Re: Gmail throttling?

2014-02-22 Thread Pedro Cavaca 
On 22 February 2014 01:03, Brian Henson  wrote:
> The correct URL should be https://support.google.com/mail/answer/81126

The URL is actually correct, it just happens that the "html" part in
"bulk_mail.html" only shows up on the next line - if you use it, it
eventually redirects to the above.

>
>
> On Fri, Feb 21, 2014 at 7:58 PM, Eduardo A. Suárez <
> esua...@fcaglp.fcaglp.unlp.edu.ar> wrote:
>
>> Hi,
>>
>> some of our users have forwarded the email to Gmail and Gmail now are
>> complaining that this is bulk mail and delaying it.
>>
>> We have SPF, DKIM, DMARC, even SRS to try these things do not happen :(
>>
>> Anyone know if there is any new policy in Gmail about that?
>>
>> Above all, the message refers to a non-existent URI!
>>
>>  RSET
>
 250 2.1.5 Flushed v69si8136768yhd.33 - gsmtp
>> ... Using cached ESMTP connection to
>> gmail-smtp-in.l.google.com. via esmtp...
>>
>>> MAIL From: SIZE=150374 BODY=8BITMIME
>
 250 2.1.0 OK v69si8136768yhd.33 - gsmtp
>>
>>> RCPT To:
> DATA
>
 250 2.1.5 OK v69si8136768yhd.33 - gsmtp
>> 354  Go ahead v69si8136768yhd.33 - gsmtp
>>
>>> .
>
 421-4.7.0 [163.10.4.2  15] Our system has detected an unusual rate of
>> 421-4.7.0 unsolicited mail originating from your IP address. To protect our
>> 421-4.7.0 users from spam, mail sent from your IP address has been
>> temporarily
>> 421-4.7.0 rate limited. Please visit http://www.google.com/mail/
>> help/bulk_mail.
>> 421 4.7.0 html to review our Bulk Email Senders Guidelines.
>> v69si8136768yhd.33 - gsmtp
>>
>>> QUIT
>

>>
>> Eduardo.-
>>
>>
>> --
>> Eduardo A. Suarez
>> Facultad de Ciencias Astronómicas y Geofísicas - UNLP
>> FCAG: (0221)-4236593 int. 172/Cel: (0221)-15-4557542/Casa: (0221)-4526589
>>
>>
>> 
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>>

Re: As path for Junos

2014-03-07 Thread Pedro Cavaca 
On 7 March 2014 19:26, Michael Loftis  wrote:

>
> http://www.juniper.net/techpubs/en_US/junos13.3/topics/usage-guidelines/policy-configuring-as-path-regular-expressions-to-use-as-routing-policy-match-conditions.html
>
> There's no backref support in the regex subset that juniper has chosen
> to implement, see
> http://juniper.cluepon.net/index.php/ER_Detect_AS-PATH_prepends
>
> - and I don't think Juniper has gone anywhere with that engineering
> request.
>

Why wouldn't ".{3}" work, for this case?


>
> On Fri, Mar 7, 2014 at 3:31 AM, Marco Paesani  wrote:
> > Hi Everyone,
> > I need a help to transform this Cisco IOS command:
> >
> > ip as-path access-list 50 permit _([0-9]+)_\1_\1_
> >
> > in Juniper JUNOS policy-options.
> > Best regards,
> > Marco
> > M. +39 348 6019349
>
>
>
> --
>
> "Genius might be described as a supreme capacity for getting its possessors
> into trouble of all kinds."
> -- Samuel Butler
>
>

Re: As path for Junos

2014-03-07 Thread Pedro Cavaca 
On 7 March 2014 19:44, Pedro Cavaca  wrote:

>
>
>
> On 7 March 2014 19:26, Michael Loftis  wrote:
>
>>
>> http://www.juniper.net/techpubs/en_US/junos13.3/topics/usage-guidelines/policy-configuring-as-path-regular-expressions-to-use-as-routing-policy-match-conditions.html
>>
>> There's no backref support in the regex subset that juniper has chosen
>> to implement, see
>> http://juniper.cluepon.net/index.php/ER_Detect_AS-PATH_prepends
>>
>> - and I don't think Juniper has gone anywhere with that engineering
>> request.
>>
>
> Why wouldn't ".{3}" work, for this case?
>
>

Or, to better align with the given Cisco example: ".* .{3} .*"


>
>> On Fri, Mar 7, 2014 at 3:31 AM, Marco Paesani  wrote:
>> > Hi Everyone,
>> > I need a help to transform this Cisco IOS command:
>> >
>> > ip as-path access-list 50 permit _([0-9]+)_\1_\1_
>> >
>> > in Juniper JUNOS policy-options.
>> > Best regards,
>> > Marco
>> > M. +39 348 6019349
>>
>>
>>
>> --
>>
>> "Genius might be described as a supreme capacity for getting its
>> possessors
>> into trouble of all kinds."
>> -- Samuel Butler
>>
>>
>

Re: As path for Junos

2014-03-08 Thread Pedro Cavaca 
On 8 March 2014 08:47, Saku Ytti  wrote:

> On (2014-03-07 19:44 +), Pedro Cavaca wrote:
>
> > Why wouldn't ".{3}" work, for this case?
>
> Because the OP wants a same atom N times, not any atom N times.
>

Of course, what was I thinking? I'll crawl back to my hole now... Thanks
for being gentle on the clue-bat.


>
> --
>   ++ytti
>
>

Re: Comcast Enterprise Fiber Slow Connection Problem from TW Telecom

2014-10-31 Thread Pedro Cavaca 
On 31 October 2014 18:32, Zachary Frederick  wrote:

> We have been having a problem receiving software releases from our
> developer. The releases are typically around 1G in size. The developer’s
> connection is a 100m metro fiber with TW Telecom,  our connection is a 25m
> Comcast Enterprise Fiber.
>
> Our traffic graphs show very little utilization of our connection.
> Typically on average we are at about 7 meg utilization of our 25.
>
> Every other partner that shares in our software development that receives
> the software releases can receive the updates 3-4 times faster than we can.
>
> Typically we receive the releases at about 3mbps.
>

Are you using an application that uses TCP transport for the transfer?

https://www.switch.ch/network/tools/tcp_throughput/index.html?mss=1460&rtt=38&loss=1e-06&Calculate=Calculate&bw=100&rtt2=80&win=64

3Mbps looks about right. Time for a tune up


> I have tried contacting Comcast Enterprise Tech support, however I’ve been
> told that if I run a speed test from my connection and the test runs at the
> speed we are paying for, there is very little they are willing to look into.
>
> Can anyone check on the Comcast Routers on the Tracert below, or is there
> anything that can be throttling this connection between the two connections?
>
> Also, our firewall and connection is able to run at the full 25. We have
> no throttling or QOS set to prevent a good connection to our developer. For
> example, we can run a multi-threaded upload, in the middle of the night, to
> Amazon Glacier storage and completely saturate our connection when doing
> so. The firewall and connection is able to handle our full bandwidth
> capacity during that backup.
>
> If there is any other information I can provide to help track this problem
> down, please let me know.
>
> Thanks in advance, everyone!
>
>
> Trace Route below:
>
>
>
>
> 1  (172.16.150.1)  1.143 ms  1.132 ms  1.122 ms
>
>
> 2  (173.227.204.1)  1.585 ms  1.583 ms  1.574 ms
>
>
> 3  chi2-pr1-xe-0-3-0-0.us.twtelecom.net (66.192.245.166)  10.477 ms
> 10.485 ms 10.478 ms
>
>
> 4  x-eth-0-0-4-pe05.350ecermak.il.ibone.comcast.net (75.149.230.141)
> 10.470 ms 10.465 ms  10.457 ms
>
>
> 5  he-2-1-0-0-cr01.350ecermak.il.ibone.comcast.net (68.86.86.37)  10.733
> ms  10.731 ms he-2-0-0-0-cr01.350ecermak.il.ibone.comcast.net
> (68.86.86.33)  12.146 ms
>
>
> 6  be-10206-cr01.newyork.ny.ibone.comcast.net (68.86.86.225)  33.202 ms
> 32.144 ms  32.127 ms
>
>
> 7  68.86.91.30 (68.86.91.30)  41.508 ms  41.322 ms  41.599 ms
>
>
> 8  te-0-0-0-1-sur01.greensburg.pa.pitt.comcast.net (69.139.168.26)
> 38.196 ms te-0-0-0-3-sur01.greensburg.pa.pitt.comcast.net
> (162.151.21.82)  44.644 ms te-0-0-0-0-sur01.greensburg.pa.pitt.comcast.net
> (69.139.195.18)  38.266 ms
>
>
> 9  (107.1.72.98)  39.781 ms  39.785 ms  39.912 ms

Re: look for BGP routes containing local AS#

2015-01-28 Thread Pedro Cavaca 
If your ISP utilizes Juniper platforms, you might have to ask them to allow
the advertisement of these routes, see
http://www.firstdigest.com/2012/09/cisco-vs-juniper-different-ebgp-behavior/

On 28 January 2015 at 09:32, Song Li  wrote:

> Hi Joel,
>
> It is right that the BGP route containing the local ASN will be droped.
> However, such routes can still be displayed on router. For example, you can
> run "show route hidden terse aspath-regex .*.*" on Juniper to
> check them. We are looking for those routes. If you can run the command on
> your Juniper and find such routes, could you please provider them for us?
>
> Thanks!
>
> Regards!
>
> Song
>
> 在 2015/1/28 16:23, joel jaeggli 写道:
>
>  On 1/27/15 5:45 AM, Song Li wrote:
>>
>>> Hi everyone,
>>>
>>> Recently I studied the BGP AS path looping problem, and found that in
>>> most cases, the received BGP routes containing local AS# are suspicious.
>>> However, we checked our BGP routing table (AS23910,CERNET2) on juniper
>>> router(show route hidden terse aspath-regex .*23910.* ), and have not
>>> found such routes in Adj-RIB-In.
>>>
>>
>> Updates with your AS in the path are discarded as part of loop
>> detection, e.g. they do not become candidate routes.
>>
>> https://tools.ietf.org/html/rfc4271 page 77
>>
>> If the AS_PATH attribute of a BGP route contains an AS loop, the BGP
>> route should be excluded from the Phase 2 decision function.  AS loop
>> detection is done by scanning the full AS path (as specified in the
>> AS_PATH attribute), and checking that the autonomous system number of
>> the local system does not appear in the AS path.  Operations of a BGP
>> speaker that is configured to accept routes with its own autonomous
>> system number in the AS path are outside the scope of this document.
>>
>> in junos
>>
>> neighbor { ipAddress | ipv6Address | peerGroupName } allowas-in number
>>
>> where number is the number of instances of your AS in the path you're
>> willing to accept will correct that.
>>
>>  We believe that the received BGP routes containing local AS# are related
>>> to BGP security problem.
>>>
>>
>> You'll have to elaborate, since their existence is a basic principle in
>> the operation of bgp and they are ubiquitous.
>>
>> Island instances of a distributed ASN communicate with each other by
>> allowing such routes in so that they can be evaluated one the basis of
>> prefix, specificity, AS path length and so forth.
>>
>>  Hence, we want to look for some real cases in
>>> the wild. Could anybody give us some examples of such routes?
>>>
>>> Thanks!
>>>
>>> Best Regards!
>>>
>>>
>>
>>
>
> --
> Song Li
> Room 4-204, FIT Building,
> Network Security,
> Department of Electronic Engineering,
> Tsinghua University, Beijing 100084, China
> Tel:( +86) 010-62446440
> E-mail: refresh.ls...@gmail.com
>

Re: gmail spam help

2015-02-12 Thread Pedro Cavaca 
See

https://support.google.com/mail/answer/81126

which may take you to

https://support.google.com/mail/troubleshooter/2696779

and eventually to

https://support.google.com/mail/contact/bulk_send_new?hl=en&rd=1

HTH.


On 12 February 2015 at 15:41, Alex Rubenstein  wrote:

> I should have been clearer.
>
> I have been getting complaints from my sales folks that when they send
> emails to people who use gmail (either a gmail account or google apps) that
> they recipient is reporting that the email is ending up in the Spam folder.
> So, I tested this myself, sending an email from a...@corp.nac.net a...@corp.nac.net> to rubenstei...@gmail.com >
>
> [cid:image001.png@01D046AD.3B2FA890]
>
> This is curious to me, since @corp.nac.net is a small exchange
> implementation with only about 50 users behind it, and there is no question
> that there is no spamming going on from here.
>
> So, it’s not a question of adding a filter or not using gmail; it is not
> me who is using gmail in this problem.
>
>
>
> From: Josh Luthman [mailto:j...@imaginenetworksllc.com]
> Sent: Thursday, February 12, 2015 9:32 AM
> To: Alex Rubenstein
> Cc: NANOG list
> Subject: Re: gmail spam help
>
>
> Create a filter.
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> On Feb 12, 2015 8:11 AM, "Alex Rubenstein"  a...@corp.nac.net>> wrote:
> Is there anyone on-list that can help me with a world -> gmail email
> issue, where email is being considering spam by gmail erroneously?
>
> Thanks.
>
>

Re: ASN to IP Mapping

2015-03-07 Thread Pedro Cavaca 
I'm partial to IRR inverse queries on origin:
'whois -h whois.radb.net -- "-i origin AS" | grep route'

On 7 March 2015 at 20:58, Mansoor Nathani 
wrote:

> Perhaps look at http://bgp.he.net
>
> For instance: http://bgp.he.net/AS15169#_prefixes
>
> Mansoor
>
> On Sat, Mar 7, 2015 at 10:37 AM, Andrew Iwamoto <
> aiwam...@unleashed-technologies.com> wrote:
>
> > Is there a tool or method to determine IP blocks assigned to an
> > organization by ASN?  I.e. if I have an organization's ASN number I want
> to
> > know all blocks assigned to that ASN.
> >
> > Thank you.
> >
> > Andrew Iwamoto
> > Unleashed Technologies
> >
> >
>

Re: Any google network admins out there?

2015-04-03 Thread Pedro Cavaca 
https://support.google.com/websearch/answer/86640?hl=en

On 3 April 2015 at 04:53, Randy  wrote:

> I've started to get some message today from google claiming that my
> computer or network was sending automated queries, and they are blocking me.
> I'm not sending automated queries, Ive logged all of my outbound traffic
> and there is only my browser traffic going to google.
>
> I'm not responsible for any one else on "my network" since it is owned by
> my ISP, and solely blocking me based on what some one else with an ip
> address close to mine is not an acceptable practice to have for an address
> used for personal web browsing.
> I would like to know if there is any way to get into contact with google
> about this other then by legal means?
>

Re: Any google network admins out there?

2015-04-03 Thread Pedro Cavaca 
On 3 April 2015 at 22:53, Matt Palmer  wrote:

> Or, to answer your question more simply: "No".
>

That completely mischaracterizes my answer.


>
> - Matt
>
> On Fri, Apr 03, 2015 at 11:39:36AM +0100, Pedro Cavaca wrote:
> > https://support.google.com/websearch/answer/86640?hl=en
> >
> > On 3 April 2015 at 04:53, Randy  wrote:
> >
> > > I've started to get some message today from google claiming that my
> > > computer or network was sending automated queries, and they are
> blocking me.
> > > I'm not sending automated queries, Ive logged all of my outbound
> traffic
> > > and there is only my browser traffic going to google.
> > >
> > > I'm not responsible for any one else on "my network" since it is owned
> by
> > > my ISP, and solely blocking me based on what some one else with an ip
> > > address close to mine is not an acceptable practice to have for an
> address
> > > used for personal web browsing.
> > > I would like to know if there is any way to get into contact with
> google
> > > about this other then by legal means?
> > >
> >
>
> --
> How many Apple Newton users does it take to change a lightbulb?
> Foux. There to eat lemons, axe gravy soup.
> -- Seen on the 'net
>
>

Re: Fixing Google geolocation screwups

2015-04-07 Thread Pedro Cavaca 
https://support.google.com/websearch/answer/873?hl=en


On 7 April 2015 at 23:26, John Levine  wrote:

> A friend of mine lives in Alabama and has business service from at&t.
> But Google thinks he's in France.  We've checked for various
> possibilities of VPNs and proxies and such, and it's pretty clear that
> the Goog's geolocation for addresses around 99.106.185.0/24 is screwed
> up.  Bing and other services correctly find him in Alabama.
>
> Poking around I see lots of advice about how to use Google's
> geolocation data, but nothing on how to update it.  Anyone
> know the secret?  TIA
>
> Regards,
> John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. http://jl.ly
>
>
>

Re: Fixing Google geolocation screwups

2015-05-05 Thread Pedro Cavaca 
On 5 May 2015 at 16:22, Matthew Black  wrote:

> Pedro Cavaca suggests:
> > https://support.google.com/websearch/answer/873?hl=en
>
> Correct me if I'm wrong, that looks like Google simply saves location data
> in a browser cookie.
>
> "A location helps Google find more relevant information when you use
> Search, Maps, and other Google products. Learn how Google saves location
> information on this computer."
>

I don't see the text you quoted on the URL I provided.

I do see a "report the problem"  clickable, which was the point I was
trying to make on my original answer.



>
> matthew black
> california state university, long beach
>
>
> -Original Message-
> From: NANOG [mailto:nanog-bounces+matthew.black=csulb@nanog.org] On
> Behalf Of Pedro Cavaca
> Sent: Tuesday, April 07, 2015 3:41 PM
> To: John Levine
> Cc: NANOG Mailing List
> Subject: Re: Fixing Google geolocation screwups
>
> https://support.google.com/websearch/answer/873?hl=en
>
>
> On 7 April 2015 at 23:26, John Levine  wrote:
>
> > A friend of mine lives in Alabama and has business service from at&t.
> > But Google thinks he's in France.  We've checked for various
> > possibilities of VPNs and proxies and such, and it's pretty clear that
> > the Goog's geolocation for addresses around 99.106.185.0/24 is screwed
> > up.  Bing and other services correctly find him in Alabama.
> >
> > Poking around I see lots of advice about how to use Google's
> > geolocation data, but nothing on how to update it.  Anyone know the
> > secret?  TIA
> >
> > Regards,
> > John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for
> > Dummies", Please consider the environment before reading this e-mail.
> > http://jl.ly
> >
> >
> >
>

Re: The Internet Is Now Officially Too Big as IP Addresses Run Out - NBC News

2015-07-03 Thread Pedro Cavaca 
On 3 July 2015 at 05:40, Jay Ashworth  wrote:

> John Curran gets a quote; NBC gets the etymology of "IPv4" wrong.
>

Statistics/Graphs get misinterpreted; Belgium isn't a country. News at 11.


>
> Just keep them away from Jim Fleming.
>
>
> http://www.nbcnews.com/news/us-news/internet-now-officially-too-big-ip-addresses-run-out-n386081
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>

Re: In Over My Head -- What do I need to setup a tiny ISP?

2013-10-20 Thread Pedro Cavaca 
Given your starting conditions, I'd advise the reading of
http://compnetworking.about.com/cs/isps/gr/aapr-cisco_ispe.htm which you
can download a free (2001 ed.) copy of from Cisco at
ftp://ftp-eng.cisco.com/cons/isp/documents/IOSEssentialsPDF.zip.

Probably a little dated and with lots of Cisco specific stuff, but most of
the concepts can probably be extrapolated to other devices.

Not sure if it covers billing, though, and probably won't cover wifi/wimax.

HTH.



On 19 October 2013 20:57, Notify Me  wrote:

> Hi,
>
> Please allow me to apologize profusely if my post is offensive, or in
> error.
> I have been lurking on this list watching and learning from all the great
> posts here and am in awe of everyone here. I can only hope one day to be as
> knowledgeable as anyone on this list.
>
> That being said, some people who have a lot more faith in my abilities than
> I do seem to think I am the go-to guy for network information. And they
> foolishly asked me for assistance in putting together a small ISP network
> which is supposed to cater for home users inside of a residential area,
> very likely wireless (wifi/WIMAX).
>
> I have no idea what the nuts and bolts of this kind of setup are. All I
> have in my toolbox are some hastily learnt CCNA lingo, a good knowledge of
> networks, system and network admin experience, and a deep love of open
> source software.
>
> I'm hoping the great gurus on this site can advise me on what needs to be
> put together ( infrastructure, AAA, billing, etc) for this to run?
>
> I confess I am really interested in helping my questioners put this
> together, not just for whatever material gain (which is unlikely at this
> point), but just for the experience which is very valuable to me. I also
> have to state that I live in Nigeria, so whatever advice you offer has to
> be fourth-world applicable.
>
> I humbly await your kind responses, and I apologize once again if I am in
> error.
>
> Thanks for listening!
>

Re: Changing Google Geodatabase information

2013-11-02 Thread Pedro Cavaca 
On 3 November 2013 02:59, Bryan Socha  wrote:

> I've been searching for a way to submit updates to google for
> incorrect geodatabase information on our ip address assignments.
> does anyone have a contact or know how to do this?
>
>
You might want to look at:

https://support.google.com/websearch/contact/ip

http://tools.ietf.org/html/draft-google-self-published-geofeeds-02

And then email n...@google.com.

HTH.


> Thanks,
>
> Bryan Socha
>
>

Re: Recovery mode on Juniper M7i

2013-11-06 Thread Pedro Cavaca 
Maybe you're not doing anything wrong and someone tweaked the routers and
marked the console as insecure, a previous owner maybe?

http://superuser.com/questions/85536/securing-freebsd-in-single-user-mode

http://www.freebsd.org/cgi/man.cgi?query=boot&sektion=8

HTH.


On 6 November 2013 21:11, Anurag Bhatia  wrote:

> Hello everyone!
>
>
> Greetings of the day.
>
>
> I am kind of (badly) stuck with multiple routers and not able to recover
> the root password. It's Juniper M7i. I have followed the Juniper support
> page as given here -
>
> http://www.juniper.net/techpubs/en_US/junos/topics/task/configuration/authentication-root-password-recovering.htmland
> strange enough that it worked with one of routers I have but failed on
> rest all.
>
>
> I am getting stuck on Step #12. As I give "boot -s" to get into single user
> mode of BSD, system next asks me for root password and hence I am out of
> luck to get into "recovery mode". I tried pressing enter on that prompt as
> well but no luck. I am connecting to router via console and do have
> physical access to router(s).
>
>
> Was wondering if someone has seen similar issues and could guide on what I
> am doing wrong? Most of other help pages I have seen on net have same exact
> steps as given on that page.
>
>
>
>
> Thanks.
> --
>
>
> Anurag Bhatia
> anuragbhatia.com
>
> Linkedin  |
> Twitter
> Skype: anuragbhatia.com
>

Re: BGP neighbor/configuration testing

2013-11-25 Thread Pedro Cavaca 
The auth error was transient, forget about it.

Now you're getting 6/1 - maximum number of prefixes reached.

http://tools.ietf.org/html/rfc4486
(or
http://backupsalmanaja.blogspot.ie/2009/12/bgp-cease-notification-messages.htmlif
you prefer).

HTH



On 25 November 2013 23:07, Eric A Louie  wrote:

> All Cisco/Cisco, I don't have a Juniper here to test with
>
> mismatch AS
> *Apr  9 00:31:47.691: %BGP-3-NOTIFICATION: received from neighbor
> 10.250.254.253 2/2 (peer in wrong AS) 2 bytes 6A39
>
> mismatch neighbor IP address
> no logged error
>
> MTU mismatch
> no logged error, session remained up
>
> Subnet mask mismatch
> session remained up, no logged error
>
> I haven't created the multihop scenario to see the error messages.
>
>
> None of these issues caused the (authentication failure).
>
>
>
>
>
> >
> > From: Chuck Anderson 
> >To: nanog@nanog.org
> >Sent: Monday, November 25, 2013 11:10 AM
> >Subject: Re: BGP neighbor/configuration testing
> >
> >
> >Authentication failure might mean (without knowing for sure which on
> >Cisco):
> >
> >- mismatch AS numbers
> >- mismatch neighbor IP addresses
> >- multihop/TTL issues
> >- MTU issues
> >
> >On Mon, Nov 25, 2013 at 11:06:33AM -0800, Eric A Louie wrote:
> >> That's a natural first impression but there are no passwords configured
> on the BGP session on either router.  I know it looks like an
> authentication error but it's a "misnomer" (at least from the searches I
> did on the error message).  From the sequence of messages, we get
> Established and 2 seconds later the session Closes.  The reason for the
> Close may lead us to the solution.
> >>
> >> I'm reluctant to turn on debug bgp because this is a live production
> router, and if I hose it, there will be a lot of 'splainin to do [1]
> >>
> >> [1]
> http://www.quotecounterquote.com/2011/05/lucy-you-got-some-splainin-to-do.html
> >>
> >>
> >>
> >>
> >>
> >> >
> >> > From: Daniel Rohan 
> >> >To: Eric A Louie 
> >> >Cc: Joe Abley ; "nanog@nanog.org"  >
> >> >Sent: Monday, November 25, 2013 10:55 AM
> >> >Subject: Re: BGP neighbor/configuration testing
> >> >
> >> >
> >> >
> >> >Seems like:
> >> >
> >> >Nov 25 06:28:34.837 pacific: %BGP-3-NOTIFICATION: received from
> neighbor xxx.118.92.149 2/5 (authentication failure) 0 bytes
> >> >>
> >> >should be a good starting place. I'm assuming you've already discussed
> auth keys with your provider and if everyone is putting that in correctly,
> I'd suggest turning on debugging to see what exactly that message is all
> about.
> >> >
> >> >
> >> >Dan
> >
> >
> >
> >
>

Re: telnet into a netgear switch?

2013-11-25 Thread Pedro Cavaca 
On 25 November 2013 23:42, David Birdsong  wrote:

> On Nov 25, 2013 1:51 PM, "Jason Pope"  wrote:
> >
> > --
> > Message: 2
> > Date: Sun, 24 Nov 2013 18:47:09 -0800
> > From: David Birdsong 
> > To: nanog@nanog.org
> > Subject: telnet into a netgear switch?
> > Message-ID:
> >  es1vz0gh_pp-vz+sprk9td-1u0a34c3a6...@mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > Hey all, last night while at the datacenter I was in a pinch to extend a
> > rack's LAN. I compromised and ran out to the local Fry's to buy whatever
> > switch I could find so as to allow some configuration to happen while
> > we wait for the real network gear to show up.
> >
> > I left before confirming I could access the switch remotely; it was very
> > late and I was pretty groggy and hey, any network gear has to be
> > telnet'table this day and age. Of course I was mostly wrong.
> >
> > The switch expects some signed payload before allowing a telnet through.
> I
> > found this: https://code.google.com/p/netgear-telnetenable/...but I'm
> > having a hell of a time getting anything to respond.
> >
> > The most confounding part is the switch doesn't respond to a single SYN
> > packet on low ports. I'm scanning all the ports now, but if nothing shows
> > up, I'm not sure what a payload is good for if the switch doesn't ACK a
> > single SYN.
> >
> > I'm curious if anybody's got any tips besides not using Netgear in the
> > datacenter.
> >
> > I have the MAC, I've IP'd it via DHCP, and the model number: JGS524E and
> I
> > can power cycle the switch as much as needed.
> >
> >
> > P.S. long time listener, first time caller. i'm more of a sysadmin
> > dangerously standing in for a proper network person.
> > --
> >
> > Seems to me that you need to use their "Switch Configuration Utility" to
> > manage the switch.  I didn't read all the documentation, but that is what
> > jumps out at me after a brief look.  Maybe it will allow you to enable
> > telnet or ssh from there.  See the following link:
> >
>
> No windows box handy, nor the desire for that hoop.
>
> ...but what magic is a windows app going to perform to wake up an
> unresponsive TCP stack?
>

In view that the application needs to be run directly on the LAN, I'm not
sure why you'd expect any TCP/IP like protocol - I asked a friend for a
packet capture and it seems that the configuration utility is using RRCP (
http://en.wikipedia.org/wiki/Realtek_Remote_Control_Protocol).

HTH


> > http://downloadcenter.netgear.com/en/product/JGS524E
> >
> > Jason
>

Re: BGP from Juniper to Cisco ASR

2013-12-18 Thread Pedro Cavaca 
On 18 December 2013 15:48, Philip Lavine  wrote:

> Dec 18 07:46:33: %BGP-3-NOTIFICATION: received from neighbor 
> active 2/5 (authentication failure) 0 bytes
> Dec 18 15:46:33.615: BGP: ses global  (0x7FB1CD209CF0:0) act
> Receive NOTIFICATION 2/5 (authentication failure) 0 bytes
>
Although I have seem this on the message boards I am little confused in
> that the ISP is telling me that there is no authentication enabled on the
> Juniper and I do not have authentication enabled on the ASR. So what is
> going on here?
>

That's an error during the Open phase, so it can't be related to any MD5
authentication configuration - which is absent, as you say so yourself.

Make sure you're trying to initiate the BGP session from the right IP
address (eventually needing to use "neighbor X update-source ")
and that their configuration matches your address correctly (i.e., they
have the right address on your side, without any typos on their
configuration).

It probably wouldn't hurt to confirm they have your peering session
configured as "type external".

HTH.

Re: Help me make sense of these traceroutes please

2013-12-24 Thread Pedro Cavaca 
On 25 December 2013 00:03, Sam Moats  wrote:

> On 2013-12-24 18:55, Jeroen Massar wrote:
>
>> On 2013-12-25 00:16, Sam Moats wrote:
>>
>>> Hello Nanog community,
>>> I would like to enlist your help with understanding this latency I'm
>>> seeing.
>>>
>>
>> You are likely seeing the effects of asymmetric routing.
>>
>
> That's what I was thinking to.
>
>
>> [..]
>>
>>> Tracing route to xxx.yyy.ie [193.1.x.x]
>>>
>>
>> www.heanet.ie by chance? :)
>>
>
> Yes they were the owners of the IP I used for the example case and the
> heanet folks are actually totally awesome :-)
>
>
>
>> Though you could use for instance:
>> http://planchet.heanet.ie/toolkit/gui/reverse_traceroute.cgi
>>
>> to do a reverse traceroute, do make sure you force your connectivity to
>> IPv4 as that host will do IPv6 too. (locally nullrouting the destination
>> /128 is the trick I use for 'disabling' IPv6 temporarily).
>>
>> Otherwise the HEANET folks are extremely helpful and clued in, you can
>> always ask them for help with issues. It is the end-of-year though and
>> those Irish folks have lots of really good whiskey, Guinness thus you
>> might have to be patient till the new year.
>>
>
> Also you'd be amazed how many network issues can be solved with a bunch of
> IT folks and an ample supply of Guinness
>
>
>
>> Alternatively, you could use a tool like 'tracepath' or 'mtr' as those
>> reports multiple answers to a response and also check for the TTL on the
>> return packets.
>>
>> Greets,
>>  Jeroen
>>
>
> Thanks, this isn't affecting my service now I've worked around it so it's
> more a curiosity than anything. It seems really odd to me that the same L3
> edge router would route the ICMP unreachable back to me via different paths
> based on the final destination IP of the of the ICMP echo packet.
>
>
Based on the data you provided, my guess is some kind of MPLS transport
(please refer to
https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf,
pages 46-48).

HTH.


> Well its Christmas eve here and the customers are happy so Guinness seems
> like the best approach now :-)
>
> Thanks and have a good Holiday,
> Sam Moats
>
>
>