NAT (PAT) log

2014-05-08 Thread Pavel Dimow
Hello,

as we are running out of ipv4 addresses we started to think of dual stack
deployment in our network and that means we will soon need to have some NAT
in place (NAT44).However I am curios to find how do you manage NAT logs?
Considering the fact that we will need to use overload for pools I don't
see any good solution how to track ip address leases. Any ideas?


IPV6 in enterprise best practices/white papaers

2013-01-26 Thread Pavel Dimow
Hi,

I have read many of those ipv6 documents and they are great but I
still luck to find something like "real word" scenario.
What I mean is that for example I want to start implementation of ipv6
in my enterprise according to mu knowledge so far
my first step is to create address plan, then implement security on
routers/switches then on hosts, and after that I can start to create
 record and PTR recors in DNS and after that I should configure my
dhcp servers and after all has been done I can test ipv6 in LAN and
after that I can start configure bgp with ISP.
Is this correct procedure? Any thoughts? If all is correct I have a
few questions..

Regarding DNS, if I give a /64 to host using SLAAC or DHCP how do I
maintain PTR for this /64? I should use DDNS?
What do you use in your enterprise SLAAC or DHCP? If SLAAC why not DHCP?
Any other hints/tips?



Re: IPV6 in enterprise best practices/white papaers

2013-01-26 Thread Pavel Dimow
Hi, I want to thank you all for your comments they are very helpful to me.
And yes, I don't have much hands on experience but as non native
English speaker
I tend to write someone confusing mails so don't take every my
sentence "as-is". ;)

Tnx once again to all.


On Sat, Jan 26, 2013 at 6:59 PM, TJ  wrote:
> In principle, I agree with the EDGE-in approach.
>
> However, if you need to do LAN before EDGE (e.g. DISA can't get you
> connectivity but you need to make some progress) you need to block 
> queries from getting replies.  BIND has a "filter  on IPv4" option that
> helps here ... (just don't give the hosts the v6 addresses of the  internal
> DNS servers).
>
> HTH,
> /TJ
>
> On Jan 26, 2013 12:49 PM, "William Herrin"  wrote:
>>
>> On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow  wrote:
>> > I can start to create
>> >  record and PTR recors in DNS and after that I should configure my
>> > dhcp servers and after all has been done I can test ipv6 in LAN and
>> > after that I can start configure bgp with ISP.
>> > Is this correct procedure?
>>
>> Nope.
>>
>> In their infinite(simal) wisdom the architects of IPv6 determined that
>> a host configured with both a global scope IPv6 address and an IPv4
>> address will attempt IPv6 in preference to IPv4. If you configure IPv6
>> on a LAN without first installing your IPv6 Internet connection, that
>> LAN will break horribly.
>>
>> Work your way from the outside in: start with BGP, then the interior
>> routers and configure the LAN last.
>>
>> Regards,
>> Bill Herrin
>>
>>
>>
>> --
>> William D. Herrin  her...@dirtside.com  b...@herrin.us
>> 3005 Crane Dr. .. Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>>
>



SNMP - monitoring large number of devices

2015-09-29 Thread Pavel Dimow
Hi all,

recently I have been tasked with a NMS project. The idea is to pool about
20 OID's from 50k cable modems in less then 5 minutes (yes, I know it's a
one million OID's). Before you say check out some very professional and
expensive solutions I would like to know are there any alternatives like
open source "snmp framework"? To be more descriptive many of you knows how
big is the mess with snmp on cable modem. You always first perform snmp
walk in order to discover interfaces and then read the values for those
interfaces. As cable modem can bundle more DS channels, one time you can
have one and other time you can have N+1 DS channels = interfaces. All in
all I don't believe that there is something perfect out there when it comes
to tracking huge number of cable modems so I would like to know is there
any "snmp framework" that can be exteded and how did you (or would you)
solve this problem.

Thank you.


Re: SNMP - monitoring large number of devices

2015-09-30 Thread Pavel Dimow
Thank you all for you suggestions, I knew it that NANOG is a perfect place
for those kind of questions.
I will discuss your comments with my colleagues to see what would be the
best solution.
Once again thank you all for your valuable suggestions, I hope I will
update you soon with some results/test and of course more questions :)


On Wed, Sep 30, 2015 at 6:18 AM, Tom Sands  wrote:

> We have used ZenOss for a number of years at this scale (40k+ devices, at
> intervals of 1-5 minutes). It is possible to do if you have the hardware
> and storage performance to throw at it. We used OpenNMS before that and had
> to change due to scale. During that time we evaluated a number of the big
> name and big dollar solutions and none of them seemed to scale any better
> without significantly more hardware costs.
> That's not to say ZenOss is perfect, we have plenty of headaches too.
>
> Sent from my iPhone
>
> > On Sep 29, 2015, at 10:40 PM, Joel Whitcomb 
> wrote:
> >
> > So we have used www.zenoss.org for many years. Individual collectors
> are easily handling snmp poll rates of 1.5k oids per second(450k per 5m).
> As zenoss core is open source Its probably worth a look for you.
> >
> > -Joel
> >
> > -Original Message-
> > From: NANOG [mailto:nanog-bounces+joel.whitcomb=citrix@nanog.org]
> On Behalf Of Pavel Dimow
> > Sent: Tuesday, September 29, 2015 1:20 PM
> > To: NANOG 
> > Subject: SNMP - monitoring large number of devices
> >
> > Hi all,
> >
> > recently I have been tasked with a NMS project. The idea is to pool about
> > 20 OID's from 50k cable modems in less then 5 minutes (yes, I know it's
> a one million OID's). Before you say check out some very professional and
> expensive solutions I would like to know are there any alternatives like
> open source "snmp framework"? To be more descriptive many of you knows how
> big is the mess with snmp on cable modem. You always first perform snmp
> walk in order to discover interfaces and then read the values for those
> interfaces. As cable modem can bundle more DS channels, one time you can
> have one and other time you can have N+1 DS channels = interfaces. All in
> all I don't believe that there is something perfect out there when it comes
> to tracking huge number of cable modems so I would like to know is there
> any "snmp framework" that can be exteded and how did you (or would you)
> solve this problem.
> >
> > Thank you.
>


List of a useful tools for network architects

2010-06-21 Thread Pavel Dimow
Hi,

I am wondering what tools you consider most valuable when designing
big network from scratch or
perform a migration? For example I would like to know is there a tool
that will perform basic sanity checks
like network equipment without redundant link or without link at all...
I know that the one who design a network have to consider all this
issues but some automatic check will
save some time for sure...

Thank you.



Re: List of a useful tools for network architects

2010-06-21 Thread Pavel Dimow
And how do you feel when client tell you that you don't have a
connection from SW-476 to SW-145?
"Well you see, there are plenty of boxes out there (couple hundreds)
you don't expect that everything must be perfect right? Anyhow I was
very tired that day"

The point is, I am not looking for a program that will design the
network instead of me, just a little sanity check.

I agree that head, whiteboard, marker, sharp pencil :) are very
valuable but those were on my list anyway :)

On Mon, Jun 21, 2010 at 10:18 PM, Jens Link  wrote:
> Pavel Dimow  writes:
>
>> Hi,
>>
>> I am wondering what tools you consider most valuable when designing big
>> network from scratch or perform a migration?
>
> White board and a digital camera to document the drawings. Pen and paper
> are also a very important tool.
>
>> For example I would like to know is there a tool that will perform
>> basic sanity checks like network equipment without redundant link or
>> without link at all...
>
> Well there is my head and a couple of years experience. ;-)
>
>> I know that the one who design a network have to consider all this
>> issues but some automatic check will save some time for sure...
>
> Discuss your design with others. There is always more than one way to
> design a network.
>
> Jens
> --
> -
> | Foelderichstr. 40   | 13595 Berlin, Germany    | +49-151-18721264     |
> | http://blog.quux.de | jabber: jensl...@guug.de | ---  |
> -
>
>



Per IP Subscriber DHCP Triggered RADIUS Accounting

2010-08-06 Thread Pavel Dimow
Hello,

I work at small cable operator, and we are using Cisco CNR as DHCP
server. Now, we want to offer
some VAS to our customers. The problem is that we are using CNR as
dhcp server, and VAS server need to know
the ip address of every subscriber (static is not an option). DHCP
lease query is not an option
(something Cisco SCE is using)  simply because VAS server does not support it.
The closest thing that comes to my mind is that we use DDNS on CNR to
send DNS updateds to our custom
written daemon that will extract ip and A record (this will be the mac
address of CPE).
Any other options? Has anyone from cable world come to this or
anyother solution?



Re: Per IP Subscriber DHCP Triggered RADIUS Accounting

2010-08-06 Thread Pavel Dimow
ok, subject is a little missliding as that would be an option if we
can use Cisco router as DHCP which is not
possible at the moment in our network.


On Fri, Aug 6, 2010 at 10:35 PM, Pavel Dimow  wrote:
> Hello,
>
> I work at small cable operator, and we are using Cisco CNR as DHCP
> server. Now, we want to offer
> some VAS to our customers. The problem is that we are using CNR as
> dhcp server, and VAS server need to know
> the ip address of every subscriber (static is not an option). DHCP
> lease query is not an option
> (something Cisco SCE is using)  simply because VAS server does not support it.
> The closest thing that comes to my mind is that we use DDNS on CNR to
> send DNS updateds to our custom
> written daemon that will extract ip and A record (this will be the mac
> address of CPE).
> Any other options? Has anyone from cable world come to this or
> anyother solution?
>



ip address management

2010-02-02 Thread Pavel Dimow
Hello,

does anybody knows what happend with ipat?

http://nethead.de/index.php/ipat
http://nanog.cluepon.net/index.php/Tools_and_Resources

Any other suggestion for a good foss ip address management app with
ipv6 support?



Re: ip address management

2010-02-04 Thread Pavel Dimow
Hello Arnd,

it would be great if you can put them back.

Thank you.

On Thu, Feb 4, 2010 at 3:50 AM, Arnd Vehling  wrote:
> Hi,
>
> Pavel Dimow wrote:
>>
>> does anybody knows what happend with ipat?
>
>> http://nethead.de/index.php/ipat
>> http://nanog.cluepon.net/index.php/Tools_and_Resources
>
> i did take the sources offline a couple of weeks ago cause there didnt
> seemed to be a lot interest in the software.
>
> If you want i can put em up again or send you a download link but you should
> keep in mind that this is a "carrier grade" address management tool which
> requires quite some time to setup.
>
> The IP management stuff has been created ontop of the RIPE whois database,
> means, you will be running a complete registry server.
>
> cheers,
>
>   Arnd
>
>