Hi Baldur,
Have you tried disabling storage of received updates from your upstream on
your edge/PE or Border? Just remove *soft-reconfiguration inbound* for eBGP
peering with your upstream/s. This will resolve your issue.
If you have multiple links to different upstream providers and you want to
Hi John,
I have gone through this pain previously and I suggest you contact the main
Geo IP database providers and have them update their DB as some
organisation use them, they don't rely on IRR entries.
Some hosting companies and content/streaming/Pay-TV providers also use
these GeoIP Databases w
Your upstream should have provided you with BGP backhole community where
you tag your /32 and they propagate the BGP BH to all their upstream
providers.
On Sun, Dec 23, 2018 at 11:27 AM Josh Luthman
wrote:
> But if they route it to me and I null it, the traffic is already fillimg
> my pipe (whic
Hi Baldur,
Based on the information you provided, CPE connects to the POI via
different service provider (access network provider / middle man) before it
reaches your network/POP.
With this construct, you are typically responsible for IP allocation and
session authentication via DHCP (option
Erik,
Before I email my suggestions, can you clarify the followings;
Do Core1 and Core2 also provide the function of BDRs peering with your
upstream/s?
Or
Just acting as Core/RRs with 500Mbps of traffic traversing through them?
Cheers
Ahad
On Fri, May 4, 2018 at 4:01 PM, Erik Sundberg
wrote
Have you emailed their abuse or NOC teams with the attack logs from their
IPs?
Sometimes ISP servers or their customer CPEs are compromised without their
knowledge.
On Wed, 3 Jan 2018 at 1:56 pm, Dovid Bender wrote:
> Hi All,
>
> Lately we have seen a lot of attacks from IPs where the PTR recor
Hi Karim,
If 1 x RU is a must have, then you might want to look at Cisco ASR1001-X,
it comes with 6 x GigE and 2 x 10GE. It does have throughput limitation,
check out the datasheet to ensure it meets your bandwidth requirements.
Alternatively, the ASR9001 as suggested by Erik is a good entry leve
Hi Marcel,
I've personnel tested similar requirements on the followings;
ASR1001 - 8G RAM
ASR1001-X
ASR1002 8G RAM
with two eBGP sessions / full routes via two upstreams and mutiple iBGP
sessions to the core. The ASR1K is a safe bet.
The ISR G2 2921 or 2951 suffers under load if you have PBR or
Hi Fredrik,
Running two different IGPs for IPv4 and IPv6 is a recipe for disaster even
if it’s a short-term goal.
Here are a few things to consider;
OSPF is good for small ISPs with small routing tables (10 to 15K routes).
It will support more routes but configuration of your network becomes mor
David
Generally speaking, when customers have concerns about their traffic
crossing borders, they do ask upfront.
As a multinational operator you can only guarantee traffic if customers
asks and offcours pays the fee for special class of service.
Ahad
On Wed, 9 Aug 2017 at 9:21 am, Hiers, David
Julian
If you have budget constraints, try getting 2 x ASR1004, else ASR1006 with dual
RP would take care of your needs.
Cheers
Ahad
Sent from my iPhone
> On 15 Aug 2015, at 1:06 am, Julian Eble wrote:
>
> Hello Nanog,
> Our company are constantly growing and we're looking for a 30k+ subscr
To: a...@telcoinabox.com
Cc: ske...@eintellegonetworks.com; o...@delong.com; b...@herrin.us;
nanog@nanog.org
Subject: [OT] Re: Intellectual Property in Network Design
On Fri, 13 Feb 2015 11:43:14 +1100, Ahad Aboss said:
> In a sense, you are an artist as network architecture
> is an ar
Hi Skeeve,
In a sense, you are an artist as network architecture is an art in itself.
It involves interaction with time, processes, people and things or an
intersection between all.
As an architect, you analyze customer needs and design a solution using
your creative ideas to address their busine
Interesting point.
The truth is, the ISP is responsible for the quality of experience for their
end customers regardless of what content the customers consume or what time
they consume it. They pay a monthly subscription / access fee and that is
where it stops. ISPs can chose to blame Netflix unt
Have you tried a different IOS?
Ahad
> On 25 Oct 2013, at 8:55 pm, Nikolay Shopik wrote:
>
> Hey, anyone had issues with A9K-MPA-20X1GE in ASR9001?
>
> It get disabled for us after 20 seconds finishing initialization, with
> such message.
>
> %PLATFORM-SCC-2-BAD_ID_HW : Failed Identification
It has happened in the past and there is no silver bullet solution to
prevent this 100%.
-Original Message-
From: Martin T [mailto:m4rtn...@gmail.com]
Sent: Wednesday, 7 August 2013 7:13 PM
To: Paul Ferguson
Cc: nanog@nanog.org
Subject: Re: questions regarding prefix hijacking
Ok. And su
Scott,
Use a DDOS detection and mitigation system with DPI capabilities to deal
with traditional DDOS attack and anomalous behaviour such as worm
propagation, botnet attacks and malicious subscriber activity such as
flooding and probing. There are only a few vendors who successfully play in
this s
17 matches
Mail list logo
