[uknof] ThreeUK
--- Begin Message --- Anyone from ThreeUK on the list who can help with a peering query? If yes, please can you contact me off list? Cheers, James. --- End Message ---
Re: [uknof] Strange DKIM Failures via UKNOF
--- Begin Message --- This issue affects me too, ever since I moved away from Gmail, my new provider (protonmail) seems more strict so I'm also getting mangled emails from UKNOF. I'm on loads of mailman mailing lists and since switching email providers, I only have a problem with UKNOF. If anyone knows which mailman setting needs tweaking, I'd love to know. We could then ask the hosting provider to tweak said setting. Cheers, James.--- End Message ---
Re: [uknof] Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)
--- Begin Message --- On Monday, November 27th, 2023 at 05:03, Christopher Hawker wrote: > Hello everyone, > > Aftab Siddiqui is currently exploring the possibility of using Route Object > Authorisations (ROAs) as a potential replacement to LOAs. Hi Christopher, This survey was sent to the NANOG list and there someone responded saying that they have been in the service provider world for 10 years and only had to send a LoA once, with regards to authorisation for IP announcements. I have been working in the SP world for 15-ish years and I have worked with all Tier 1's at different points, and I have never had to send a LoA. My only experiences with LoA's is for DC cross-connects (in this context I have sent and received many). So the survey seems flawed in that the first question should be something like "do you send and accept LoA's regarding prefix announcements" because, the survey is based on the assumption that everyone is using LoAs for this, I think this initial assumption needs clarifying. Cheers, James.--- End Message ---
[uknof] *-in-IPv6 vs SR MPLS
--- Begin Message --- Hi all, I wonder if anyone has recently compared *-in-IPv6 against SR MPLS, for new service provider network deployments (where you have the typically requirements of L2 MPLS VPNs, L3 MPLS VPNs, some sort of label distribution method in the underlay, and a BGP free core). There are a few problems with MPLS, and rather than trying to fix MPLS, removing MPLS could be nicer, and I think IPv6/4/Ethernet-in-IPv6 maybe achieves that. The problems I have with MPLS are: * Label space is limited to ~1M labels/20 bits -> IPv6 has ~128bits of space * MPLS only has 3 bits for EXP -> IPv6 means no changes or "mapping" required from DSCP to EXP and back to DSCP * MPLS has no payload protocol ID field -> IPv6 has a next header field, which removes the need for PW CW and the broken load-balancing we see today * MPLS required an entropy label + ELI, or FAT label for better load-balancing -> multiple IPv6 addresses can be assigned to the same FEC to improve load balancing Has anyone here seriously looked into *-in-IPv6 instead of rolling out SR MPLS, if yes, what did you find? (Note: I discount SRv6 because that is very different to *-in-IPv6 and, it just introduces a whole new bunch of problems). Cheers, James. --- End Message ---
Re: [uknof] Network Design Advice
--- Begin Message --- --- Original Message --- On Monday, October 2nd, 2023 at 14:26, Michael Sims via uknof wrote: Hey Mick, > I am new to network design, I have mainly come from an operational > background. Honestly I’m struggling to wrap my head around all the parts you > need to consider in all designs. I feel I’m back to square one and need > mentoring. How did you all get confident with the designing role overall? This is such a huge topic I’m not sure how to address it in an email but, here are some starting points... Firstly I tried to get a good understanding of the technology I was using: 1. I spent a lot of time in the lab (still do) really getting to know whatever technology I would have to work with. By “lab” I mean that sometimes I’m working at a company with a lab I can freely test stuff with, sometimes I’m working somewhere with no lab and have to “test in production”, sometimes I’m able to test on my home lab (which these days can just mean some virtual machines or containers on my laptop, gone are the days of physical home labs). 2. It meant (still does) reading the RFCs to understand how the technology is supposed to work. When I started out I found them intimidating but, you quickly got used to them, and now they are usually the first place I look. 3. It also meant (still does) reading the vendor documentation in great detail (because, they don’t always follow the RFCs, and because, RFCs are the theory but, vendor docs are how you implement it). The first time I had to set up some L2TP tunnels and terminate some ADSL subscribers on a Cisco 7200 during a maintenance window, I feel asleep several nights in a row in the run-up, with my laptop balanced on my chest, reading the Cisco documentation in bed until my brain couldn't take any more. Having said all that, you can never know everything about a specific technology, you just need to get to a point where you feel you know what is needed to make something work, and that you can recognise when something probably isn’t going to work. Then you can flag it with your vendor, or during lab testing, and make it clear to all that need to know, this needs further clarifying. Secondly, you need to gather the requirements for whatever you have to design. Requirements gathering and confirming is a key step; kick out much as you can to simplify the design (simplicity scales better, is easier to deploy, easier to support, easier to upgrade/migrate/decommission, etc). This also helps to meet your probably unrealistic due date and/or financial target. Whatever requirements you’re left with, apply your technical know-how to come up with a design that meets those requirements. Many customers and sales people like to overestimate what’s “needed”, and by when. You can usually either remove requirements entirely or stagger them, so that your initial design doesn’t need to be so burdening. Thirdly, use every resource that is available to you; ask your vendor if your idea will work, ask your vendor if they have case studies from customers who have done something similar, ask your steak-holders (the support teams, deployment teams, your customer), try to test it in the lab, ask if others have done this before, if anyone sees any problems. Don’t think of design work as “I need to produce a perfect design, on my own”. No one person can know everything or foresee everything. I think of it as some sort of technical project manager type role (even though I’m the one configuring and deploying the devices), I try to get eyes from all the steak-holders/customers/vendors on the design, to find faults, and then address them together. So eventually I bring to the table this mature design but, it took input from many to get there (and I usually write that in there somewhere too, that the on-call engineers/the NOC/the field engineers/the vendor/the customer, have all seen and approved this design). > And any suggestions for home revision? If you work somewhere with existing designs for other “stuff”, start by reading those. At every company I have ever worked at, I have spent a non-trivial amount of time reading through the designs of stuff I’m not working on, to get an idea of how other networks work, to expand my horizons, to see if there is anything I can re-use in my own work. I also contact those people to hear their thoughts. Also, do some Googling, you can find network designs freely available for download on the Internet. Also search for content related to the Cisco CCDE course, people publish their practice designs. You also don’t need to see “full designs” (whatever that means), if you’re working with technology X but, you don’t understand it, I’ve found some great blog posts over the years that helped me to understand it better than the RFCs or vendor docs. They blog post might be based on someone's real life experiences which means they open your eyes to issues you wouldn’t have
Re: [uknof] Volunteering for the UKNOF PC
--- Begin Message --- Hello everyone, just a reminder that applications for joining the UKNOF PC are open as per the below email, and that we will stop accepting applications at the end of this calendar month. If you have any questions, please let me know. Thank you, James. --- Original Message --- On Sunday, April 23rd, 2023 at 12:19, James Bensley wrote: > > > Hello all, > > For anyone who was not present at UKNOF51 in Manchester recently, we thanked > several volunteers who had stepped down from various UK roles and announced > that we are looking to fill some vacancies recently created. We are now > actively seeking new PC volunteers. > > Who? > Anyone can join the UKNOF PC. If you can spare a few hours a month and are > passionate about the UK networking community, you are probably a benefit to > UKNOF. > > What? > The UKNOF PC are responsible for the content of UKNOF events. This > encompasses everything from soliciting for talks, to reviewing abstracts, > providing editorial feedback on draft presentations, compiling the agenda, > incorporating survey feedback, suggesting new sources of content, and > whatever else you want to do add. > > The average commitment per PC member is about 3 hours per month. In the lead > up to an event a few extra hours may be needed for last minute actions. We > understand that PC members are volunteers and have demanding lives of their > own and we don’t expect them to always be available. > > When? > We are looking for volunteers to start immediately. These are currently > indefinite volunteering positions, but we have recently introduced a charter > for the PC (here: https://www.uknof.org.uk/about-us/programme-committee/) > which we will enact soon, limiting terms to ensure a balance between > stability whilst also periodically shaking up the status quo. > > Where? > UKNOF events take place approximately 2-3 times per year. There is no > expectation that every PC member will be at all events. We need some members > to help in person on the day of a UKNOF event. So we need volunteers who are > willing and able to attend some of the events. > > Why? > The UK has a fantastic networking community, which UKNOF is a part of. > Volunteering for UKNOF is a way to contribute to UKNOF itself, to contribute > to the UK community, learn a few new skills, and get a chance to expand your > professional network. > > How? > Please send an email to p...@uknof.org.uk and write a few words about how you > think you could help, or any ideas you have, or changes you’d like to make. > If we send you some follow-up questions this is for us to understand better > how you would fit into the team. It will not be a competition. We do not > require any personal information about you. There are many types of diversity > so we want to ensure that we choose a range of candidates, who will provide a > mixture of professional backgrounds, industry opinions, alternative ideas, > and not develop a fossilising monoculture. > > The candidates will be presented to the PC and we will review them all. Then > a shortlist will be made and presented to the board for final approval. > > Further info: > I am the current PC chair. You can email me if you have questions about any > aspect of UKNOF, not just volunteering for the PC. We also have current and > former PC members with whom I can connect you, if you want to hear their > experiences from being on the PC. > > OK, I’ve said enough, over to you... > > Kind regards, > James Bensley. --- End Message ---
[uknof] Volunteering for the UKNOF PC
--- Begin Message --- Hello all, For anyone who was not present at UKNOF51 in Manchester recently, we thanked several volunteers who had stepped down from various UK roles and announced that we are looking to fill some vacancies recently created. We are now actively seeking new PC volunteers. Who? Anyone can join the UKNOF PC. If you can spare a few hours a month and are passionate about the UK networking community, you are probably a benefit to UKNOF. What? The UKNOF PC are responsible for the content of UKNOF events. This encompasses everything from soliciting for talks, to reviewing abstracts, providing editorial feedback on draft presentations, compiling the agenda, incorporating survey feedback, suggesting new sources of content, and whatever else you want to do add. The average commitment per PC member is about 3 hours per month. In the lead up to an event a few extra hours may be needed for last minute actions. We understand that PC members are volunteers and have demanding lives of their own and we don’t expect them to always be available. When? We are looking for volunteers to start immediately. These are currently indefinite volunteering positions, but we have recently introduced a charter for the PC (here: https://www.uknof.org.uk/about-us/programme-committee/) which we will enact soon, limiting terms to ensure a balance between stability whilst also periodically shaking up the status quo. Where? UKNOF events take place approximately 2-3 times per year. There is no expectation that every PC member will be at all events. We need some members to help in person on the day of a UKNOF event. So we need volunteers who are willing and able to attend some of the events. Why? The UK has a fantastic networking community, which UKNOF is a part of. Volunteering for UKNOF is a way to contribute to UKNOF itself, to contribute to the UK community, learn a few new skills, and get a chance to expand your professional network. How? Please send an email to p...@uknof.org.uk and write a few words about how you think you could help, or any ideas you have, or changes you’d like to make. If we send you some follow-up questions this is for us to understand better how you would fit into the team. It will not be a competition. We do not require any personal information about you. There are many types of diversity so we want to ensure that we choose a range of candidates, who will provide a mixture of professional backgrounds, industry opinions, alternative ideas, and not develop a fossilising monoculture. The candidates will be presented to the PC and we will review them all. Then a shortlist will be made and presented to the board for final approval. Further info: I am the current PC chair. You can email me if you have questions about any aspect of UKNOF, not just volunteering for the PC. We also have current and former PC members with whom I can connect you, if you want to hear their experiences from being on the PC. OK, I’ve said enough, over to you... Kind regards, James Bensley. --- End Message ---
Re: [uknof] Pure L3 routing in EVPNs
--- Begin Message --- Hi all, just been having this discussion with someone directly via email, but I’m interested to hear any experiences from the wider community; I'm interested to hear from anyone who has done extensive/scaled pure layer 3 routing inside EVPNs .e.g, have you tried to put the DFZ into an EVPN VRF, what about multiple copies, multiple VRFs? EVPN allows one to have a singe combined VPN technology for both L2 and L3 VPNs but it seems to me like virtually everyone is still using traditional MPLS L3 VPNs (BGP AFI/SAFI 1/128 and 2/128) for their pure L3 forwarding requirements and EVPNs (BGP AFI/SAFI 25/70) for their pure L2 forwarding requirements. Has anyone here done much pure L3 routing inside EVPNs, and with more four or five digit numbers of routes and VRFs? Was it as stable as traditional L3 VPNs on your vendor of choice? Did it scale as expected? How was the memory usage on your RRs? Any feedback is appreciated. Cheers, James. --- End Message ---
[uknof] Pure L3 routing in EVPNs
--- Begin Message --- Hi all, just been having this discussion with someone directly via email, but I’m interested to hear any experiences from the wider community; I'm interested to hear from anyone who has done extensive/scaled pure layer 3 routing inside EVPNs .e.g, have you tried to put the DFZ into an EVPN VRF, what about multiple copies, multiple VRFs? EVPN allows one to have a singe combined VPN technology for both L2 and L3 VPNs but it seems to me like virtually everyone is still using traditional MPLS L3 VPNs (BGP AFI/SAFI 1/128 and 2/128) for their pure L3 forwarding requirements and EVPNs (BGP AFI/SAFI 25/70) for their pure L2 forwarding requirements. Has anyone here done much pure L3 routing inside EVPNs, and with more four or five digit numbers of routes and VRFs? Was it as stable as traditional L3 VPNs on your vendor of choice? Did it scale as expected? How was the memory usage on your RRs? Any feedback is appreciated. Cheers, James. --- End Message ---
[uknof] BGP attributes 20 & 21 in the DFZ
--- Begin Message --- Hi all, Can anyone think of a genuine reason to be seeing routes announced in the DFZ with BGP attributes 20 and 21? I assume it is just legacy equipment / legacy config floating around somewhere, which has been forgotten about. Are there any genuine reasons for this I might be missing? https://github.com/DFZ-Name-and-Shame/dnas_stats/blob/main/2022/09/28/20220928.txt#L74 Cheers, James.--- End Message ---
[uknof] NetLdn Talks
--- Begin Message --- Hi all, the holiday season is coming to a close so we're looking for more people to come and talk at NetLdn: https://netldn.uk/ We're a friendly, open, casual meet-up where everyone is welcome. We meet once a month after work in a private room upstairs at a London pub. We're inviting everyone to come and talk about any area of networking that interests them. Have you been working on something that you find really interesting? Chances are others will too, so come tell NetLdn about it! Presenting in front of an audience can be a scary thought, but NetLdn is a great launch pad to test your content and hone your presenting skills, before taking them to a bigger event like UKNOF, RIPE or LINX. So if you've got an idea for a talk, and need that little push to turn it in to a presentation, please submit a response to our CFP: https://netldn.uk/cfp/ If you have any questions, please contact us using the email address he...@netldn.uk. Cheers, James. --- End Message ---
Re: [uknof] Openreach 'Hardware' Shortages
Hi Charl, I hope all is well with you? A while back OR did declare a MBORC for OSAs due to hardware shortages, but I thought they lifted that again, maybe not and I'm misremembering? Have a look through the MBORCs: https://re.openreach.co.uk/cpportal/updates/cpzone-mborc Also, this was discussed when it was first announce in the UK AltNet Slack, worth joining if you're not already in there, a lot of good OR knowledge is being exchanged: https://altnet.uk/ Cheers, James.
Re: [uknof] Cisco 887VA "golden config" (for home)
Hi Tom, I was using this on an 897 with Sky FTTC (via Openreach): https://null.53bits.co.uk/uploads/hardware/Cisco%20897VAW-E-K9%20show-run.txt A good tip is to ensure that you have the latest VDSL firmware from cisco.com on your device. Also maybe enable the ADSL/VDSL controller training log, and as much debugging as you can, so you can see why it's dropping and when. conf t controller VDSL 0 training log filename flash:vdsl.log end debug ppp * Also look under the "show controller x" commands. Cheers, James.
[uknof] Co-lo/Compute Donation Sought
Morning all, Does anyone here have an old server in co-lo they want to donate to a worth cause, or can perhaps donate a VM? The cause being a project I’m working on to name and shame the worst offenders in the global BGP DFZ? https://twitter.com/bgp_shamer https://twitter.com/bgp_shamer/status/1524416452866068486 https://github.com/DFZ-Name-and-Shame/dnas_stats/blob/main/2022/05/10/20220510.txt Please contact me off list if you can help. I’m looking for something I can have root access to, with about 8 cores / threads, and 8GBs of RAM. Cheers, James.
[uknof] PC Volunteers Wanted
Hello all, For anyone who was not present at UKNOF49 in Manchester recently, we thanked several volunteers who had stepped down from the Programme Committee and announced that we are looking to fill the vacancies recently created. We are now actively seeking new PC volunteers. Who? Anyone can join the UKNOF PC. If you can spare a few hours a month and are passionate about the UK networking community, you are probably a benefit to UKNOF. What? The UKNOF PC are responsible for the content of UKNOF events. This encompasses everything from soliciting for talks, to reviewing abstracts, providing editorial feedback on draft presentations, compiling the agenda, incorporating survey feedback, suggesting new sources of content, and whatever else you want to do add. The average commitment per PC member is about 3 hours per month. In the lead up to an event a few extra hours may be needed for last minute actions. We understand that PC members are volunteers and have demanding lives of their own and we don’t expect them to always be available. When? We are looking for volunteers to start immediately. These are “indefinite” volunteering positions. But we are in the process of introducing a maximum term for the chair and co-chair roles of the various UKNOF committees. This may be extended to PC members in the future. Where? UKNOF events take place approximately 3 times per year. There is no expectation that every PC member will be at all events. We need some members to help in person on the day of a UKNOF event. So we need volunteers who are willing and able to attend some of the events. Why? The UK has a fantastic networking community, which UKNOF is a part of. Volunteering for UKNOF is a way to contribute to UKNOF itself, to contribute to the UK community, learn a few new skills, and get a chance to expand your professional network. How? Please send an email to p...@uknof.org.uk and write a few words about how you think you could help, or any ideas you have, or changes you’d like to make. If we send you some follow-up questions this is for us to understand better how you would fit into the team. It will not be a competition. We do not require any personal information about you. There are many types of diversity so we want to ensure that we choose a range of candidates, who will provide a mixture of professional backgrounds, industry opinions, alternative ideas, and not develop a fossilising monoculture. The candidates will be presented to the PC and we will review them all. Then a shortlist will be made and presented to the board for final approval. Further info: I am the current PC chair. You can email me if you have questions about any aspect of UKNOF, not just volunteering for the PC. We also have current and former PC members with whom I can connect you, if you want to hear their experiences from being on the PC. OK, I’ve said enough, I’m here to help, over to you... Kind regards, James Bensley.
Re: [uknof] COVID-19 offers of help and network changes
On Mon, 16 Mar 2020 at 22:24, James Bensley wrote: > > On Mon, 16 Mar 2020 at 21:16, David Simmons > wrote: > > > > I like the idea of this. Especially assisting with things like data centre > > visit coordination to minimise operator visits. This we certainly could > > help with and would like to be helped with! > > On Mon, 16 Mar 2020 at 21:17, Chris Malton wrote: > > > > In principle, I'm happy to help where I can. > > I just knocked this up (it shows!): > https://docs.google.com/spreadsheets/d/ > > It's editable by all, without needing a Google account. > > Please add your details and share the link with other individuals, > companies, and communities. Please also add any columns/fields you > feel necessary. Hi All, It's been a while since this spreadsheet first went up. I think that virtually everyone who needed extra help as a result of COVID probably has it in place by now. Due to the fact that this spreadsheet contains lots of personal contact info I'm proposing to delete it. In the early days it was regularly accessed but now it's rarely accessed. Also I've seen that it was accessed a few weeks ago by someone from a company, whom I know works in marketing at that company, and that company definately doesn't need any extra help from the commmunity as per the original intention of the spreadsheet (they are well resourced). I'm proposing to delete it because I think the original purpose has been served, and so that we don't have a big dump of contact details sitting publically on the Internet forever ready for a Cogent sales person to find. If I receive no objections in the next 7 days I will delete it. Kind reagrds, James.
[uknof] Openreach SOR for GEA
Hi All, Are there any CPs on list who use OR GEA services and have to the SORs portal? If yes, can you unicast me off-list, I'm looking for some community assistance with an open SOR relating to GEA services. Kind regards, James Bensley.
Re: [uknof] Finding out future Openreach plans for a cabinet
On Sun, 4 Oct 2020 at 21:18, Subhi S Hashwa wrote: > > Dear All, > > Hope this is on topic. For which list? You've cross-posted this to two different lists. For one of them, this is very on topic, for the other, no topic is on topic. > I am moving and the broadband ISP order (FTTC) has been cancelled due to not > enough capacity (Probably at the cabinet, the guy on the phone wasn't clear). > Where would I find out information on what Openreach has planned for > upgrading the cabinet capacity? I can't imagine 400 new houses without proper > internet. Who cancelled the order, you, or the ISP you were ordering from? Caveat, I'm not an OR copper services expert; if the person you spoke to said the capacity was a problem because OR returned the "W" waiters flag, then it is in reference to the cabinet. In that case, how long you will have to wait is anybody's guess. It generally means the cabinet is full so you would think they'd upgrade capacity in that area pretty soon but I think it can be anything from "1 month" to "never". Good luck :) Cheers, James.
Re: [uknof] Geo Location
On Tue, 11 Aug 2020 at 01:28, Ben Wragg wrote: > > Hello, > > > > Wondering if anyone has any idea who to contact at Sky/Channel4/ITV. > > > > One of our down stream’s is using a recycled AS and they are appearing in the > Ukraine, need to get there AS re-cached! > > > > > > Kindest Regards > > Ben Hi Ben, If you haven't already had an off list response from someone then please drop me an email off list and I'll help you with your query. Cheers, James.
Re: [uknof] GEA Cablelink "external"
On Fri, 22 May 2020 at 14:52, Simon Lockhart wrote: > > You're confusing "Cablelink" with "GEA Cablelink". They're two very different > things. Ah sorry yeah you're right, it's even in the subject line! I have no excuse. Cheers, James.
Re: [uknof] GEA Cablelink "external"
On Fri, 22 May 2020 at 13:21, Aled Morris wrote: > > Hi BT GEA customers. > > Has anyone managed to order a GEA Cablelink with external presentation i.e. > not to an Access Locate rack inside the exchange but to a footway box outside? > > This is clearly shown as an option (top blue line) on the diagram on page 8 > of SIN498. > > My Openreach "Customer Establishment Delivery Manager" won't let me order it > however - they claim I must have Access Locate in the exchange to order GEA > Cablelinks. > > It's not clear if (having got Access Locate) they would then let me order > some external links per the diagram and why such a restriction exists. > > Any help appreciated. Hi Aled, Where are you ordering the external variant cable-link to/from? I presume you're requesting that one end is a handover chamber outside, where are you requesting the other end be? They are a mixture of an internal variant 3 (from your rack to an internal cable chamber) plus pulling in a fibre from an external handover chamber which is spiced onto the internal variable 3 cable-link, so one end should be an Access Locate rack. Is the problem you have that you have an older pre-Access Locate rack? Cheers, James.
Re: [uknof] COVID-19 offers of help and network changes
Hi all, Firstly, You are all hero's for offering to help our industry and community. Secondly, the NCSC have taken an interest in this spreadsheet. I hadn't checked it in detail in a while because I was busy. Someone added a column regarding SC/DV clearance. I have deleted this column. Please do not re-add this. People were putting in all sorts of clearance details regarding SC, DV, BPPS, NPPV, DBS etc. I'm sure the intentions were only good, however, in reality I don't think there is a practical benefit to adding this info, but there is potential risk, which is why I have removed it. Kind regards, James.
Re: [uknof] COVID-19 offers of help and network changes
Hi all, As requested, a new column has been added with support level. Cheers, James.
Re: [uknof] COVID-19 offers of help and network changes
Hi all, Does anyone have any objections to me putting a banner at the top of the spreadsheet, stating words to the effect of "these contact details are for priority 1 / severity 1 issues only". In my head, that is clearly what we are all volunteering for, because we've also got our own networks and lives to support, but we haven't actually explicitly said that in this thread. it would be good to clarify it. Are people offering to help with S4/P4 intermittent Instagram connectivity or just when connectivity is completely down? If this varies by person/company, and some people are happy to help with more than S1/P1 issues, then it can be an extra column and people can put their individual support levels? Cheers, James.
Re: [uknof] COVID-19 offers of help and network changes
On Mon, 16 Mar 2020 at 21:16, David Simmons wrote: > > I like the idea of this. Especially assisting with things like data centre > visit coordination to minimise operator visits. This we certainly could help > with and would like to be helped with! On Mon, 16 Mar 2020 at 21:17, Chris Malton wrote: > > In principle, I'm happy to help where I can. I just knocked this up (it shows!): https://docs.google.com/spreadsheets/d/150ESj90liWd074Rbe-ZVxsBF5lbVZgwp2-JwtebTOWI/edit#gid=0 It's editable by all, without needing a Google account. Please add your details and share the link with other individuals, companies, and communities. Please also add any columns/fields you feel necessary. Cheers, James.
Re: [uknof] COVID-19 offers of help and network changes
On Mon, 16 Mar 2020 at 20:01, Gavin Henry wrote: > > I know everyone is probably extremely VoIP savvy, but if any one needs > any help or advice about setups at home etc. feel free to reply here > of off-list. > > If there's anything else I can help with, albeit being a small network > operator, just let me know. Count me in too, I was just drafting a similar email but you beat me to it. My Mrs works in medical research and her lab is shutting down, so given her recent increase in free time she has just registered to volunteer at the local hospital to perform COVID-19 tests to help with staff shortages; it has me wondering if there is any way I can use my skill set to help. I was wondering if it's worth making a public list somewhere like on a public Google sheet, and any person or company or who is interested can add themselves to the list (because non-list members can't see the UKNOF archive, and the spreadsheet can be shared on other *NOF/*NOG mailing lists too). Yays / nays? Cheers, James.
Re: [uknof] Getting rid of old kit
On Wed, 6 Nov 2019 at 14:10, Gavin Henry wrote: > I think there > are folks that buy old Juniper kit for resale? Yes, Juniper ;) Although, that is usually as part of a new purchase, they don't just buy old Juniper kit for nothing. Seriously though, following Job's suggestion of a hackerspace, if you want to donate them you could reach out to NetNI/NetMcr/NetLnd and see if they have any young network engineers that could use them for a home lab / cert training. Cheers, James.
Re: [uknof] Three hosed. Make it right please!
On Thu, 17 Oct 2019 at 06:12, Neil J. McRae wrote: > > > Anyone here from three? > > Network has been down for well over 5 hours - nothing on social media and > website has had something added about maintenance on the website? 3G came > back for like 10 seconds then died again - 4G isn’t working at all nor is > roaming. My daughter can’t use her phone! Call the help desk and it’s not > open! Shambles! I'm at RIPE79 in Rotterdam and my roaming has been dead all morning. Seems to be GGSN and PGW issues: https://twitter.com/PedroClarke1/status/1184736164571484160 Cheers, James.
Re: [uknof] Talktalk wholesale xDSL radius session steering
On Fri, 4 Oct 2019 at 12:18, Paul Thornton wrote: > > Hi all, > > Does anyone out there (a) have TTB as a wholesale DSL upstream provider, > and (b) do RADIUS session steering with them? > > I am currently in what can only be described as a frustrating situation > trying to implement this, with not much information forthcoming from TTB > as to why things are not working as they should. I've been grappling > with this for some time now and really want it sorted! > > Any assistance would be very gratefully received. > > Thanks, > > Paul. Hi Paul, What exactly isn't working for you? Are you setting the attribute Tunnel-Preference either per-user or per-group and TTB aren't honoring it? Cheers, James.
Re: [uknof] Current State of Multicast on the Internet?
On Tue, 3 Sep 2019 at 11:09, Brandon Butterworth wrote: > The expensive bit that multicast would save is dslam to peering, not > home tails, so if it was feasible this would be the ideal use case I don't deny that a massive traffic reduction could be made from edge to content source by using multicast, that's a fundamental advantage of multicast. My qualm was that whilst Neil advocates the marvels of multicast, presumably BT has a large unicast CDN base in addition and so they are running both technologies (multicast and unicast) simultaneously. How much more advantageous was it to run multicast AND unicast simultaneously vs. putting some of that resource used to implement and maintain multicast into unicasting everything only? Would the economies of scale of going all in on unicast outweigh the benefits of investing into two technologies? > If you're paying BT 40quid/Mbit/s for backhaul and want to deliver a > 30Mb/s UHD stream to 1000 subscribers on that dslam who pay 20quid > would you like to multicast it if you could (30*40quid) or is unicast > (30*40*1000quid) fine? Have I miss-understood? In that case aren't you using the the architecture you said was dated where multicast replication happens at a few select aggregation points... > This was problem we had dating back to adsl, traffic was tunneled to > a few central aggregation points across very expensive bandwidth. > > Due the replication happening at the aggregation points the multicast > was not able save that expensive bandwidth. My query was about putting caches at the first hop of your customers; On Tue, 3 Sep 2019 at 10:03, James Bensley wrote: > so in my eyes, the benefits to be had from > the reduction in traffic levels due to multicast just isn't that great > vs. the added complexity if you can plonk the content source on your > network at the 1st hop your customers hit. Sorry if it wasn't clearer, but I'm talking about something that isn't really economically possible if you're paying BT for your ADSL/VDSL backhaul. When I said 1st hop I didn't mean, you're a wholesale customer of an ADSL/VDSL provider and get traffic over an expensive NNI/L2TP session (or worse, a customer of a wholesaler ad infinitum.) and so the first hop is an LNS device half a world away from the end-site; in this case unicasting everything is a bit of a non-starter. To be clearer, I was talking from the perspective of a last mile provider (which BT are), trying to put unicast content nodes as close to the access circuit as possible (which I'm sure the do). > > I'm obviously not a fan :) > > It's technology not Taylor Swift, use what is of technical and economic > benefit. My query was on the technical and economic benefits of multicast+unicast vs. only unicast. Cheers, James.
Re: [uknof] Current State of Multicast on the Internet?
On Tue, 3 Sep 2019 at 10:16, Paul Tweedy wrote: > > > > On 3 Sep 2019, at 09:48, James Bensley wrote: > > > > It's interesting that the request came from someone from within the > > Beeb. On their own website they allude that unless you're a customer > > of one of the listed ISPs, you probably aren't getting a service > > delivered via multicast (although, I'm not sure how up to date this > > page is): http://www.bbc.co.uk/multicast/tv/home.shtml > > Very Not up-to-date :) In fact, we should have it edited to make clear it > documents a technical trial from many years ago. I’ll see where it’s hosted.. > > Just to echo the point about linear, as-live TV not going away - live events > (Sport, News and others) are huge, getting bigger each year, and cause us, > the provider networks and the CDNs the greatest challenges in terms of > capacity and stability each year. > > The Beeb does a lot of multicast intra-network, for moving contribution AV > around the business, and that’s well understood and works nicely - it helps > if you use the same kit within the domain. > > The great hope of inter-domain multicast does seem to be dead, but the amount > of work going into making HTTP-esque delivery of live media work at scale > within the industry is considerable, and that has the benefit of sharing a > *lot* of existing technology, processes and domain knowledge with the > mostly-proven on-demand HLS/DASH/CMAF world. Offloading traffic as near as > possible to the consumer edge of the network - but achieving that at the > application rather than networking layers - is the ongoing trend. Interesting, thanks for confirming. I for one will raise my hand and say I'd like to see a UKNOF talk on multicast within a content producer (not a service provider network). Cheers, James.
Re: [uknof] Current State of Multicast on the Internet?
On Mon, 2 Sep 2019 at 21:24, Ray Bellis wrote: > > > > On 02/09/2019 21:18, Simon Lockhart wrote: > > > In my experience, the STB (or TV) writes the multicast stream to disk, in > > much > > the same way that my Sky box does when I press pause. > > Duh, yes, I should have thought of that! :D There was a conversation a while back about some multicast playout system which split (non-live) content in to chunks and each chunk is multicasted in a continual loop, to a separate multicast group. You were basically unicast'ed the initial part of the stream until you aligned to one of the multicast chunk loops and then dropped onto the multicast group for that chunk, and at the end of the chunk, join the group for the next chink etc. Anyone remember the details of that or who it was? Cheers, James.
Re: [uknof] Current State of Multicast on the Internet?
On Tue, 3 Sep 2019 at 10:18, Neil J. McRae wrote: > > Multicast has saved us hundreds of millions of pounds in delivering lTV Who watches ITV :) > which is still a substantially huge amount of traffic. In definitive terms yes you can say hundreds of millions of pounds or terabits of traffic, but what about relative terms? What relative percentage of traffic and OPEX has it saved you across your core? I'm didn't say it can't be done or that there aren't any benefits, but things are never simple. E.g. if you ingest content from ITV via unicast or multicast and multicast it to you STBs, the cost of the ingestion, distribution across the network, multicast enabled BNGs, CPEs, STBs, multicast trained staff, NOC, reporting and analytics, all needs to cost less than the cost of plonking the required number ITV caches around the network (because you have many other unicast caches around the place, this isn't anything new operationally). If the multicast solution is marginally cheaper you probably don't go for it, but if it's way cheaper, now you have to open the jar labelled "should we have two different solutions in operation simultaneously [multicast ITV plus unicast whatever] to save $mega_bucks or pay the extra to only have unicast services and reduced complexity"? > The complexity is minimal Agree to disagree then, finding good multicast people is hard. There also aren't many good multicast enabled NMS's. > The question that’s hard to answer is when does linear die? Too many of the > current content providers are tied to linear and will be for some time and > with the direction of freeing up radio spectrum multicast will have a huge > part in solving that problem. But with IPv6 people are looking at mad ideas like assigning IPs directly content, so multicast could be further sidelined with anycast. I won't be at UKNOF44 but I'm keen to talk more about this face to face, UKNOF45 it shall have to be. Cheers, James.
Re: [uknof] Current State of Multicast on the Internet?
On Mon, 2 Sep 2019 at 17:49, Marek Isalski wrote: > > > On 2 Sep 2019, at 17:37, Nicholas Humfrey > > wrote: > > Is there any chance of multicast making a resurgence? If everyone has > > gigabit internet to their homes, will the network cores be able to cope > > with everyone watching 35 Mbps UHD (Live) television streams simultaneously? > > Isn't it all about on-demand streaming now, rather than broad-/multi-cast? I > mean, who actually watches live TV these days? It seems like building a > network for the future of video consumption (Millenial and Gen-Z) will need > CDN-type nodes as close as possible to distribution/aggregation nodes rather > than multicast across a backbone? Maybe multicast still has a role to play > to deliver content to set-top boxes...? This. It's costly to transport terabits of traffic from one end of your network to the other, most ISPs want to drop it off as close to the consumer as possible so in my eyes, the benefits to be had from the reduction in traffic levels due to multicast just isn't that great vs. the added complexity if you can plonk the content source on your network at the 1st hop your customers hit. Another problem with multicast is that it saves bandwidth across the parts of the network where bandwidth is cheaper. At the end of the day, bandwidth (for most ISPs) is most limited and hardest to increase in the last mile, and even if it's multicast from the source to the DSLAM/MSAN/OLT/access switch, it still needs to be replicated down every access circuit that's subscribed to the multicast group, the same as if it was unicast to each customer, so it's not saving any bandwidth in those hard to upgrade and expensive to upgrade parts of the network. It's also possible increases the cost of a "dumb" access layer device and CPE if they need to support multicast and increases the number of test case for release cycles. I'm obviously not a fan :) Cheers, James.
Re: [uknof] Current State of Multicast on the Internet?
On Mon, 2 Sep 2019 at 17:44, Job Snijders wrote: > > Dear Nicholas, > > On Mon, Sep 2, 2019 at 6:37 PM Nicholas Humfrey > wrote: >> >> I came across this Stackoverflow question: >> https://networkengineering.stackexchange.com/questions/47994/is-multicast-on-the-public-internet-possible-and-if-yes-how >> >> With accepted answer: "You cannot multicast on the public Internet" >> Which I guess is generally true. But is there still a multicast VLAN >> available at LoNAP and LINX? Is anyone using it for anything? >> >> I also saw that Internet 2 "will begin the sunset of Interdomain Any Source >> Multicast (ASM)" - but in preference for Source Specific Multicast, so I >> guess the Multicast Internet exists in some parts of the world. >> >> Is there any chance of multicast making a resurgence? If everyone has >> gigabit internet to their homes, will the network cores be able to cope with >> everyone watching 35 Mbps UHD (Live) television streams simultaneously? It's interesting that the request came from someone from within the Beeb. On their own website they allude that unless you're a customer of one of the listed ISPs, you probably aren't getting a service delivered via multicast (although, I'm not sure how up to date this page is): http://www.bbc.co.uk/multicast/tv/home.shtml Cheers, James.
Re: [uknof] 10Gbps NAT options ?
On Mon, 8 Jul 2019 at 11:56, John Bourke wrote: > > Hi, > > > > What do people use for 2-10Gbps NAT ? Do you maintain stateful NAT > redundancy across two boxes ? > > > > Thanks > > > > John We had success in a former job using Palo Alto 5060s for this. We had about 70k users behind them and they worked well. Some percentage of those 70k users were remote workers so they were also acting as the corporate VPN edge. If you really want details scaling stats or performance stats, reach out to the vendor, they can often provide such details under an NDA. Cheers, James.
Re: [uknof] 1Gbps CPE
On Mon, 1 Jul 2019 at 10:58, Leigh Harrison wrote: > > Morning folks, > > > > We’re looking for a low(ish) cost 1Gbps CPE. We’d normally go with a Cisco > device, but they’re priced too high for 1Gbps throughput. A Juniper SRX > could cost in, but what other reliable options are there for us? Mikrotik? > > > > Best, Leigh Hi Leigh, A good starting place is usually the requirements. What's the requirement? IPv4 only, v6 only (SLAAC/DHCPv6?), dual stack, some sort of transition method like 6in4/MAP-E/MAP-T? NAT? Some LAN ports maybe? VLANs? WiFi? RJ45 WAN port or SFP cage? SNMP? QoS? BGP? VRRP? OAM/CFM? Cheers, James.
Re: [uknof] Amsterdam data centre interconnects
On Fri, 31 May 2019 at 21:30, John Bourke wrote: > > Hello, > > > > Can you tell me who can provide Data Centre interconnects in Amsterdam ? Hi John, Do you require DCI between two or more DCs in Amsterdam or from a DC in Amsterdam back to a DC in the UK? If this is between DCs in Amsterdam it would probably be wise to post this question to the NLNOG mailing list to get some local info. In addition to the already mentioned, Ziggo or VodafoneZiggo may offer this service, and possibly the Liberty Global parts of the network. Also, KPN. What was the Hibernia network had a decent amount of DCs on-net in NL, they are now owned by GTT so maybe GTT are worth a short too? Cheers, James.
Re: [uknof] Unreasonable increasing in cross-connect pricing in LD4 Equinix Slough DC
On Fri, 24 May 2019 at 13:27, Fenton Bard wrote: > > We won't ever charge cross connect rentals. /me reaches for the popcorn.
Re: [uknof] Cisco 887VA - forwarding "kind of breaks" after a week
> On 22 May 2019, at 14:13, Tom Storey wrote: > > Hey James, > > controller VDSL 0 > operating mode vdsl2 > firmware filename flash:VA_A_39m_B_38h3_24h_o.bin > modem UKfeature > ! > > This particular image was recommended to me by someone that is a bit more > familiar with BT last mile access than I am. > > IOS itself is down somewhere in the 15.6's. My usual response to wierd > behaviour is to try upping the IOS version and see if it goes away. That is > what I intend to try next - as soon as I can get my hands on a more recent > image. Seems strange that the modem would prevent DNS from working though? > > Tom Hi tom, On Wed, 22 May 2019 at 14:34, Neil J. McRae wrote: > > Maybe all UDP? ^ this. I doubt the modem is smart enough to single out and only DNS packets (although not impossible of course), in my experience it's probably something like dropping all UDP packets, or all small IP packets, or something more "generic". Apart from an IOS and modem firmware upgrade, can you also crank up the debugging voodoo to see if it happens just before/after/during a PPP or IPoE session flap, or ATM line resync? Cheers, James.
Re: [uknof] Cisco 887VA - forwarding "kind of breaks" after a week
On Wed, 22 May 2019 at 09:48, Tom Storey wrote: > > Hi all, wondering if anyone has come across this and knows how to fix it. > > I have a Cisco 887VA at home, hooked up to a BT supplied VDSL line (cabinet > at end of street), what I believe is called "fibre", but my ISP is Zen. > > Ive noticed that very consistently after about a week (7-8 days), forwarding > partially breaks in some way. Im not sure if it is the Cisco or something > somewhere else, but I didnt have the same issue with the Zen supplied > FritzBox, so seems coincidental that it is the Cisco... > > The biggest thing I have noticed is that DNS seems to break. e.g. I could > have an audio stream playing, and it will continue to stream just fine, but > you wont be able to browse or resolve any other hostnames. I can also still > ping anything by IP just fine. > > I have a friend that is working for a managed service provider who has an > installed base of these routers and says they are also working on much the > same issue. > > If anyone has any suggestions, Im all ears! > > Thanks > Tom Hi Tom, On some of these smaller CPEs you can upgrade the modem firmware seperatly from the IOS image. Are you running latest and greatest modem firmware as well as IOS? Cheers, James.
Re: [uknof] NetLdn 1
On Fri, 5 Apr 2019 at 10:06, Tom Hill wrote: > > On 02/04/2019 09:49, James Bensley wrote: > > Similar to the Manchester chapter > > > As "chapter" implies the two events are in some way related, I should > point out that this is not the case. Both 'organisations' are entirely > separate. > > NetMcr's organisers have of course been fully supportive of NetLdn and > we wish their community all the best in emboldening our industry's > social calendar, and wider tech industry reach. :) Hi Tom and all, Tom is completely right, the use of the word "chapter" is misleading. NetLdn are not associated with NetMcr but equally fully support them :) Richard Patterson and I from the NetLdn team will be at UKNOF next week, and Richard will also be at the IPv6 round-table. If anyone has any questions or comments who is also at either of these events, please come and talk to us or speak to us via the NetLdn mailing list (https://groups.google.com/forum/#!forum/netldn) or email directly (he...@netldn.uk). I’m keen to cease any further discussion of NetLdn on the UKNOF mailing list and respect UKNOF policy. Kind regards, James.
[uknof] NetLdn 1
Hi All, A group of keen networkers have banded together to start NetLdn, a social event in London, for networkers by networkers. NetLdn was founded following the success of NetMcr. Similar to the Manchester chapter, we noticed a void in London’s techni-social calendar. Whilst the majority of ‘meetings’ in London focus on development, NetLdn focuses specifically on Network Engineers, Architects, Technicians, or perhaps just anyone interested in the profession. These MeetUps aren't for recruitment or hiring, they aren't for buying or selling products, or promotional activities. This is a purely social event for likeminded technical people, where you are free and safe to talk openly. Everyone is welcome to attend and enjoy. The NetLdn events are going to be held on the second Thursday of each month with the first meeting this month: Date: Thursday the 11th of April 2019 Place: 4th Floor, 2 Fitzroy Place, 8 Mortimer St, London, W1T 3NA Time: We start at 19.00 sharp, arrival is open from 18.30, expect to finish around 21.00 Full details about the events can be found on our website (https://netldn.uk/). This is a one-time post to UKNOF as this is technically off-topic. There is a link to the NetLdn mailing list on the website. We’re also on Twitter @netldn, we can send out Slack invites for https://netldn.slack.com/ and you can join the MeetUp group at https://www.meetup.com/NetLdn/ -- NetLdn1 Agenda -- RSVP is essential: https://www.meetup.com/NetLdn/events/259756046/ We’re limited to 50 attendees for this inaugural meeting but, we will be moving to a bigger venue from the 2nd meeting onwards. --- Talk 1: Why Netflix needs its own CDN Netflix runs its own CDN (Open Connect) to deliver video to >130 million subscribers around the world. This talk will focus on the motivations for doing so, some of the unique challenges, and the how’s and whys. Bio: Javed Vohra Javed is a member of Netflix’s Network Engineering team having joined 5 years ago. He’s involved in the continued growth, evolution and day to day operation of the Open Connect CDN around the world. Before Netflix, he spent 8 years in the Network Design team at Sky, having worked on numerous project, including Core, FTTC and IPv6 rollouts. --- Talk 2: That time I accidentally started an ISP Getting 1Gbit/s to the middle of nowhere can be struggle, but also a lot of fun. Tales of how a small home network got wildly out of hand. Bio: Nat Morris Nat has been at Netflix for nearly 4 years and has written many of their network configuration and automation toolsets from the ground up. He works from home on a farm in rural Pembrokeshire. Before Netflix, Nat led the customer engineer team at Cumulus, he also volunteers at a local primary school teaching students to code. Want to give a talk? There is an RFP link on the website: https://netldn.uk/contact/ --- If you have any questions, please get in touch via the mailing list, Twitter, Slack, or email he...@netldn.uk. We hope to see you all soon, Best regards, The NetLdn Team (Bill, James, Javed and Richard).
Re: [uknof] Cisco NCS55xx in the wild?
On Fri, 29 Mar 2019 at 08:03, Leigh Harrison wrote: > > Morning all, > > Update to the below. We’ve been talking to the engineering teams at Cisco and > the limitations are soft limitations that are being slowly raised per > software release after exhaustive testing. > > The current limit of unique QoS policies per box that were running into, > which is 64 per NPU, so 128 in total is set to rise to 256 in the next > software release, which makes it far more relevant for the density of the box. > > I’ll keep you all posted as to how we get on. Currently, they seem like a > great box at a great price, but they have some design constraints to bear in > mind. > > Best, Leigh Hi Leigh, Having worked with Cisco ASR9Ks a lot, line card / NPU scaling limits is something I have now gotten into the habit of always checking with Cisco. > Update to the below. We’ve been talking to the engineering teams at Cisco and > the limitations are soft limitations that are being slowly raised per > software release after exhaustive testing. I guess the only problem with this is that you’ll have to be on bleeding edge code to get the feature-bump or apply SMUs (yuk!). When you say 64 per NPU, at what level does it apply? For example; certain ASR9K cards will have a limit on the number of port level policies you can apply, lets say its 64, but you can apply hundreds of child and grandchild level policies. This means that if you have <64 physical interfaces everything is fine (rather than applying a policy to every sub-interface you apply a 2/3/4 level policy to the physical interface). Is this the best idea ever? Maybe not, but if it is the difference between QoS and no QoS and you need (read: "have sold") QoS then that's what we have to do. I don't know the fixed chassis NCS5Ks that well, only used the 5001s and modular chassis but, if you ask your Cisco SE or equivalent, they have NDA stats they can share with you about all manner of scaling limits. In the case of my ASR9K experiences they were definitely worth reading. I have discovered limits that were unexpectedly close to what we were planning to use. Some of them so close, i.e. we planned to use 1900 instances of feature ‘x’ and it turns out the NPUs only supports 2000, which is just %5 difference, it’s actually worth my time scale testing that feature in the lab because, NPUs are PPS bound flexible performance pipelines and not ASIC + features-in-TCAM fixed performance pipelines. > I’ll keep you all posted as to how we get on. Currently, they seem like a > great box at a great price, but they have some design constraints to bear in > mind. Good luck with your testing and keep us posted! Cheers, James.
Re: [uknof] Dark Fibre providers in London
On Thu, 7 Feb 2019 at 15:16, Simon Lockhart wrote: > > On Thu Feb 07, 2019 at 01:54:10PM +, James Bensley wrote: > > Between the DCs apart from Zayo, Colt have a good DF footprint. > > Yes, COLT have been mentioned a couple of times. Does anyone have a good sales > contact there? Sorry Simon, only just seen this - if you haven't been provided with a PoC contact me off-list and I can point you at the guy I use there. Cheers, James.
Re: [uknof] Dark Fibre providers in London
On Thu, 7 Feb 2019 at 06:58, Simon Lockhart wrote: > > All, > > It's a few years since I've been shopping for this, so I thought it worthwhile > updating my list of suitable candidates... > > I'm looking for some dark fibre around London - probably two (or more) rings, > the first linking some datacentres (Interxion LON1, Telehouse, Sovereign House > and HEX), and the other(s) linking a number of BT Exchanges around London. > > I'm currently using Zayo for parts of this already, and am talking to them, > but who else should I be looking at? > > Many thanks in advance, > > Simon Hi Simon, Between the DCs apart from Zayo, Colt have a good DF footprint. Between the exchanges, are BT/OR off the cards - they are the obvious choice there? If it doesn't need to be DF then the Openreach EBD product for layer 2 Ethernet could be what you're after or FilterConnect for wavelengths. If has to be DF then speak to your OR account manager, DFA is AWOL right now but they might have something for you. Also if this is the popular London exchanges like Poplar, Faraday, Colindale etc. speak with other telcos which are in those exchanges (e.g. your Virgin Media account manager). Cheers, James.
[uknof] RIPE77 Peering-Pre-Beering
Morning all, Who's going to RIPE77? I'm arriving in Amsterdam on the Sunday at about 5PM so if anyone wants to meet up for some pre meeting beers and dinner let me know, or if there is already such a gathering I'm free :) Cheers, James.
Re: [uknof] WHOIS Syntax Fail
On Fri, 24 Aug 2018 at 13:15, Andy Davidson wrote: > > Hi, > > On 17/08/2018, 12:21, James Bensley wrote: > > For example - AS51551, I want to peer with them so I want their AS-SET > > so that I can accept their routes, and all downstream customer routes. > > There’s a couple of subtleties missing from existing replies to the comments > in the thread you started, so I hope it’s ok to make some comments now. > > Firstly, the Internet thanks you for your secure approach to routing > configuration by filtering based on their IRR data. For configuring prefix > filtering of your peers, in order to limit the effect of routing leaks on end > user enjoyment and security. You are a knight of the peering realm and my > horse is forever at your disposal. > > Secondly, the AS-SET is something that the peer should communicate to you, > rather than something that you should ‘detect’. It is possible that one peer > may wish to indicate that they wish to send you different prefixes to what > they send to someone else. For example they may send their global customer > routes to knights of the peering realm like you, so you should use > AS-65534:GLOBAL, whereas gutterick serfs should expect the regional or local > prefixes and therefore a different filter. Or perhaps there is a > product/partner relationship that means they want to signal deaggregates or > additional transited networks to you which they do not want to send to other > peers. The point I am trying to make is that your peering partner should > indicate the as-macro that they wish you to filter against in your BGP setup. > That said, it’s reasonable to expect that if you are not negotiating > anything special to a peer’s usual behaviour you should get the peer’s usual > as-macro, but again they should explicitly communicate that rather than have > you detect it. The usual place to explicitly communicate your peering > preferences as a peering network is peeringdb and Job has made this point > already in this thread. > > Lastly, remember RPKI, especially if you want to build filters containing > prefixes being originated by networks in regions where there is poor IRR > adoption but more wide RPKI adoption. > > > Best wishes, > Andy Thanks for the response Andy, its appreciated. Re; RPKI - I'm on the case ;) Cheers, James.
Re: [uknof] WHOIS Syntax Fail
Hi All, Thanks for all your responses. Understood about the potential N:1 relationship between as-set and aut-num, that makes sense. Thanks for the pointers to IRR Explorer too. I am interested in automating this stuff as someone mentioned so just as a start I might be able to query one of [RIPE, PeeringDB, IRR Exploring], if I get <> 1 AS-SET back, try the next one, then the next etc., then contact someone manually if all three have method "fail". Cheers, James.
[uknof] WHOIS Syntax Fail
Morning All, What am I doing wrong? I've had most of a coffee and still can't see what I'm missing. How do I search an IRR (RIPE specifically) for the AS-SET that contains $ASN using native "whois" ? For example - AS51551, I want to peer with them so I want their AS-SET so that I can accept their routes, and all downstream customer routes. I personally know it is called "AS-UPDATA" but I can't find any option that will let me find that without knowing it in advance, or by guessing it, e.g. most AS-SETs are called NETWORK-AS, AS-NETWORK, ASNETWORK etc. Is this not possible within the native whois client? Cheers, James.
Re: [uknof] 10G PE Router Options
On 7 March 2018 at 01:35, Colton Conorwrote: > In this day and age when providers are selling 1Gbps on 10G ports for sub > $400 a month (I am looking at you Cogent and HE.NET) , having an economical > PE that can aggregate multiple customers and not cost $20k seems like a great > option to me. The problem with a $20k PE is that support on it will be at > least $1k per year too! General rule of thumb: router ports are expensive, switch ports are cheap. If you have lots of customers with a "less than line rate" service do not land them on a router. Land them on a cheap switch and aggregate them up to a router. That was just an example, we don’t land any customers on a router, because the ports are so much more expensive. We have 1G and 10G access layer switches (or layer 1 extensions) with 40G up-links to PEs. There are various design questions that would need to be fleshed out before an appropriate choice can be made with regards to making that jump to 10G ports. Do you customers want 10G ports because they have 1.1Gbps of traffic or 8Gbps of traffic? 1G is cheap as chips so you can of course start to LAG customers. You need to evaluate your traffic profiles (oversubscription and contention) and work out if you oversubscribe your access layer connectivity. Do you need routers with 10G everywhere or just in some PoP and you backhaul from other PoPs to where you have a 10G capable router? Many questions need to be answered first which is taking this thread quite off topic (sorry OP!). Cheers, James.
Re: [uknof] Juniper MX204/MX10003
On 6 March 2018 at 15:48, Simon Lockhartwrote: > All, > > Does anyone have any experience of the Juniper MX10003 and/or MX204? I’ve > always been a Cisco person for core network, and had been looking at ASR9k as > a 100G upgrade path for our core - but the MX10003 is coming in at under half > the price of an equivalent ASR9000 build. Equally, I’d been looking at the > ASR9901 as a border router upgrade, but the MX204 is stupidly cheap in > comparison. > > The one thing we’ve found from reading the spec sheets is that both routers > have more ports than the ASICs can support, so if you want to use the lower > speed ports you have to give up one or more of the 100G ports - but this > seems well documented and easy to work with. > > Any other gotchas that people are aware of? The Juniper sales pitch is > compelling, but I’ve not used them before to know what to be looking out for. I know that anecdotal information isn't very helpful however, I have been led to believe that the MX1 series aren't in a good state (yet). That's all I can say I'm afraid. We've been trying to get our hands on the ASR9901's but there is simply no stock. I don't expect them to be cheap though. As you said, Juniper are coming in cheaper. Depending on how many 100G ports you need, why not just get some MX240s or MX480s? Like many modular devices the chassis are the cheap part so ASR9000 chassis cost or MX chassis cost won't really be a factor. You need to pit the vendors against each other and see who'll do you the best price on fabric cards and line cards :) Also are you looking at 100G for the core or edge? The ASR9901 is an edge box with 100G back-haul ports, it's not really a 100G core box. Cheers, James.
Re: [uknof] 10G PE Router Options
On 6 March 2018 at 12:22, Paul Bonewrote: > We need 4*10G Ports, multiple 1G SFP ports, IPv4 and IPv6 L3VPN, L2VPN > etc…..we do not need any HQOS features on these devices. > > > > We use a fair few Cisco ME3600 but these only have 2*10G and are > discontinued so at the moment, the CISCO ASR920 is looking the most cost > effective solution but we are interested if anyone else has any ideas? We > have Juniper MX in the network as well, which we like, but I don’t think > there is a Juniper option as cost effective as the ASR920. The ASR920s are great little boxes. If you want the same mix of 1G and 10G you have on the ME3600X/ME3800X devices then the 24x1G + 4x10G ASR920 variants are working great for us with all the usual edge features (IPv4/6, L3VPN, L2VPN P2P/P2M, BGP, QoS, Multicast, OSPF, ISIS, LDP, FRR-LFA(r)). A Cisco ASR9001 with the 20x1G MICs would be a good fit here too but they are possibly too expensive. >From Juniper look at the MX105, ACX5048 and QFX5100s. Cheers, James.
Re: [uknof] 'White Box' switching and OS - Any experiences worth sharing?
On 17 February 2018 at 10:11, Neil J. McRaewrote: > Deployed no but just a matter of time - I doubt there are huge latency > benefits that you don’t already see from the current plethora of optimised DC > switches and code that’s available and I’m totally unconvinced that low > buffer solutions are right for anything outside of the DC with today’s OTT > steaming needs mixed with a lot of the access technology in cable, DSL and > FTTP. > > Our requirement is only to run code we know we need to run- simplifies > security risks and stupid bugs in things we don’t use and allows focused > testing and telemetry in the end to end service. > Hi Neil, Yeah I agree, I'd like to have only the exact features we need running. Also we would be able to test the code in house against our own requirements/standards. I'm also keen on the idea of being able to add counters to anything we want, something the traditional vendors are either reluctant or slow to do. This also opens the possibility of "temporary" counters, if they create a performance hit, we may only need them when troubleshooting. Cheers, James.
Re: [uknof] 'White Box' switching and OS - Any experiences worth sharing?
On 17 February 2018 at 09:43, Neil J. McRaewrote: > However, you might want to look at P4 capable platforms which are looking > very good for focused thin OS networking. Are you using P4 at all Neil? I'd be very keen to hear from anyone that is, what their experience has been. I've downloaded the BMv2 target [1] and started playing around with code that would run on x86 to test. However, when it came to real hardware testing Barefoot Networks seem to have gone from one ASIC which supports P4, from when I first looked into P4, to multiple ASICs [2] but they don't seem to be in stock anywhere?! If anyone has some P4 hardware, even in the lab, I'd love to hear about your experiences. I've only tested it inside a VM which is really more just letter one learn the syntax and architecture. I wanted to test the impact of simplifying the forwarding pipeline to the bare minimum to reduce latency, advanced/dynamic port buffers, and iOAM. What have you managed to achieve with it that you couldn't before? Cheers, James. [1] https://github.com/p4lang/behavioral-model [2] https://barefootnetworks.com/products/brief-tofino/
Re: [uknof] 'White Box' switching and OS - Any experiences worth sharing?
On 17 February 2018 at 01:15, Aftab Siddiquiwrote: > And they also have Cisco like CLI wrapper with ‘?’ help > > On Sat, 17 Feb 2018 at 4:27 am, Sascha Luck [ml] wrote: >> >> Hi David, >> >> have a look at Cumulus Linux. I've played with this on VMs and >> Mellanox switches and VXLAN/EVPN with unnumbered eBGP is working. >> The've been good with implementing asked-for features too, like >> "q-in-vxlan" (I've not tested that yet) I was also going to mention Cumulus. I'm also not using it in production and evaluating the VM version right now. As already mentioned it supports EVPN with VXLAN. It has a standard Linux CLI (by which I mean BASH-like), the "ip" command suite has been extended so support all the extra features they have built into Cumulus Linux like VXLAN, EVPN, MPLS etc so server guys interact with the switch CLI as if were a server and/or edit plain text config files in /etc. It helps to break down the barrier that some of our server guys have, where the Cisco or Junos CLI is very alien for them. So although that's not an API it does mean that your switch and server CLI is "the same", and that you can use your Linux orchestration tool du jour like Ansible/Salt/Puppet etc. to manage switches and servers alike. There was a great preso at NetDev 2.2, definitely worth a watch if you want to quickly get up to sped with EVPN in Cumulus: https://www.netdevconf.org/2.2/session.html?prabhu-linuxbridge-tutorial Cheers, James.
Re: [uknof] BT NGA Exchange List
On 14 February 2018 at 16:15, Mike Jenkinswrote: > I'm sure that your Openreach account manager can send it to you This is what I was thinking. Why aren't you asking OR? If this opportunity does turn out to be viable for you it sounds like you'll be engaging with them anyway. You might as well engage with OR now and they might also be able to incentivise this deal for you. I know OR are often pants but I'm sure even they can provide you with a document/report they produce. Cheers, James.
Re: [uknof] Connectivity at mobile mast site ...
On 6 December 2017 at 20:39, Mark Boycewrote: > Hi All > > Odd one, well for me at least. Being asked if we can provide connectivity at > a mobile/etc mast; > > AB4 4AX - Mormond Hill in Aberdeenshire > > Client believes that the mast has an Arquiva DAB node there as well as > various mobile carriers. Which may have local backhaul rather than radio > links. > > > Does anyone know how we’d find out who has POP’d the mast, if anyone? > > Cheers > Mark I believe that BT Openreach and VirginMedia both have mobile backhaul products, so if you ask them for quotes to this site you might find out if they have PoP'ed it already or not. Cheers, James.
Re: [uknof] AWS/GCP/Azure
On 21 November 2017 at 11:36, Clive Stonewrote: > this is what IX Reach can do easily. Tried > speaking to them? They interconnect with the Cloud providers, and you can > buy the port from them and split it off how you like. Steve is on this > list, too. Equinix also do this: https://www.equinix.com/services/interconnection-connectivity/cloud-exchange/ I don't work for Equinix or dislike IXreach, just pointing out an additional option, options are good :) Cheers, James.
[uknof] Industry Conferences
Hi All, Hopefully this is considered on-topic/suitable content [1]; I wanted to plug a couple of industry conferences that I recently learned of (I’m sure others on here will have heard of them). If anyone has or knows of a public list of such events/conferences I’d like to see it. I have seen one before years ago but can’t find it now. Like many I can’t make it in person to every UKNOF, NANOG, RIPE, LINX meeting etc. so I usually watch them remotely but I don’t always know when they are on, so these are two more in my calendar now. Cheers, James. I recently came across https://wiki.geant.org/display/PMV/SIG-PMV [2] “The GÉANT PMV SIG (SIG-PMV) is focusing on performance monitoring and verification topics from both a research and operations perspective, and in identifying and establishing best practises for wired/wireless (campus) networks, and the networks that connect them.” I also recently came across: https://inog.net/ “Help us build an inclusive and open Community of Practice around network engineering. The Irish Network Operators Group (iNOG) is re-birthing community focused on diversity, learning, sharing, connecting, and having fun.” [1] In light of the recent thread “Juniper SRX Available” I have read https://wiki.uknof.org.uk/Charter and can’t see any clear reason that it wouldn’t be. Please correct me if I am wrong. [2] Full disclaimer, I am talking at this conference which is how I came to hear about it but looking back over previous sessions I think it would be of genuine interest to many on this list.
Re: [uknof] IPv6 Musings
On 26 October 2017 at 18:07, Paul Bone <paul.b...@bridgefibre.co.uk> wrote: > Hi James > > We are definitely open to advice! > > We are keen to have a way to ensure each customer always gets the same > prefix - not sure we can do that with solely DHCPv6? > > Thanks > > Paul > > Sent from my iPhone > > On 26 Oct 2017, at 17:49, James Bensley <jwbens...@gmail.com> wrote: > > Why not DHCPv6 out of curiosity? > > Cheers, > James. Hi Paul, Still catching up on emails post-holiday. If you have Ethernet to the CPE device then the tradition method of PPP + L2TP + RADIUS etc. adds in lots of overhead, complexity and state. In my opinion a clearer/simpler design would be to have the access nodes insert the circuit ID into DHCP requests coming from the CPE device and use PWHE to tunnel them back to a central box using standard MPLS and use the circuit ID to match static IP mappings. PPP and L2TP only exists in our network for ADSL based services and it’s just another couple technologies (plus RADIUS) that engineers need to know in addition to typical BGP/MPLS. Cheers, James.
Re: [uknof] IPv6 Musings
Why not DHCPv6 out of curiosity? Cheers, James.
Re: [uknof] Telehouse Fire Alarm
On 21 September 2017 at 17:42, Graham L. Stewartwrote: > The night operations at Telehouse Metro are often asleep with the lights off > in the reception when I arrive in the middle of the night. That prob says it > all….. These days I'm in Telehouse North/East/West more often during the small hours of the night, and I don't find that so much there (but it does still happen!). I used to be in and out of Global Switch 2 much more regularly and I was almost always waking someone up either on reception or in the security room. If you had say several late night maintenance sessions on consecutive nights I'm sure they'd remember you and start to form a grudge. Cheers, James.
Re: [uknof] Hosting Firewall Advice
On 2 June 2017 at 18:33, Tom Hill <tom.h...@bytemark.co.uk> wrote: > On 02/06/17 15:02, James Bensley wrote: >> virtual m0n0wawll boxes per customer > > m0n0wall was discontinued, and its replacement - OPNSense - is a far cry > from the lovely, lightweight release that was m0n0wall. I'm very sad to > see the end of it! I haven't used it for a few years so I didn't know it was discontinued, that is a shame, it was nice and lightweight and "just worked". Cheers, James.
Re: [uknof] Hosting Firewall Advice
On 2 June 2017 at 14:46, David Derrickwrote: > On 02/06/2017 14:20, Paul Bone wrote: >> >> Just wondering what peoples thoughts are on the merits of a shared >> hardware firewall (we are starting to hit overlapping IP issues) vs >> virtual appliances or even a virtual Linux installation per client. > > > Some firewalls can be split up into virtual instances which is a nice idea. > Sonicwall have been promising it for a long time but I'll believe it when I > see it. Checkpoints do this now but there are some limitations. Being unable > to put IP addresses on a VPN tunnel interface for example. Don't know which > other vendors offer it. > > Haven't used virtual appliances but that seems logical if you're offering > virtual servers. Pretty sure you could get some eval copies to play with. Yeah I guess if you wanted to continue down the dedicated hardware route Cisco ASA's have virtual contexts, Juniper Netscreen's or SRX's might support logical systems? Others probably have similar functionality. However if you have virtual infrastructure already and the tools and staff in place to manage that, then if I was you I'd be migrating to virtual firewalls. You could use some small light weight firewalls on a per-customer instance basis, we have done this successfully before with stuff like virtual pfSense and virtual m0n0wawll boxes per customer. You could also use a virtual and centralised multi-tenanted system (Palo Alto offer this which we are currently evaluating, I'm sure others do too). Cheers, James.
Re: [uknof] Example of total DC loss
On 1 June 2017 at 11:50, Simon Greenwrote: > Morning List :) > > > > I’m hunting for an examples of long duration data centre outages in the UK, > from a day of downtime to total data centre loss (explosion or some other > industrial accident). > > > > Is anyone aware of any tails they could share? Bigger and higher impact the > better. > > > > Slightly more casually interested in BT exchanges as well. > > > > I’m aware of: > > · Several corporate incidents, including Three, Capita, and Vodafone > > · The Telecity power issues from a few years back, though they were > less than a day > Not a DC outage but the Kings College outage was pretty serious, if you have a SPoF be it a single RAID array or single DC, its a SPoF; https://www.theregister.co.uk/2016/10/25/and_so_we_enter_day_seven_of_kings_college_london_major_it_outage/ https://www.theregister.co.uk/2016/11/15/after_kcl_kills_uniwide_backups_staff_get_order_to_never_make_their_own/ Cheers, James.
Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP
On 20 March 2017 at 17:01, Mike Jenkinswrote: >> > Why not have the copper SFP as a default, >> >> Why not have fibre as default? - Seriously though, this is document in the >> SIN >> documents, so for future reference, RTFM. >> >> "The client interface consists of a RJ-45 type socket for 10 Mbit/s and 100 >> Mbit/s EAD services or dual LC sockets for 1000 Mbit/s EAD services." - >> http://www.btplc.com/sinet/SINs/pdf/492v1p8.pdf - Section >> 4.2 Connector. >> > > But the OP ordered his service from SSE - so there's a definite possibility > that their ordering process let him (incorrectly) order a copper gig > presentation If the OP is informed when quoting/ordering the circuit with the carrier that the tail is coming from OR > read the SIN doc. When ordering a circuit with a carrier and the B end is off-net for the carrier (which it sounds like it was), ask the carrier "Who's providing the tails for this service? OR you say!" > read the SIN doc. When ordering a circuit with a carrier and it is not explicity stated that the circuit is on-net or that existing fibre will be used, ask the carrier "Who's providing the tails for this service? OR you say!" > read the SIN doc. Cheers, James.
Re: [uknof] Single Mode SFP with fibre patch lead anyone at or around postcode SG12FP
On 20 March 2017 at 11:13, Gavin Henrywrote: > Why not have the copper SFP as a default, Why not have fibre as default? - Seriously though, this is document in the SIN documents, so for future reference, RTFM. "The client interface consists of a RJ-45 type socket for 10 Mbit/s and 100 Mbit/s EAD services or dual LC sockets for 1000 Mbit/s EAD services." - http://www.btplc.com/sinet/SINs/pdf/492v1p8.pdf - Section 4.2 Connector. Cheers, James.
Re: [uknof] SonicWALL PPPoE Issues over Talk-Talk WFTTC Circuits
On 28 January 2017 at 23:41, Bjoern A. Zeebwrote: >> 28 Jan 2017 19:24:22 l2tp-rx T13092-51756-62.24.203.227 S17150-9461 PPP Tx >> 8021:IPCP 01 00 000A ConfReq 03:IP 06 62.24.191.98 mcmfmt2@connect.username > > > You tell CPE your IP address. Which seems to be a TalkTalk IP?! > But the CPE never ACKs. > And the CPE also doesn’t send you a request for its local IP address end. It does, here I believe: 28 Jan 2017 19:24:22 l2tp-rx T13092-51756-62.24.203.227 S17150-9461 PPP Rx FF03 8021:IPCP 01 01 0016 ConfReq 03:IP 06 0.0.0.0 81:DNS1 06 0.0.0.0 83:DNS2 06 0.0.0.0 mcmfmt2@connect.username 28 Jan 2017 19:24:22 l2tp-rx T13092-51756-62.24.203.227 S17150-9461 PPP Tx 8021:IPCP 03 01 0016 ConfNak 03:IP 06 46.17.214.185 81:DNS1 06 185.23.52.131 83:DNS2 06 185.23.52.132 mcmfmt2@connect.username >> 28 Jan 2017 19:24:22 l2tp-rx T10838-3606-62.24.203.91 S24816-43992 PPP Rx >> FF03 C021:LCP 08 B1 0040 ProtoRej 03 00 00 00 08 06 00 13 08 00 00 00 >> 00 08 04 00 00 00 71 q 72 r 73 s 74 t FD 12 A5 AD BA 38 8 8E BD FB 55 U 50 P >> 18 10 00 F8 E0 00 00 17 03 03 00 50 P D6 07 80 20 81 D2 6F o 57 W B8 CC 9C >> 2E . 0F >> 28 Jan 2017 19:24:22 l2tp-rx T10838-3606-62.24.203.91 S43511-28544 PPP Rx >> FF03 C021:LCP 08 E9 001C ProtoRej 03 00 00 00 08 06 00 13 08 00 00 00 >> 00 08 04 00 00 00 71 q 72 r 73 s 74 t > > > Whatever those are I am confused about; That CPE is trying to make some sort of query I think. > Seems the state machine on the CPE side is stuck? Yeah it looks a bit flaky. On 28 January 2017 at 15:12, Gareth Phillips wrote: > · We’ve tried a RADIUS Filter-ID of "l" (lower case L) to stop MRU > renegotiation and a similar hard coded setting on the L2TP LNS tunnel for > those particular circuits. > Why have you done that? We are an LLU provider but also take wholesale BT and TalkTalk connectivity to ensure total coverage. We force MRU renegotiation for those wholesale circuits, particularly for BT where their BRAS nodes seem to interfere; going through the whole PPP state machine life cycle (including LCP, NCP, IPCP etc) part of the process is performed between CPE and BRAS, then the L2TP tunnel is built, and the later part is performed between CPE and LNS. Due to NOT having performed the entire process with the BRAS we sometimes see side effects so we always force MRU renegotiation to start most of the process again with the CPE talking directly to the LNS. What happens if you try this? Also what do you see in your RADIUS log? Does the LNS report to RADIUS that the authentication has been successful? From your output and Bjoren's output it looks like auth is OK then negotiation fails near the end of LCP. Have you considered upgrading the firmware on you CPE and LNS devices? Test it in the lab? Cheers, James.
Re: [uknof] Easynet / HE (maybe SixXS?) issue
On 23 January 2017 at 00:19, Tom Hillwrote: > Hi Raoul, > > On 20/01/17 21:43, Raoul Bhatia wrote: >> I would be happy if somebody would be able to assist me with some >> debugging, >> and/or give me pointers to whom I would be able to connect to. > > I'm looking at this without being entirely awake, but at first glance it > looks like a very similar issue that I had with IPv6 from Easynet in > Germany, recently. > > Drop me a mail offlist and we'll compare output... I got some way to > finding a responsive contact, but it's all disappeared into a black hole > as it stands; if it's related, it would be worth joining forces. :) If you guys still need a contact at EasyNet let me know off-list and who your current contact is. Cheers, James.
Re: [uknof] Fwd: IPv6 adoption approaching 16% in UK
On 8 November 2016 at 00:22, Sean Keeneywrote pages of shit: ... /Sean Whinge much? You are the enemy of the service catalogue. James.
Re: [uknof] ISP Security architecture
On 15 September 2016 at 11:46, John Bourkewrote: > Hi, > > > > Touchy subject, but can anyone share some war stories about how they keep > raw Internet traffic away from ISP operational systems, which be definition > need to talk to the equipment which carries that Internet traffic. I'm not 100% certain of what you are looking for here but if you search through the list archives for the c-nsp and j-nsp mailing lists (others too I'm sure) you'll see many discussions about ISPs moving the Internet into a dedicated L3VPN. In that example keeping the internet traffic in a dedicated L3VPN and say having a separate dedicated L3VPN for management traffic segregates the two traffic types but the NMS/OSS/BSS systems still have access to the routers (if you configure them to allow management access from within that management L3VPN). I’m not sure where the horror stories fit in to this that specifically relate to the Internet? A decent ISP (IMO) should have good control plane and infrastructure protection in place, so there should be no threat. I think the main issues from the Internet into the ISPs OSS/BSS systems is DDoS traffic, either targeted at the ISP or a downstream customer that fills the pipes and they can’t even get management access to their devices (perhaps no out of band connectivity for example). But control plane attacks can come from within the IPS, not just out on the Internet and can be fairly well defended against. Cheers, James.
Re: [uknof] IOS XR tcpdump
On 17 August 2016 at 13:22, Job Snijders <j...@instituut.net> wrote: > On Wed, Aug 17, 2016 at 01:05:52PM +0100, James Bensley wrote: >> Is it ever too late to revive a thread? >> >> Marty (and anyone else interested) there is packet capturing features >> inside the NP added in IOS-XR 5.3.3. It works for pretty much all >> inbound packet drops but only some outbound packet drops. >> >> This are some example notes I made; >> https://null.53bits.co.uk/index.php?page=asr9000-np-packet-capture > > Thank you for sharing this! > > Kind regards, > > Job One thing I forgot to mention is that as I'm sure you probably know already, come IOS-XR 6.1 on ASR9000's we should be able to use the Linux containers to run actual tcpdump on the boxes. Cheers, James.
Re: [uknof] IOS XR tcpdump
On 10 July 2015 at 02:51, Marty Strong <ma...@cloudflare.com> wrote: > Yay Cisco, lagging behind Juniper yet again! > > Thanks for the response. > > Regards, > Marty Strong > -- > CloudFlare - AS13335 > Network Engineer > ma...@cloudflare.com > +44 20 3514 6970 UK (Office) > +44 7584 906 055 UK (Mobile) > +1 888 993 5273 US (Office) > smartflare (Skype) > > http://www.peeringdb.com/view.php?asn=13335 > >> On 10 Jul 2015, at 04:17, James Bensley <jwbens...@gmail.com> wrote: >> >> On 30 June 2015 at 11:23, Marty Strong <ma...@cloudflare.com> wrote: >>> Hey UKNOFers, >>> >>> Anybody know the Cisco IOS XR equivalent to "monitor traffic interface lo0" >>> on a Juniper? >>> >>> Searching around online I don’t see anything, and the Cisco documentation >>> is as lacking as some features in IOS /troll >> >> There isn't any such featre (as of yet) if you are talking about an >> ASR9000 series device? If so then yeah, nothing yet. I am rather >> shocked by this but I've been in contact with TAC over various issues >> with IOS-XR and the ASR9K's and they have confirmed to me there is no >> "proper" packet-capture feature yet. >> >> Even with Typhoon line cards and RSP440s. I would assume this feature >> is perfectly possible and simply hasn't dropped yet, Cisco haven't >> confirmed or denided that for me yet though. >> >> The best you can do is apply ACLs to the line card to check if a >> packet that matches the ACL is either ingressing or egressing the PHY >> or NP or FIA you assign the ACL to. This basically: >> https://supportforums.cisco.com/document/122386/asr9000xr-how-capture-dropped-or-lost-packets >> >> Note before: that is a service affecting operation. >> >> You can run SPANs in IOS-XR if you have somewhere to SPAN a port to. >> >> Also you can use the interface "monitor" command, "monitor interface >> xxx" which isn't great but sometimes anything is better than nothing. >> >> Cheers, >> James, Is it ever too late to revive a thread? Marty (and anyone else interested) there is packet capturing features inside the NP added in IOS-XR 5.3.3. It works for pretty much all inbound packet drops but only some outbound packet drops. This are some example notes I made; https://null.53bits.co.uk/index.php?page=asr9000-np-packet-capture Cheers, James.
Re: [uknof] IX Cardiff call for CDN's
On 17 August 2016 at 10:09, Paul Webbwrote: > The IX Cardiff steering Group is interested in attracting CDN providers with > an offer of free hosting space and connectivity to the Cardiff IX. Hi Paul, Are you only offering free hosting space for CDN providers? Kind regards, James.
Re: [uknof] UKNOF mailing list migration
Thanks to everyone at LONAP for your efforst so far and to everyone who his going to be carrying the torch moving forward. Cheers, James.
Re: [uknof] Virgin Ethernet Extension
Bit late to this thread. Further to Charlie's input, if you take an NE/NE+ service request and end-to-end MTU check beforehand if you need >1600 MTU. We've had issues were a NE+ circuit for which the NTE supports an MTU up to 2032 won't go above something smaller (exact value escapes me right now) - one of the MetNets it passes through is old with a low MTU. We've also had NE+ circuits where we have asked if we can raise the MTU to support jumbo frames, but we couldn't go above 4470 because there are SDH/SONET MetNets in the middle, but this has been possible on other circuits. Also don't forget their SLAs are pants, 30ms or something. We've have multiple VM NNI's and we've had issues where the PoP that feeds that PoP that our NNI is on, has been congested so our NNI is affected (packet loss across all VNO circuits there), increasing the latency on them all from circa 10ms to just under 30ms so its still within SLA but inter site delay is nearly 60ms for two sites on the same NNI (which is no better than ADSL), and VM they have been very slow to recover it. Also most NE/NE+ circuits are pseudowires across their core. I think the control-word is disabled by default. We have had several instances where we have requested they enabled the pseudowire control-word for that circuit and the issues have been reduced (like out of order packets or jitter). Might be worth ordering all circuits with the control-word enabled by default. Cheers, James.
Re: [uknof] Multi-tenant PBX Solution
I've had good success at a former job with https://integrics.com/enswitch/ which is a multi-tenant PBX. Its Asterix under the hood for call routing with their custom application over the top for all the jazzy features. So its Asterix + MySQL (you can use MariaDB) + Apache so you can virtuaise it and scale it. So you can pay for support but still extend Asterix as you please. We built a custom hand set provisioning tool, added custom call features directly in Asterix etc. Cheers, James.
Re: [uknof] BT Outage?
On 28 July 2016 at 06:40, Neil J. McRaewrote: > > On 24 Jul 2016, at 17:48, Paul Webb > wrote: > > Well we’ve just moved all our lines to TTB from BT WBMC (mostly for better > FTTC performance) and our main POP is THN….but not a blip last week, > everything was fine …thank goodness we moved from BTW J > > I think that's the funniest thing I've ever read! Moving all your ADSL lines from the biggest wholesale LLU provider in the UK to probably the second biggest. We thought about it for about 5 minutes because TalkTalk are offering significant cost savings, but really, you moved all your eggs which were in one basket, to a new single basket. You don't think it best to split across the two instead? ¯\_(ツ)_/¯ James.
Re: [uknof] ISPs in Spring Park, Corsham.
As per peeringdb, we (Updata) can provide this. Will respond off-list. James.
Re: [uknof] BT Outage?
On 21 July 2016 at 09:37, Mark Tinkawrote: > We are in Telehouse North on the 5th floor, and so far, not facing any > issues... > > Mark. We are in TFM 17, 4th Floor Star Suite, 3rd Floor TFM 10, 3rd Floor TFM 23, 2nd Floor And somewhere else I have forgotten... We have no power issues in any of these suits. We are a WBMC customer, no issues today or yesterday, however we are having issues with our IPX links with BT this morning. Cheers, James.
[uknof] UK Referendum Stats
Hi All, I'm wondering if anyone had any interesting data to share from a networking perspective around the referendum. Just some ideas (most eyeball networks like us are only graphing traffic volume); - Did you see an increased/decreased level to/from social media sites over your peering and transit pipes compared to the previous Thursdays? - Did you see any change in evels over these days following the referendum to social media sites compared to previous weeks (that doesn't look Euro championship related) ? - Did you see an increased level of traffic to/from news sites on the day, over the following days? If you're tracking DNS hits HTTP/S etc, see all questions above but for number of hits/lookups instead of traffic volumes. It would be interesting if someone could present a talk on any interesting stats related to the referendum from the networking world, I hope that some of the key players involed in delivering the Euros will be when it's over (broadcasters, CDNs, carriers, social networking providers etc). It could make for an interesting lightening talk. We haven't seen anything notable in our traffic levels (which I think mostly relates to our customer demographic, most public sector so mostly only working during the day and the majority of the offices are empty at the weekends). Kind regards, James.
[uknof] NETCONF/Yang/OpenConfig
Hi All, Having spent some time at $dayjob trying to get the automation wheel rolling (nearly 2 years now) and still getting nowhere I think it’s time to move on (there is a shed load of other reasons too of course). NETCONF/Yang/OpenConfig are the bread and butter of the future in my opinion, I also believe that all engineers should be able to program to some basic extent (I know, I’m like an evil dictator right?). So with that in mind I am trying to find a new company to have me but one that also has an interest in these technologies and shares my ideologies about the service abstraction, data models and automation who needs a new network engineer with some programming skills (to live out my dream of near total network automation). I’m not a fan of buzzwords but I think the rising “NetDevOps” phrase describes the position I am looking for best, however it’s proving very difficult to find openings. I only know of a handful of networks that have openly expressed their interest in prioritising the same ideas as me and not many of them have openings. So my question to the list is, who else shares these ideas and has open positions (or, who do you know of)? Cheers, James.
Re: [uknof] Bogon ASN Filter Policy
On 3 June 2016 at 13:41, Job Snijderswrote: > On Fri, Jun 03, 2016 at 12:27:29PM +0100, Tom Bird wrote: >> On 03/06/16 10:26, Job Snijders wrote: >> > Here are JunOS, IOS XR & BIRD examples: >> > >> > http://as2914.net/bogon_asns/configuration_examples.txt >> > >> > With your permission I'd like to add the IOS flavor >> >> Did we not establish some time ago that running these crazy regexes on >> a full table was a really bad idea, particularly on CPU constrained >> old IOS boxes? > > I've added a warning that the IOS snippet might not be suitable for > all gear. We have it running on 7600s with RSP-720-3CXLs and it's working fine. It takes 5 minutes to process a full feed without this config, if it takes an extra minute or two I don't care. Last time I reported one of those 7600s a couple of months ago with a transit feed on it, I didn't observe any noticeable delay beyond in the normal delay, in the transit feed stabilising. Cheers, James.
Re: [uknof] Bogon ASN Filter Policy
On 3 June 2016 at 10:26, Job Snijders <j...@ntt.net> wrote: > On Fri, Jun 03, 2016 at 10:12:42AM +0100, James Bensley wrote: >> It's good to see the larger carriers doing this, > > GTT also committed > http://mailman.nanog.org/pipermail/nanog/2016-June/086081.html Even better! Just need to ensure everyone is applying prefix filters too. Still seeing RFC1918 leakages from time to time. > Here are JunOS, IOS XR & BIRD examples: > > http://as2914.net/bogon_asns/configuration_examples.txt Many thanks! :) Just an FYI with "passes-through" on IOS-XR support for "0" as a value was |deprecated | doesn't work anymore | was "Cisco'ed" ] ... as-path-set BOGONS-ASNs #rfc7607 ios-regex '_0_', #2 to 4 byte ASN migrations passes-through '23456', #rfc5398 passes-through '[64496..64511]', passes-through '[65536..65551]', #rfc6996 passes-through '[64512..65534]', passes-through '[42..4294967294]', #rfc7300 passes-through '65535', passes-through '4294967295', #IANA reserved passes-through '[65552..131071]' end-set > With your permission I'd like to add the IOS flavor Yea sure, help your self. Cheers, James.
Re: [uknof] Bogon ASN Filter Policy
On 2 June 2016 at 20:56, Job Snijderswrote: > Dear fellow network operators, > > In July 2016, NTT Communications' Global IP Network AS2914 will deploy a > new routing policy to block Bogon ASNs from its view of the default-free > zone. This notification is provided as a courtesy to the network > community at large. > > After the Bogon ASN filter policy has been deployed, AS 2914 will not > accept route announcements from any eBGP neighbor which contains a Bogon > ASN anywhere in the AS_PATH or its atomic aggregate attribute. > > The reasoning behind this policy is twofold: > > - Private or Reserved ASNs have no place in the public DFZ. Barring > these from the DFZ helps improve accountability and dampen > accidental exposure of internal routing artifacts. > > - All AS2914 devices support 4-byte ASNs. Any occurrence of "23456" > in the DFZ is a either a misconfiguration or software issue. > > We are undertaking this effort to improve the quality of routing data as > part of the global ecosystem. This should improve the security posture > and provide additional certainty [1] to those undertaking network > troubleshooting. > > Bogon ASNs are currently defined as following: > > 0 # Reserved RFC7607 > 23456 # AS_TRANS RFC6793 > 64496-64511 # Reserved for use in docs and code RFC5398 > 64512-65534 # Reserved for Private Use RFC6996 > 65535 # Reserved RFC7300 > 65536-65551 # Reserved for use in docs and code RFC5398 > 65552-131071# Reserved > 42-4294967294 # Reserved for Private Use RFC6996 > 4294967295 # Reserved RFC7300 > > A current overview of what are considered Bogon ASNs is maintained at > NTT's Routing Policies page [2]. The IANA Autonomous System Number > Registry [3] is closely tracked and the NTT Bogon ASN definitions are > updated accordingly. > > We encourage network operators to consider deploying similar policies. > Configuration examples for various platforms can be found here [4]. > > NTT staff is monitoring current occurrences of Bogon ASNs in the routing > system and reaching out to impacted parties on a weekly basis. > > Kind regards, > > Job > > Contact persons: > > Job Snijders , Jared Mauch , > NTT Communications NOC > > References: > [1]: https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00 > [2]: http://www.us.ntt.net/support/policy/routing.cfm#bogon > [3]: https://www.iana.org/assignments/as-numbers/as-numbers.xhtml > [4]: http://as2914.net/bogon_asns/configuration_examples.txt Hi Job, Good effort from NTT. I work for an access provider and we have rolled out the same policy already. There are definately valid arguments against this (I think) however I think the arguments for this approach outweigh them. It's good to see the larger carriers doing this, at $dayjob we have often see bogons IP prefixes coming from the larger carries (they aren't filtering their customer announcements) and the same goes for not dropping private ASNs in the path on prefixes receiveed from their customer announcements. This is the config we have used on IOS boxes; https://null.53bits.co.uk/index.php?page=asn-filtering I will fish out an IOS-XR config we have used too if anyone is interested in doing the same. Has anyone got a Junos config snippet they can share to do the same? If not I can splurge it out in the lab but I'm feeling Friday lazy. Cheers, James.
Re: [uknof] IPv6 usage explosion
On 23 May 2016 at 11:14, Paul Mansfield <paul+uk...@mansfield.co.uk> wrote: > On 23 May 2016 at 09:59, James Bensley <jwbens...@gmail.com> wrote: >> as IPv4. On lots of our Cisco edge devices there are bugs present that >> relate to IPv6 traffic processing problems, or just the fact that IPv6 >> is enabled. The Junos kit is more mature and seems pretty bug free. In > > > we need early adopters to find the bugs. If people wait until v6 is > really mature and solid, they'll be lagging in the skills and > experience to successfully roll it out. > now is a good time for ISPs to be rolling it out at least in trials, > to test their equipment and train their own staff, whilst the > customers adopting it tend to be the clueful ones who are aware it's > imperfect and so likely to be a little more helpful and forgiving. I definitely agree with you there. However with all these problems it makes it difficult to make progress. I've had internal discussions about pushing out IPv6 internally everywhere to save on v4, however I get met with mostly resistance. $dayjob is more of a "managed service provider" than a more traditional telco/ISP, which basically means "we only do what's good for revenue, based on what customers say" - and of corse a tiny fraction of customers jump up and say "I demand IPv6". Lots of technical hurdles like buggy routers/switches/firewalls, buggy applications or applications that simply don't support IPv6 or have some IPv4 hard coded parts etc, that all adds up to management saying "you see, it will take too much time/money/whatever, get back to writing that report on how many reports you've been writing." I wonder if there is scope at a UKNOF for someone to give an IPv6 story but from the other end of the spectrum. We've had some great "We're rolling it out, this is how far we have got and how long to finish" and also some "We rolled it out and this is how we did it" - I wonder if anyone wants to give a talk on the business side of things, how did they make it appeal to upper management, how did they get their customers on board, how did they get their internal engineers on board (I encounter no shortage of enigneering colleagues that don't care / don't think its time yet), how did you sell it to customers commercially? Cheers, James.
Re: [uknof] IPv6 usage explosion
> On 20 May 2016, at 10:16, Tim Chownwrote: > >>> On 19 May 2016, at 21:57, Neil J. McRae wrote: >>> >>> Sky have done - we should have launched also but we (BT) hit a minor bug >>> but we want to patch it before we turn it on but the work is done and we >>> have a pile of customer using it. >>> >>> the stability of most V6 implementations still leaves a hell of a lot to be >>> desired. >> >> In what area? OSes, applications, CPEs? Can you give specific examples? >> >> Tim On 20 May 2016 at 14:50, Neil J. McRae wrote: > I am talking home equipment but even in edge my view is that it's not at the > same level as it will need to be. > > Neil > > Sent from my iPhone Certainly for u IPv6 in the edge is not at the same level of maturity as IPv4. On lots of our Cisco edge devices there are bugs present that relate to IPv6 traffic processing problems, or just the fact that IPv6 is enabled. The Junos kit is more mature and seems pretty bug free. In either case these are "vendor" specific problems in some sense, however they are two massive vendors that many ISPs all over the world will be using so it's fair to say that on some global level, IPv6 is not the same at the service provider edge as it is for IPv4 for stability, security, reliability etc (Cisco in particular, bug central). Cheers, James.
Re: [uknof] Strange DSL problem, anyone using this combination?
On 30 March 2016 at 12:46, David Derrickwrote: > I'm a bit stumped here, wondering if anyone else has seen this or is using > the same kit with no issues. Even better if you happen to be one of our > resellers. > > Zyxel SBG3300-N router > 21CN lines (ADSL or FTTC with or without OR modem) but not all lines > Juniper MX480 LNS > > Symptoms are high packet loss and frequent disconnects but only on some > lines. > Swap the Zyxel for a Cisco, problem goes away. > Take the Zyxel to a different line, problem goes away. (This may be true > with two lines into the same building via the same exchange.) > Different Zyxel (same model) from a working line to the problem line, > problem persists. > Terminate the user on one of our Cisco LNSs but same router and line, > problem goes away. > > This problem first appeared at the start of the year, went away for a while, > and has now returned. Most of this customer's lines are in Scotland. Problem > exists with current and previous versions of the Zyxel firmware. > > Does anyone have any ideas? We're trying to get BT to look for commonalities > between affected lines but haven't had an answer yet. On 31 March 2016 at 11:02, David Derrick wrote: > I probably wasn't clear enough that the copper lines have been checked and > are fine. That was one of the first things investigated and we've had > Openreach guys out to look at several of them. The fact that this problem > exists both with the OR modem and with the Zyxel's built in modem suggests > to me it isn't line related but there is some sort of strange interaction > from Zyxel->DSLAM->BT->Entanet->customer. It sounds like something at the PPP layer (or above) since it only happens with certain modem/LNS combinations. Strange you should say it's in Scotland, as per David's comments are you running MLPPP? I've had some issues with MLPPP over 21CN of late and the only comonality I've found so far is that the affected lines are to the same handful of BT BRAS nodes in Scotland. Have you been able to run a packet capture near your LNS and and analyse then when there are issues? Cheers, James.
[uknof] SunGard On List?
Hi All, Any SunGard on list? Having a path issue from multiple ISPs in the UK. Cheers, James.
Re: [uknof] 1G/10G Layer2/Layer3 Testers - Fluke, JDSU, Exfo?
On 16 January 2016 at 12:47, Neil J. McRaewrote: > With Windows I can - just too few people know how to optimise platforms these > days (very sad). > > Not tried this for a while but when win2012 came out if you tuned Windows > (and you tuned Linux) especially on message size at higher bandwidths you'll > see Linux has almost no performance advantage over Windows at all - they are > neck and neck - Pretty sure drivers are to blame for poor Windows performance > at lower bandwidths as I think the kernels are as good as each other- must > try and convince a vendor to give me the driver code to see what could be > done. (Oh and I'm no fan of either operating systems just to be clear :) > A very delaid response from me... I mostly agree, I have seen presentations by some of the NT Kernel devlopers and the kernel its self is very good in Windows, its all the other clutter on top (which is also true to Linux, just to to the same extent). The joy of Linux though is that people are releasing user-land software that can disconnect the NIC driver from the Kernal and connect it to the user-land process. The NetMap framework will allow a 1.7 GHz chip to push 10Gbps. These are benchmart for 40Gbps NICs on servers using both NetMap and DPDK, the links are being saturated with CPU cycles to spare: NetMap: http://www.chelsio.com/wp-content/uploads/resources/T5-40Gb-FreeBSD-Netmap.pdf DPDK: http://www.chelsio.com/wp-content/uploads/resources/T5-40Gb-Linux-DPDK.pdf James.
Re: [uknof] Finding out if a realm is registered
On 23 January 2016 at 12:27, Paul Thornton <p...@prt.org> wrote: > Hi > > On 22/01/2016 21:18, James Bensley wrote: >> >> It kind of depends on what you are seeing; >> >> On the CPE are you seeing the line in sync? Assuming you are, are you >> seeing authentication requests from the BRAS node? Again I assume yes. > > > Line in sync, no PPP. No auth requests at all seen at our end. > >> ... > > >> If your provider is not BT for example, and say a VAR or reseller of >> BT for example, it's possible BT haven't added your realm to the line >> because your reseller hasn't asked them to, or they have asked them to >> and so BT haven't done it, or your realm is on that line and the >> reseller isn't forwarding the realm correctly to you, and so on and so >> forth. In this case it’s another layer of complexity/faults. > > > This is what we have. Something is probably breaking in that layer - but we > don't know what. > > I was hoping to be able to verify this ourselves, so the support ticket > could say "We have sync but no auth. We've checked and the realm foo.co.uk > isn't going to you, which is why we can't authenticate" rather than just > saying "We have sync but no auth". In the case described above then your PSTN line is plumbed into a DSLAM/MSAN if it is in sycn but it sounds like it hasn't been provisioned correctly by BT Wholesale. If your CPE is sending out PPP discovery packets (be it PPPoA or PPPoE) and getting no response, and not receiving any incomming PPP packets, something is wrong in BT land. Your VAR/Wholesaler needs to speak with BT Wholesale support, your CPE should be asked to authenticate after LCP sends out a CONFREQ packet and this is picked up by the BRAS. James.
Re: [uknof] Finding out if a realm is registered
It kind of depends on what you are seeing; On the CPE are you seeing the line in sync? Assuming you are, are you seeing authentication requests from the BRAS node? Again I assume yes. If the CPE login attempt gets rejected and you're certain the login details are correct and you're not seeing their RADIUS servers querying yours to check the credentials then they have either provisioned the line with the wrong realm in the case its a 20CN line or if its a 21CN line the line might not be forwarded to your host-links (if its a 20CN line, they are typically locked to a specific realm specified during the provisioning process, and can support up to 5 realms per line, you can place a modify-order for free to add realms to the line, they usually happy the overnight within 24 hours, if its a 21CN line they are usually locked to the provider and accept any realm the CP has registered with BT, in this case you need to check you have registered the realm with BT). In either case you need to ensure you are advertising your RADIUS IPs etc and have configured their RADIUS servers as clients of yours although it sounds like you've done that. If your provider is not BT for example, and say a VAR or reseller of BT for example, it's possible BT haven't added your realm to the line because your reseller hasn't asked them to, or they have asked them to and so BT haven't done it, or your realm is on that line and the reseller isn't forwarding the realm correctly to you, and so on and so forth. In this case it’s another layer of complexity/faults. If you are taking tunnels from an LLU provider like TalkTalk for example most of the shame shiz applies. In order to check what realms you have provisioned with that ADSL circuit provider, be it BT, TalkTalk or a reseller (having worked with all combinations) - BT and TalkTalk only provide a list of realms via email (unless TalkTalk have updated their portal from the 90’s, BT don’t really even have a “portal”, naturally). I've only seen resellers allowing you to see your domains registered with them in realm time via a portal - but that isn't showing you necessarily that the reseller has provisioned the realm with their LLU supplier. James.
Re: [uknof] 1G/10G Layer2/Layer3 Testers - Fluke, JDSU, Exfo?
I had a similar requirement to you Charlie and tried to tackle it with a similar solution to yours Tom; I wanted to have all field engineers equiped with 1G testers to test every circuit as it is deployed (10G is less common for the average day to day office install so 10G for every field engineer wasn't a requirement but to have some sort of shared 10G tester(s) would be enough). Although there was no budget for this idea so I rolled me own; https://github.com/jwbensley/Etherate Etherate is a simple Linux CLI layer 2 testing tool that we can run in a central PoP and trunk circuits to that Pop (or pseudowire them across) for testing if there isn't an Etherate host in the required PoP. I'm a bit behind with the GitHub pushes, I have another version that’s nearly ready to go which adds in some MPLS features for testing pseudowires and label stacks etc. Once I've got that update pushed up I will focus on performance. In the lab at $dayjob we have boxes with 10G NICs and 8 core 2.4Ghz chips, Etherate is single threaded and the TX side can push 10G no problems however the RX side is only sustaining 9Gbps (since Ethernet is connectionless its dropping about 1Gbps of traffic because the RX loop can't check the incoming traffic fast enough, so after I've got these basic MPLS features in I will focus on performance). 1Gbps is no problem, my off-the-shelf laptop with built in copper 1Gbps Ethernet NIC can saturate a 1Gbps link using about 45-50% CPU usage. You can use something like iPerf for testing at Layer3/4 if the tail circuit is passing through NAT or over an IP subnet boundary (e.g the CPE does NAT), so iPerf back to a central iPerf server directly over the circuit and through the CPE (to check it can NAT as fast as is required). Or if you have time, this is much faster and better (IMO): https://github.com/Pktgen/Pktgen-DPDK/ If you do have a play with Etherate please let me know any feedback you have, I'm always keen to receive more. Cheers, James.
Re: [uknof] JANET DoS
Hi All, Did anyone get any info they can share (off list if preferred) about yesterdays attack, we had many JANET services affected. Also any UK (London specifically) Level3 cusotmers here that had any issues yesterday? During the JANET DDoS attackes we had some weird perfrormance issues on our L3 link, its a far flung guess but I wondered if L3 were carrying a good portion of that DDoS traffic, and "near" our peering with them. Only on our L3 feed we saw packet loss peaking between 09:00 and 11:00 yesterday but more weirdly though we had a much higher than usual number of BGP updates from L3. Between 09:00 and 11:00 we received about 10886 updates, from TaTa and Cogent for the same time period respectively 3076 and 5171. Also when I looked about 18:00 yesterday 10% of the full table routes received from L3 had an age of less than 1 day, so 10% of the global table has flapped via Level3 for us. I also saw something similar on RIPE BGPplay, they saw a spike in updates from Level3 at 09:20 to be exact (we don't have such presice measurements internally). Its all a bit wooly to pull anything together from than but it seems like "something" was up and it was worst around the time Janet were being DDoSed. Cheers, James.
Re: [uknof] JANET DoS
On 9 December 2015 at 15:15, Pollard, Mattwrote: > Hi James, > > Did someone get back to you or have you now read the official JANET email > that was circulated (Not sure if you are actually part of the network or not?) Yes, thank your. I got various off-list replies the some offical word out of Janet. Level3 have given us some minor info as they were involved on the DDoS attack migitations with Janet, but as usual they are providing little value post-incident. Cheers, James.
Re: [uknof] JANET DoS
Our various Janet peerigns seem foked. Our level3 feed is also being affected, is the DDoS is coming in via Level3 to Janet maybe? Level3 haven't told us whats up yet which is pretty much classic Level3. Anyone else know? Cheers, James.
Re: [uknof] AS Path Filters and Regex
On 31 Oct 2015 13:17, "Neil J. McRae"wrote: > > +1 - you can filter ASes but someone can still send a crazy as path with valid ASes and cause you chaos. > > Neil. > > Sent from my iPad Are you suggesting that people shouldn't filter as-paths? Presumably you wouldn't be that stupid so I'll assume not, so yes whilst people can still send funky AS paths the same is true for any BGP attribute, all I need is to receive a value out of range for the code I'm running and/or receive a malford NLRI to trigger a router OS bug and, pop! Surely at least trying to protect your own network is better than not trying given how easy it is to implement AS paths filters? James.
Re: [uknof] Trimming the Routing Table
If you have a tiny budget and your topology and upstream providers allow it, land the transit BGP sessions on some virtual route reflectors, use multi hop eBGP for example or use a /29 on the peering link so the RRs don't need to sit in the data path. Then you don't needy some fancy OpenStack cluster with IOS-XRv/CSRv/vMX etc, just a couple of spare servers you've got lying around with KVM and quagga/bird will do if you just want to hold more routes. Cheers, James.
Re: [uknof] AS Path Filters and Regex
On 30 Oct 2015 17:31, "Job Snijders" <j...@instituut.net> wrote: > > On Fri, Oct 30, 2015 at 05:27:22PM +, Nick Hilliard wrote: > > On 30/10/2015 16:57, James Bensley wrote: > > > What do others have, what have I missed? > > > > the asn32 filter can be written as "_42_", or perhaps "_42[0-9]{8}_" > > > > TBH, I'd question the value of filtering weird asns. What matters is > > filtering out weird prefixes. If you filter out weird ASNs, all you're > > doing is chewing up the CPU on your RP. > > My take: private ASNs have no place in the DFZ, I consider it healthy to > ignore any and all prefixes which have a private ASN anywhere in the > AS_PATH. Agreed, my exact thoughts. > I'd also drop anything that has _23456_ in the AS_PATH if you know all > your equipment supports 4-byte ASNs > > Kind regards, > > Job Ah yes I'd forgotten that, well remembered, thanks! Cheers, James.