Re: IP Fragmentation - Not reliable over the Internet?

Mark Andrews wrote: > Ensure that the firealls at both ends pass ICMP/ICMPv6 PTB. Only > idiots block all ICMP/ICMPv6. Yes there are a lot of idiots in the > world. The worst idiots are people who designed ICMPv6 [RFC2463] as: (e.2) a packet destined to an IPv6 multicast address (ther

Re: subrate SFP?

I got quite a bit of replies from sellers selling me cuSFP, insisting they work. So I'd like to clear up on this. For 10/100 to work on SFP slot, the PHY in the host needs to be multirate. Exception is SGMII which supposedly supports magic mode where SFP can ask it to send same bit 10 times, then

Re: IP Fragmentation - Not reliable over the Internet?

On Aug 29, 2013, at 18:15 , Mark Andrews wrote: > > In message > .com>, Christopher Palmer writes: >> This is what I'm concerned about: >> >> """ >> 1. If I originate IP packet fragments, such as an 8000 byte NFS packet >> broken into 1500 byte fragments, what's the probability of some host

Re: Parsing Syslog and Acting on it, using other input too

On Thu, Aug 29, 2013 at 10:50 AM, Don Wilder wrote: > I wrote a script in Linux that watches for unauthorized login attempts and > adds the ip address to the blocked list in my firewall. You might want to > search sourceforge for a DYN Firewall and modify it from there. > because fail2ban was too

Re: Evaluating Tier 1 Internet providers

On Thu, Aug 29, 2013 at 08:25:41PM -0700, Luke S. Crawford wrote: > > I have no idea how to solve this sort of problem automatically. > Ideally, if someone has a congested or down link, I'd prefer that they > not announce routes to that part of the internet, as I do have a > backup, but that is

Re: Evaluating Tier 1 Internet providers

On 08/29/2013 07:43 PM, Blake Dunlap wrote: +10 Good explanation. This is a lot of why I have someone like Cogent/L3/etc and some random transit provider in most of my pops I spec, plus a backhaul to another node. ... One thing to keep in mind is that for major Tier 1s, it's not at all uncom

Re: ATT contact

On Thu, Aug 29, 2013 at 10:43 PM, Tri Tran wrote: > Their cs line was not helpful. > > Their CISC group helped me in the past but now it's forwarded to a cruise > line... > http://wholesale.att.com/contact/centers/cisc.html > so... my point was that asking an IP network focused mailing list for P

Re: Evaluating Tier 1 Internet providers

+10 Good explanation. This is a lot of why I have someone like Cogent/L3/etc and some random transit provider in most of my pops I spec, plus a backhaul to another node. On Thu, Aug 29, 2013 at 9:37 PM, Richard A Steenbergen wrote: > On Wed, Aug 28, 2013 at 09:54:28AM -0700, Michael Smith wrote

Re: ATT contact

Their cs line was not helpful. Their CISC group helped me in the past but now it's forwarded to a cruise line... http://wholesale.att.com/contact/centers/cisc.html --Tri Tran On 8/29/2013 6:47 PM, Christopher Morrow wrote: On Thu, Aug 29, 2013 at 8:15 PM, Tri Tran wrote: Anyone have an ATT

Re: Evaluating Tier 1 Internet providers

On Wed, Aug 28, 2013 at 09:54:28AM -0700, Michael Smith wrote: > > It's really "can reach" versus "how well can they reach." I can't any > provider that would have less than a full view of the DFZ but, if your > primary traffic is to Provider X, and one of your Tier 1's peers > locally and the

Re: ATT contact

On Thu, Aug 29, 2013 at 8:15 PM, Tri Tran wrote: > Anyone have an ATT contact so that I can get them to update their routing > table? > I have an issue where ATT landline customers is unable to call a specific > destination number. maybe you want to talk to their PSTN support people? :) you ca

Re: IP Fragmentation - Not reliable over the Internet?

In message , Christopher Palmer writes: > This is what I'm concerned about: > > """ > 1. If I originate IP packet fragments, such as an 8000 byte NFS packet > broken into 1500 byte fragments, what's the probability of some host > before the other endpoint dropping one or all of those fragments? >

RE: IP Fragmentation - Not reliable over the Internet?

This is what I'm concerned about: """ 1. If I originate IP packet fragments, such as an 8000 byte NFS packet broken into 1500 byte fragments, what's the probability of some host before the other endpoint dropping one or all of those fragments? """ Big thanks to everyone who has sent thoughts al

Re: will ISP peer with 2 local WAN routers?

Offer to provide a /29 out of your own arin assigned block works wonders Sent from my iPhone On 2013-08-29, at 7:40 PM, "Joe Maimon" wrote: > > > Adam Greene wrote: >> Hi guys, >> >> >> >> I have a customer who peers via eBGP with Lightpath aka Cablevision (AS >> 6128) and Level3 (AS 3356)

Re: will ISP peer with 2 local WAN routers?

Adam Greene wrote: Hi guys, I have a customer who peers via eBGP with Lightpath aka Cablevision (AS 6128) and Level3 (AS 3356) and wants to do some dual-WAN router redundancy. I am not optimistic for your odds in having 6128 do anything other than /30 for you. (Though even then you st

ATT contact

Anyone have an ATT contact so that I can get them to update their routing table? I have an issue where ATT landline customers is unable to call a specific destination number. Tri Tran

Re: Cogent multi-hop BGP

Tim Durack wrote: I was under the impression Cogent no longer did the multi-hop BGP thing, but then I got a copy of their NA user guide, and saw the peer-a/peer-b configuration. Not a fan. Anyone know if this is still required for Cogent IP transit service? (on/off list is fine.) A/B multih

Re: subrate SFP?

On 8/29/13 6:08 AM, Saku Ytti wrote: > How do people deal with situation where you need <=48 SFP/SFP+ ports, but > you occasionally need one or two cu 10/100 ports? arista 7050s support 100 Mb/s on their copper sfp I have leveraged that, if you can break out the 40Gb/s ports you have as many as 64

Re: Parsing Syslog and Acting on it, using other input too

http://www.elasticsearch.com/blog/welcome-jordan-logstash/ So now Logstash and Elasticsearch will be even more integrated than before. With Kibana on top of that, this seems like the ultimate log data "do stuff" stack. --chip On Thu, Aug 29, 2013 at 2:03 PM, Carlos Alcantar wrote: > +1 on Sp

Re: Parsing Syslog and Acting on it, using other input too

+1 on Splunk or if you don't mind using a SAS service check out https://papertrailapp.com/ Carlos Alcantar Race Communications / Race Team Member 1325 Howard Ave. #604, Burlingame, CA. 94010 Phone: +1 415 376 3314 / car...@race.com / http://www.race.com -Original Message- From: Kasper

Re: Parsing Syslog and Acting on it, using other input too

Yes. Logstash shipper on your syslog proxy, forward to elasticsearch. Graylog2 is very cool. Tried kibana and didn't care for it. Actually setting up graylog2 right now to do AD authentication. So workflow is End device -> syslog-ng vm -> graylog2/elasticsearch vm and other destinations (it

Re: Parsing Syslog and Acting on it, using other input too

Check out Sagan: http://sagan.quadrantsec.com/ On 8/29/13 6:03 AM, Kasper Adel wrote: > Hello. > > I am looking for a way to do proactive monitoring of my network, what I am > specifically thinking about is receiving syslog msgs from the routers and > the backend engine would correlate certain ms

Carrier-neutral data center in NYC with good connectivity to long-haul and local loop

Dear all, we want to establish a presence in NYC and will need to collect a few local loops (10M-100M) from around NYC. From there, we will connect back to Germany. So, in summary, we will need: * 2-5 rack units to allow for initial deployment and growth * good connectivity to local loops * good

Re: Parsing Syslog and Acting on it, using other input too

I wrote a script in Linux that watches for unauthorized login attempts and adds the ip address to the blocked list in my firewall. You might want to search sourceforge for a DYN Firewall and modify it from there. On Thu, Aug 29, 2013 at 10:44 AM, Mike Tancsa wrote: > On 8/29/2013 9:03 AM, Kaspe

Re: Parsing Syslog and Acting on it, using other input too

On 8/29/2013 9:03 AM, Kasper Adel wrote: > Hello. > > I am looking for a way to do proactive monitoring of my network, what I am > specifically thinking about is receiving syslog msgs from the routers and You might want to look at http://www.ossec.net/ ---Mike -- --

Re: Parsing Syslog and Acting on it, using other input too

Since you said you are willing to entertain home grown as well. I would recommend looking at simple event correlator which is a perl script designed to do the kind of thing you are talking about. I've used it in the past to trigger bgp black holing and mail blacklists for example. On Thu, Aug 29,

Re: Parsing Syslog and Acting on it, using other input too

My view on splunk, +1 if you intend to have a human act on the reports, it does an excellent job of reducing huge amounts of audit data into the valuable bits. -1 Seemed to be a pita to integrate with my scripting enviroment. I ended up kludging wget,awk and telnet together in a totally undigni

RE: Parsing Syslog and Acting on it, using other input too

For some straightforward things I have used Logdog (http://caspian.dotconf.net/menu/Software/LogDog/). With kind regards, Thijs Stuurman > -Original Message- > From: Kasper Adel [mailto:karim.a...@gmail.com] > Sent: donderdag 29 augustus 2013 15:03 > To: NANOG list > Subject: Parsing S

Re: Parsing Syslog and Acting on it, using other input too

Look at Logstash, http://logstash.net. Rsyslog can do a bit, on Windows you could look at the Solarwinds Kiwi syslog server. On Thu, Aug 29, 2013 at 9:10 AM, Jason Biel wrote: > You should look into SPLUNK (http://www.splunk.com/), it will > collect/store > your syslog data and you can run cus

Re: Parsing Syslog and Acting on it, using other input too

On Aug 29, 2013, at 8:03 PM, Kasper Adel wrote: > I am sure there are many tools that can do parsing of syslog and acting upon > it but i wonder if there is something more flexible out there that I can just > re-use to do the above ?

subrate SFP?

How do people deal with situation where you need <=48 SFP/SFP+ ports, but you occasionally need one or two cu 10/100 ports? For some reason it's becoming quite rare for SFP port to natively support 10M and 100M rates. Technically obviously solution to me would be subrate SFP, which presents itsel

Re: Parsing Syslog and Acting on it, using other input too

You should look into SPLUNK (http://www.splunk.com/), it will collect/store your syslog data and you can run customized reports and then act on them. On Thu, Aug 29, 2013 at 8:03 AM, Kasper Adel wrote: > Hello. > > I am looking for a way to do proactive monitoring of my network, what I am > spe

Parsing Syslog and Acting on it, using other input too

Hello. I am looking for a way to do proactive monitoring of my network, what I am specifically thinking about is receiving syslog msgs from the routers and the backend engine would correlate certain msgs with output/data that i am receiving through SSH/telnet sessions. What i am after is not expos

Re: IP Fragmentation - Not reliable over the Internet?

On 29/08/2013 04:22, Owen DeLong wrote: > Has the path MTU been measured for all vantage point pairs? I didn't, but see http://www.nlnetlabs.nl/downloads/publications/pmtu-black-holes-msc-thesis.pdf Fig 23 (page 24) for path MTU data from roughly a year ago (thanks Benno for posting that link).

Re: IP Fragmentation - Not reliable over the Internet?

On 8/27/13 4:04 PM, Leo Bicknell wrote: > I'm pretty sure the failure rate is higher, and here's why. > > The #1 cause of fragments being dropped is firewalls. Too many > admins configuring a firewall do not understand fragments or how to > properly put them in the rules. > > Where do firewalls