Category: Networking

Categories
Networking

Metro Ethernet Terms

As some of you reading this dive into metro ethernet you should know some terminology

• User-Network Interface (UNI): The UNI is a physical Ethernet port on the service provider side of the network along with a predefined set of parameters to provide data, control and management traffic exchange with the end-customer CPE device. The customer CPE device can be a Layer 2 Ethernet switch, Layer 3 routing node or some of LTE nodes.

• Network-to-Network Interface (NNI):  NNI is represented by the physical Ethernet port on the service provider access node that is used to interconnect two Ethernet MANs of two different service providers. We are also using E-NNI as a reference point for the interconnection of Layer 2 MAN service with Layer 3 service nodes—the provider edge router (PE), a broadband network gateway (BNG), vertical handover (VHO), etc—in the provider network.

• Ethernet Virtual Connection (EVC) is the architecture construct that supports the association of UNI reference points for the purpose of delivering an Ethernet flow between subscriber sites across the MAN.

Categories
BGP Networking

Soft Reconfiguration inbound

Several people have been asking what soft Reconfiguration Inbound is on a BGP peer.

In the dark days of BGP you had to tear down the BGP session and do a full reestablishment in order to bring it up.  What soft reconfiguration does is copies of all routes received (this is why it is called inbound) are stored separately from the regular BGP table.   When a change is made the new change is applied to the stored copy of the BGP routes.

Disadvantage? This takes up memory because you have two files basically.

So how is this different than route refresh described in RFC 2918? This is a standard, with an RFC unlike Soft Reconfiguration inbound, which is a Cisco thing. Route refresh asks the peer to resend all its routes.

Categories
Data Center hosting Networking Security WISP

Homeland Security US-Cert e-mail on Network infrastructure

A few days ago Homeland Security published an e-mail on threats to network devices and securing them.  Rather than cut and paste I exported the e-mail to a PDF. Some good best practices in here.

TA16250A The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

Categories
Networking Wireless WISP

Ignitenet 60GHZ Interface shots

Categories
Data Center Networking UBNT

Ubiquiti EdgeSwitch 16XG First look

So today UPS dropped off a brand new EdgeSwitch 16XG.  I won’t bore you with all the cool stats.  You can read the official product literature here.  This is just a first look.  Future posts will dive into configuration, testing, and other such things.  For those wanting the cliff notes version of what this switch is about:

  • (12) SFP+ Ports
  • (4) 10G RJ45 Ports
  • (1) RJ45 Serial Console Port
  • Non-Blocking Throughput: 160 Gbps
  • Switching Capacity: 320 Gbps
  • Forwarding Rate: 238.10 Mpps
  • (12) 1/10 Gbps SFP+ Ethernet Ports
  • (4) 1/10 Gbps RJ45 Ethernet Ports
  • Rack Mountable with Rack-Mount Brackets (Included)
  • DC Input Option (Redundant or Stand-Alone)

UBNT EdgeSwitch 16XG

UBNT is following a natural trend in the switch world.  As more and more networks are looking at 1Gig being their minimum, the switches are reflecting this.  Gone are the days of 10/100 ports. Now are going toward 1/10 gig ports, even on copper. 10/100/1000 switches still have their place, but usually not on switches with 10 gig ports.

IMG_3910
Accessories included with the 16XG

Out of the box the switch isn’t anything sexy.  I feel like it should have a shiny UBNT logo somewhere.

UBNT EdgeSwitch 16XG

I like the fact that none of the ports are shared ports.  You can use all 16 ports. It always annoys me when I buy a switch and can’t use all the ports because they are shared on the bus.

An interesting feature on this switch is a redundant DC input option.  This can be anything from 16-25volts and be able to support 56watts. This results in a minimum of a 2.2 Amp power supply.   This is assuming a full load on the switch as well. For the WISP market this could be a very handy option.  You could install the switch where it is drawing from AC power but in the event of AC outage it will switch to a DC source.  One of my questions to UBNT is if you can run it off total DC.

UBNT Redundant Power
DC Input Jack

Now on to some nitpicky design things.  None of these really affect the performance of the switch, just are annoyances.

-The console port not being on the front. In today’s dense rack environments we are putting patch panels and Transfer switches in the backs of the rack.  If we have to get to the back of the front mounted devices then anything other than power becomes an annoyance. This is not an issue if you install every new switch with a console cable back to a console server like we do, but even that doesn’t always happen.

Ubnt 16XG Back

-The SFP cages should stick out just a tad from the front.  During inserting and re-inserting SFPs I actually pushed the cage back a little.  This resulted in some of the SFPs not clicking in correctly.  The little tabs holding the top of the SFP cages aren’t sturdy enough to hold some repeated clicking in and out.

EdgeSwitch 16XG SFP

After seeing this I was prompted to open the switch and see what is under the hood.

Inside of EdgeSwitcvh 16XG

I think this will be a hugely popular switch for anybody looking to do 10Gig. At a $600 approximate price these are, by far, the most cost effective 10 Gig switch out there.  Many manufacturers have tacked on one or two, sometimes 4 SFP+ ports, but if you need to go beyond that you are talking 4 digit pricing.  This is something we have struggled with MidWest-IX. It usually leads to us buying something on the used market that has the port density we need.

There you have it for a first look at this switch. More articles to follow that include:
-Interoperability Testing
-Configuration tasks
-Questions I and you, the reader, have for UBNT

Categories
Networking WISP xISP

Leap second to be added in 2016

http://www.space.com/33361-leap-second-2016-atomic-clocks.html

A “leap second” will be added to the world’s official clocks on Dec. 31 at 23 hours, 59 minutes and 59 seconds Coordinated Universal Time (UTC), which corresponds to 6:59:59 p.m. EST; the clocks will read 23:59:60 before ticking over to midnight. The goal is to keep two different timescales in sync with each other.

So, why is this important to you as an ISP?
The trouble is that even as they use the leap second, UNIX and Linux define a day as something that is unvarying in length. “If a leap second happens, the operating system must somehow prevent the applications from knowing that it’s going on while still handling all the business of an operating system,” says Steve Allen, a programmer with California’s Lick Observatory.
Source:http://www.wired.com/2015/01/leap-second-rattle-internet-theres-plot-kill/

Many patches and fixes have been put in place to adjust for this in most Operating systems.  The concern, even a year after the last one, is software that has not been updated to account for dealing with leap seconds.

Categories
BGP Networking

How I learned to love BGP communities, and so can you

BGP communities can be a powerful, but almost mystical thing.  If you aren’t familiar with communities start here at Wikipedia.  For the purpose of part one of this article we will talk about communities and how they can be utilized for traffic coming into your network. Part two of this article will talk about applying what you have classified to your peers.

So let’s jump into it.  Let’s start with XYZ ISP. They have the following BGP peers:

-Peer one is Typhoon Electric.  XYZ ISP buys an internet connection from Typhoon.
-Peer two is Basement3. XYZ ISP also buy an internet connection from Basement3
-Peer three is Mauler Automotive. XYZ ISP sells internet to Mauler Automotive.
-Peer four is HopOffACloud web hosting.  XYZ ISP and HopOffACloud are in the data center and have determined they exchange enough traffic amongst their ASN’s to justify a dedicated connection between them.
-Peer five is the local Internet exchange (IX) in the data center.

So now that we know who our peers are, we need to assign some communities and classify who goes in what community.  The Thing to keep in mind here, is communities are something you come up with. There are common numbers people use for communities, but there is no rule on what you have to number your communities as. So before we proceed we will need to also know what our own ASN is.  For XYZ we will say they were assigned AS64512. For those of you who are familiar with BGP, you will see this is a private ASN.  I just used this to lessen any confusion.  If you are following along at home replace 65412 with your own ASN.

So we will create four communities .

64512:100 = transit
64512:200 = peers
64512:300 = customers
64512:400 = my routes

Where did we create these? For now on paper.

So let’s break down each of these and how they apply to XYZ network. If you need some help with the terminology see this previous post.
64512:100 – Transit
Transit will apply to Typhoon Electric and Basement3.  These are companies you are buying internet transit from.

64512:200 – Peers
Peers apply to HopOffACloud and the IX. These are folks you are just exchanging your own and your customer’s routes with.

64512:300 – Customers
This applies to Mauler Automotive.  This is a customer buying Internet from you. They transit your network to get to the Internet.

64512:200 – Local
This applies to your own prefixes.  These are routes within your own network or this particular ASN.

Our next step is to take the incoming traffic and classify into one of these communities. Once we have it classified we can do stuff with it.

If we wanted to classify the Typhoon Electric traffic we would do the following in Mikrotik land:

/routing filter
add action=passthrough chain=TYPHOON-IN prefix=0.0.0.0/0 prefix-length=0-32 set-bgp-communities=64512:100 comment="Tag incoming prefixes with :100"

This would go at the top of your filter chain for the Typhoon Electric peer.  This simply applies 64512:100 to the prefixes learned from Typhoon.

In Cisco Land our configuration would look like this:

route-map Typhoon-in permit 20  
match ip address 102  
set community 64512:100

The above Cisco configuration creates a route map, matches a pre-existing access list named 102, and applies community 64512:100 to prefixes learned.

For Juniper you can add the following command to an incoming peer in policy-options:

set community Typhoon-in members 64512:100

Similar to the others you are applying this community to a policy.

So what have we done so far, we have taken the received prefixes from Typhoon Electric and applied community 64512:100 to it.  This simply puts a classifier on all traffic from that peer. We could modify the above example to classify traffic from our other peers based upon what community we want them tagged as.

In our next segment we will learn what we can do with these communities.

Categories
Mimosa Networking WISP xISP

Mimosa G2 first look

So Scott @ On-Ramp Indiana ordered a few of these and figured I would borrow one for a few days and do a first look and review on them.

Mimosa G2 Box

Nice and compact box.  I am a fan of the cover.  If this way on a store shelf I would notice.

G2 Insert
The very first thing you see is this wireless information card. Very handy for the home user. Many of my clients throughout the years save such things so having this in a bright card is a nice touch.  Another nice feature of this card is it has sticky tape on the back.  You can actually peel it off and stick it somewhere.  Not everyone has a network rack, so affixing it to there might not be the best bet.  We are in the day and age where there are not “telephone stations”.  The only thing I could come up with might be in a desk drawer or something like that.  I could see guests asking for the key so you would want this handy.  Any thoughts on a good place to put this?

Information Card
On the back of the card is a very handy diagram on the 3 modes of this device.  You can use it as a Wifi router. You can also use it as a repeater.  In this mode it works both wired and wireless.  As with some other manufactures it will auto-configure itself to join in with the rest of the network.  It learns the configuration and away it goes.  Thirdly, is a simple pass through mode. This is helpful if there is another router involved.

G2 contents
The box contained the unit, a slip on power plug, and the compliance paperwork no one reads. Thank you Lawyers.  One of the first things I noticed about this unit is the well made feel to it.  The plastic does not feel cheap, and it feels heavy.  That is always a scientific measure right?

G2 Ports
Mimosa has done a good job of helping the uneducated user on the use of this product.  A good example of this is plug, which is in the POE port.  This plug takes a little bit of effort to remove.  As you can see in the picture, it is also marked with a red label to distinguish this from the customer side.  This is so the customer doesn’t feed 48 volt to their router, laptop or whatever gets plugged in.

IMG_3553
Also, you have holes on the top and bottom for cooling.  On the side is a very easy to get to reset button. Another nod to Mimosa paying attention to common issues home users run into is there is a very clear sticker on the top of the unit which has the Home network SSID and passphrase on it.  A user can simply walk to the unit, look down and easily read the needed information.

G2 Plug

The power plug simply slides in a groove and snaps in place.  Nice clean setup.

In closing, my first impressions of this product are positive.  Packaging and instructions are put together well and easy to understand. The product feels good and has a good number of things to address common issues. Look for part two of this for a look of how this actually works, configuration, and testing.

If you are a manufacturer and have a product you think we would be interested in reviewing please contact us.

Categories
Networking

CISCO 6500 series

For those of you who are running Cisco 6500 series chassis, and are looking for upgrades it can be quite confusing.  While it’s been out awhile, the Supervisor 2T is one possible upgrade.

The Cisco Supervisor Engine 2T is supported only in the Cisco Catalyst 6500 E-Series chassis:

Somethings to keep in mind.  They must have generation 4 line cards.  LineCards will CFC’s will work, as these are newer. Modules with DFC 3 will not power up.

Linecards which are compatible:

• WS-X6908-10G-2T, WS-X6908-10G-2TXL
WS-X6824-SFP-2T, WS-X6824-SFP-2TXL
WS-X6848-SFP-2T, WS-X6848-SFP-2TXL
WS-X6848-TX-2T, WS-X6848-TX-2TXL
WS-X6816-10T-2T, WS-X6816-10T-2TXL
WS-X6816-10G-2T, WS-X6816-10G-2TXL
WS-X6904-40G-2T, WS-X6904-40G-2TXL
WS-X6704-10GE with CFC
WS-X6724-SFP with CFC
WS-X6748-SFP with CFC
WS-X6748-GE-TX with CFC
WS-X6148A-RJ-45, WS-X6148A-45AF, WS-X6148-FE-SFP, WS-X6148A-GE-TX, WS-X6148A-GE-45AF, WS-X6148E-GE-45AT

With a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)

WS-X6704-10GE
WS-X6724-SFP
WS-X6748-SFP
WS-X6748-GE-TX

With a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-DFC4-EXL)

WS-X6716-10G-3C, WS-X6716-10G-3CXL
WS-X6716-10T-3C, WS-X6716-10T-3CXL

Categories
BGP Mikrotik Networking

Mikortik User Meet 2016 Presentation

My powerpoint converted to PDF. Topics Include:

Carrier Grade NAT
Xbox & Nat
BGP Tips

mum-2016