
>
>>> On 19 May 2016, at 21:57, Neil J. McRae  wrote:
>>>
>>> Sky have done - we should have launched also but we (BT) hit a minor bug 
>>> but we want to patch it before we turn it on but the work is done and we 
>>> have a pile of customer using it.
>>>
>>> the stability of most V6 implementations still leaves a hell of a lot to be 
>>> desired.
>>
>> In what area? OSes, applications, CPEs? Can you give specific examples?
>>
>> Tim


On 20 May 2016 at 14:50, Neil J. McRae  wrote:
> I am talking home equipment but even in edge my view is that it's not at the 
> same level as it will need to be.
>
> Neil
>
> Sent from my iPhone


Certainly for u IPv6 in the edge is not at the same level of maturity
as IPv4. On lots of our Cisco edge devices there are bugs present that
relate to IPv6 traffic processing problems, or just the fact that IPv6
is enabled. The Junos kit is more mature and seems pretty bug free. In
either case these are "vendor" specific problems in some sense,
however they are two massive vendors that many ISPs all over the world
will be using so it's fair to say that on some global level, IPv6 is
not the same at the service provider edge as it is for IPv4 for
stability, security, reliability etc (Cisco in particular, bug
central).

Cheers,
James.

Re: [uknof] Strange DSL problem, anyone using this combination?

[James Bensley]

On 30 March 2016 at 12:46, David Derrick  wrote:
> I'm a bit stumped here, wondering if anyone else has seen this or is using
> the same kit with no issues. Even better if you happen to be one of our
> resellers.
>
> Zyxel SBG3300-N router
> 21CN lines (ADSL or FTTC with or without OR modem) but not all lines
> Juniper MX480 LNS
>
> Symptoms are high packet loss and frequent disconnects but only on some
> lines.
> Swap the Zyxel for a Cisco, problem goes away.
> Take the Zyxel to a different line, problem goes away. (This may be true
> with two lines into the same building via the same exchange.)
> Different Zyxel (same model) from a working line to the problem line,
> problem persists.
> Terminate the user on one of our Cisco LNSs but same router and line,
> problem goes away.
>
> This problem first appeared at the start of the year, went away for a while,
> and has now returned. Most of this customer's lines are in Scotland. Problem
> exists with current and previous versions of the Zyxel firmware.
>
> Does anyone have any ideas? We're trying to get BT to look for commonalities
> between affected lines but haven't had an answer yet.



On 31 March 2016 at 11:02, David Derrick  wrote:
> I probably wasn't clear enough that the copper lines have been checked and
> are fine. That was one of the first things investigated and we've had
> Openreach guys out to look at several of them. The fact that this problem
> exists both with the OR modem and with the Zyxel's built in modem suggests
> to me it isn't line related but there is some sort of strange interaction
> from Zyxel->DSLAM->BT->Entanet->customer.



It sounds like something at the PPP layer (or above) since it only
happens with certain modem/LNS combinations.

Strange you should say it's in Scotland, as per David's comments are
you running MLPPP? I've had some issues with MLPPP over 21CN of late
and the only comonality I've found so far is that the affected lines
are to the same handful of BT BRAS nodes in Scotland.

Have you been able to run  a packet capture near your LNS and and
analyse then when there are issues?

Cheers,
James.

[uknof] SunGard On List?

[James Bensley]

Hi All,

Any SunGard on list?

Having a path issue from multiple ISPs in the UK.

Cheers,
James.

Re: [uknof] 1G/10G Layer2/Layer3 Testers - Fluke, JDSU, Exfo?

[James Bensley]

On 16 January 2016 at 12:47, Neil J. McRae  wrote:
> With Windows I can - just too few people know how to optimise platforms these 
> days (very sad).
>
> Not tried this for a while but when win2012 came out if you tuned Windows 
> (and you tuned Linux) especially on message size at higher bandwidths you'll 
> see Linux has almost no performance advantage over Windows at all - they are 
> neck and neck - Pretty sure drivers are to blame for poor Windows performance 
> at lower bandwidths as I think the kernels are as good as each other- must 
> try and convince a vendor to give me the driver code to see what could be 
> done. (Oh and I'm no fan of either operating systems just to be clear :)
>

A very delaid response from me...

I mostly agree, I have seen presentations by some of the NT Kernel
devlopers and the kernel its self is very good in Windows, its all the
other clutter on top (which is also true to Linux, just to to the same
extent). The joy of Linux though is that people are releasing
user-land software that can disconnect the NIC driver from the Kernal
and connect it to the user-land process.

The NetMap framework will allow a 1.7 GHz chip to push 10Gbps.

These are benchmart for 40Gbps NICs on servers using both NetMap and
DPDK, the links are being saturated with CPU cycles to spare:
NetMap: 
http://www.chelsio.com/wp-content/uploads/resources/T5-40Gb-FreeBSD-Netmap.pdf
DPDK: http://www.chelsio.com/wp-content/uploads/resources/T5-40Gb-Linux-DPDK.pdf

James.

Re: [uknof] Finding out if a realm is registered

[James Bensley]

On 23 January 2016 at 12:27, Paul Thornton <p...@prt.org> wrote:
> Hi
>
> On 22/01/2016 21:18, James Bensley wrote:
>>
>> It kind of depends on what you are seeing;
>>
>> On the CPE are you seeing the line in sync? Assuming you are, are you
>> seeing authentication requests from the BRAS node? Again I assume yes.
>
>
> Line in sync, no PPP.  No auth requests at all seen at our end.
>
>> ...
>
>
>> If your provider is not BT for example, and say a VAR or reseller of
>> BT for example, it's possible BT haven't added your realm to the line
>> because your reseller hasn't asked them to, or they have asked them to
>> and so BT haven't done it, or your realm is on that line and the
>> reseller isn't forwarding the realm correctly to you, and so on and so
>> forth. In this case it’s another layer of complexity/faults.
>
>
> This is what we have.  Something is probably breaking in that layer - but we
> don't know what.
>
> I was hoping to be able to verify this ourselves, so the support ticket
> could say "We have sync but no auth.  We've checked and the realm foo.co.uk
> isn't going to you, which is why we can't authenticate" rather than just
> saying "We have sync but no auth".


In the case described above then your PSTN line is plumbed into a
DSLAM/MSAN if it is in sycn but it sounds like it hasn't been
provisioned correctly by BT Wholesale. If your CPE is sending out PPP
discovery packets (be it PPPoA or PPPoE) and getting no response, and
not receiving any incomming PPP packets, something is wrong in BT
land. Your VAR/Wholesaler needs to speak with BT Wholesale support,
your CPE should be asked to authenticate after LCP sends out a CONFREQ
packet and this is picked up by the BRAS.

James.

Re: [uknof] Finding out if a realm is registered

[James Bensley]

It kind of depends on what you are seeing;

On the CPE are you seeing the line in sync? Assuming you are, are you
seeing authentication requests from the BRAS node? Again I assume yes.

If the CPE login attempt gets rejected and you're certain the login
details are correct and you're not seeing their RADIUS servers
querying yours to check the credentials then they have either
provisioned the line with the wrong realm in the case its a 20CN line
or if its a 21CN line the line might not be forwarded to your
host-links (if its a 20CN line, they are typically locked to a
specific realm specified during the provisioning process, and can
support up to 5 realms per line, you can place a modify-order for free
to add realms to the line, they usually happy the overnight within 24
hours, if its a 21CN line they are usually locked to the provider and
accept any realm the CP has registered with BT, in this case you need
to check you have registered the realm with BT). In either case you
need to ensure you are advertising your RADIUS IPs etc and have
configured their RADIUS servers as clients of yours although it sounds
like you've done that.

If your provider is not BT for example, and say a VAR or reseller of
BT for example, it's possible BT haven't added your realm to the line
because your reseller hasn't asked them to, or they have asked them to
and so BT haven't done it, or your realm is on that line and the
reseller isn't forwarding the realm correctly to you, and so on and so
forth. In this case it’s another layer of complexity/faults.

If you are taking tunnels from an LLU provider like TalkTalk for
example most of the shame shiz applies.

In order to check what realms you have provisioned with that ADSL
circuit provider, be it BT, TalkTalk or a reseller (having worked with
all combinations) - BT and TalkTalk only provide a list of realms via
email (unless TalkTalk  have updated their portal from the 90’s, BT
don’t really even have a “portal”, naturally). I've only seen
resellers allowing you to see your domains registered with them in
realm time via a portal - but that isn't showing you necessarily that
the reseller has provisioned the realm with their LLU supplier.


James.

Re: [uknof] 1G/10G Layer2/Layer3 Testers - Fluke, JDSU, Exfo?

[James Bensley]

I had a similar requirement to you Charlie and tried to tackle it with
a similar solution to yours Tom;

I wanted to have all field engineers equiped with 1G testers to test
every circuit as it is deployed (10G is less common for the average
day to day office install so 10G for every field engineer wasn't a
requirement but to have some sort of shared 10G tester(s) would be
enough). Although there was no budget for this idea so I rolled me
own; https://github.com/jwbensley/Etherate

Etherate is a simple Linux CLI layer 2 testing tool that we can run in
a central PoP and trunk circuits to that Pop (or pseudowire them
across) for testing if there isn't an Etherate host in the required
PoP.

I'm a bit behind with the GitHub pushes, I have another version that’s
nearly ready to go which adds in some MPLS features for testing
pseudowires and label stacks etc. Once I've got that update pushed up
I will focus on performance. In the lab at $dayjob we have boxes with
10G NICs and 8 core 2.4Ghz chips, Etherate is single threaded and the
TX side can push 10G no problems however the RX side is only
sustaining 9Gbps (since Ethernet is connectionless its dropping about
1Gbps of traffic because the RX loop can't check the incoming traffic
fast enough, so after I've got these basic MPLS features in I will
focus on performance). 1Gbps is no problem, my off-the-shelf laptop
with built in copper 1Gbps Ethernet NIC can saturate a 1Gbps link
using about 45-50% CPU usage.

You can use something like iPerf for testing at Layer3/4 if the tail
circuit is passing through NAT or over an IP subnet boundary (e.g the
CPE does NAT), so iPerf back to a central iPerf server directly over
the circuit and through the CPE (to check it can NAT as fast as is
required). Or if you have time, this is much faster and better (IMO):
https://github.com/Pktgen/Pktgen-DPDK/

If you do have a play with Etherate please let me know any feedback
you have, I'm always keen to receive more.

Cheers,
James.

Re: [uknof] JANET DoS

[James Bensley]

Hi All,

Did anyone get any info they can share (off list if preferred) about
yesterdays attack, we had many JANET services affected.

Also any UK (London specifically) Level3 cusotmers here that had any
issues yesterday? During the JANET DDoS attackes we had some weird
perfrormance issues on our L3 link, its a far flung guess but I
wondered if L3 were carrying a good portion of that DDoS traffic, and
"near" our peering with them.

Only on our L3 feed we saw packet loss peaking between 09:00 and 11:00
yesterday but more weirdly though we had a much higher than usual
number of BGP updates from L3. Between 09:00 and 11:00 we received
about 10886 updates, from TaTa and Cogent for the same time period
respectively 3076 and 5171. Also when I looked about 18:00 yesterday
10% of the full table routes received from L3 had an age of less than
1 day, so 10% of the global table has flapped via Level3 for us. I
also saw something similar on RIPE BGPplay, they saw a spike in
updates from Level3 at 09:20 to be exact (we don't have such presice
measurements internally).

Its all a bit wooly to pull anything together from than but it seems
like "something" was up and it was worst around the time Janet were
being DDoSed.

Cheers,
James.

Re: [uknof] JANET DoS

[James Bensley]

On 9 December 2015 at 15:15, Pollard, Matt  wrote:
> Hi James,
>
> Did someone get back to you or have you now read the official JANET email 
> that was circulated (Not sure if you are actually part of the network or not?)

Yes, thank your. I got various off-list replies the some offical word
out of Janet.

Level3 have given us some minor info as they were involved on the DDoS
attack migitations with Janet, but as usual they are providing little
value post-incident.

Cheers,
James.

Re: [uknof] JANET DoS

[James Bensley]

Our various Janet peerigns seem foked.

Our level3 feed is also being affected, is the DDoS is coming in via
Level3 to Janet maybe?

Level3 haven't told us whats up yet which is pretty much classic
Level3. Anyone else know?

Cheers,
James.

Re: [uknof] AS Path Filters and Regex

[James Bensley]

On 31 Oct 2015 13:17, "Neil J. McRae"  wrote:
>
> +1 - you can filter ASes but someone can still send a crazy as path with
valid ASes and cause you chaos.
>
> Neil.
>
> Sent from my iPad

Are you suggesting that people shouldn't filter as-paths? Presumably you
wouldn't be that stupid so I'll assume not, so yes whilst people can still
send funky AS paths the same is true for any BGP attribute, all I need is
to receive a value out of range for the code I'm running and/or receive a
malford NLRI to trigger a router OS bug and, pop!

Surely at least trying to protect your own network is better than not
trying given how easy it is to implement AS paths filters?

James.

Re: [uknof] Trimming the Routing Table

[James Bensley]

If you have a tiny budget and your topology and upstream providers allow
it, land the transit BGP sessions on some virtual route reflectors, use
multi hop eBGP for example or use a /29 on the peering link so the RRs
don't need to sit in the data path.

Then you don't needy some fancy OpenStack cluster with IOS-XRv/CSRv/vMX
etc, just a couple of spare servers you've got lying around with KVM and
quagga/bird will do if you just want to hold more routes.

Cheers,
James.

Re: [uknof] AS Path Filters and Regex

[James Bensley]

On 30 Oct 2015 17:31, "Job Snijders" <j...@instituut.net> wrote:
>
> On Fri, Oct 30, 2015 at 05:27:22PM +, Nick Hilliard wrote:
> > On 30/10/2015 16:57, James Bensley wrote:
> > > What do others have, what have I missed?
> >
> > the asn32 filter can be written as "_42_", or perhaps
"_42[0-9]{8}_"
> >
> > TBH, I'd question the value of filtering weird asns.  What matters is
> > filtering out weird prefixes.  If you filter out weird ASNs, all you're
> > doing is chewing up the CPU on your RP.
>
> My take: private ASNs have no place in the DFZ, I consider it healthy to
> ignore any and all prefixes which have a private ASN anywhere in the
> AS_PATH.

Agreed, my exact thoughts.

> I'd also drop anything that has _23456_ in the AS_PATH if you know all
> your equipment supports 4-byte ASNs
>
> Kind regards,
>
> Job

Ah yes I'd forgotten that, well remembered, thanks!

Cheers,
James.