RE: Linux router traffic monitoring, how? netflow?

[Murat Kaipov]

Hello Eliezer.
Netflow will be the best solution to find the host that's generate load. First 
you need decide what netflow analyzer you'll use. I know about some plugin to 
Cacti. Than you need install IPT-NETFLOW to your Ubuntu router.
Also you have another way, you can monitor (snmp traffic) all ports on switches 
and then find analyze. 
B.R. Murat


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Eliezer Croitoru
Sent: Thursday, November 13, 2014 8:10 PM
To: nanog@nanog.org
Subject: Linux router traffic monitoring, how? netflow?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hey all,

I have a tiny linux router based on ubuntu and sometimes I get a massive load 
of UDP traffic because of one of the PCs in the network.
Usually I handle the situation with a strict block using iptables.
The main issue is to find it due to the load.
For now I am monitoring the traffic load using MRTG but it won't notify me.
I can try to use nagios to monitor traffic load for a period of time but before 
I start working on it I want another person opinion and options.

I have seen netflow in the past but never actually used it.

Thanks in advance,
Eliezer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJUZOXKAAoJENxnfXtQ8ZQUnCcIAJn/3LQa1CKl1mBGiWHUvrEZ
GZIPYKDlDWscVaq2VhJQH/ZcUqX5466YTSLsFQBaCEynLfc4vgk5gBZzyLK9TI1R
MSDXAQNYvqRGnDG5rBrthCCvSA8UZyqVH9feSXw+U8aiwZcmQz4SSVv86yy288qP
eFlerXq43QvSzXgMPFFrzwVzcwY3UVg0VMxlqIRIl+sB8dfg6ofau61/lax9ALQ4
cfxE674vxKtQsf319lJTmq/3JMvANzZNYbX0+XnLNIDaCciM/GTT/Xvasq+oigm2
IE4T0098KMUyBdJx5ewX5d+rawI2283euiY0Co5UnfCYzBnJTj4xZR32Tip53lM=
=gZaZ
-END PGP SIGNATURE-

RE: FTTx Active-Ethernet Hardware

[Murat Kaipov]

We are small ISP. We used Linksys SPS208G for access level, and Cisco ME3400
for aggregation purposes. On Core level we use Cisco3560, now we have some
plans to migrate to Cat 6500.


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ray Soucy
Sent: Tuesday, February 10, 2015 5:42 PM
To: Mike Hammett
Cc: NANOG
Subject: Re: FTTx Active-Ethernet Hardware

Price and functionality-wise Planet MGSW-28240F and GSD-1020S look pretty
close to what I'm looking for.  Anyone have real experience with using them
on a large scale?  Performance?

On Tue, Feb 10, 2015 at 8:34 AM, Mike Hammett  wrote:
> Check out Mikrotik, Planet and TP-Link.
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
>
>
> - Original Message -
>
> From: "Ray Soucy" 
> To: "NANOG" 
> Sent: Tuesday, February 10, 2015 7:31:22 AM
> Subject: FTTx Active-Ethernet Hardware
>
> One thing I'm personally interested in is the growth of municipal FTTx 
> that's starting to happen around the US and possibly applying that 
> model to highly rural areas (e.g. 10 mile long town with no side 
> streets, existing utility polls, 250 or so homes) and doing a 
> realistic cost analysis of what that would take.
>
> What options are out there for Active-Ethernet hardware. Ideally 
> something that could handle G.8032 and 802.1ad in hardware for the 
> distribution side (24 or 48-port SFP metro switch) and something 
> inexpensive for the access side but still managed (e.g. a 4-port 
> switch with an SFP uplink supporting Q-in-Q).
>
> I'm really looking for something cheap to keep costs down for a 
> proof-of-concept. The stuff from Cisco and even Ciena is a bit more 
> expensive than my target.
>
>
>
>
> --
> Ray Patrick Soucy
> Network Engineer
> University of Maine System
>
> T: 207-561-3526
> F: 207-561-3531
>
> MaineREN, Maine's Research and Education Network www.maineren.net
>



--
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network www.maineren.net

RE: Cisco ASA

[Murat Kaipov]

Hello Dear.
You can you cisco partner locator
https://tools.cisco.com/WWChannels/LOCATR/openBasicSearch.do
It will be more productively. 

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of A MEKKAOUI
Sent: Friday, September 11, 2015 3:51 PM
To: 'NANOG'
Subject: Cisco ASA

HI

 

Do you know any seller of Cisco ASA (used and new) please? Please contact me
offline.

 

Thank you

 

KARIM M.

 

RE: Skype off line ??

[Murat Kaipov]

 You ca use Google Hangouts, but I don't know about multiuser conference.

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Max Tulyev
Sent: Monday, September 21, 2015 1:27 PM
To: nanog@nanog.org
Subject: Re: Skype off line ??

For me yes, it is down for several hours.

BTW, is there any Jabber/XMPP client with similar usability?

I need just scroll up to view all history and one click to join someone to 
multiuser conference in fact.

On 21.09.15 11:32, Marco Paesani wrote:
> Hi,
> do you have sone news about it ?
> Best regards,
> 

cisco.com unavailable

[Murat Kaipov]

Hi folks!
Is cisco.com  unavailable or it is affected just for 
Rostelecom?

Re: cisco.com unavailable

[Murat Kaipov]

Thanks to all of you. I think there issue with ISP’s connectivity in Russia.

> 21 сент. 2015 г., в 21:55, Keith Stokes  написал(а):
> 
> It works fine for me from Cox.
> 
> 
> 
> ---
> 
> Keith Stokes
> 
> 
> From: NANOG  on behalf of Murat Kaipov 
> 
> Sent: Monday, September 21, 2015 1:51 PM
> To: nanog@nanog.org
> Subject: cisco.com unavailable
> 
> Hi folks!
> Is cisco.com <http://cisco.com/> unavailable or it is affected just for 
> Rostelecom?

Re: cisco.com unavailable

[Murat Kaipov]

2 minutes ago all had worked fine, now I have same trouble.

mkaipov$ traceroute cisco.com
traceroute to cisco.com (72.163.4.161), 64 hops max, 52 byte packets
 1  router.asus.com (10.10.0.1)  1.536 ms  1.232 ms  1.176 ms
 2  62.182.11.92 (62.182.11.92)  1.934 ms  2.924 ms  3.251 ms
 3  isp2.aquafon.com (62.182.11.26)  2.140 ms  2.421 ms  2.380 ms
 4  u111asr1002tr2-isp2.aquafon.com (91.221.157.5)  4.767 ms  3.515 ms  3.243 ms
 5  62.183.37.150 (62.183.37.150)  3.585 ms  3.573 ms  3.465 ms
 6  230.100.sochicom.biz (85.174.230.100)  3.898 ms  5.611 ms  3.671 ms
 7  85.174.230.225 (85.174.230.225)  16.177 ms  17.043 ms  15.573 ms
 8  85.175.2.69 (85.175.2.69)  13.401 ms  20.689 ms  13.170 ms
 9  188.254.36.249 (188.254.36.249)  28.386 ms
188.254.36.253 (188.254.36.253)  14.295 ms  27.329 ms
10  87.226.133.103 (87.226.133.103)  72.963 ms *  69.451 ms
11  s-b3-link.telia.net (213.248.95.105)  49.969 ms  50.155 ms
s-b3-link.telia.net (62.115.11.57)  66.943 ms
12  s-bb3-link.telia.net (213.155.133.16)  75.242 ms
s-bb3-link.telia.net (62.115.137.158)  71.001 ms  70.112 ms
13  s-b6-link.telia.net (62.115.141.201)  71.606 ms
s-b6-link.telia.net (62.115.136.23)  47.700 ms
s-b6-link.telia.net (62.115.136.21)  48.270 ms
14  level3-ic-155475-s-b2.c.telia.net (213.248.99.134)  48.129 ms  49.995 ms  
66.182 ms
15  * * *
16  * * *
17  cisco-syste.ear1.dallas1.level3.net (4.30.74.46)  195.112 ms  308.241 ms  
193.757 ms
18  rcdn9-cd1-dmzbb-gw1-ten1-1.cisco.com (72.163.0.5)  197.443 ms  193.921 ms  
420.050 ms
19  rcdn9-cd1-dmzdcc-gw1-por1.cisco.com (72.163.0.178)  307.371 ms  307.396 ms  
306.593 ms
20  * * *
21  * * *
22  * * *
23  * *

> 21 сент. 2015 г., в 22:05, Sander Steffann  написал(а):
> 
> 
>> Is cisco.com  unavailable or it is affected just for 
>> Rostelecom?
> 
> Works fine here in The Netherlands (ISP: Solcon).
> 
> Cheers,
> Sander
> 

Re: cisco.com unavailable

[Murat Kaipov]

Now all works fine.
mkaipov$ traceroute www.cisco.com
traceroute to e144.dscb.akamaiedge.net (23.78.32.170), 64 hops max, 52 byte 
packets
 1  router.asus.com (10.10.0.1)  1.598 ms  1.287 ms  1.126 ms
 2  62.182.11.92 (62.182.11.92)  1.878 ms  1.789 ms  1.863 ms
 3  91.221.157.1 (91.221.157.1)  3.145 ms  3.361 ms  3.081 ms
 4  rdn06.transtelecom.net (217.150.56.234)  10.898 ms  10.362 ms  10.067 ms
 5  10.78.146.2 (10.78.146.2)  47.051 ms  47.222 ms  46.991 ms
 6  * * *
 7  eth2-4.r1.sto2.se.as5580.net (78.152.34.215)  76.838 ms  73.685 ms  73.822 
ms
 8  eth3-1.r1.cph1.dk.as5580.net (78.152.34.158)  82.728 ms  93.950 ms  82.614 
ms
 9  akamai-20940-gw.cph01-1.dk.as5580.net (78.152.57.10)  86.037 ms  85.568 ms  
85.522 ms
10  a23-78-32-170.deploy.static.akamaitechnologies.com (23.78.32.170)  81.347 
ms  86.100 ms  81.352 ms
MBP-Murat:~ mkaipov$ 
> 21 сент. 2015 г., в 22:33, Justin Wilson - MTIN  написал(а):
> 
> http://downforeveryoneorjustme.com/
> 
> 
> 
> 
> Justin Wilson
> j...@mtin.net
> 
> ---
> http://www.mtin.net Owner/CEO
> xISP Solutions- Consulting – Data Centers - Bandwidth
> 
> http://www.midwest-ix.com  COO/Chairman
> Internet Exchange - Peering - Distributed Fabric
> 
>> On Sep 21, 2015, at 2:59 PM, Hugo Slabbert  wrote:
>> 
 Is cisco.com  unavailable or it is affected just for
 Rostelecom?
>> 
>> No problems here from either v4 or v6.
>> 
>> -- 
>> Hugo
> 

Re: Facebook invisible in Italy

[Murat Kaipov]

All works fine for our network in Abkhazia. AS44491

> 28 сент. 2015 г., в 23:38, Jürgen Jaritsch  написал(а):
> 
> Hi,
> 
> also down for us (Austria & Germany) and the OVH network.
> 
> Best regards
> 
> 
> Jürgen Jaritsch
> Head of Network & Infrastructure
> 
> ANEXIA Internetdienstleistungs GmbH
> 
> Telefon: +43-5-0556-300
> Telefax: +43-5-0556-500
> 
> E-Mail: jjarit...@anexia-it.com 
> Web: http://www.anexia-it.com 
> 
> Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
> Geschäftsführer: Alexander Windbichler
> Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
> 
> -Ursprüngliche Nachricht-
> Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Marco Paesani
> Gesendet: Montag, 28. September 2015 22:35
> An: nanog 
> Betreff: Facebook invisible in Italy
> 
> Hi,
> some issues from FB network ??
> Do you have some info ?
> Regards,
> 
> -- 
> 
> Marco Paesani
> MPAE Srl
> 
> Skype: mpaesani
> Mobile: +39 348 6019349
> Success depends on the right choice !
> Email: ma...@paesani.it

Multicast stream monitoring tools

[Murat Kaipov]

Hello folks!We have an issue with some multicast streams. For some reason 
picture is very unstable in evening, during internet usage peak times. We have 
had monitor our links and uplinks and there wasn't any oversubscribtion. I 
looking for usefull multicast stream monitoring tool now. Any suggestion?Thank 
you!   

RE: Multicast stream monitoring tools

[Murat Kaipov]

Yes, it is may be effect of microburst in our network or in link between our 
ISP and TV carrier.Thank you.

> Date: Mon, 25 Jan 2016 18:23:54 +0200
> Subject: Re: Multicast stream monitoring tools
> From: s...@ytti.fi
> To: mkai...@outlook.com
> CC: nanog@nanog.org
> 
> On 25 January 2016 at 10:48, Murat Kaipov  wrote:
> 
> Hey,
> 
> > Hello folks!We have an issue with some multicast streams. For some reason 
> > picture is very unstable in evening, during internet usage peak times. We 
> > have had monitor our links and uplinks and there wasn't any 
> > oversubscribtion. I looking for usefull multicast stream monitoring tool 
> > now. Any suggestion?Thank you!
> 
> How are you monitoring this for oversub? SNMP graphs for pps/bps are
> not useful nor his looking at CLI pps/bps counters. You should monitor
> if there are queue drops on egress. If possible also monitor queue
> length, but not all platforms offer this information.
> My friend Occam says you're probably dropping packets.
> 
> You could also subscribe to the stream with monitoring PC which runs
> something like this https://github.com/tarko/CCmon
> 
> -- 
>   ++ytti
  

RE: PPPoE/IPoE, any recommendations for upgrade?

[Murat Kaipov]

Hello Nasser. We use IPoE in our small ISP. But in my case we use DHCP option 
82 and IP address as username for authentication and accounting purposes. As 
BRAS we configure Cisco ISG.


Отправлено с устройства Samsung

 Исходное сообщение 
От: Nasser Heidari 
Дата: 07.06.2015  9:46  (GMT+03:00)
Кому: nanog@nanog.org
Тема: PPPoE/IPoE, any recommendations for upgrade?

Hi,

We are currently using PPPoE in our network. I have seen some articles
regarding migration of so-called legacy PPPoE to IPoE. After reviewing some
of them and implementing IPoE in lab environment using Cisco ASR I didn't
fine it that much beneficial to migrate whole system as I need to change a
lot of things. For example:
 - I need to add it's support to our radius and obviously BSS system (E.g.
using NAS-PORT-ID instead of username).
 - For the addressing part, as I have already using distributed BNG's, I
need to change some of our policies. (For example assigning address blocks
is much easier in PPPoE using framed-route)
 - I need to change our customers CPE configuration to use Ethernet
encapsulation.
 - I haven't used DHCP in large scale environment.
 - I don't have any clear Idea/understanding regarding its
maintainability/troubleshooting and also security.
 (Please add if I'm missing any other issue which may run into if I migrate
to IPoE)

Although it has some benefits, I'm not sure if it's that essential to
migrate.
Would you please kindly?
 - Share your Ideas/experiences/best practices in this regard?
 - If you are already using IPoE, tell more why should I upgrade?
 - Considering a DSL network with more than 800K customers using PPPoE, do
you recommend this migration?


Kind Regards,
Nasser

Yandex DNS with Sophos antivirus blocking TrendMicro services

[Murat Kaipov]

Hello Guys.

For 2 day I experience an issue with using my trendmicro software. For some
reason web check didn't worked. I try to investigate this issue and found
that yandex dns services blocking all trendmicro sites. I use yandex secure
dns (dns.yandex.ru servers 77.88.8.8 and 77.88.8.2) for my home environment,
which using Sophos antivirus for threat detection.  If I change my dns
server for another like google dns or some dns servers of my home ISP all
works fine.

Please if there some guys from yandex, Sophos or trendmicro help to resolve
this issue. I'm very happy with my TrendMicro antivirus system and happy
with yandex secure dns, but even Sophos or yandex blocking TrendMicro sites
I and all peoples who use TrendMicro products and yandex dns can't use it
anymore.

Thank you.