|
Admin distance
|
| # ? May 25, 2011 21:48 |
|
|
|
| # ? May 24, 2013 01:50 |
|
|
Zuhzuhzombie!! posted:How can I give priority to default routes advertised over BGP? Build a static out that is weighted higher than 20. ip route 0.0.0.0 0.0.0.0 X.X.X.X 250 Where X.X.X.X is the next-hop of where you want the traffic to go if you lose BGP peering. That way when the routes come in, your 0.0.0.0/0 from Cogent, it get's installed because 20 < 250, but the router will fail back to 250 if the Cogent route gets removed.
|
| # ? May 25, 2011 21:50 |
|
|
Zuhzuhzombie!! posted:Actually we've had more problems with Cogent. Part of our problem last night was that they were NOT advertising a default route to us via BGP so when Level 3 crashed our ASR was left with no where to go. We get partial from XO and Cogent and full with Level 3. Well yea. By default ISPs will not advertise default routes, and by default, bgp will not accept them. You have to specifically allow a default route learned over BGP. If you want a default route make sure your ISP knows. For a default weighted route on cisco you just need ip route 0.0.0.0 0.0.0.0 x.x.x.x 25 where x.x.x.x is your ISP peer address. You want to use something higher than 20 because eBGP has a default AD of 20, and you only want to use the static default if bgp default is gone. e: Welp.
|
| # ? May 25, 2011 22:07 |
|
|
Zuhzuhzombie!! posted:Actually we've had more problems with Cogent. Part of our problem last night was that they were NOT advertising a default route to us via BGP so when Level 3 crashed our ASR was left with no where to go. We get partial from XO and Cogent and full with Level 3. It's a common thing for ISP's to not advertise a default route. To be honest, I don't really understand why, when 9/10 times that's really the only route you actually need on your border routers. You can always originate statics but what happens if your bgp adjacency goes south without the link going down?
|
| # ? May 26, 2011 00:03 |
|
|
What do you folks use for netflow monitoring? At the moment we're using Fluke Netflow Tracker but we're looking to switch to something else as the licensing costs are crazy and they're supposedly switching to an appliance based model in the future. We need to monitor 150 devices (currently only monitoring 100 due to licensing restrictions - we don't want to spend $40k to get another 100 device monitoring license) and average 1520 netflow records/s with a peak of 5390 netflow records/s. Not terribly busy as it's only our WAN links being monitored at the moment, but I'd like to start monitoring our MAN links as well which would increase the device count to ~200 and probably triple the record/s numbers. Edit: It needs to run on a Windows Server 2008R2 box with these stats: 16 x SAS 10k HDD, 12GB DDR3, and a Xeon E5530 (2.4ghz). Any suggestions? ruro fucked around with this message at May 26, 2011 around 01:51 |
| # ? May 26, 2011 01:43 |
|
|
Cogent is pretty dumb though. Any time there's a peering slap fight on the internet they seem to be one half of it.
|
| # ? May 26, 2011 11:08 |
|
|
ruro posted:What do you folks use for netflow monitoring? It's okay. I like Plixer's Scrutinizer's graphs better, but it's probably not robust enough for your needs. inignot posted:Cogent is pretty dumb though. Any time there's a peering slap fight on the internet they seem to be one half of it. I turned up 100 megs of transit with them about six months ago, and we've been pretty much problem-free. Of course, they were brought in as an inexpensive secondary transit provider. I'm not sure they'd ever be my first choice. If you're working with a bunch of budget transit providers or re-sold Level3, or what have you, full tables hardly makes sense: odds are good everything's ending up in the same place. At least, that's been my anecdotal experience.
|
| # ? May 26, 2011 14:42 |
|
|
We use JKflow on a unix server for netflow/bandwidth billing - we also have Netflow Analyzer EE but whenever I add more than 40 interfaces (we have a 600 interface subscription) it shits the bed and cries bloody murder, runs on windows  No matter how many processors/memory I throw at EE it still crashes, yet JKflow has been running happy forever, and that thing aggregates about half a gig of bandwidth on average all day and can do our heavy metric reports. It's not the prettiest thing though which is why we have EE.
|
| # ? May 26, 2011 15:04 |
|
|
ruro posted:What do you folks use for netflow monitoring? OPNet ACE and Netflow module for Solarwinds Orion. Dual function while we get everything pointing to the OPNet, but both are reasonably good products. Pricy though.
|
| # ? May 26, 2011 15:22 |
|
|
Zuhzuhzombie!! posted:When we asked them about this, they told us it was out fault for not specifically telling them we want a default route. And I'm sitting there thinking "Are you loving kidding me?" But it is your fault. 5. BGP Peering Requirements: [ ] Full [ ] Cogent Backbone [ ] I have BGP-speaking Cogent lines in more than one location and wish to receive de-aggregated (detailed) Cogent routes. [ ] Default The reason I take full routes is because I have multiple transit upstreams and it makes it far easier to get my ratios somewhat matched. I have to put in some policies to balance things out but for the most part letting BGP be BGP gets me in the ball park of 1:1.
|
| # ? May 26, 2011 15:25 |
|
|
jwh posted:Solarwinds NetFlow module for Orion. We have peers with XO, Cogent, and L3. L3 we have full routing tables, partial with the other two. They're our back ups.
|
| # ? May 26, 2011 16:25 |
|
|
jwh posted:If you're working with a bunch of budget transit providers or re-sold Level3, or what have you, full tables hardly makes sense I disagree, having multiple transit providers is the only scenario where taking full tables makes sense. Let AS-PATH do the work for you. Better connected transit providers get more of your traffic.
|
| # ? May 26, 2011 16:36 |
|
|
tortilla_chip posted:I disagree, having multiple transit providers is the only scenario where taking full tables makes sense. Let AS-PATH do the work for you. Better connected transit providers get more of your traffic. Yes, but not when you're buying transit from several providers are just reselling level3.
|
| # ? May 26, 2011 17:05 |
|
|
falz posted:We went for years without having a single issue with them to having multiple issues this year. And last night around midnight CDT we began noticing routing issues and packet loss within Level3's network. We opened a ticket around 1am and were informed that they had scheduled maintenance but they didn't bother notifying their customers because they thought it wouldn't be service impacting. At 02:30 our bgp session flapped too. Awesome!
|
| # ? May 26, 2011 18:05 |
|
|
Our Level3 connection just flapped a few times resetting BGP each time. when I opened a ticket I was told "Our service hasn't started yet." Which is odd because the commencement date was May 17th, and BGP had been up for over a week. 
|
| # ? May 26, 2011 18:08 |
|
|
falz posted:they had scheduled maintenance but they didn't bother notifying their customers because they thought it wouldn't be service impacting Wh -- b -- uh -- 
|
| # ? May 26, 2011 18:12 |
|
|
Martytoof posted:Wh -- b -- uh -- Qwest does this poo poo all the time.
|
| # ? May 26, 2011 18:34 |
|
|
If it didn't break in lab why whould you notify customers? 
|
| # ? May 26, 2011 18:37 |
|
|
My only experience with a big name was back when we were hooked into Genuity and they sent our dist-list like 300 notifications a week.
|
| # ? May 26, 2011 19:35 |
|
|
I just had a 3750 crash on me. Plugged it into the RPS. Cycled the RPS into active, and boom, one of the 3750s goes down.
|
| # ? May 26, 2011 21:09 |
|
|
tortilla_chip posted:I disagree, having multiple transit providers is the only scenario where taking full tables makes sense. Let AS-PATH do the work for you. Better connected transit providers get more of your traffic. This is exactly what we do.
|
| # ? May 26, 2011 21:10 |
|
|
I thought you were only taking partial tables with XO and Cogent, thus the issue and needing a default when Level3 died? If your boxes have the legs, just take full tables from all 3.
|
| # ? May 26, 2011 21:24 |
|
|
Zuhzuhzombie!! posted:I just had a 3750 crash on me. Plugged it into the RPS. Cycled the RPS into active, and boom, one of the 3750s goes down. From Cisco: Limitations and Restrictions You should review this section before you begin working with the RPS 675. There is a known limitation that will not be fixed, and there is no workaround. This is the limitation: The switch might restart when it changes from RPS power to its own internal power. This situation might occur after a power supply on a switch fails, the RPS takes over, and the switch then reverts to its own power. We recommend that you plan for this possibility when restart a switch with its own internal power after using the RPS as backup power. This problem might occur on any fixed configuration switch except the Catalyst 3750-E and 3560-E switches. That said I've never plugged the RPS in hot...and I'm nearly certain you're not supposed to.
|
| # ? May 26, 2011 21:43 |
|
|
Zuhzuhzombie!! posted:I just had a 3750 crash on me. Plugged it into the RPS. Cycled the RPS into active, and boom, one of the 3750s goes down. Also don't use an RPS. If you want redundant power supplies, either stack the 3750's and have redundant links, or use a 4948.
|
| # ? May 27, 2011 04:13 |
|
|
Powercrazy posted:Also don't use an RPS. If you want redundant power supplies, either stack the 3750's and have redundant links, or use a 4948. I am looking at an RPS for 2960's, is that a bad idea? They are ancillary switches but, I need to be able to hook them into two circuits for power to keep them up.
|
| # ? May 27, 2011 05:56 |
|
|
May someone describe to me how common it is for IT Consultants to lie about their experience and have their co-workers remote in?
|
| # ? May 27, 2011 05:59 |
|
|
Powercrazy posted:Also don't use an RPS. If you want redundant power supplies, either stack the 3750's and have redundant links, or use a 4948. or buy a 3750X
|
| # ? May 27, 2011 06:15 |
|
|
workape posted:I am looking at an RPS for 2960's, is that a bad idea? They are ancillary switches but, I need to be able to hook them into two circuits for power to keep them up. It's not a terrible idea if you need it. It's just Cisco's RPS solution has so many issues and caveat's that it's often not worth it, or if you really need redundant power supplies you are better off getting a switch that has true redundant power supplies. So a Chassis based solution, an "X" series switch, a 4948 (Or another vendor...  ) Yea it's more expensive, but that is the price you pay for power redundancy.Also it's awesome when you buy 300K worth of dual power supply, layer 2 switches, and your datacenter fucks up two of their power circuits, so you lose multiple random switches anyway.
|
| # ? May 27, 2011 07:23 |
|
|
Tab8715 posted:May someone describe to me how common it is for IT Consultants to lie about their experience and have their co-workers remote in? There is a bit more detail needed here. But in the end you paid for a service from a Consulting company, what does it matter if consultant X or Y does it?
|
| # ? May 27, 2011 10:40 |
|
|
falz posted:And last night around midnight CDT we began noticing routing issues and packet loss within Level3's network. We opened a ticket around 1am and were informed that they had scheduled maintenance but they didn't bother notifying their customers because they thought it wouldn't be service impacting. At 02:30 our bgp session flapped too. Awesome! This is common if they're working on equipment which doesn't have any direct customer interfaces. Check your support guide and it should have their standard maintenance window detailed in it.
|
| # ? May 27, 2011 13:31 |
|
|
ruro posted:What do you folks use for netflow monitoring? At the moment we're using Fluke Netflow Tracker but we're looking to switch to something else as the licensing costs are crazy and they're supposedly switching to an appliance based model in the future. Riverbed Cascade is what we use, and I love the device. When I came on board we brought our datacenter in house. 95% of our complaints came in the form of I can't reach this db from my office, it's a network problem. Which it never was. The Cascade can easily help you prove that it's code or program related...just make sure you have the sensors in the right places. They charge on the amount of flows per minute, and it is an appliance. You can build what they call policies around averaged RTT, amount of bandwidth use, etc. to monitor application performance. It can alert whenever there is an issue. They also look for malicious traffic, such as viruses, port scanning, etc. and can send out alerts. It also creates some pretty spiffy maps on how a server connects to other servers, etc. At least go through one of their demos.
|
| # ? May 27, 2011 14:17 |
|
|
More IPv6 features, nice: http://www.enterprisenetworkingplan...OS-for-IPv6.htm
|
| # ? May 27, 2011 14:47 |
|
|
routenull0 posted:There is a bit more detail needed here. But in the end you paid for a service from a Consulting company, what does it matter if consultant X or Y does it? ^^^^^^^^^ When I was doing consulting work there were more then a view customer visits I made where I didn't have a clue what was going on. It's about as fun for the consultant as it is for you.
|
| # ? May 27, 2011 15:07 |
|
|
nex posted:More IPv6 features, nice: Too bad the article didn't mention what release they were talking about. I'd speculate it's a new 15.T release, but I'm too lazy to look.
|
| # ? May 27, 2011 18:51 |
|
|
I like how this thread takes weekends/holidays off. For some content what is everyone using for looking glass software? Do most people roll their own with some CGI scripts? My BGP speakers are mostly Foundry kit.
|
| # ? May 31, 2011 16:09 |
|
|
FatCow posted:I like how this thread takes weekends/holidays off. software? I just run a publicly available 7200 w/ NPE-400. Using shrubbery tac_plus to restrict commands.
|
| # ? May 31, 2011 17:18 |
|
|
I don't have a lot of firsthand experience with it, but every now and then I get curious and poke around LG servers. Most of them seem to be either 7200s, and I think Quagga linux machines or something.
|
| # ? May 31, 2011 18:03 |
|
|
FatCow posted:I like how this thread takes weekends/holidays off. I use the one from here: http://wiki.version6.net/lg because it supports SSH. Well, the most recent development version in SVN or CVS does which is what I'm currently running. I looked pretty long and hard for anything else that supports multiple platforms and ssh but didn't really find anything. I did have to do some editing of the cvs version, it seems that its code that parses AS numbers to do links is broken so I just ripped that part out. RANCID also comes with one as well but I haven't used it since I don't want my RANCID environment touching my public facing LG.
|
| # ? May 31, 2011 20:06 |
|
|
falz posted:I use the one from here: http://wiki.version6.net/lg because it supports SSH. Well, the most recent development version in SVN or CVS does which is what I'm currently running. I'll take a look at that. To clarify a bit I was looking for something web based so our NOC could quickly check routing in multiple spots of the network.
|
| # ? May 31, 2011 21:21 |
|
|
|
| # ? May 24, 2013 01:50 |
|
|
So we have a fault in each of our new ASRs from Cisco. One reports a non existent memory malfunction (confirmed with Cisco it is cosmetic only). The other ASR has a bum slot. They overnight us a new ASR but without the power supplies for us to boot it up and do upgrades, maintenance, etc before putting it into production. We give them a shout and they send us... one power supply for a piece of equipment that requires two. :P
|
| # ? Jun 1, 2011 15:16 |
|
