|
Korensky posted:Anyone running an IPV6 backbone yet? I'm building a new service provider core at the moment and thinking of getting an allocation and turning it on just for the hell of it. There's no requirement for it yet - but at least I guess our products boys can have some fun with it. Yup. It's where all the cool network engineers hang out now. Pain to find providers that support it cleanly though and watch out for the type 0 routing header problem that everyone's freaking on. (Also join the ipv6-ops@lists.cluenet.de nanog-equiv mailing list)
|
#
¿
Apr 26, 2007 20:42
|
|
|
|
| # ¿ Apr 23, 2024 08:09 |
|
|
Paul Boz_ posted:Can you recommend any other industry mailing lists similar to these? I love stuff like this c-nsp (and the related ilk), there's a couple of irc channels that have a few good people hanging out. Most lists are based on a specific topic rather than general topics. There's a couple of other general chat lists, but effectively they have a membership fee attached to them. Check out LOPSA.org (a spinoff of Usenix/SAGE) - it's heavier into the systems based stuff rather than networking, but some of the original systems people hang out there. Nothing like complaining about Sendmail and then having Eric Allman answer you personally telling you that you're full of poo poo and to listen to the other guy that answered you already. To keep the networking theme going in this thread: - Neatest trick I learned recently for service providers: Anycast your default route.
|
|
#
¿
Apr 29, 2007 18:20
|
|
|
Drighton posted:I believe it means its refurbished. No - it's literally a "spare" for your network. Basically it comes without _any_ software licenses included, since you've obviously already got them for the device that you're assuming will break. It's basically for those people that need to replace gear without going through TAC first so your downtime is lowered.
|
|
#
¿
May 7, 2007 04:56
|
|
|
Sounds like a duplex mismatch. Many providers turn off auto detection on 100mb ports and lock it to full duplex where Cisco seems to be the only vendor that constantly has issues and goes randomly to half duplex which causes slowdowns due to retransmits.
|
|
#
¿
Feb 10, 2015 07:10
|
|
|
psydude posted:Customer has two sites - an HQ with one ISP, and a DC with another. They're getting a dedicated metro e link run between the two and want the option to send traffic from the HQ to the DC and through the DC's ISP in the event that the HQ ISP goes down. Distribute default into the network at both locations like normal and just increase the path cost of the metroE link obscenely high.
|
|
#
¿
May 6, 2015 15:31
|
|
|
less than three posted:Merakis are awesome I'll say it over and over. As for the licencing I believe they don't shut down if you don't pay, but you can't make any more configuration changes. Nope - they turn into bricks within a couple of days.
|
|
#
¿
Jun 9, 2015 16:19
|
|
|
Don't forget about modifying routing tables by external programs. Think of anti-ddos applications and related apps that need to inject routes into bgp and the like.
|
|
#
¿
Nov 30, 2015 20:24
|
|
|
Methanar posted:Now, both of these worked, but if I had several hundred preferences with and across multiple AS's, with meaningful internal routing occurring this would be a nightmare. What is the proper way of handling bgp preferences? Do you you have to phone other network admins responsible for other AS numbers to request changes? Welcome to bgp - you never can assume the other ASN will do what you want. That's why they're called autonomous. You can give hints in the form of MEDs and path length (prepending), but ultimately: their network == their rules.
|
|
#
¿
Dec 15, 2015 22:34
|
|
|
Almost always that's handled via static routes on each end. Or in the case of Cogent a bunch of years ago, you got two eBGP peers. 1st beer gave you the route to #2 which gave you all the routes.
|
|
#
¿
Jan 19, 2016 23:17
|
|
|
The secret to a good network rack is cable management (horizontal/vertical). Don't worry about side panels if you don't have proper cooling (ie: a datacenter) or security issues. Remote managed power strips (PDUs) are basically APC or Servertech, it's all about the interface you use to access it when poo poo's gone awry. Keep in mind electrical code changed a couple of years ago, so a lot of real PDUs now use IEC sockets rather than your standard NEMA ones, so you might have to get different power cables for your gear (or adapters) Also, most vertical PDUs are 40U in height, and the rack you listed is 20U. Rack depth is always the biggest issue that people forget about. Check on the servers you're installing into them, as sometimes the rails used will only span a specific distance (35-40"), forcing you to use shelves. And levelling feet. You always want levelling feet to come with the rack.
|
|
#
¿
Jan 16, 2017 20:52
|
|
|
The problem is always MTU and the fragmentation that will occur - it may cause weird issues (eg: reassembly cpu usage/etc).
|
|
#
¿
Feb 22, 2017 16:15
|
|
|
Lots of the IXs you get your port assignment with IP[46] addresses and then you establish bgp sessions with the peers on the network - along with the IX route servers (which help amalgamate having many bgp peering sessions with those smaller providers). You can get private vlans between endpoints (ie: you + someone else) if you want to do something like run private IP space or something that shouldn't directly be on the internet. For redundancy you have the second connection connect to a second port (on a different IX switch) which means you get assigned a second IP and again setup new peering. BGP takes care of the failover routing and handles things like split networks and the like.
|
|
#
¿
Nov 20, 2017 20:13
|
|
|
Thanks Ants posted:Can anybody help with interpreting the below? Microburst. If your circuit is underutilized for a bit (bit = like a couple of seconds), the sending side can flood the pipe to 100% circuit utilization for however many seconds their rate limiter bit bucket allows them to (usually a couple of seconds) before the rate limiting kicks in. Your router can't process that micro sized burst fast enough, so the input queue is over run and it drops packets. You really see it when the input circuit interface is a larger size than the output one (eg: 1g circuit to 100mbps ethernet). Solution: Increase the input queue size if you can. (hold-queue ### in)
|
|
#
¿
Jan 15, 2018 21:43
|
|
|
Filthy Lucre posted:The only reason I can think of is that they're concerned about the L3 throughput on the switch and are just trying to head off questions of why you're not seeing a full 1Gbps. +1 - they've qualified the ISR as capable of terminating a full 1G worth of 64b packets. (* - probably not, they just read the router performance pdf from cisco) I've seen people want to terminate 1G on just about anything that has a 1G network port, which includes things like your cheap home router/nat boxes and then blame the ISP.
|
|
#
¿
Mar 7, 2018 20:33
|
|
|
wolrah posted:On the one hand that is a silly limitation, but on the other hand I have a severe hatred for the fact that so many dumbass carriers insist on disabling autonegotiate. It's not loving 1995, hardcoding speed/duplex is for chumps. As I got told by some telco people, it's not because they don't want to, it's because of lawsuit(s) in the past so legal forces them to turn it off. People loooove suing the telcos (generally for good reason though). Basically: Port comes up at wrong speed/characteristics and has sub-optimal settings. Someone notices 4 months later, and client goes apeshit saying "telco x didn't give us the service level we bought, give us 4 months refund+damages". So now it's hard code everything facing customers (ie: revenue interfaces).
|
|
#
¿
May 21, 2019 21:29
|
|
|
greatapoc posted:We currently receive an internet service into our head office and our provider gives us an additional /29 through a static route. We also have a second site with an internet service through the same provider and would like to use it as backup. It appears the best way to manage this is with BGP due to the need to retain the /29 during an outage on the main link. The sites are connected to each other by dark fiber. I hope you're planning on a couple of hours of downtime and doing this outside of normal work hours along with upkeep. It's easy on the provider's side of things (setup 2x ebgp connections, remove static route). Your side will be more hellish since now you need to change your internal routing (you do know you need to sync all bgp speakers on your side) most likely along with firewall changes, etc. Once you start putting BGP in place and moving ranges around, you now have to deal with things like asymmetric routing issues (packets in one site, out the other) that firewalls break, or island issues (what happens if fiber breaks, which site is best?). BGP is a sledgehammer - are you sure you don't just need something simple like a dynamically updated DNS entry to direct external apps inbound?
|
|
#
¿
Oct 9, 2019 18:53
|
|
|
greatapoc posted:Yep that makes sense, thanks. I guess I'm still just stuck on how to handle the /29 without using BGP. If I just get the provider to point another static out the other internet service it could still in theory want to send traffic out a failed link if their interface doesn't go down. On our side we could just track it with an IP SLA but I doubt they'll want to do something like that on their side. I'd just recommend getting a second /29 for the other site. Both sites work at all times, easily testable, just change a simple dns record which can be simply scripted.
|
|
#
¿
Oct 10, 2019 04:00
|
|
|
greatapoc posted:I just set up a lab in EVE-NG with my current topology using a static route from the ISP side, OSPF internally and then went through the process of bringing up iBGP between the border, bringing the eBGP online to the ISP, advertising my route from both borders and then deleting the static route from the ISP router. Everything worked perfectly. I then setup the backup route with a higher MED and watched it change over so I'm pretty confident that's the best way to do it all as long as I can coordinate with the ISP to check they're receiving my routes and to delete the static. At least I know I can have everything running on my side in parallel. You should assume that MEDs probably won't work - it's up to the ISP in question and many just drop whatever you set. So you'll probably have to set bgp communities on the advertised route which will then set the localpref on their side (if they even allow that!) - so get their published bgp community list. Here's the other reason: When using BGP and multiple advertisements/sites, you're not guaranteed to have your traffic go the way you expect. I've seen multiple times when routing changes happen in the ISP and traffic flows change. Hot potato routing happens and it sends those packets via your backup path instead of your primary path, and now both paths are active. And even better is path based load balancing = packet 1 goes via pipe 1, packet 2 goes via pipe 2. Oh, and there's nothing you can do about it. Going to ask your ISP to turn off that new 100g peering connection they just set up? Yeah, no. Also, I mentioned asymmetric earlier - how are you handling your internal (outbound) routing, and what if there's a failure there and site A is going via site b firewall, but the firewall didn't go down... These are all things to consider. Doing DNS based failover: servicepublic.exampleX.com -cname-> serviceprivate.example.com -cname-> siteAaddress.example.com -A-> 192.0.2.2 servicepublic.exampleX.com -cname-> serviceprivate.example.com -cname-> siteBaddress.example.com -A-> 192.0.3.3 You can have multiple servicepublic cnames to a master serviceprivate name. That serviceprivate name is a just a cname to whatever site you want to use - that's 1 DNS record to change. Set the TTL to like 60 seconds, and bam, super fast failover. Additional benefits: Now you have easy failover to the cloud too (Call it site C!). Business is taking off! You've now got a built in load balancing mechanism... create "siteLB.example" which can have 2 (or more) address records, or even sweeter, geo-ip capable (with the right dns server/service). Don't tie yourself to an IP address. Edit: Public example: $ dig www.amazon.com ;; ANSWER SECTION: www.amazon.com. 253 IN CNAME www.cdn.amazon.com. www.cdn.amazon.com. 60 IN CNAME d3ag4hukkh62yn.cloudfront.net. d3ag4hukkh62yn.cloudfront.net. 15 IN A 13.225.199.69 Amazon can change their CDN provider easily, and the CDN can easily change the backend server I use at any time. unknown fucked around with this message at 16:02 on Oct 10, 2019 |
|
#
¿
Oct 10, 2019 15:57
|
|
|
unknown posted:BGP is a sledgehammer When BGP works (99% of the time), it's really nice. When it breaks (aka doesn't do what you want/expect) is when find yourself on everyone's poo poo list for a long time because it broke due to some 3rd party that doesn't give a poo poo about you.
|
|
#
¿
Oct 10, 2019 20:21
|
|
|
Because you're just doing default routes - you don't want to run BGP, just run OSPF and you get all the benefits of doing per-link costing and the like. Raise the link cost of Int1-Int2 (you probably don't even need to do that in such a simple setup) so that Internal Router 1 uses External 1 as it's primary gateway, and Int2 uses Ext2 as it's primary. Failures are covered nicely when the uplink route (that is redistributed) from an external router/firewall is gone (assuming you're tracking it). Using BGP you'd need start doing weightings and the like which would be more complicated and in the future a pain to start dealing with. Edit: Oh, you need ECMP and want active balancing of uplinks. Are you doing NAT on the external routers?
|
|
#
¿
Dec 2, 2019 16:51
|
|
|
FYI, If you're not doing NAT, and you're not doing BGP (or some kind of 2way dynamic failure checks like BFD) with your internet provider(s), you've likely got a serious failure (blackhole type) on those links. There's no reason to run RRs - this is 4 routers (with growth to 6?) and 2-4 default routes (not 100k+), easily manageable with a bog standard mesh deployment at this point. You're not going to get ECMP in your setup because your base links are unequal from the get go (2 hops to the far side, 1 to local side). You need links: Ext1 to Int1, Ext1 to Int2, Ext2 to Int1, Ext2 to Int2. If this is a multi-location setup, with Int1-Int2 being a long/MAN link - then a simple OSPF setup I said before is the way to go.
|
|
#
¿
Dec 2, 2019 17:15
|
|
|
Sepist posted:This is an AWS deployment so it's a bit non-traditional. The externals point to a IGW via default route so there's no fault tolerance for me to deal with there. I can't (easily) peer full mesh because of the different availability zones of the routers. I can get ECMP at the internal routers by doing AS Path rewrite on the cross AZ peering Ooooh, yeah, the fun of AWS. I'll bow out of the conversation - I've only played with it enough to know that if you're attempting to apply normal/conventional networking to a setup there you can be in for a bunch of weird hurt (also some very interesting speed limitations on a per-server type). My knowledge limits to "do it Amazon's way" and let them manage your networking (although that costs a ton more).
|
|
#
¿
Dec 2, 2019 18:09
|
|
|
Sepist posted:This is an AWS deployment so it's a bit non-traditional. The externals point to a IGW via default route so there's no fault tolerance for me to deal with there. I can't (easily) peer full mesh because of the different availability zones of the routers. I can get ECMP at the internal routers by doing AS Path rewrite on the cross AZ peering Just out of curiosity - if this is AWS, why would you try to do ECMP (instead of active/passive failover)? The bandwidth generally isn't a limiter, and you just get billed for usage, so I'd assume less complexity would be an advantage. (Unless you're talking about enough bandwidth that it is a limiter...)
|
|
#
¿
Dec 2, 2019 19:25
|
|
|
Makes perfect sense - in your case, bandwidth is a limiter (monetary wise)!
|
|
#
¿
Dec 2, 2019 20:09
|
|
|
Partycat posted:Would you care to pass along any major trouble you had with mikrotik in this sort of application? I’ve been unclear on high throughput perf on their x86/CHR platforms Don't use mikrotik in a core internet router situation. While it can do it, it can't deal with that many routes. In regards to their hardware (so not x86/CHR), they are single threaded processes, so RIB/FIB updates for peers that drop can take _minutes_. Another fun thing is doing an IP route lookup can take a couple of minutes (!) in the CLI with a full table as it doesn't look it up in hardware and has to go through the entire routing table entry by entry seeing if it matches.. Buffers? What buffers?  There's lots of little things that just add up to a big no.
|
|
#
¿
Jun 18, 2020 22:06
|
|
|
SamDabbers posted:I think that Mikrotik CCRs could possibly be decent bang for the buck in a BGP-less MPLS core as simple label switches, but haven't had an opportunity or reason to lab that out. I know a few people who have done that and haven't complained about it. You run into the standard mikrotik issues (buffers, interoperability, etc) if you need to move large amounts of data.
|
|
#
¿
Jul 14, 2020 13:55
|
|
|
falz posted:Do you have an account rep or anything? Try to get an escalation tree. Quoting because it's true.. Always always ALWAYS always get the latest escalation chart for your wan providers as a quarterly thing to do. And then don't let the ticket close until you get it solved to your satisfaction/specs, and then file a billing complaint to get a credit on the ticket for the outage as a gently caress you. Basically if you deal with a monolithic company they've got processes to deal with issues and you need to use that against them. Challenge #1 is getting that process (also called an escalation chart). You'd be surprised how fast things get solved properly when you're allowed to go up two levels or more of management and that manager is not able to say no/gently caress off to you because then they are in breach of contract. I've actually called an EVP at 5am before because people lower on the escalation chart wouldn't pick up their phones like they should have. Let me tell you, poo poo got fixed fast as he started calling people to ask why people weren't doing their job and he was getting woken up and he couldn't poo poo on me. Of course this is assuming you're buying a circuit that has a real sla (like 4 hour mttr).
|
|
#
¿
Jul 27, 2020 14:26
|
|
|
Pile Of Garbage posted:Does any vendor make a small desktop switch similar in dimensions to the Cisco 2960/3560-CX that has PoE, 16xGe and 4x10Gb SFP ports and is passively cooled? I'm thinking of doing some 10Gb on my stupidly over-engineered home network but am having trouble finding something that is smaller than 1RU. I'd prefer Cisco but am willing to explore other vendors. My current setup consists of a Cisco 897VA, FortiGate 60E-POE, FortiAP 223E and a Cisco Catalyst 2960-CX. My PC has a quad-port gigabit NIC so between that, my Netgear ReadyNAS 316 and IBM x3550 M2 server it's all teams teams teams. https://mikrotik.com/product/crs309_1g_8s_in 8 sfp+ ports, passive cooling. $269us. Don't expect to have huge buffers, but it does what you want for 10g. Sfp+ modules are also very heat intensive, so more ports means active cooling and larger cases. Edit: If you are ok with fans and 1u, try this: https://mikrotik.com/product/crs328_24p_4s_rm 24 poe, 4x sfp. $379. unknown fucked around with this message at 02:30 on Jul 24, 2021 |
|
#
¿
Jul 24, 2021 02:25
|
|
|
Bob Morales posted:FS actually has this in stock while the Cisco stuff is all backordered. Do realize that FS website stock is generally lying about warehouses and levels. Pretty much everything arrives from China directly for everyone I know that has ordered from them. That being said, they do priority overnight it from there, so can't really complain too much as it can beat local distributors shipping times.
|
|
#
¿
Jul 24, 2021 03:17
|
|
|
|
| # ¿ Apr 23, 2024 08:09 |
|
|
Probably has a fine print clause saying they'll brick the catalyst switch if you stop paying for the Meraki cloud.
|
|
#
¿
Jun 15, 2022 13:45
|
|