Re: Strange connectivity issue Frontier EVPL

[Jeff Richmond]

Jay, I previously ran the engineering org over there, so sent this to my old 
team to look at, including the best engineer I know in regard to the RADs. Will 
pass along anything they come back with.

Thanks,
-Jeff

> On Nov 6, 2020, at 8:59 AM, Jay Hennigan  wrote:
> 
> We have a strange issue that defies logic. We have a NNI at our POP with 
> Frontier serving as an aggregation circuit with different customers on 
> different VLANs. It's working well to several customers.
> 
> Bringing up a new customer shows roughly half of the IP addresses unreachable 
> across the link, as if there's some kind of load-balancing or hashing 
> function that's mis-directing half of the traffic. It's consistent, if an 
> address is reachable it's always reachable. If it's not reachable, it's never 
> reachable. Everything ARPs fine.
> 
> The Frontier circuit is layer 2 so shouldn't care about IP addresses. 
> Frontier tech shows no trouble. They changed the RAD device on-premise. We've 
> triple-checked configurations, torn down and rebuilt subinterface, etc. with 
> no joy.
> 
> Any suggestions?
> 
> -- 
> Jay Hennigan - j...@west.net
> Network Engineering - CCIE #7880
> 503 897-8550 - WB6RDV

Re: Any Frontier AS 5650 folks on here?

[Jeff Richmond]

David, reply to me off list and I will see if I can help you out.

Thanks,
-Jeff

> On Apr 19, 2023, at 9:21 AM, David Hubbard  
> wrote:
> 
> Have spent 90 minutes with tech support trying to get a peering issue a few 
> hundred miles away in front of the right department, and all I have to show 
> for it is broken local equipment lol.
>  
> Thanks,
>  
> David

Re: Frontier Internet Outage

[Jeff Richmond]

Matt, I will ping you direct, but for the public audience, we had a hardware 
issue this morning that was triggered during a config change on the peering 
routers. Should be resolved here very shortly.

Thanks,
-Jeff

> On May 2, 2016, at 4:47 AM, Matt Hoppes  
> wrote:
> 
> Is anyone else seeing major routing issues across the Frontier IP network 
> this morning?
> 
> I have been unable to get ahold of anyone at Frontier as of yet.

Re: Help with Frontier circuits AS5650

[Jeff Richmond]

Dennis, let me see if I can get someone to reach out to you to get this sorted 
out. Can you PM me the circuit IDs and ASN/Prefix info please?

Thanks,
-Jeff

> On Nov 20, 2023, at 9:53 AM, Dennis Burgess  wrote:
> 
> I have two frontier circuits that are not working correctly with BGP, 
> prefixes that are announced are not showing in the global table etc.  Any 
> frontier people can tell me where I can call to find someone that can assist. 
>  End users are currently down ☹been calling numbers for the past hour, no 
> one is picking up.
>  
> 
> Dennis Burgess
> 
> Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, 
> Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, 
> Enterprise Wireless Engineer
> Hurricane Electric: IPv6 Sage Level
> Cambium: ePMP
>  
> Author of "Learn RouterOS- Second Edition”
> Link Technologies, Inc -- Mikrotik & WISP Support Services
> Office: 314-735-0270  Website: http://www.linktechs.net 
> 
> Create your own Tickets via https://hd.linktechs.net 
> 
> Create Wireless Coverage’s with www.towercoverage.com 
> 
> Need MikroTik Cloud Management: https://cloud.linktechs.net 
> 
> Remote Winbox Service: http://rwb.linktechs.net 

Re: Frontier AS5650 IPv6 Peering

[Jeff Richmond]

I am. Shoot me a message offline on what you need and I can put you in contact 
with our peering coordinator.

Thanks,
-Jeff

> On May 20, 2024, at 5:21 AM, Nick Olsen  wrote:
> 
> Anyone with a clue from 5650 monitoring this list?
> 
> I'm in the process of turning up a new transit circuit from 5650 and my 
> account management team has been less than helpful.
> 
> The normal contacts aren't getting me anywhere.
> 
> Thank you!

Re: Good MPLS/VPLS book?

[Jeff Richmond]

FYI, the 3rd edition was released early. Was delivered this morning from 
Amazon. It has a whole new chapter on MPLS-TP (Ch. 17).

Hope this helps,
-Jeff

On Dec 26, 2010, at 7:29 AM, Brandon Kim wrote:

> 
> Decisions decisions, I do have other MPLS books I have not finished. I 
> suppose I can finish them before
> picking this up and then getting the 3rd edition.might be good timing. 
> Good thing I didn't order the
> 2nd edition the other day!
> 
> 
> 
> 
> 
> 
>> Subject: Re: Good MPLS/VPLS book?
>> From: franc...@menards.ca
>> Date: Sat, 25 Dec 2010 20:42:24 -0500
>> To: mounir.moha...@gmail.com
>> CC: nanog@nanog.org
>> 
>> Looks like a third edition is on the way slated for March 2011
>> 
>> http://www.amazon.com/MPLS-Enabled-Applications-Developments-Technologies-Communications/dp/0470665459/ref=ntt_at_ep_dpt_2
>> 
>> I would expect it to cover MPLS-TP and the struggling evolution of PBB-TE 
>> ... anybody has any idea if this is in ?
>> 
>> F.
>> 
>> On 2010-12-24, at 7:47 AM, Mounir Mohamed wrote:
>> 
>>> The most comprehensive text is  MPLS Enabled Applications by Ina Minei
>>> 
>>> http://www.amazon.com/MPLS-Enabled-Applications-Developments-Technologies-Communications/dp/0470986441/ref=sr_1_1?ie=UTF8&qid=1293194786&sr=8-1
>>> 
>>> 
>>> On Fri, Dec 24, 2010 at 12:49 AM, Michael Helmeste  wrote:
>>> 
 Does anyone have a favorite book or resource discussing MPLS and all
 associated Lego blocks (e.g. LDP, TE, VPLS, martini, mBGP et. al.)?
 
 I understand the basics of what MPLS is and how you create a circuit from
 A to B but I'm afraid it still escapes me when trying to figure out how
 someone would, say, create a multicast capable VPN with 5 edge points.
 
 Any pointers to a good way to reduce my level of ignorance on this subject
 would be appreciated. Vendor literature doesn't bother me as long as the
 concepts are there.
 
 Regards,
  Michael H.
 
 
 
>>> 
>>> 
>>> -- 
>>> Best Regards,
>>> Mounir Mohamed, CCIE#19573 (R&S/SP)
>>> Senior Network Engineer, Core Team.
>>> NOOR Data Networks, SAE
>>> Mobile# +2-010-2345-956
>>> http://mounirmohamed.wordpress.com
>>> http://www.linkedin.com/in/mounirmohamed
>> 
>> 
> 

Re: help needed - state of california needs a benchmark

[Jeff Richmond]

Mike, nothing is perfect, so let's just start with that. What the FCC has done 
to measure this is to partner with Sam Knows and then have friendly DSL subs 
for the participating telcos to run modified CPE firmware to test against their 
servers. We have been collecting data for this for the past couple of months, 
actually. More can be found here:

http://www.samknows.com/broadband/fcc_and_samknows

While even that I have issues with, it certainly is better than hitting that 
speedtest site where anything at all problematic on the customer LAN side of 
the CPE can cause erroneous results.

Good luck,
-Jeff


On Jan 29, 2011, at 10:00 AM, Mike wrote:

> Hello,
> 
>   My company is small clec / broadband provider serving rural communities 
> in northern California, and we are the recipient of a small grant from the 
> state thru our public utilities commission. We went out to 'middle of 
> nowhere' and deployed adsl2+ in fact (chalk one up for the good guys!), and 
> now that we're done, our state puc wants to gather performance data to 
> evaluate the result of our project and ensure we delivered what we said we 
> were going to. Bigger picture, our state is actively attempting to map 
> broadband availability and service levels available and this data will factor 
> into this overall picture, to be used for future grant/loan programs and 
> other support mechanisms, so this really is going to touch every provider who 
> serves end users in the state.
> 
>   The rub is, that they want to legislate that web based 'speedtest.com' 
> is the ONLY and MOST AUTHORITATIVE metric that trumps all other 
> considerations and that the provider is %100 at fault and responsible for 
> making fraudulent claims if speedtest.com doesn't agree. No discussion is 
> allowed or permitted about sync rates, packet loss, internet congestion, 
> provider route diversity, end user computer performance problems, far end 
> congestion issues, far end server issues or cpu loading, latency/rtt, or the 
> like. They are going to decide that the quality of any provider service, is 
> solely and exclusively resting on the numbers returned from 'speedtest.com' 
> alone, period.
> 
>   All of you in this audience, I think, probably immediately understand 
> the various problems with such an assertion. Its one of these situations 
> where - to the uninitiated - it SEEMS LIKE this is the right way to do this, 
> and it SEEMS LIKE there's some validity to whats going on - but in practice, 
> we engineering types know it's a far different animal and should not be used 
> for real live benchmarking of any kind where there is a demand for 
> statistical validity.
> 
>   My feeling is that - if there is a need for the state to do 
> benchmarking, then it outta be using statistically significant methodologies 
> for same along the same lines as any other benchmark or test done by other 
> government agencies and national standards bodies that are reproducible and 
> dependable. The question is, as a hotbutton issue, how do we go about getting 
> 'the message' across, how do we go about engineering something that could be 
> considered statistically relevant, and most importantly, how do we get this 
> to be accepted by non-technical legislators and regulators?
> 
> Mike-
> 

Re: Looking for a Tier 1 ISP Mentor for career advice.

[Jeff Richmond]

All excellent advice, but let me point out something else. I manage a team of 
backbone engineers and still do quite a bit of engineering work myself. When I 
interview, I never get caught up on certs or degrees. Now, do I ignore them? 
No, of course not. They do mean something and I know I worked hard for my 
JNCIE, so they add value. However, what I want to see is someone that is 
energetic and has a drive to learn, but the most important piece of my 
interviews once I am confident they meet my technical needs is the personality 
evaluation. I know my team works crappy hours, gets pulled 100 different 
directions and just really have a tough job sometimes. What I can't have is a 
toxic person added to the mix, no matter how ridiculously smart or qualified 
they might be. So there have been times I have turned away more qualified 
candidates just because I was not comfortable with their attitude or vibe. 
Hiring and firing is extremely difficult to correct if you make the wrong 
choice, and I have learned a thing or two over the years in this regard.

That said, there is something else to consider too. In most large companies, 
the managers don't always have a lot of power when it comes to salaries and in 
some cases, even promotions. So, without specific experience and a salary 
history, you may be artificially held down due to HR policies no matter how 
well you do. I know that has happened a number of times at various places I 
have worked, and it is frustrating both for the candidate and the manager. 
There are many places where it is better to actually leave the company and come 
back to get around the HR constraints regarding salary augments from internal 
promotions. So, just be aware that even though you are working hard and going 
above and beyond, you might not always get initially rewarded for it. However, 
in time it will almost always correct itself, but even so, keeping a positive 
attitude and having a desire to learn will always benefit you in the end one 
way or another. 

Of course, once you get to the point of being in the industry for a long time 
like most of us here, you'll look back and say what the heck was I thinking, I 
should have been an accountant. Heh :)

Best of luck,
-Jeff


On Nov 22, 2011, at 3:52 AM, David Swafford wrote:

> Scott's point is very true!  Motivation will help you go very far,
> much farther than certs/knowledge alone.  As a soon to be
> college-grad, be ready for the initial disappointment, :-), even
> though you'll have your CCNP, you have no real experience, so you'll
> start at the entry level.  That's not a bad thing, but you might see
> it as such.  The reason it is good, is that while at the entry level
> (networking that is, I'm not talking about a helpdesk), you'll get to
> touch and interact with a lot of different things with very little
> "total" responsibility.
> 
> As you impress your peers, this will trickle up towards management,
> and eventually work it's way out into better tasks and larger
> responsibilities (try to not get caught up in "the title").  I'm
> speaking from experience here, I'm a senior network engineer for a $2
> B company, yet only 25 years old, currently working on my R/S CCIE
> purely for the learning experience.  It took me nearly 4 years to move
> from an associate to a senior in my company, which is not common in
> that short of a time-frame for my employer, but that's where the
> motivation piece comes in -- expressing true passion, and learning
> things because "they are cool/interest you" will take you far.
> Learning on paper is what you're taught in college and it only works
> so far, but learning from hand-on, like the lab you've got built, is
> where you attain the knowledge/troubleshooting/experience that will
> help you succeed.
> 
> A comment earlier in the thread mentioned "should I learn active
> directory/exchange"?  I hear this a lot from our fellow associate's on
> the team and to be honest, if you are learning something just to
> add it to your resume, that will be a waste of your time.  But, if you
> are learning it because you find it interesting  or just want to
> explore, then by all means go deep into it.  I personally go by the
> motto "go full in or don't go at all".  So if I'm going to learn
> something, I'll get as deep as I can into it, and focus on just it for
> a little while, then I'll move to something else, and focus on just
> that.  If you try to focus on too many separate things, you'll become
> this odd ball of knowledge that can't really hold you own -- a tip in
> the industry that will get you far:  be able to take ownership, and
> fully run/own what you're working on.  Regardless of level/title/role,
> a person who takes initive (within the scope/dynamic of their
> position), will go far.
> 
> Best of luck to you,
> David.
> 
> 
> On Mon, Nov 21, 2011 at 5:32 PM, Scott Weeks  wrote:
>> 
>> 
>> --- tyler.ha...@gmail.com wrote:
>> From: Tyler Haske 
>> 
>> I'd love to have varied

Re: Global caches

[Jeff Richmond]

While I would agree with that, having peering helps but certainly doesn't 
replace a localized CDN. Certainly better than nothing though. It also of 
course depends on the size of your network. If you are paying to carry that 
traffic (leased backhaul, etc.) from your peering point to your customers, you 
are still paying the same amount to deliver that content to your users 
(excluding any transit savings if moving from transit to get that CDN content). 
That is where an on-net CDN really saves you significantly as you can bury it 
deep into your network. I can't speak specifics here but I can tell you that 
the CDNs we have are filled at off-peak, so it really does become a win-win 
from a technical perspective (business case and politics are a completely 
different conversation though). 

-Jeff

On Feb 4, 2013, at 6:50 AM, Simon Lockhart  wrote:

> On Mon Feb 04, 2013 at 02:03:54PM +, Kyle Camilleri wrote:
>> Does anybody know of any other CDN providers that offer similar caches?
> 
> Most CDN providers also provide free access to "super node" caches at major
> datacentres and peering points - depending on where you are located, which
> datacentres you're in, and what your network looks like, you may find that 
> it's
> cheaper for you to interconnect with the CDNs within a datacentre 
> (particularly
> if you can do it via an IX), than the provide space and power for CDN nodes 
> within your own network.
> 
> Simon
> 

Re: Cheap Juniper Gear for Lab

[Jeff Richmond]

FWIW, when I took my JNCIE, I used all J-series running flow code (disabled) 
for my study pod and never had any issues. I have 9 physical routers plus a 
bunch of VRs on them. I agree there can be issues depending on what you are 
trying to do, but I am not sure why this is such a big deal if this is just a 
lab setup. I wouldn't test something on a J-series and expect to deploy it on 
M/MX/T in production or something, but that wasn't what the OP was asking to 
do. For a home lab I can't think of any reason not to use some J-series boxes. 

-Jeff

On Apr 11, 2012, at 1:29 PM, Leigh Porter wrote:

> 
> On 11 Apr 2012, at 18:36, "Carl Rosevear"  wrote:
> 
>> Yeah, I have to apply the term "awful" and "annoying" to the packet
>> mode implementation on SRX/J-series. Anyway, I spent *hours* with JTAC
>> on the phone trying to get the thing to just pass packets.  Best part
>> was, I didn't know how to do it and nor did they!  I escalated, worked
>> with many engineers.  My key statement was "I just want my router to
>> route.  Make it do what it is supposed to do.  No session tracking!
>> This is not a firewall."  So, now it doesn't require valid sessions to
>> pass packets but it does still appear to *track* sessions in some
>> tables and I am, of course, very curious when some attack vector will
>> fill up some table.
>> 
> 
> I have had some rather odd issues with the SRX boxes but JTAC were pretty 
> good at turning around fixes for me for my specific issues.
> 
> Since then I have had quite a lot of SRX boxes across the range running 
> various MPLS services including MPLS over GRE with fragmentation/reassembly 
> which has been working very well. Since 11.1R3 I've had no issues at all with 
> them.
> 
> So yeah the new flow mode stuff had its issues, but as a *small* MPLS box it 
> is very functional. Of course in MPLS mode, you turn the flow stuff off..
> 
> 
> --
> Leigh Porter
> 
> 
> 
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __
> 

Re: Frontier: Blocking port 22 because of illegal files?

[Jeff Richmond]

All, I have reached out to Aaron privately for details, but we do not block 
port 22 traffic unless it is in direct response to an attack or related item. 
Please let me know directly if you have any specific questions.

Thanks,
-Jeff

> On Mar 26, 2015, at 7:09 AM, Livingood, Jason 
>  wrote:
> 
> ISPs are generally expected to disclose any port blocking. A quick Google 
> search shows this is Frontier’s list:
> http://www.frontierhelp.com/faq.cfm?qstid=277
> 
> On 3/25/15, 10:31 PM, "Aaron C. de Bruyn" 
> mailto:aa...@heyaaron.com>> wrote:
> 
> I've had a handful of clients contact me over the last week with
> trouble using SCP (usually WinSCP) to manage their website content on
> my servers.  Either they get timeout messages from WinSCP or a message
> saying they should switch to SFTP.
> 
> After getting a few helpful users on the phone to run some quick
> tests, we found port 22 was blocked.
> 
> When my customers contacted Frontier, they were told that port 22 was
> blocked because it is used to transfer illegal files.
> 
> I called them, and got the same ridiculous excuse.
> 
> Just a friendly heads-up to anyone from Frontier who might be
> listening, I have a few additional ports you may wish to block:
> 
> 80 - Allows users to use Google to search for illegal files
> 443 - Allows users to use Google to search for illegal files in a secure 
> manner
> 69 - Allows users to trivially transfer illegal files
> 3389 - Allows users to connect to unlicensed Windows machines
> 179 - Allows users to exchange routes to illegal file shares
> 53 - Allows people to look up illegal names
> 
> -A
> 

Re: Anyone from frontiernet.net on here?

[Jeff Richmond]

All it looks like I am seeing packet loss there across all of our peering 
sessions with them, so looks like a problem on their network. I'll ask our NOC 
to open up a ticket with them though just to see if we can find out what the 
issue is.

Thanks,
-Jeff



On Jul 9, 2013, at 7:18 PM, Warren Bailey 
 wrote:

> There are some decent sized attacks taking place on gear near London, I 
> believe. Could be a result of that?
> 
> 
> Sent from my Mobile Device.
> 
> 
>  Original message 
> From: Janet Sullivan 
> Date: 07/09/2013 5:01 PM (GMT-08:00)
> To: nanog@nanog.org
> Subject: Anyone from frontiernet.net on here?
> 
> 
> I've been seeing really bad packet loss between PCCW and frontier, and so far 
> haven't been able to make any traction with anyone on either side.   I'm 
> betting that the ??? is a peering point either in London or Ashburn.
> 
> uk.bgp4.net (0.0.0.0)Tue Jul  9 20:39:53 2013
> Keys:  Help   Display mode   Restart statistics   Order of fields   qu
> it   Packets   Pings
> Host  Loss%   Snt   Last   Avg  Best  Wrst StDev
> 1. 212.111.33.230  0.0%431.7   0.7   0.5   1.8   0.3
> 2. 212.111.33.237  0.0%432.3   1.9   1.1  22.7   3.3
> 3. 63.218.13.221   0.0%432.3  15.6   1.1 230.3  45.9
> 4. ???
> 5. 74.40.2.17323.3%43  177.9 150.3 147.8 177.9   7.0
> 6. 74.40.2.19320.9%43  149.9 149.9 149.1 161.2   2.1
> 7. 74.40.3.24118.6%43  149.6 152.4 149.1 193.2   8.8
> 8. 74.40.5.49 28.6%43  148.1 150.8 147.8 192.1   9.9
> 9. 74.40.5.54 26.2%43  148.3 150.5 147.9 218.7  12.6
> 10. 74.40.5.46 33.3%42  149.5 154.0 149.2 212.8  14.0
> 11. 74.40.3.13716.7%42  147.4 148.7 146.9 163.0   4.1
> 12. 74.40.1.15429.3%42  148.2 153.6 147.7 206.7  14.2
> 13. 50.34.2.16235.7%42  150.2 150.4 149.8 156.3   1.2
> 14. 50.46.150.55   26.2%42  150.7 151.0 150.5 152.0   0.4
> 

Re: Juniper firewalls - SSG or SRX

[Jeff Richmond]

Count me in as well. I ditched my personal Netscreens and replaced with SRXs 
and we have done so as well at my day job. Other than a few quirky things, they 
are very nice. V6 support is still somewhat limited though, but I am using an 
SRX210H with ADSL2 PIM as my main router at home and it has been absolutely 
solid. Using it for both V4 (flow) and V6 (packet) routing, as well as doing a 
bunch of other things. It replaced my older NS5GT and SSG5. Configuration is so 
much easier now too. I almost forgot the pain of screenos. Ok, maybe not...

-Jeff

On Apr 19, 2010, at 9:39 PM, seph wrote:

> I'm with Owen. I have nothing good to say about ScreenOS. In contrast
> JunOS has been great.
> 
> seph
> 
> Owen DeLong  writes:
> 
>> Much.. Go SRX over SSG every time.  For anything that doesn't have an
>> SRX analog, consider the J-series.
>> 
>> SRX/J-Series == JunOS == Good.
>> SSG Series == ScreenOS == @)#$*#@)$(*!)(@$...@$
>> 
>> Just my $0.02 having dealt extensively with both environments over the
>> years.
>> 
>> Owen
>> 
>> On Apr 19, 2010, at 5:32 PM, Jeffrey Negro wrote:
>> 
>>> Has anyone on Nanog had any hands on experience with the lower end of the
>>> new SRX series Junipers?  We're looking to purchase two new firewalls, and
>>> I'm debating going with SSG series or to make the jump to the SRX line.  Any
>>> input, especially about the learning curve jumping from ScreenOS to JunOS
>>> would be greatly appreciated.  Thank you in advance.
>>> 
>>> Jeffrey
> 

Re: Juniper firewalls - SSG or SRX

[Jeff Richmond]

I will admit I have the same issue with a both my BGP sessions over GRE as 
well, which is really annoying, but I only use this for remote hopping over to 
my other lab, not for anything I would ever do in production so I haven't 
bothered opening a case on it yet. Glad to know I am not the only one though. 
However, that said, everything else I am doing has been rock solid, so no 
complaints there.

-Jeff

On Apr 20, 2010, at 5:01 AM, Richard A Steenbergen wrote:

> On Tue, Apr 20, 2010 at 04:18:11AM -0700, Owen DeLong wrote:
>> 
>> Interesting. My SRXes have been rock solid since upgrading to
>> 10.0R1.8.
> 
> Not so much here. My basement SRX210 starts dropping bgp sessions over
> an IPSEC tunnel every 30 secs or so after around 1-1.5 days of uptime,
> and won't stop until you restart rpd (which buys you another day or so
> of functioning bgp). And about 1 out of every 4 times you do restart
> rpd, dhcpd will spin at 100% cpu until you restart that too. Even
> 10.1S1.3 doesn't help these issues. It's a nice box in theory, and it
> has lots of potential, but lots and lots of unresolved bugs too. I knew
> things were off to a bad start when I tried to downgrade from the 10.0R1
> that shipped with the box to 9.6 after my first round of issues, and it
> crashed in the middle of the installer, wiping the config in the process
> and requiring a tftp boot of new code to recover. :)
> 
> -- 
> Richard A Steenbergenhttp://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
>