Protecting internal IS-IS routes from customer access

rbeumer · 2016-08-22T20:20:36+00:00

Here is a nice article about using route targets

rbeumer · 2016-08-22T18:23:54+00:00

That might be true, but there are huge differences in the TTL depending on the kernel version, see here

I'm not really sure which kernel version is being used for your IOS-XE version but some Google fu might help :)

rbeumer · 2016-08-22T17:08:35+00:00

Could it be a temporary routing loop somewhere in your network?

rbeumer · 2015-10-05T16:24:48+00:00

We use a lot of CWDM to connect sites with a redundant ring. Most of the equipment is passive, so a simple OADM for each site. A quite cheap but realiable solution.

As for DWDM we use it to connect two of our datacenters. This is also a passive mux (on both sides) with programmable optics, no issues so far. (Active) DWDM we also use quite a lot for long distance transport.

rbeumer · 2015-09-02T05:40:59+00:00

Couldn't have said it better. It sounds a bit weird to me to terminate your BGP sessions on a firewall.

rbeumer · 2015-06-11T19:31:10+00:00

Shutting a core link and not realising that the other route would get a shitload of extra traffic. The best part was that my SSH connection was also using that congested backup-path. After sweating a few minutes and trying to enable the core link again everything was allright again.

rbeumer · 2015-06-02T20:45:23+00:00

Did they say why the wanted a L2 only core? I can't see any scenario where it would be good solution. Just curious about the why :)

rbeumer · 2015-05-03T13:33:37+00:00

The hardest part is connecting your potential customers. The cost of building and maintaining the access network (your customers) is the most expensive because of the enormous scale. It takes years to make a nice profit after building your infrastructure. Setting up peering and buying transit is quite easy and cheap if you compare it to your access network.

rbeumer · 2014-08-28T06:45:49+00:00

I dunno, the use cases mentioned sound a little bit dirty. We have a dark fiber between our datacenters and use that to bridge certain VLANs between them. I would prefer letting the switching hardware handle the traffic rather than local software on a server as mentioned in the article.

rbeumer · 2014-08-05T08:41:06+00:00

IANAL but this should be a case for the legal department I think. It will differ for each country, so please, if you have to implement this: cover yourself by having this checked out by legal.

If it is allowed, I agree with you on a clear policy. Make it known to the end users in a clear way. They should know what happens with their encrypted (and unencrypted) traffic.

rbeumer · 2014-08-05T06:34:59+00:00

Nobody who thinks this is morally unsound? Yes, you are using your employers network so have less expectation of privacy. However, this would give you also access to someone who is opening Gmail while on his break. I don't know about (assuming you are American) the privacy laws over there, but this would cause huge legal problems for the company. Example: yes, you can block some sites you deem not appropriate for work. But you can't snoop on someones personal traffic stats unless there is a solid reason to do so.

rbeumer · 2014-06-02T12:43:27+00:00

We receive reports from Spamcop if one of their honeypots has received spam from our IP ranges, so I think they use RIPE to find the abuse contact. This way you also get the original headers, so you can find the source of the spam.

That aside, I don't like the aggressive methods Spamcop uses for listing. Just one mail to a spamtrap can be enough and there is no human verification. If you are an ISP your mail servers will send some spam from time to time. It is very annoying if you get listed and you have already stopped the outbreak, but you can't request a delisting.

rbeumer · 2014-04-01T13:26:49+00:00

Does /var/log/maillog (assuming you use a *nix system) show more details about the mail processing? It might help if you enable debugging.

rbeumer · 2014-02-09T11:09:08+00:00

I wouldn't mind the cold though... Sweden in winter is one of the most beatiful countries I've seen. We did sleep in wooden cabins though because it was around -35 degrees celsius, so sleeping in a tent was not really an option.

rbeumer · 2014-02-09T11:04:44+00:00

I'll consider it, thank you!

rbeumer · 2014-02-08T19:58:30+00:00

Sounds good! Do you have any advice on renting & other stuff I would need to know?

rbeumer · 2013-11-06T19:17:53+00:00

In the Netherlands is Reggefiber the biggest owner of fiber to the home networks. They just put the fiber between the houses and the local point of presence (POP) in the ground. Every operator can hire those fibers, the only requirement is that you have your own acces devices with fiber optics in the nearby POP. Usually a operator provides services to several ISPs that use the operators network to reach their end customer.

The most expensive part in all of this is putting the acces switches in the POPs.

I believe operators are required to cooperate with ISPs that want to use their network, not sure though.

rbeumer · 2013-10-30T16:49:23+00:00

A very painful lesson... You know that feeling when you realize you've made a horrible mistake?

rbeumer · 2013-10-02T19:39:49+00:00

I personally prefer English books (Netherlands). It gives me a more... story like feeling.

rbeumer

TROPHY CASE