Re: Flow based architecture in data centers(more specifically Telco Clouds)

On Sun, 9 Feb 2020 at 23:09, Rod Beck wrote: > I am curious about the distinction about the flow versus non-flow > architecture for data centers and I am also fascinated by the separate issue > of WAN architecture for these Based on the context of the OP's question, he is talking about archite

Re: CISCO 0-day exploits

I really thought that more Cisco devices were deployed among NANOG. I guess that these devices are not used anymore or maybe that I understood wrong the severity of this CVE. Happy NANOG #78 Cheers Jean On 2020-02-07 09:21, Jean | ddostest.me via NANOG wrote: CDPwn: 5 new zero-day Cisco ex

Peering/Transit eBGP sessions -pet or cattle?

Hi, Would like to take a poll on whether you folks tend to treat your transit/peering connections (BGP sessions in particular) as pets or rather as cattle. And I appreciate the answer could differ for transit vs peering connections. However, I'd like to ask this question through a lens of red

Re: CISCO 0-day exploits

On Monday, 10 February, 2020 11:50, "Jean | ddostest.me via NANOG" said: > I really thought that more Cisco devices were deployed among NANOG. > > I guess that these devices are not used anymore or maybe that I > understood wrong the severity of this CVE. The phones / cameras side of it seems

Re: CISCO 0-day exploits

On Mon, 10 Feb 2020 at 13:52, Jean | ddostest.me via NANOG wrote: > I really thought that more Cisco devices were deployed among NANOG. > > I guess that these devices are not used anymore or maybe that I > understood wrong the severity of this CVE. Network devices are incredibly fragile and most

Re: CISCO 0-day exploits

I remember a Cisco device with an ACL that was leaking. It was a 20 lines ACL with few lines to drop some packets based on UDP ports. When under heavy stress, nearly line rate, we would see some of these packets going through the ACL. I said to my peers that the ACL was leaking. They didn't b

Re: Flow based architecture in data centers(more specifically Telco Clouds)

On Sun, Feb 9, 2020 at 4:15 PM Christopher Morrow wrote: > > > > On Sun, Feb 9, 2020 at 1:06 PM Rod Beck > wrote: >> >> They don't have to be related. >> > > makes a cogent conversation harder :) Srsly?! Any conversation including Cogent is harder W (Sorry, couldn't resist. I tried, but fa

Re: Peering/Transit eBGP sessions -pet or cattle?

No matter how much money you put into your peering router, the session will be no more stable that whatever the peer did to their end. Plus at some point you will need to reboot due to software upgrade or other reasons. If you care at all, you should be doing redundancy by having multiple locations

Re: CISCO 0-day exploits

On 10/02/2020 13:40, Saku Ytti wrote: > There are various L3 packet of deaths where existing infra can be > crashed with single packet, almost everyone has no or ridiculously > broken iACL and control-plane protection, yet business does not seem > to suffer from it. The cynic in me would suggest

RE: Peering/Transit eBGP sessions -pet or cattle?

> Baldur Norddahl > Sent: Monday, February 10, 2020 3:06 PM > > No matter how much money you put into your peering router, the session > will be no more stable that whatever the peer did to their end. > Agreed, that's a fair point, > Plus at some > point you will need to reboot due to softwa

SLAAC renumbering problems (Fwd: [v6ops] draft-gont-v6ops-slaac-renum **Call for adoption**)

Folks, A while ago some of us started working on an IETF draft to document and mitigate some issues experienced by SLAAC in the face of some renumbering events. Such work has resulted in three small documents. * draft-gont-v6ops-slaac-renum (problem statement) * draft-gont-v6ops-slaac-renum (CPE

Re: CISCO 0-day exploits

--- nanog@nanog.org wrote: From: "Jean | ddostest.me via NANOG" > https://www.armis.com/cdpwn/ > > What's the impact on your network? Everything is under control? --- I really thought that more Cisco devices were deployed among NANOG. I guess that these de

Re: Peering/Transit eBGP sessions -pet or cattle?

Hello Adam, On Mon, 10 Feb 2020 at 13:37, wrote: > Would like to take a poll on whether you folks tend to treat your > transit/peering connections (BGP sessions in particular) as pets or rather as > cattle. Cattle every day of the week. I don't trust control-plane resiliency and things like

Re: CISCO 0-day exploits

> > I really thought that more Cisco devices were deployed among NANOG. > > I guess that these devices are not used anymore or maybe that I > understood wrong the severity of this CVE. A proper network design helps to mitigate flaws like this. If you have CDP off, which many people do, then

Re: CISCO 0-day exploits

On 10/02/2020 18:13, Scott Weeks wrote: > Just because you use cisco devices doesn't mean you have to use > their proprietary protocols, such as EIGRP or CDP. OSPF or LLDP > work just fine and interoperate with other vendors... :) The CDPwn vulnerability covers similar vulnerabilities in LLDP,

Re: Peering/Transit eBGP sessions -pet or cattle?

On Mon, Feb 10, 2020 at 5:42 PM wrote: > > > To be explicit: Router R1 has connections to transits T1 and T2. > > Router R2 also has connections to the same transits T1 and T2. When > > router R1 goes down, only small internal changes at T1 and T2 happens. > > Nobody notices and the recovery is s

Re: Charter contact

On 2/7/20 6:36 PM, Mehmet Akcin wrote: Hey there I am looking for a contact in Charter for a 10G wave. Reno > SF or Reno to > LA. Please let me know if you know people who may help. If you can get them to actually sell you a 10G. Last time I dealt with Charter they maxed out at offering 5

AS7843 at NANOG78

Hi, Would an operator from AS7843 at NANOG78 reach out to me off-list? Thanks, Aaron

Re: Peering/Transit eBGP sessions -pet or cattle?

Hello Baldur, On Mon, 10 Feb 2020 at 19:57, Baldur Norddahl wrote: > Many dual homed companies may start out with two routers and two > transits but without dual links to each transit, as you describe > above. That will cause significant disruption if one link goes > down. It is not just about c

SD-NAP (San Diego) Internet Exchange?

Wondering if SD-NAP is still functional? PeeringDB entry looks pretty stale, haven't been able to reach any contact aware of the current status. Appreciate any help or direction on the status, thanks. --Matt

Re: SD-NAP (San Diego) Internet Exchange?

Last I knew it had pretty much devolved into intra-campus and local A/R&E interconnection, but our contacts here have retired as well. -Bill > On Feb 10, 2020, at 21:15, Matt Peterson wrote: > >  > Wondering if SD-NAP is still functional? PeeringDB entry looks pretty st

Re: CISCO 0-day exploits

Disclaimer, I do not work for any vendor right now, and I don't sell any product that might benefit from scaring anyone, so this is just some whining for a real issue that someone needs to do something about. I've worked for the CDP vendor for a long time, and I do concur to what Saku is saying...