Re: carrier comparison

[Vlade Ristevski]

I got the RFO today and what happened was:

" The Cogent NOC investigated and found that one of our customers 
connected through a Verizon aggregated circuit to the router was being 
DDOS attacked. This type of attack can send excessive traffic to a 
customer’s interface either deliberately or accidentally, causing a 
spike in the router’s CPU usage. The Cogent NOC shut down the attacked 
customer’s connection to the network restoring normal router operations 
and our Customer Service Group worked with the customer to resolve the 
DDOS issue."



On 2/7/2014 4:42 PM, Faisal Imtiaz wrote:

This is exactly what I thought had happenedThe outage that affected you was 
one our two routers up-stream from your connection to that provider.

I am not trying to defend any Carrier, but there is no 'routing protocol' what 
will react to this kind of an issue.

Regards.

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net

- Original Message -

From: "Vlade Ristevski" 
Cc: "nanog list" 
Sent: Friday, February 7, 2014 3:57:00 PM
Subject: Re: carrier comparison

We don't get a default route from them. At the time of the outage my bgp
session was up and I had a full routing table from them.  I didn't have
much time to troubleshoot it in that state since we were down so I had
to disable the session ASAP. Once the RFO comes in, I'll be asking a lot
more questions about it. My only experience with BGP is as a customer so
I'm not too familiar with the intricacies on the provider side. We had
an outage in the AM the same day and we failed over just fine. I'm very
curious why the same didn't happen in the evening.



On 2/7/2014 3:03 PM, Bryan Socha wrote:

Did you verify your problem was announcements on the other side of the
outage?   This sounds to me like you are using a bgp announced default
route from cogent which is always sent.I think the problem was you
were sending traffic out a path that was broken.   Since you mentioned
your outbound balancing this would explain some packet loss and not
100% loss.


Bryan Socha
Network Engineer
DigitalOcean

--
Vlade Ristevski
Network Manager
IT Services
Ramapo College
(201)-684-6854





--
Vlad

Taking Place NOW in Augusta Room - ARIN PPC Agenda for NANOG 60 Tuesday AM session Now Available

[John Curran]

All NANOG Attendees are welcome!
/John

Begin forwarded message:

From: John Curran mailto:jcur...@arin.net>>
Subject: ARIN PPC Agenda for NANOG 60 Tuesday AM session Now Available
Date: February 10, 2014 at 9:48:48 AM EST
To: NANOG list mailto:nanog@nanog.org>>

NANOG 60 Attendees -

Tomorrow morning there will be a Public Policy Consultation regarding
a sizable number of potential changes to address policy at ARIN.

Please find attached the list of policy proposals to be discussed; the
session begins at 9:30 AM and all attendees are welcome!

Text of each proposed changes is available at: 
https://www.arin.net/policy/proposals/

There is also a PPC Discussion Guide available with all of the draft 
policies, the
ARIN policy development process, and the current policy manual available 
here:
   https://www.arin.net/ppcnanog60

Thank you, and look forward to seeing everyone tomorrow!
/John

John Curran
President and CEO
ARIN

Begin forwarded message:

From: ARIN mailto:i...@arin.net>>
Subject: [arin-announce] ARIN PPC Agenda for NANOG 60 Now Available
Date: February 4, 2014 at 2:08:08 PM EST
To: 
arin-annou...@arin.net

Don't forget to mark your calendar and join us for ARIN's Public Policy
Consultation (PPC), which will be held during NANOG 60 in Atlanta,
Georgia on Tuesday, 11 February 2014, from 9:30 - 1:00 PM. The policy
consultation is part of ARIN's Policy Development Process, and it is an
open public discussion of Internet number resource policy.

Registered NANOG 60 attendees do not need to register to participate in
this session. ARIN welcomes members of the NANOG community who will not
be in Atlanta to register as remote participants.

If you plan to attend and are not registered for NANOG you must register
for the ARIN PPC at the https://www.arin.net/ppcregister

There is no registration fee for this half-day ARIN session, and it does
not provide you entry to any other NANOG programming or social events.

Current policy proposals up for discussion at this meeting are:

Recommended Draft Policy ARIN-2013-8: Subsequent Allocations for
New Multiple Discrete Networks
Draft Policy ARIN-2013-7: NRPM 4 (IPv4) Policy Cleanup
Draft Policy ARIN-2014-1: Out of Region Use
Draft Policy ARIN-2014-2: Improving 8.4 Anti-Flip Language
Draft Policy ARIN-2014-3: Remove 8.2 and 8.3 and 8.4 Minimum IPv4
Block Size Requirements
Draft Policy ARIN-2014-4: Remove 4.2.5 Web Hosting Policy
Draft Policy ARIN-2014-5: Remove 7.2 Lame Delegations
Draft Policy ARIN-2014-6: Remove 7.1 (Maintaining IN-ADDRs)
Draft Policy ARIN-2014-7: Section 4.4 Micro Allocation
Conservation Update
Proposals (193, 199 and 201)

That first item is a Recommended Draft Policy; the ARIN Advisory Council
recommends it as fair and technically sound policy. The Drafts and
Proposals are works in progress. Text available at:
https://www.arin.net/policy/proposals/ or in the PPC Discussion Guide:
https://www.arin.net/ppcnanog60

ARIN will offer a webcast, live transcript, and Jabber chat options for
remote participants. Registered remote participants can submit comments
and questions to the discussions during the meeting. Register to attend
in person or remotely today!

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)


___
ARIN-Announce
You are receiving this message because you are subscribed to
the ARIN Announce Mailing List (arin-annou...@arin.net).
Unsubscribe or manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/arin-announce
Please contact i...@arin.net if you experience any issues.

Re: SIP on FTTH systems

[Anders Löwinger]

On 2014-02-08 05:38, Mikael Abrahamsson wrote:


Has there been any test if modern operating systems honor this?


Well, they would be defective if they didn't. Also, you don't even need to
announce the prefix at all, even with L-bit cleared. You can make RAs with M
and O bit set that won't contain any prefix at all. Been there, done that.


Pretty clever. Not sure why I missed this it is fairly clear in the RFCs.

Is there not an issue with this if the customer is connected directly to the 
access device over L2? They will not communicate with each other direcly, all 
traffic will be exchanged through the default gateway?


(same as has been seen with proxy-arp in such networks)

> At least linux worked perfectly.

I think I need to do some experiments here...

/Anders

Re: NANOG Attendees: Flight cancellations on Wednesday

[Bradley Raymo]

USAIR has Canceled flights on Thursday now as well.

http://www.usairways.com/TravelCenter/Advisories.aspx

  [image: Limelight Networks]   Bradley
Raymo - Senior
Network Planner
*p:* +1 602 850 5716  |  *m: *+1 623 703 5300
[image: Show It. Tell It. Every. Way. Every.
Where.]
www.limelight.com [image:
Facebook]
  [image: LinkedIn]
[image:
Twitter] 


On Tue, Feb 11, 2014 at 2:27 AM, Phil Rosenthal  wrote:

> Just a heads up to those attending NANOG in Atlanta.
>
> Delta has already cancelled 500 flights for wednesday, and will likely be
> canceling more.
>
>
> http://www.delta.com/content/www/en_US/traveling-with-us/alerts-and-advisories/Southeast-Winter-Weather.html
>
> You may want to check your reservations on your respective airlines, and
> reschedule flights and extend your hotel stay here, before everything is
> sold out.
>
> In my particular case, the flights for thursday to my home town were
> already almost entirely sold out.
>
> Regards,
> -Phil
>

Reliable Dedicated/VPS providers in Canada?

[Carlos Kamtha]

Hi, 

I was wondering if anyone could share some experiences with providers
in the great white north.

We have a few providers now and not happy with them. Cheap flimsly
virtual servers that charge .50cents a gig for BW overages.. :/

Any feedback would be appreciated..

Cheers, 
Carlos. 

Re: Reliable Dedicated/VPS providers in Canada?

[Peter Kristolaitis]

I've been quite happy with the servers I'm renting from OVH 
(http://www.ovh.com/ca/en/) in their new Montreal data center, which is their 
entry into the North American market;  they've operated in Europe for quite a 
long time.

- Pete



--- kam...@ak-labs.net wrote:

From: Carlos Kamtha 
To: nanog@nanog.org
Subject: Reliable Dedicated/VPS providers in Canada?
Date: Tue, 11 Feb 2014 15:01:44 -0500

Hi, 

I was wondering if anyone could share some experiences with providers
in the great white north.

We have a few providers now and not happy with them. Cheap flimsly
virtual servers that charge .50cents a gig for BW overages.. :/

Any feedback would be appreciated..

Cheers, 
Carlos. 

Re: 7206 VXR NPE-G1 throughput

[Mark Walters]

We run 7206 NPE-G1s on some GigE peering points.  At about 800Mbps of
aggregate Internet traffic (inbound + outbound, as measured from Cacti)
the CPU sits around 70%.

Setup:
- inbound and outbound Internet-facing ACLs (50 lines and 25 lines
respectively, turbo ACL)
- Inbound Internet-facing policy-map to remark DSCP (references 7-line ACL)
- minimal routes via BGP (approx 1500)
- 15.1 SP train


YMMV, but they work well for us in this scenario.  With
downstream-to-upstream traffic patterns of approx 7-to-1 the GigE and CPU
will peak out at about the same time.

Side note - our G2s at that same 800Mbps traffic rate run at approx 60%
CPU.

Cheers 
Mark W

On 2/11/14 2:10 AM, "Geraint Jones"  wrote:

>Or assuming your using an Ethernet of some sort as your upstream
>connections you could grab something like a CCR from mikrotik for < $1k
>and sleep easy knowing you're only using 6% of it's capacity.
>
>Sent from my iPhone •
>
>> On 11/02/2014, at 3:52 pm, Octavio Alvarez 
>>wrote:
>> 
>>> On 02/10/2014 06:05 PM, Vlade Ristevski wrote:
>>> Are you suggesting getting the default gateway from both providers or
>>> getting the full table from one and using the default as a backup on
>>>the
>>> other (7206)?
>> 
>> Whatever suits you best. Test and see. I'd just receive the full table
>> anyway but filter them out, letting only the default routes go into the
>> RIB. This should streamline your FIB. As I say, you lose outbound load
>> balancing and your redundancy becomes all-or-nothing, but you save a few
>> cycles.
>> 
>> Again, I wouldn't recommend any of this because of the drawbacks, but
>> along with other recommendations that others have made, like Turbo ACLs,
>> it may buy you some time.
>> 
>

Re: Reliable Dedicated/VPS providers in Canada?

[Landon]

On 11 February 2014 12:01, Carlos Kamtha  wrote:

> Hi,
>
> I was wondering if anyone could share some experiences with providers
> in the great white north.
>
> We have a few providers now and not happy with them. Cheap flimsly
> virtual servers that charge .50cents a gig for BW overages.. :/
>
> Any feedback would be appreciated..
>

Full disclosure - I'm biased because I work there but check out
http://iweb.com/cloud/.

-- 
Landon Stewart 

Re: Reliable Dedicated/VPS providers in Canada?

[Alexandre Carmel-Veilleux]

OVH is a bit more then a VPS, they lease dedicated servers with vSphere or
vCloud.

iWeb is an actual VPS provider, never tried their VPS but had decent
experience with a dedicated server from them for the usual vanity email
purpose you'd use a VPS for now. iWeb B/W is 0.10$/GB and instance run time
starts at 0.06$/hour.

Alex


On Tue, Feb 11, 2014 at 3:32 PM, Peter Kristolaitis wrote:

> I've been quite happy with the servers I'm renting from OVH (
> http://www.ovh.com/ca/en/) in their new Montreal data center, which is
> their entry into the North American market;  they've operated in Europe for
> quite a long time.
>
> - Pete
>

Re: 7206 VXR NPE-G1 throughput

[Nikolay Shopik]

Our G2 with BGP full-view and sampled netflow 1:100 doing 1,2Gbit with
about 88% load.

On 12.02.2014 1:03, Mark Walters wrote:
> Side note - our G2s at that same 800Mbps traffic rate run at approx 60%
> CPU.

Re: Reliable Dedicated/VPS providers in Canada?

[Paul Nash]

Depends what you’re looking for, what you want to pay.

I host dedicated machines for a bunch of clients, who get a realio-trulio 
machine (something like a DL360) with unlimited transfer and the OS of their 
choice.  If they want it, they even get maintenance and after-hours on-call 
tech staff who actually know what they are doing.

But it costs them more than the cheap $15/month we’ll-hosy-your-wesite 
packages, typically well north of $100/month for a fast machine with 
maintenance, somewhat less for an older, slower box unmaintained.  All housed 
at 151 Front, THE premier Canadian data centre.

Drop me a line if you are interested, and we can talk.

I have also been burned by the “cheap” (usually quality, not price) VPS 
instances on oversold hardware in someone’s basement.

paul

On Feb 11, 2014, at 3:01 PM, Carlos Kamtha  wrote:

> Hi, 
> 
> I was wondering if anyone could share some experiences with providers
> in the great white north.
> 
> We have a few providers now and not happy with them. Cheap flimsly
> virtual servers that charge .50cents a gig for BW overages.. :/
> 
> Any feedback would be appreciated..
> 
> Cheers, 
> Carlos. 
> 



smime.p7s
Description: S/MIME cryptographic signature

Re: SIP on FTTH systems

[Mikael Abrahamsson]

On Tue, 11 Feb 2014, Anders Löwinger wrote:

Is there not an issue with this if the customer is connected directly to 
the access device over L2? They will not communicate with each other 
direcly, all traffic will be exchanged through the default gateway?


Yes, what's the problem with that?


(same as has been seen with proxy-arp in such networks)


Local-proxy-arp, yes.


I think I need to do some experiments here...


I'd venture to say that any IPv6 implementation that doesn't support this 
is broken and should be fixed by the implementor.


--
Mikael Abrahamssonemail: swm...@swm.pp.se

Operators and the IETF

[Chris Grundemann]

Hey all,

As promised in my lightning talk just now, here is the Operators and the
IETF info:

Details:
http://www.internetsociety.org/deploy360/blog/2014/01/new-project-operators-and-the-ietf/

Survey: https://internetsociety2.wufoo.com/forms/operators-and-the-ietf/

Please consider taking the survey, and sharing it with others.

Thanks!
~Chris

-- 
@ChrisGrundemann
http://chrisgrundemann.com

Re: 7206 VXR NPE-G1 throughput

[Blake Hudson]

I generally spec the NPE-G1 as "up to 1Gbps" if you're using the onboard 
ports. This assumes ISP type loads with little upstream, lots of 
downstream, and relatively large flows (mostly 1500 byte packets) on 
ethernet. It sounds like this fits your usage case well. If one were to 
throw in ATM or another media type I'd drop the performance quote to 
half. If you cannot make use of CEF, or use source based routing, drop 
the performance to ~ 100Mbps. NPE-G1 with 1Gbps of RAM can take 2 full 
BGP feeds (about 700MB of memory used). Each additional feed will likely 
require another 100-200MB of memory (no soft reconfig).


NPE-G2 w/ 2GB of RAM can take several full feeds and may be able to 
operate up to 2Gbps using the onboard ports. I haven't pushed one of 
these to its limits, most people seem to move on to newer platforms first.


--Blake


Vlade Ristevski wrote the following on 2/10/2014 9:17 AM:
We are looking to double the bandwidth on one of our circuits from 
300Mbps to 600Mbps. We currently use a Cisco 7206VXR with an NPE-G1 
card. These seem like very popular routers so I'm hoping a few people 
on this list have them deployed. If you or a customer have these 
deployed, how much bandwidth have you seen them handle? This will be 
handling dorm traffic at a college so it's mostly download. The 7206 
handles our 300 Mbps circuit just fine, but we are moving it to our 
600Mbps circuit. At peak we've seen the following numbers for that 
circuit:



  30 second input rate 559982000 bits/sec, 55809 packets/sec
  30 second output rate 55429000 bits/sec, 32598 packets/sec
 267756984712 packets input, 25152556755 bytes, 0 no buffer

This is the interface that connects to our provider. As you can see 
its almost all download traffic. Our ASR1002 handles it without a 
sweat but I'm a little skeptical of whether the 7206 will hold up.


Answers on and off list are appreciated.

Thanks,

Re: SIP on FTTH systems

[Anders Löwinger]

On 2014-02-11 23:41, Mikael Abrahamsson wrote:

Is there not an issue with this if the customer is connected directly to the
access device over L2? They will not communicate with each other direcly,
all traffic will be exchanged through the default gateway?


Yes, what's the problem with that?


Bad description by me. I'll try again.

If I have two PCs in my home, connected with GE to a L2 switch and I buy 10 
Mbit Internet access, I don't want traffic between my two PCs to be exchanged 
through the default route.


They could possible communicate directly using link-local, but I'm not sure 
how they would find each other?


Default gw could send a redirect...


I'd venture to say that any IPv6 implementation that doesn't support this is
broken and should be fixed by the implementor.


Agree.

/Anders

RE: SIP on FTTH systems

[Frank Bulk]

In the scenario you're describing does each PC get its own /64 (or /56 or
/48) directly from the service provider?  Or are they in the same netblock?

Frank

-Original Message-
From: Anders Löwinger [mailto:and...@abundo.se] 
Sent: Tuesday, February 11, 2014 6:33 PM
To: Mikael Abrahamsson
Cc: nanog@nanog.org
Subject: Re: SIP on FTTH systems

On 2014-02-11 23:41, Mikael Abrahamsson wrote:
>> Is there not an issue with this if the customer is connected directly to
the
>> access device over L2? They will not communicate with each other direcly,
>> all traffic will be exchanged through the default gateway?
>
> Yes, what's the problem with that?

Bad description by me. I'll try again.

If I have two PCs in my home, connected with GE to a L2 switch and I buy 10 
Mbit Internet access, I don't want traffic between my two PCs to be
exchanged 
through the default route.

They could possible communicate directly using link-local, but I'm not sure 
how they would find each other?

Default gw could send a redirect...

> I'd venture to say that any IPv6 implementation that doesn't support this
is
> broken and should be fixed by the implementor.

Agree.

/Anders

RE: SIP on FTTH systems

[Mikael Abrahamsson]

On Tue, 11 Feb 2014, Frank Bulk wrote:

In the scenario you're describing does each PC get its own /64 (or /56 
or /48) directly from the service provider?  Or are they in the same 
netblock?


They would each get their own /128 via DHCPv6 IA_NA, and they would end up 
having this /128 and a default route, nothing else, so all traffic between 
them on their GUA addresses would go over the ISP connection.


Only way to solve this is for the customer to buy a router that uses 
IA_PD, put the PCs behind it, and then they would be able to communicate 
directly with each other.


--
Mikael Abrahamssonemail: swm...@swm.pp.se