Applications of MPLS in the metro area

Hello ! I'm looking for what a network operator would consider a realistic reference deployment of MPLS within the metro area network. By "realistic reference", I'm asking about what a network operator would consider to be a typical, perhaps most common, application of MPLS technology. >From a b

RE: Applications of MPLS in the metro area

For the ISP and Carrier Ethernet network I run, I use MPLS for various things. It provides wonderful segmentation of different communities (customers and uses). I use MPLS ELINE (p2p) extensively for Cellular Backhaul I use MPLS ELAN (mp2mp) in various places for emulating LAN’s over l

RE: Applications of MPLS in the metro area

Hi, So where the books talk about PEs -think of your metro nodes here (basically converting the metro into an MPLS network -or making it part of your existing MPLS core) (you might not have a classic design where PEs hang off of P-Core nodes and might have just rings of PEs in your metro area)

Abuse Desks

I noticed over the weekend that a Fail2Ban instance's complain function wasn't working. I fixed it. I've noticed a few things: 1) Abusix likes to return RIR abuse contact information. The vast majority are LACNIC, but it also has kicked back a couple for APNIC and ARIN. When I look up the com

Re: Abuse Desks

Please don't use this kind of crap to send automated "we received 3 login attempts on our SSH box..wa" emails. This is why folks don't have abuse contacts that are responsive to real issues anymore. Matt On 4/28/20 11:57 AM, Mike Hammett wrote: > I noticed over the weekend that a Fail2B

Pearson VUE Contact...

Greetings Team, Anyone from the aforementioned organization on this forum? I raised a query via their Customer Service Team but havent heard back from them. Warm regards, Michael Bullut. --- *Cell:* *+254 723 393 114.**Skype Name:* *Michael Bullut.* *Blog: http://www.kipsang.com/

RE: Applications of MPLS in the metro area

Yeah, I forgot earlier but I’m using EVPN/MPLS for DC interconnections now also, for nicely integrating L2/L3 and host/machine level route preference MPLS in some ways is reminiscent of the ability to fire-off Smart-PVC’s (SPVC/P) over an ATM (asynchronous transfer mode) network, and thus ach

Re: Applications of MPLS in the metro area

I started poking around to learn more about these use cases and came across this interesting extract : "Juniper Networks® ACX Series Universal Metro Routers are Juniper’s response to a shift in metro netwo

CGNAT Solutions

Afternoon, I run a small ISP in Tennessee. COVID has forced a lot of people to work from home. I am starting to run low on IP's and need to consider CGNAT. I do have IPV6 space, but we all know that until we force everyone to move to IPV6, we need to keep IPV4 up and running. I could buy more

RE: Applications of MPLS in the metro area

Yeah, I use the heck out of the ASCX5048, it is the mpls edge of my resi/busi mpls ftth network… Lines/terminology can get blurry…But, I would say that I will do my best to get mpls into every nook and cranny of my network, where/when it makes sense. Forgive the atm analogy again, but se

Re: CGNAT Solutions

Just go with Linux and iptables. It is by far the cheapest option and it just works. tir. 28. apr. 2020 21.13 skrev John Alcock : > Afternoon, > > I run a small ISP in Tennessee. COVID has forced a lot of people to work > from home. I am starting to run low on IP's and need to consider CGNAT.

RE: CGNAT Solutions

Hi John, I run a small/medium ISP in Texas. A few years ago, needing to do the same thing you are speaking of, I lab evaluated the Cisco ASR9k VSM-500 and Juniper MX104 MS-MIC-16G… in the end I went with Juniper. No regrets, been good and holding strong. I’ve scaled it way beyond what I origi

Re: CGNAT Solutions

On Tue, Apr 28, 2020 at 12:12 PM John Alcock wrote: > I run a small ISP in Tennessee. I am starting to run low on IP's and need to > consider CGNAT. Hi John, How small is small? Up to a certain size regular NAT with enough logging to trace back abusers will tend to work fine. if we're talking

Re: CGNAT Solutions

I will say it is much better to consider 464XLAT with NAT64, if the CPEs allow it. https://datatracker.ietf.org/doc/rfc8683/ I’m right now doing a deployment for 25.000.000 customers of an ISP (GPON, DLS and cellular mix), all the testing has been done, and all doing fine. I’ve done i

Re: CGNAT Solutions

Take a look at DANOS for CG-NAT as a free solution or Netgate's TNSR has a CG-NAT feature https://www.tnsr.com/features On Tue, Apr 28, 2020 at 2:57 PM JORDI PALET MARTINEZ via NANOG < nanog@nanog.org> wrote: > I will say it is much better to consider 464XLAT with NAT64, if the CPEs > allow it. >

Re: CGNAT Solutions

On 4/28/20 4:53 PM, William Herrin wrote: How small is small? Up to a certain size regular NAT with enough logging to trace back abusers will tend to work fine. if we're talking single-digit gbps, it may not be worth the effort to consider the wonderful world of CGNAT. Depending on how many IPs

Re: Abuse Desks

On Tue, 28 Apr 2020, Matt Corallo via NANOG wrote: Please don't use this kind of crap to send automated "we received 3 login attempts on our SSH box..wa" emails. This is why folks don't have abuse contacts that are responsive to real issues anymore. Thats what SBL is for. -Dan

Re: Abuse Desks

On Tue, Apr 28, 2020 at 08:45:12PM -0700, Dan Hollis wrote: > On Tue, 28 Apr 2020, Matt Corallo via NANOG wrote: > > Please don't use this kind of crap to send automated "we received 3 login > > attempts on our SSH box..wa" emails. > > This is why folks don't have abuse contacts that are r

Re: Abuse Desks

DDoS, hijacker, botnet C&C, compromised hosts, sufficiently-hard-to-deal-with phishing, etc are all things that carry real risk to services that are otherwise well-maintained (primarily in that many of the latter lead to the former). Nothing wrong with using or monitoring fail2ban, but if you’re

Re: Abuse Desks

Hi Matt On Tue, Apr 28, 2020 at 11:02:04PM -0700, Matt Corallo wrote: > DDoS, hijacker, botnet C&C, compromised hosts, > sufficiently-hard-to-deal-with phishing, etc are all things that carry > real risk to services that are otherwise well-maintained (primarily in > that many of the latter lead to

Re: CGNAT Solutions

Brandon Martin wrote: You can't get rid of all the state tracking without also having the CPE know which ports to use If you mean getting rid of logging, not necessarily. It is enough if CPEs are statically allocated ranges of external port numbers.

Re: Abuse Desks

Sadly dumb kids are plentiful. If you have to nag an abuse desk every time they sell a server to a kid who’s experimenting with nmap for the first time then we’ll end up exactly where we are - abuse contacts are not a reliable way to get in touch with anyone, and definitely not a reliable wa

Re: Abuse Desks

On Tue, Apr 28, 2020 at 11:40:16PM -0700, Matt Corallo wrote: > Sadly dumb kids are plentiful. If you have to nag an abuse desk every > time they sell a server to a kid who’s experimenting with nmap for the > first time then we’ll end up exactly where we are - abuse contacts > are not a reliabl