Re: Australian Dark Fibre Providers - Sydney

Hi Scott, NextHop (https://www.nexthop.com.au/) is probably worth a look if you're looking for within the Sydney 2000 area or between Sydney metro DCs. Unicast me and I can do an intro if you like. - Tim On Thu, Mar 11, 2021 at 12:42 PM scott wrote: > > On 3/10/2021 3:37 PM, Rod Beck wrote: >

Re: "Tactical" /24 announcements

I quite like this approach as well - for those that would like to do more complicated policy logic off-box, the RTR architecture very much lends itself to that. JNPR already has accessible APIs (JET-based / RPC) you can leverage to push configuration into the ephemeral database or be called on

Re: "Tactical" /24 announcements

We do something similar - build the prefix lists externally (based on PeeringDB, IRR, RPKI data) and push them with config management on regular intervals. This sort of automated policy architecture is clearly becoming more common, and the drive (see: MANRS) is ever-increasing. I'd really like some

Re: sub $500-750 CPE firewall for voip-centric application

The SIP ALG in the Juniper SRXs is definitely one of the best I’ve come across. I defaulted to turning it off based on my previous experiences with SIP ALGs and NAT however it became apparent that it actually worked really well and I ended up defaulting it to on. - Tim > On 6 May 2016, at 3:3

Re: automated site to site vpn recommendations

There is a downside to subscription pricing for the vendor: they don't get the instant cashflow they're used to. I know Cisco seems to be taking a tactic where only some product lines use subscriptions and the others are on a typical enterprise 3-5 year replacements cycle to provide Cisco with t

Re: Recent NTP pool traffic increase

This was my thought actually, Apple does offer some time services as part of the OS but it’s becoming common with larger / more popular apps to provide some of these services internally. Look at the FB app for example, there are a lot of “system” things they do themselves due to the ability to c

Re: Recent NTP pool traffic increase

t; > From: NANOG [nanog-boun...@nanog.org] On Behalf Of Tim Raphael > [raphael.timo...@gmail.com] > Sent: Tuesday, December 20, 2016 5:34 PM > To: Gary E. Miller > Cc: nanog@nanog.org > Subject: Re: Recent NTP pool traffic increase > > Th

Re: Question about bird RS config with BGP Community support

As an operator of large, established IXP I would also recommend this path. A lot of work had gone into the likes of IXPManager and arouteserver and they provide great value in providing secure configurations with added features such as action communities you are after. Cheers, Tim > On 24 Jul

Re: Non-profit IX vs. neutral for-profit IX

The other point to consider is that a NFP can justify more locations and offer services (such as extended reach) that don’t have the same profit margins or ROI as for-profits. This often leads to greater value to those with smaller networks and fewer customers allowing them to grow and expand wi

Re: Service Provider NetFlow Collectors

I would advise against InfluxDB in this case - flow data has a very high (and open) tag cardinality which is not suited to Influx (although their recently new index format has improved this). I’m currently pushing sFlow through Pmacct —> Kafka —> Clickhouse (columnar store) with a summing merge

Re: Service Provider NetFlow Collectors

This is correct, With a flow database you want to be able to say: “show me all HTTP traffic from subnet a.b.c.0/24” which requires you to either keep individual IPs or aggregate subnets. Combined with port and protocol data for both source and destination, the series count shoots way above 10M

Re: Service Provider NetFlow Collectors

verything to influx from flows, > you have to be a bit smarter with the layout, aggregations and continuous > queries. > (collect what you need) > > > >> On 02-01-19 13:08, Tim Raphael wrote: >> I would advise against InfluxDB in this case - flow data has a very

Re: Proxying NetFlow traffic correctly

nProbe is what you want, it’s another product from NTop. http://www.ntop.org/products/netflow/nprobe/ - Tim > On 7 Jun 2017, at 7:43 am, Sami via NANOG wrote: > > Hello, > I have been searching for a solution that collects/duplicates NetFlow tra

Re: IPv6 Default Allocation - What size allocation for Loopback Address

- this is the purpose of it. Any technology or design that requires this has got scaling issues and should not be used anyway. Regards, Tim Raphael > On 11 Oct 2014, at 2:37 pm, Roland Dobbins wrote: > > >> On Oct 11, 2014, at 1:33 PM, Faisal Imtiaz wrote: >> >> I a

Re: DDOS, IDS, RTBH, and Rate limiting

Check out Arbour Networks, they produce a range of DDoS scrubbing appliances that do pretty much what you want. Regards, Tim Raphael > On 9 Nov 2014, at 9:10 am, Eric C. Miller wrote: > > Today, we experienced (3) separate DDoS attacks from Eastern Asia, all > generating >

Re: The state of TACACS+

Making the TACAC+ server unavailable is fairly easy - a small LAN-based DDoS would do it, or a firewall rule change somewhere in the middle. Either would cause the router to failover to it's local account. - this is based on the fact that said attacker has some sort of access previously and wanted

Re: Recommended L2 switches for a new IXP

Either way, you can do "SDN" and automation with most Juniper kit. On purchase of JCare you get free access to Junos Space - great for provisioning and management of an IXP. Regards, Tim Raphael > On 14 Jan 2015, at 6:28 am, Eduardo Schoedler wrote: > > My mistake, it&#x

Re: Facebook outage?

Instagram used to use Amazon AWS before being purchased by Facebook. There has been a slow migration onto FB infrastructure, so yes, a mixture of addresses like that makes sense. - Tim > On 27 Jan 2015, at 2:58 pm, Christopher Morrow > wrote: > > On Tue, Jan 27, 2015 at 1:56 AM, Jason Canady

Re: Facebook outage?

And it appears to be back for me. - Tim > On 27 Jan 2015, at 3:08 pm, Tim Raphael wrote: > > Instagram used to use Amazon AWS before being purchased by Facebook. > There has been a slow migration onto FB infrastructure, so yes, a mixture of > addresses like that makes se

Re: OT: VPS with Routed IP space

Same here, we do as well. But as per the OPs question: we will route additional space but you generally need a good reason for it. Regards, Tim Raphael > On 25 Feb 2015, at 4:38 am, Jeff Fisher wrote: > >> On 02/24/2015 02:29 PM, Zachary Giles wrote: >> >> How abou

Re: Multi-gigabit edge devices as CPE

L3VPN hand off is the only thing I can think of from the top of my head. But then, there would be no need to have a full table unless you had customers requesting a full table. It sounds like the OP is looking for one device to do multiple roles where two/three different device types and/or siz

Re: Multi-gigabit edge devices as CPE

decent reconvergence time. > On 9 Apr 2015, at 10:42 pm, Daniel Rohan wrote: > > > On Thu, Apr 9, 2015 at 7:25 AM, Tim Raphael <mailto:raphael.timo...@gmail.com>> wrote: > L3VPN hand off is the only thing I can think of from the top of my head. But > then, there

Re: Multi-gigabit edge devices as CPE

VyOS is a community fork of Vyatta and is still being developed very actively and it pushing ahead with many new features! It's pretty stable too imo. http://vyos.net/wiki/Main_Page Regards, Tim Raphael > On 9 Apr 2015, at 8:14 am, Faisal Imtiaz wrote: > > Mikrotik for OS

Re: Multi-gigabit edge devices as CPE

Correct. But hopefully not far off now that there are x86 packages for simple MPLS operations. With a bit of luck an RSVP or LDP implementation isn't far behind. Regards, Tim Raphael > On 9 Apr 2015, at 9:14 am, Josh Reynolds wrote: > > No MPLS though, if that is a requiremen

Re: Multi-gigabit edge devices as CPE

aht wrote: > >> On Wed, Apr 8, 2015 at 6:36 PM, Tim Raphael >> wrote: >> Correct. But hopefully not far off now that there are x86 packages for >> simple MPLS operations. With a bit of luck an RSVP or LDP implementation >> isn't far behind. > > Just

Re: Rasberry pi - high density

pared to the chassis option. So yes, infeasible indeed. Regards, Tim Raphael > On 9 May 2015, at 1:24 pm, char...@thefnf.org wrote: > > > > So I just crunched the numbers. How many pies could I cram in a rack? > > Check my numbers? > > 48U rack budget > 6513

Re: Enterprise network as an ISP with a single huge customer

wrong reasons just so they can say that's what they're doing. Regards, Tim Raphael > On 13 Jun 2015, at 10:48 am, Stepan Kucherenko wrote: > > 13.06.2015 05:35, Randy Bush wrote: >>>> i have seen a lot of this done with firewall devices and vlans. with >>>

Re: leap second outage

No, it was a route leak by a colo provider (Axcelx) downstream. Regards, Tim Raphael > On 1 Jul 2015, at 11:37 am, Justin Paine via NANOG wrote: > > Any confirmation if the AWS outage was leap second-related? > > > Justin Paine > Head of Trust & Safet

Re: Super Core Hardware suggestions

The Juniper PTX1000 is worth a look. http://www.juniper.net/us/en/products-services/routing/ptx-series/ptx1000/ Regards, Tim Raphael > On 7 Aug 2015, at 10:10 am, Ben Cornish wrote: > > Hey All > > We are looking for suggestions for a device to act as a super Core Device /

Re: network simulator for service provider

Containerlab is also one of the newest and fastest evolving options as well (https://containerlab.dev/) - Tim On Wed, Apr 3, 2024, at 13:13, aun Joe wrote: > is there anysi network simulator for carrier networks ? > >well, from 2023 to 2024 there happes so many carrier network outag

Re: network simulator for service provider

labernetes for labs that need >> more resources than a single server. >> >> Tim's too modest to toot his own horn, but he also did an awesome >> presentation on using clab + netbox for network testing a few years ago. >> Highly recommended if y