Re: BGP advertise-best-external on RR

Not a suggestion, just trying to learn something here. Is there an advantage to use a route reflector in the described setup, which appears to involve only a small number of routers? I would think that full mesh would solve the problem and at the same time be easier since you do not have to

Re: BGP advertise-best-external on RR

On 2/Sep/15 09:30, Baldur Norddahl wrote: > Not a suggestion, just trying to learn something here. Is there an > advantage to use a route reflector in the described setup, which appears to > involve only a small number of routers? I would think that full mesh would > solve the problem and at

Re: NetFlow - path from Routers to Collector

On 1/Sep/15 17:43, Roland Dobbins wrote: > Until there is. As with everything in life... Mark.

Re: NetFlow - path from Routers to Collector

On 1/Sep/15 17:59, Rod Beck wrote: > Roland is correct. With the caveat that your Internet customer traffic may > flow over the fibers as your separate management circuits. You should aim for > end to end physical diversity. This is all common sense, but laziness some > times takes

Re: NetFlow - path from Routers to Collector

On 1/Sep/15 19:12, Roland Dobbins wrote: > > > > Running flow telemetry in-band is penny-wise and pound-foolish, for > networks of any size, in any circumstances. All management-plane > traffic (and that's what flow telemetry is) should be segregated from > the production network data plane.

Re: NetFlow - path from Routers to Collector

> "Roland" == Roland Dobbins writes: Roland> On 2 Sep 2015, at 0:08, Steve Meuse wrote: >> Your advice is not "one size fits all". Roland> Actually, it is. Roland> Large backbone networks have DCNs/OOBs, and that's where they export Roland> their

Re: NetFlow - path from Routers to Collector

We use the VRF approach not because we think this will give us more stability ie. no fate sharing, but because it is best practice in a security perspective. We keep our internal network separated from customer traffic for the same reason our customers run firewalls. Minimize the attack surface.

Re: NetFlow - path from Routers to Collector

Adding VRFs/VLAN's/anything else to separate the traffic to reduce fate sharing is only adding complexity that will likely result in operator errors. While many of us have clue, even when we don't agree on the solutions, there are many more out there typing at routers at 2am, when even the

Re: NetFlow - path from Routers to Collector

On 2/Sep/15 12:11, Roland Dobbins wrote: > > > Sure. But it's better than mixing it in with customer traffic. Does not make much of a difference - it's the same data plane infrastructure. > > Ideally, it should be - that's what I was trying to get across. I > understand that this isn't

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 22:22, Mark Tinka wrote: As you, Jared, say, and as I said in a previous post, both MPLS and IP traffic follows the same data plane. The routing table separation construct does not survive chassis-wide failures. Everyone here understands that. We also understand that pps

Spotify contact

Hi, I need a network contact for network issue in Italy. Can you help me ? Thanks ! Regards, -- Marco Paesani MPAE Srl Skype: mpaesani Mobile: +39 348 6019349 Success depends on the right choice ! Email: ma...@paesani.it

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 23:29, Serge Vautour wrote: > I assume if someone has the ability to do so, you've got bigger problems. This is the key, IMHO. --- Roland Dobbins

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 22:26, Mark Tinka wrote: When the line card congests, it doesn't care that one bit was part of a VRF and the other doesn't. It all goes kaboom (even with the best of QoS intentions). You don't necessarily have to put everything on the same fiber, interface, the same ASIC

Re: NetFlow - path from Routers to Collector

On 2/Sep/15 16:08, Jared Mauch wrote: > It’s really because some people who drink the MPLS/VPN/VRF/VLAN kook-aid > think it’s some magic that undoes fate sharing and proper engineering and > planning. That a few bytes for a label of VLAN tag make your data more > secure. > > It’s possible

Re: NetFlow - path from Routers to Collector

On 2/Sep/15 16:13, Roland Dobbins wrote: > > > But keeping stuff separate at the IP logical network level is better > than mixing it together, even on the same hardware. But how, Roland. When the line card congests, it doesn't care that one bit was part of a VRF and the other doesn't. It all

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 23:20, jim deleskie wrote: The stats prove out these types of errors are more likely to cause an outage then DDoS or anything else. Completely concur that there are always complexity tradeoffs. And of course, the goal is not to have to type on routers at all, or at least

Re: NetFlow - path from Routers to Collector

Hello again, Well, this generated a bit more discussion than I was expecting. I've retained the following from all your comments: -Doing flow export over an OOB network can help make sure you still "see" your network during a DDoS -If we do this over an OOB network, it may not work over the

Level 3 (former TW Telecom) Routing Contact

Can someone from Level 3 (former TW Telecom) please contact me off-list regarding a possible routing issue with some 172.0.0.0/8 IP space (non RFC 1918)? Thank you,S.Amato saam...@frontiernet.net

2nd Call for presentations RIPE 71

Colleagues, Please note the approaching deadline of 13 September 2015 for RIPE 71 plenary programme submissions. You can find the CFP for RIPE 71 below, or at https://ripe71.ripe.net/submit-topic/cfp/, for your proposals for plenary session presentations, tutorials, workshops, BoFs (Birds of a

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 20:25, Niels Bakker wrote: Why? Do your customer packets have cooties? Because you don't want things which disrupt customer traffic to disrupt your ability to see what's happening. Just as you don't want it to disrupt your ability to configure/manage your

Re: NetFlow - path from Routers to Collector

> On Sep 2, 2015, at 10:02 AM, Roland Dobbins wrote: > > On 2 Sep 2015, at 20:25, Niels Bakker wrote: > >> Why? Do your customer packets have cooties? > > Because you don't want things which disrupt customer traffic to disrupt your > ability to see what's happening.

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 13:25, Pierfrancesco Caci wrote: 2 out of 2 large backbone networks I've experience with use inband for flow export. There was supposed to be a 'should' in there, apologies. I've already clarified that VLAN/VRF is Good Enough for flow telemetry, and that most who separate

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 13:02, Mark Tinka wrote: Not very straight forward when you have a network spanning several continents. Again, VLANs/VRFs are generally Good Enough, and more than a few globe-spanning networks do just that. --- Roland Dobbins

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 12:50, Avi Freedman wrote: + optimal tweaks include local flow proxy that can also rate limit / re-sample, and send topk talkers over 'true' OOB. Yes, a lot of distributed flow collection/analysis architectures are deployed this way, doing more than top-talkers, even. The

Re: NetFlow - path from Routers to Collector

On 2/Sep/15 11:38, Roland Dobbins wrote: > > > Again, VLANs/VRFs are generally Good Enough, and more than a few > globe-spanning networks do just that. Those VLAN's and VRF's are following the same path as the global table, just in a different routing table. That is easy, and we do that

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 16:48, Mark Tinka wrote: Those VLAN's and VRF's are following the same path as the global table, just in a different routing table. That is easy, and we do that already. Sure. But it's better than mixing it in with customer traffic. Your assertion, before, was that the

Re: NetFlow - path from Routers to Collector

* rdobb...@arbor.net (Roland Dobbins) [Wed 02 Sep 2015, 12:12 CEST]: On 2 Sep 2015, at 16:48, Mark Tinka wrote: Those VLAN's and VRF's are following the same path as the global table, just in a different routing table. That is easy, and we do that already. Sure. But it's better than mixing

Re: NetFlow - path from Routers to Collector

On 2 Sep 2015, at 21:08, Jared Mauch wrote: I see where Roland is trying to go and he’s in the “magic byte” realm of the extra label makes it “OOB” where as the rest of us just see 1’s and 0’s on the wire and know a bit is a bit regardless of tag-switching (the original name for MPLS) or

Re: NetFlow - path from Routers to Collector

* rdobb...@arbor.net (Roland Dobbins) [Wed 02 Sep 2015, 01:06 CEST]: Sure, or a VRF, or whatever. You just moved the goalposts. :> -- Niels.