On 15 May 2018 at 07:10, Adam Kajtar wrote:
> Hello:
>
> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> BGP(full routes). iBGP is running between the routers via a two port 20G
> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> traffic to start flowin
On 19 January 2018 at 13:48, Mike Hammett wrote:
> Other than people improperly blocking ICMP, when does PMTUD not work?
> Honest question, not troll.
>
>
It can break under _certain_ scenarios with Anycast.
It can break under _certain_ scenarios in v6 with ECMP.
It can break across an LB in L4
Hey,
Have a look at a similar thread from recently:
http://seclists.org/nanog/2018/Jan/180
/Ruairi
On 17 January 2018 at 14:28, Colton Conor wrote:
> If one were to deploy whitebox switches, X86 servers, low cost ARM and
> MIBPS CPE devices, and basically anything that can run linux today, wha
Their L3 stuff is as stable as their L2 stuff, in general.
MP-BGP and VRFs are a tiny bit bleeding edge/lacking features, however for
plain OSPF/BGP, they're great.
/Ruairi
On 30 November 2017 at 18:36, Romeo Czumbil
wrote:
> So I've been using Arista as layer2 for quite some time, and I'm p
Have a look at tcptraceroute:
https://github.com/mct/tcptraceroute/blob/master/examples.txt
On 28 November 2017 at 20:48, Yifeng Zhou wrote:
> Hi Experts,
>
> Is there any way that we can track TCP session hop by hop?
>
> Say we have 10 ECMP between A and Z point, what's the easiest way to tra
Hello,
Does anyone have a technical contact in Rogers (AS 812) they could refer me
to to fix up some issues?
Cheers
/Ruairi
Unless I'm going insane, I think you're trying to use the IGP metric as
MED?
If so, then :
https://www.juniper.net/documentation/en_US/junos12.3/topics/topic-map/bgp-med.html#jd0e3487
/Ruairi
On 21 February 2017 at 16:26, Leo Bicknell wrote:
>
> I tried to pull an old trick out of my playboo
On 3 July 2016 at 12:15, Mark Tinka wrote:
>
>
> On 3/Jul/16 12:01, Ruairi Carroll wrote:
>
>
> Core of the issue is that we _need_ to get an ICMP message back to the
> original "real server" who sent it. It's a non-issue in the SP space, but
> imagine if
On 3 July 2016 at 11:42, Mark Tinka wrote:
>
>
> On 2/Jul/16 17:35, Ruairi Carroll wrote:
>
> - ECMP issues (Mostly around flow labels and vendor support for that, also
> feeds back into PMTUD issues)
>
>
> Do you rely on the ToS field in IPv4 for ECMP?
>
>
Nope
Issues I've faced in the past with v6 deployments, from the point of view
of stub networks. Feel free to pick/choose as you wish:
- Badly understood (By the team) methods to assign addressing to servers.
- Poor tooling in regards to log processing/external providers.
- Unknown cost in dev time to
some dummy data so that instead of 16 bytes, we
> push 1 MB of data. In that case i saw no issues. Any idea if there is a
> firewall setting that could be coming into play here?
>
> On Thu, Jun 16, 2016 at 2:17 PM, Ruairi Carroll
> wrote:
>
>> Follow the TCP stre
Follow the TCP stream - which side times out the link, and for what
sequences of data do you get ACKs for?
/Ruairi
On 16 June 2016 at 10:43, Glen Kent wrote:
> Hi,
>
> I am using a proprietary protocol and sending a bunch of bytes to a Draytek
> router at an enterprise site. When i send the dat
On 11 June 2015 at 06:46, Alex White-Robinson wrote:
> Matthew Petach wrote:
>
> > On a slightly different note, however--while it's good to
> > have an appreciation of the past and how we got here,
> > I think it's wise to also recognize we as an industry
> > have some challenges bringing new b
On 10 November 2014 15:20, Joe Greco wrote:
> > Hey,
> >
> > VPN setup is not really a viable option (for us) in this scenario.
> > Honestly, I'd prefer to just call it done already and have a VPN but due
> to
> > certain restraints, we have to go down this route.
>
> Without explaining the "rest
t a router or VPN system on the single IP they are giving
> you and use RFC1918 addressing space?
>
> OOB doesn't normally justify a /24 let alone a /23.
>
> On 10 November 2014 13:18, Ruairi Carroll
> wrote:
>
>> Dear List,
>>
>> I've got an upcomin
Dear List,
I've got an upcoming deployment in Equinix (DC10) and I'm struggling to
find a provider who can give me a 100Mbit port (With a commit of about
5-10Mbit) with a /23 or /24 of public space , for OOB purposes. We had
hoped to use Equinixs services, however they're limiting us to a single
p
Hey,
We've been hit on/off with large scale amplification attacks over the last
few years.
We found looking up src ASN of the attack and reporting is not super
helpful, as many blocks come from sub allocations and you'll just get
redirected to someone else. This will just cause more overhead and
> And what, exactly, is it vulnerable to?
Most of these, I'd imagine:
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/release/ntes/120SCAVS.html
On 20 September 2014 14:25, Keith Medcalf wrote:
>
> And what, exactly, is it vulnerable to?
>
> >-Original Message-
> >From: NANOG [mailto:na
On 26 July 2014 17:10, Joly MacFie wrote:
> On Sat, Jul 26, 2014 at 7:04 AM, Rich Kulawiec wrote:
>
> > Telecommuting should not be a rare exception: it should be the default.
> > And "corporate headquarters" should be as small and inexpensive as
> > possible,
> > staffed (in person) only by a h
Slightly sensationalistic article, tends to imply that heartbleed will
allow you to capture data-plane traffic on any piece of Cisco/Juniper kit.
Either way, as I've said before, if you're exposing *any* management
interfaces, be is ssh,netconf or https to the internet in general, you've
got bigge
20 matches
Mail list logo