From mleber at he.net Fri Nov 7 01:03:07 2008 From: mleber at he.net (Mike Leber) Date: Thu, 06 Nov 2008 16:03:07 -0800 Subject: fixed configuration 48 port layer 3 routers Message-ID: <491385BB.1060301@he.net> Hi, I'd like to hear what solutions people are using as a fixed configuration 48 port layer 3 router (for customer aggregation) that supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough price that it cost. We've been evaluating (and using) various boxes over the years and so far all the solutions have the same high per port cost as a core router. I'm looking for something the is the same or close to the cost we'd see for fixed configuration IPv4 routers, so that we have a good answer for what to tell people to use (other than core routers or quagga and switches). Considerations are: layer 3 wirespeed IPv6 and IPv4 routing OSPFv3 at least 8000 ARP entries *with* IPv6 enabled 48 ports 10/100/1000 copper optional 10GE uplink BGP a plus, but not required. Mike. -- +---------------- H U R R I C A N E - E L E C T R I C ----------------+ | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 4100 | | Hurricane Electric AS6939 | | mleber at he.net Internet Backbone & Colocation http://he.net | +---------------------------------------------------------------------+ From mloftis at wgops.com Fri Nov 7 01:14:03 2008 From: mloftis at wgops.com (Michael Loftis) Date: Thu, 06 Nov 2008 17:14:03 -0700 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <491385BB.1060301@he.net> References: <491385BB.1060301@he.net> Message-ID: Not an endorsement, but it seems the HP Procurve 3500yl-48G-PWR (copy paste model number from their site) might be. I'm deploying a 5406zl, which is essentially the modular version of that switch. So far it's going well. We're actively working on an issue with engineering though, but it seems to be isolated to AAA (802.1x or mac-based auth). Too early to tell there. As for v6, I've not really started to push/test v6 on the switch yet. --On November 6, 2008 4:03:07 PM -0800 Mike Leber wrote: > > Hi, I'd like to hear what solutions people are using as a fixed > configuration 48 port layer 3 router (for customer aggregation) that > supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough price > that it cost. > > We've been evaluating (and using) various boxes over the years and so far > all the solutions have the same high per port cost as a core router. > > I'm looking for something the is the same or close to the cost we'd see > for fixed configuration IPv4 routers, so that we have a good answer for > what to tell people to use (other than core routers or quagga and > switches). > > Considerations are: > > layer 3 wirespeed IPv6 and IPv4 routing > OSPFv3 > at least 8000 ARP entries *with* IPv6 enabled > 48 ports > 10/100/1000 copper > optional 10GE uplink > BGP a plus, but not required. > > Mike. > > -- > +---------------- H U R R I C A N E - E L E C T R I C ----------------+ >| Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 4100 | >| Hurricane Electric AS6939 | >| mleber at he.net Internet Backbone & Colocation http://he.net | > +---------------------------------------------------------------------+ -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler From truman at suspicious.org Fri Nov 7 01:26:29 2008 From: truman at suspicious.org (Truman Boyes) Date: Thu, 6 Nov 2008 19:26:29 -0500 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <491385BB.1060301@he.net> References: <491385BB.1060301@he.net> Message-ID: <12FDA860-0FCC-4623-BBC1-F3DF565B1914@suspicious.org> Hi Mike, Juniper MX 240s support: * IPv6 (RA, DHCPv6) * OSPFv3 * CoS, L2/L3 aggregation * L2VPN/ VPLS/ Internet / L3VPN * 4 slot chassis, 5RU high * Each DPC (line card) can have 40GE ports. * Hierarchical shaping (on inner and outer vlans) * 240Gbps switching fabric, wirespeed forwarding, etc ,etc. * yes it supports BGP * Runs standard JUNOS Truman On 6/11/2008, at 7:03 PM, Mike Leber wrote: > > Hi, I'd like to hear what solutions people are using as a fixed > configuration 48 port layer 3 router (for customer aggregation) that > supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough > price that it cost. > > We've been evaluating (and using) various boxes over the years and > so far all the solutions have the same high per port cost as a core > router. > > I'm looking for something the is the same or close to the cost we'd > see for fixed configuration IPv4 routers, so that we have a good > answer for what to tell people to use (other than core routers or > quagga and switches). > > Considerations are: > > layer 3 wirespeed IPv6 and IPv4 routing > OSPFv3 > at least 8000 ARP entries *with* IPv6 enabled > 48 ports > 10/100/1000 copper > optional 10GE uplink > BGP a plus, but not required. > > Mike. > > -- > +---------------- H U R R I C A N E - E L E C T R I C > ----------------+ > | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 > 4100 | > | Hurricane Electric > AS6939 | > | mleber at he.net Internet Backbone & Colocation http:// > he.net | > + > ---------------------------------------------------------------------+ > From berni at birkenwald.de Fri Nov 7 01:33:33 2008 From: berni at birkenwald.de (Bernhard Schmidt) Date: Fri, 07 Nov 2008 01:33:33 +0100 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: References: <491385BB.1060301@he.net> Message-ID: <49138CDD.70603@birkenwald.de> Hi, > Not an endorsement, but it seems the HP Procurve 3500yl-48G-PWR (copy > paste model number from their site) might be. I'm deploying a 5406zl, > which is essentially the modular version of that switch. So far it's > going well. We're actively working on an issue with engineering though, > but it seems to be isolated to AAA (802.1x or mac-based auth). Too > early to tell there. > > As for v6, I've not really started to push/test v6 on the switch yet. Do you have a beta firmware? The publically available software can only be an IPv6 host so far (for management, just like e.g. the Cisco 2960 L2-Switches) and possibly to MLD snooping, but cannot route it. Mike, have a look at Cisco 3560G/3750G (ME6500 for more features, but that only has 24 copper + 8 SFP and is more expensive) or Foundry FESX(E). Bernhard From david.freedman at uk.clara.net Fri Nov 7 01:43:29 2008 From: david.freedman at uk.clara.net (David Freedman) Date: Fri, 7 Nov 2008 00:43:29 -0000 Subject: fixed configuration 48 port layer 3 routers References: <491385BB.1060301@he.net> <12FDA860-0FCC-4623-BBC1-F3DF565B1914@suspicious.org> Message-ID: > > Hi, I'd like to hear what solutions people are using as a fixed > configuration 48 port layer 3 router (for customer aggregation) that > supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough > price that it cost. > for the price, you can use Cisco Catalyst 4900M, if you believe the marketing figures http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/product_data_sheet0900aecd8017a72e.html http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/ps9310/Data_Sheet_Cat_4900M.html > layer 3 wirespeed IPv6 and IPv4 routing 250 mpps ipv4 125 mpps ipv6 (/me imagines fixed 64B packets and not imix) > OSPFv3 yup > at least 8000 ARP entries *with* IPv6 enabled TCAM can hold 64K Entries. > 48 ports Check, modular on 4900M > 10/100/1000 copper Yup > optional 10GE uplink if you buy the modules, you can have lots > BGP a plus, but not required. most certainly ------------------------------------------------ David Freedman Group Network Engineering Claranet Limited http://www.clara.net -----Original Message----- From: ipv6-ops-bounces+david.freedman=uk.clara.net at lists.cluenet.de on behalf of Truman Boyes Sent: Fri 11/7/2008 00:26 To: Mike Leber Cc: ipv6-ops at lists.cluenet.de Subject: Re: fixed configuration 48 port layer 3 routers Hi Mike, Juniper MX 240s support: * IPv6 (RA, DHCPv6) * OSPFv3 * CoS, L2/L3 aggregation * L2VPN/ VPLS/ Internet / L3VPN * 4 slot chassis, 5RU high * Each DPC (line card) can have 40GE ports. * Hierarchical shaping (on inner and outer vlans) * 240Gbps switching fabric, wirespeed forwarding, etc ,etc. * yes it supports BGP * Runs standard JUNOS Truman On 6/11/2008, at 7:03 PM, Mike Leber wrote: > > Hi, I'd like to hear what solutions people are using as a fixed > configuration 48 port layer 3 router (for customer aggregation) that > supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough > price that it cost. > > We've been evaluating (and using) various boxes over the years and > so far all the solutions have the same high per port cost as a core > router. > > I'm looking for something the is the same or close to the cost we'd > see for fixed configuration IPv4 routers, so that we have a good > answer for what to tell people to use (other than core routers or > quagga and switches). > > Considerations are: > > layer 3 wirespeed IPv6 and IPv4 routing > OSPFv3 > at least 8000 ARP entries *with* IPv6 enabled > 48 ports > 10/100/1000 copper > optional 10GE uplink > BGP a plus, but not required. > > Mike. > > -- > +---------------- H U R R I C A N E - E L E C T R I C > ----------------+ > | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 > 4100 | > | Hurricane Electric > AS6939 | > | mleber at he.net Internet Backbone & Colocation http:// > he.net | > + > ---------------------------------------------------------------------+ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20081107/01153d74/attachment.html From david.freedman at uk.clara.net Fri Nov 7 01:44:18 2008 From: david.freedman at uk.clara.net (David Freedman) Date: Fri, 7 Nov 2008 00:44:18 -0000 Subject: fixed configuration 48 port layer 3 routers References: <491385BB.1060301@he.net><12FDA860-0FCC-4623-BBC1-F3DF565B1914@suspicious.org> Message-ID: oh, and the reason this isn't fixed configuration is that I was looking at the 4948 (which unfortunately only does in s/w) and went off on a complete tangent :) ------------------------------------------------ David Freedman Group Network Engineering Claranet Limited http://www.clara.net -----Original Message----- From: ipv6-ops-bounces+david.freedman=uk.clara.net at lists.cluenet.de on behalf of David Freedman Sent: Fri 11/7/2008 00:43 To: Truman Boyes; Mike Leber Cc: ipv6-ops at lists.cluenet.de Subject: RE: fixed configuration 48 port layer 3 routers > > Hi, I'd like to hear what solutions people are using as a fixed > configuration 48 port layer 3 router (for customer aggregation) that > supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough > price that it cost. > for the price, you can use Cisco Catalyst 4900M, if you believe the marketing figures http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/product_data_sheet0900aecd8017a72e.html http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6021/ps9310/Data_Sheet_Cat_4900M.html > layer 3 wirespeed IPv6 and IPv4 routing 250 mpps ipv4 125 mpps ipv6 (/me imagines fixed 64B packets and not imix) > OSPFv3 yup > at least 8000 ARP entries *with* IPv6 enabled TCAM can hold 64K Entries. > 48 ports Check, modular on 4900M > 10/100/1000 copper Yup > optional 10GE uplink if you buy the modules, you can have lots > BGP a plus, but not required. most certainly ------------------------------------------------ David Freedman Group Network Engineering Claranet Limited http://www.clara.net -----Original Message----- From: ipv6-ops-bounces+david.freedman=uk.clara.net at lists.cluenet.de on behalf of Truman Boyes Sent: Fri 11/7/2008 00:26 To: Mike Leber Cc: ipv6-ops at lists.cluenet.de Subject: Re: fixed configuration 48 port layer 3 routers Hi Mike, Juniper MX 240s support: * IPv6 (RA, DHCPv6) * OSPFv3 * CoS, L2/L3 aggregation * L2VPN/ VPLS/ Internet / L3VPN * 4 slot chassis, 5RU high * Each DPC (line card) can have 40GE ports. * Hierarchical shaping (on inner and outer vlans) * 240Gbps switching fabric, wirespeed forwarding, etc ,etc. * yes it supports BGP * Runs standard JUNOS Truman On 6/11/2008, at 7:03 PM, Mike Leber wrote: > > Hi, I'd like to hear what solutions people are using as a fixed > configuration 48 port layer 3 router (for customer aggregation) that > supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough > price that it cost. > > We've been evaluating (and using) various boxes over the years and > so far all the solutions have the same high per port cost as a core > router. > > I'm looking for something the is the same or close to the cost we'd > see for fixed configuration IPv4 routers, so that we have a good > answer for what to tell people to use (other than core routers or > quagga and switches). > > Considerations are: > > layer 3 wirespeed IPv6 and IPv4 routing > OSPFv3 > at least 8000 ARP entries *with* IPv6 enabled > 48 ports > 10/100/1000 copper > optional 10GE uplink > BGP a plus, but not required. > > Mike. > > -- > +---------------- H U R R I C A N E - E L E C T R I C > ----------------+ > | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 > 4100 | > | Hurricane Electric > AS6939 | > | mleber at he.net Internet Backbone & Colocation http:// > he.net | > + > ---------------------------------------------------------------------+ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20081107/5921604d/attachment-0001.html From mloftis at wgops.com Fri Nov 7 07:28:57 2008 From: mloftis at wgops.com (Michael Loftis) Date: Thu, 06 Nov 2008 23:28:57 -0700 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <49138CDD.70603@birkenwald.de> References: <491385BB.1060301@he.net> <49138CDD.70603@birkenwald.de> Message-ID: <26780D8F7E13933A0ADDC310@ZOP-MACTEL.local> K.13.25 on a 5406zl has the features. And the yl and zl run the same firmware... vlan ipv6 enable ipv6 address <> ... --On November 7, 2008 1:33:33 AM +0100 Bernhard Schmidt wrote: > Hi, > >> Not an endorsement, but it seems the HP Procurve 3500yl-48G-PWR (copy >> paste model number from their site) might be. I'm deploying a 5406zl, >> which is essentially the modular version of that switch. So far it's >> going well. We're actively working on an issue with engineering though, >> but it seems to be isolated to AAA (802.1x or mac-based auth). Too >> early to tell there. >> >> As for v6, I've not really started to push/test v6 on the switch yet. > > Do you have a beta firmware? The publically available software can only > be an IPv6 host so far (for management, just like e.g. the Cisco 2960 > L2-Switches) and possibly to MLD snooping, but cannot route it. > > Mike, have a look at Cisco 3560G/3750G (ME6500 for more features, but > that only has 24 copper + 8 SFP and is more expensive) or Foundry FESX(E). > > Bernhard -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler From matthias.cramer at interway.ch Fri Nov 7 07:45:48 2008 From: matthias.cramer at interway.ch (Matthias Cramer) Date: Fri, 07 Nov 2008 07:45:48 +0100 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <491385BB.1060301@he.net> References: <491385BB.1060301@he.net> Message-ID: <4913E41C.4000809@interway.ch> Mike Leber wrote: > > Hi, I'd like to hear what solutions people are using as a fixed > configuration 48 port layer 3 router (for customer aggregation) that > supports OSPFv3 and IPv6 (BGP a plus but not required), and a rough > price that it cost. > Considerations are: > > layer 3 wirespeed IPv6 and IPv4 routing > OSPFv3 > at least 8000 ARP entries *with* IPv6 enabled > 48 ports > 10/100/1000 copper > optional 10GE uplink > BGP a plus, but not required. We use Foundry FESX Switches for that, depending on how many routes you need a standard or X version would be what you need. But for IPv6 you need the PREM6 image. Regards Matthias -- Matthias Cramer / mc322-ripe System & Network Manager Interway Communication GmbH Phone +41 43 500 1111 Josefstrasse 225 Fax +41 44 271 3535 CH-8005 Z?rich http://www.interway.ch/ GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20081107/9b47a446/attachment.bin From udo at stueberl.de Fri Nov 7 09:06:00 2008 From: udo at stueberl.de (Udo Steinegger) Date: Fri, 7 Nov 2008 09:06:00 +0100 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <491385BB.1060301@he.net> References: <491385BB.1060301@he.net> Message-ID: <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> On 07.11.2008, at 01:03, Mike Leber wrote: Good morning, I have seen answers with the Juniper MX240, but i wonder if you have considered the Juniper EX-Series 4200 switches? http://www.juniper.net/products/exseries/dsheet/100215.pdf > layer 3 wirespeed IPv6 and IPv4 routing > OSPFv3 Yep - (i would like to test the wirespeed, but the other features are there) > at least 8000 ARP entries *with* IPv6 enabled > 48 ports yep > 10/100/1000 copper yep > optional 10GE uplink yep, actually a 2-port 10GE uplink port. > BGP a plus, but not required. BGP is there, up to 18000 routes, which doesnt deliver a full BGP feed but serves well for internal puposes. hope that helps. cheers Udo From pekkas at netcore.fi Fri Nov 7 09:09:06 2008 From: pekkas at netcore.fi (Pekka Savola) Date: Fri, 7 Nov 2008 10:09:06 +0200 (EET) Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> References: <491385BB.1060301@he.net> <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> Message-ID: On Fri, 7 Nov 2008, Udo Steinegger wrote: > I have seen answers with the Juniper MX240, but i wonder if you have > considered the Juniper EX-Series 4200 switches? This allows me to climb on a soapbox. Juniper EX-switches (when in L2 mode) don't forward IPv6 frames by default. DUH! Let's see how many "v6 is broken" messages this will generate over the years. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From udo at stueberl.de Fri Nov 7 09:14:47 2008 From: udo at stueberl.de (Udo Steinegger) Date: Fri, 7 Nov 2008 09:14:47 +0100 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: References: <491385BB.1060301@he.net> <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> Message-ID: On 07.11.2008, at 09:09, Pekka Savola wrote: Good Morning Pekka, > This allows me to climb on a soapbox. > > Juniper EX-switches (when in L2 mode) don't forward IPv6 frames by > default. DUH! Well, Mike wanted a fixed port L3 solution :) we were not talking about L2 :P But putting this key fact aside, thanks for bringing this up, as I will test this with the new SW for the box next week together with other tests. > Let's see how many "v6 is broken" messages this will generate over > the years. If that above is really the case, then I dont consider it a problem for years. cheers Udo From berni at birkenwald.de Fri Nov 7 09:59:38 2008 From: berni at birkenwald.de (Bernhard Schmidt) Date: Fri, 7 Nov 2008 09:59:38 +0100 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <26780D8F7E13933A0ADDC310@ZOP-MACTEL.local> References: <491385BB.1060301@he.net> <49138CDD.70603@birkenwald.de> <26780D8F7E13933A0ADDC310@ZOP-MACTEL.local> Message-ID: <20081107085938.GA6319@schleppi.birkenwald.de> On Thu, Nov 06, 2008 at 11:28:57PM -0700, Michael Loftis wrote: > K.13.25 on a 5406zl has the features. And the yl and zl run the same > firmware... > > vlan > ipv6 enable > ipv6 address <> > > ... I'm well aware of that bschmidt at lxbsc01:~$ telnet 2001:4ca0:0:800:..... Trying 2001:4ca0:0:800:........ Connected to 2001:4ca0:0:800:....... Escape character is '^]'. ProCurve J8697A Switch 5406zl Software revision K.13.23 but at the moment they can only be IPv6 host (for management), not IPv6 router. See page 2-6 in the IPv6 configuration guide (http://cdn.procurve.com/training/Manuals/2900-3500-5400-6200-8200-IPv6-Jan08-K-13_01.pdf): | Supported IPv6 Operation in Release K.13.01 | Software release K.13.01 provides IPv6 protocol and addressing to | support host-mode (endpoint) IPv6 operation, including basic layer-2 | functionality. IPv6 routing features are not available in this release. | However, using a dual- stack (IPv4/IPv6-capable) router, IPv6 traffic | can be routed between VLANs and sent across an IPv4 network to another | IPv6 device. (For general information on sending IPv6 traffic across an | IPv4 network, refer to ?Connecting to Devices Supporting IPv6 Over IPv4 | Tunneling? on page 2-5.) The IPv6 features available in release K.13.01 | belong to these general categories: | * switch configuration and management | * security | * IPv6 multicast traffic | * diagnostic and troubleshooting There is nothing in the release notes to suggest there have been improvements in that area between K.13.01 and the current K.13.25 Regards, Bernhard From cfriacas at fccn.pt Fri Nov 7 10:09:20 2008 From: cfriacas at fccn.pt (Carlos Friacas) Date: Fri, 7 Nov 2008 09:09:20 +0000 (WET) Subject: Some leaks in China/Hongkong In-Reply-To: <20081029080814.GB21072@Space.Net> References: <20081026131752.GA7741@pest> <490493EA.4050009@he.net> <20081027051754.GO21072@Space.Net> <490739B1.3040500@dfn.de> <20081029080814.GB21072@Space.Net> Message-ID: On Wed, 29 Oct 2008, Gert Doering wrote: > To be a bit more constructive: you could maintain a list of AS numbers > that belong to known research networks and should be reached via Geant2, > and local-pref these. Anything else coming in via Geant2 should not be > local-prefed (don't necessarily *drop*, even if that might be prudent given > some of the crap I2 is leaking, but at least do not *force*) - which would > avoid routing Google traffic to Hongkong, instead of Amsterdam. Hello, I can say that from my small corner, something has really improved. In Abril, when ipv6.google.com was launched, the avg latency from my network was about 140% higher when comparing to www.google.com. *Now* it's about 10% *lower*! (about ~5ms in absolute values). So, someone tweaked something, somewhere regarding v6 routing :-) IMHO, this also may indicate that there is still something along the path in the v4 side which may need some tunning... ;-) Best Regards, Carlos (Portuguese NREN) From nuno.vieira at nfsi.pt Fri Nov 7 10:37:22 2008 From: nuno.vieira at nfsi.pt (Nuno Vieira - nfsi telecom) Date: Fri, 7 Nov 2008 09:37:22 +0000 (WET) Subject: Some leaks in China/Hongkong In-Reply-To: Message-ID: <2046639469.28451226050642462.JavaMail.root@zimbra.nfsi.pt> Hi Carlos, Hi All, Speaking of commercial isp's, I see a huge difference from here... (40% +/-) is this GeoIP / DNS thingie, or something really nasty on v4 ? # ping www.google.com PING www.l.google.com (64.233.183.103) 56(84) bytes of data. 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=1 ttl=244 time=59.6 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=2 ttl=244 time=56.8 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=3 ttl=244 time=57.1 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=4 ttl=244 time=58.9 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=5 ttl=244 time=58.7 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=6 ttl=244 time=58.1 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=7 ttl=244 time=57.3 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=8 ttl=244 time=57.7 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=9 ttl=244 time=59.6 ms 64 bytes from nf-in-f103.google.com (64.233.183.103): icmp_seq=10 ttl=244 time=60.2 ms --- www.l.google.com ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 8999ms rtt min/avg/max/mdev = 56.822/58.447/60.252/1.161 ms # ping6 ipv6.google.com PING ipv6.google.com(2001:4860:0:1001::68) 56 data bytes 64 bytes from 2001:4860:0:1001::68: icmp_seq=1 ttl=56 time=38.7 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=2 ttl=56 time=36.6 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=3 ttl=56 time=36.8 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=4 ttl=56 time=36.3 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=5 ttl=56 time=36.2 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=6 ttl=56 time=36.5 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=7 ttl=56 time=36.2 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=8 ttl=56 time=36.8 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=9 ttl=56 time=36.9 ms 64 bytes from 2001:4860:0:1001::68: icmp_seq=10 ttl=56 time=36.7 ms --- ipv6.google.com ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9033ms rtt min/avg/max/mdev = 36.261/36.829/38.737/0.685 ms # traceroute www.google.com traceroute: Warning: www.google.com has multiple addresses; using 64.233.183.103 traceroute to www.l.google.com (64.233.183.103), 30 hops max, 40 byte packets 1 ge130-1000m.cr2.lisboa.nfsi.pt (81.92.200.126) 0.139 ms 0.199 ms 0.113 ms 2 xe12-10GE.xmr1.as25137.net (81.92.201.10) 1.359 ms 0.348 ms 0.365 ms 3 if-1-2-151.core1.PV9-Lisbon.as6453.net (195.219.186.9) 0.487 ms 0.346 ms 0.240 ms 4 if-12-0-0.mcore3.L78-London.as6453.net (195.219.144.5) 27.349 ms 27.073 ms 26.976 ms 5 if-5-0-0.mcore3.LDN-London.as6453.net (195.219.195.9) 32.463 ms 32.324 ms 32.613 ms 6 ldn-b4-link.telia.net (213.248.74.1) 32.446 ms 34.502 ms 32.539 ms 7 ldn-bb1-link.telia.net (80.91.249.77) 32.622 ms ldn-bb1-link.telia.net (80.91.250.234) 32.700 ms 32.452 ms 8 adm-bb2-pos6-0-0.telia.net (213.248.65.158) 39.836 ms adm-bb1-pos6-0-0.telia.net (213.248.65.150) 43.489 ms 43.314 ms 9 adm-b4-link.telia.net (80.91.250.66) 43.338 ms adm-b4-link.telia.net (80.91.253.86) 39.976 ms adm-b4-link.telia.net (80.91.253.82) 39.699 ms 10 google-118151-adm-b4.c.telia.net (213.248.72.14) 54.257 ms google-ic-127680-adm-bb2.c.telia.net (213.248.91.54) 48.193 ms google-ic-126116-adm-b4.c.telia.net (80.239.193.182) 45.820 ms 11 209.85.251.12 (209.85.251.12) 52.971 ms 209.85.251.14 (209.85.251.14) 56.089 ms 53.862 ms 12 64.233.175.246 (64.233.175.246) 51.057 ms 72.14.233.114 (72.14.233.114) 49.855 ms 64.233.175.246 (64.233.175.246) 48.394 ms 13 209.85.255.23 (209.85.255.23) 58.856 ms 216.239.46.51 (216.239.46.51) 49.990 ms 72.14.233.79 (72.14.233.79) 48.822 ms 14 209.85.249.133 (209.85.249.133) 57.250 ms 216.239.43.30 (216.239.43.30) 61.987 ms 65.345 ms 15 nf-in-f103.google.com (64.233.183.103) 61.596 ms 61.217 ms 60.348 ms # traceroute6 ipv6.google.com traceroute to ipv6.l.google.com (2001:4860:0:1001::68) from 2001:b18::211:43ff:fefd:90f6, 30 hops max, 16 byte packets 1 ge-1.Edge1.ip6.Lisbon.NFSi.pt (2001:b18::ffff) 0.346 ms 0.31 ms 0.234 ms 2 2001:5a0:1500::1 (2001:5a0:1500::1) 0.729 ms 0.456 ms 0.358 ms 3 2001:5a0:1500::e (2001:5a0:1500::e) 27.217 ms 27.205 ms 27.213 ms 4 2001:5a0:c00:100::e (2001:5a0:c00:100::e) 32.949 ms 36.937 ms 32.967 ms 5 2001:5a0:200::5 (2001:5a0:200::5) 68.051 ms 37.071 ms 37.088 ms 6 pr61.ams04.net.google.com (2001:7f8:1::a501:5169:1) 33.581 ms 36.939 ms 33.709 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * 2001:4860:0:1001::68 (2001:4860:0:1001::68) 39.995 ms 36.551 ms Regards, --- Nuno Vieira nfsi telecom, lda. nuno.vieira at nfsi.pt Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301 http://www.nfsi.pt/ ----- "Carlos Friacas" wrote: > On Wed, 29 Oct 2008, Gert Doering wrote: > > > To be a bit more constructive: you could maintain a list of AS > numbers > > that belong to known research networks and should be reached via > Geant2, > > and local-pref these. Anything else coming in via Geant2 should not > be > > local-prefed (don't necessarily *drop*, even if that might be > prudent given > > some of the crap I2 is leaking, but at least do not *force*) - which > would > > avoid routing Google traffic to Hongkong, instead of Amsterdam. > > Hello, > > I can say that from my small corner, something has really improved. > > In Abril, when ipv6.google.com was launched, the avg latency from my > network was about 140% higher when comparing to www.google.com. > > *Now* it's about 10% *lower*! (about ~5ms in absolute values). So, > someone > tweaked something, somewhere regarding v6 routing :-) > > IMHO, this also may indicate that there is still something along the > path in the v4 side which may need some tunning... ;-) > > > Best Regards, > Carlos > (Portuguese NREN) From gert at space.net Fri Nov 7 15:00:52 2008 From: gert at space.net (Gert Doering) Date: Fri, 7 Nov 2008 15:00:52 +0100 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: References: <491385BB.1060301@he.net> <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> Message-ID: <20081107140052.GR89033@Space.Net> Hi, On Fri, Nov 07, 2008 at 10:09:06AM +0200, Pekka Savola wrote: > Juniper EX-switches (when in L2 mode) don't forward IPv6 frames by > default. DUH! Whut? Why? Is it sold as an "Ethernet switch" or as an "IPv4 Ethernet"? Stupid idea. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 128645 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279 From dave at maxgigapop.net Fri Nov 7 23:25:02 2008 From: dave at maxgigapop.net (Dave Diller) Date: Fri, 7 Nov 2008 17:25:02 -0500 Subject: Juniper EX and IPv6 In-Reply-To: References: <491385BB.1060301@he.net> <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> Message-ID: <3B151F00-7E2A-49C3-B8F6-776EA2DE66EF@maxgigapop.net> > > Juniper EX-switches (when in L2 mode) don't forward IPv6 frames by > default. DUH! What version of code was this? It seems to work for me as is with trunked ports, on 9.2R1.10. I've got an EX in the lab, with a GE trunked to each of two T-series. I just put an IPv6 address on the router subinterfaces and was able to ping across after the ~10 second neighbor discovery process. I don't remember intentionally configuring anything to "enable" passing v6 through the box since I wasn't aware of this until now. EX interfaces are plain vanilla: ge-0/0/1 { mtu 9216; unit 0 { family ethernet-switching { port-mode trunk; vlan { members [ 55 66 ]; } } } } -dd From mleber at he.net Sat Nov 8 05:28:03 2008 From: mleber at he.net (Mike Leber) Date: Fri, 07 Nov 2008 20:28:03 -0800 Subject: fixed configuration 48 port layer 3 routers In-Reply-To: <491385BB.1060301@he.net> References: <491385BB.1060301@he.net> Message-ID: <49151553.4050502@he.net> BTW, thank you to everybody for the suggestions. We'll work on getting quotes and hardware to test. Mike. -- +---------------- H U R R I C A N E - E L E C T R I C ----------------+ | Mike Leber Wholesale IPv4 and IPv6 Transit 510 580 4100 | | Hurricane Electric AS6939 | | mleber at he.net Internet Backbone & Colocation http://he.net | +---------------------------------------------------------------------+ From pekkas at netcore.fi Sat Nov 8 07:56:03 2008 From: pekkas at netcore.fi (Pekka Savola) Date: Sat, 8 Nov 2008 08:56:03 +0200 (EET) Subject: Juniper EX and IPv6 In-Reply-To: <3B151F00-7E2A-49C3-B8F6-776EA2DE66EF@maxgigapop.net> References: <491385BB.1060301@he.net> <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> <3B151F00-7E2A-49C3-B8F6-776EA2DE66EF@maxgigapop.net> Message-ID: On Fri, 7 Nov 2008, Dave Diller wrote: >> Juniper EX-switches (when in L2 mode) don't forward IPv6 frames by default. >> DUH! > > What version of code was this? It seems to work for me as is with trunked > ports, on 9.2R1.10. > > I've got an EX in the lab, with a GE trunked to each of two T-series. I just > put an IPv6 address on the router subinterfaces and was able to ping across > after the ~10 second neighbor discovery process. I don't remember > intentionally configuring anything to "enable" passing v6 through the box > since I wasn't aware of this until now. > > EX interfaces are plain vanilla: > > ge-0/0/1 { > mtu 9216; > unit 0 { > family ethernet-switching { > port-mode trunk; > vlan { > members [ 55 66 ]; > } > } > } > } This was 9.2. We tested only non-tagged regular ports and had to add something like this: interfaces { vlan { unit 0 { family inet6; } } } -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From udo at stueberl.de Sat Nov 8 12:34:04 2008 From: udo at stueberl.de (Udo Steinegger) Date: Sat, 8 Nov 2008 12:34:04 +0100 Subject: Juniper EX and IPv6 In-Reply-To: References: <491385BB.1060301@he.net> <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> <3B151F00-7E2A-49C3-B8F6-776EA2DE66EF@maxgigapop.net> Message-ID: Pekka, You need family ethernet-switching rather than family Inet6 on your Interface/unit. Guess that was your problem. My setup: Host--ex4200--ex4200--host Works just Fine with JunOS 9.x, with x equals to 0, 1 and 2 Hope that helps Cheers Udo -- Am 08.11.2008 um 07:56 schrieb Pekka Savola : > On Fri, 7 Nov 2008, Dave Diller wrote: >>> Juniper EX-switches (when in L2 mode) don't forward IPv6 frames by >>> default. DUH! >> >> What version of code was this? It seems to work for me as is with >> trunked ports, on 9.2R1.10. >> >> I've got an EX in the lab, with a GE trunked to each of two T- >> series. I just put an IPv6 address on the router subinterfaces and >> was able to ping across after the ~10 second neighbor discovery >> process. I don't remember intentionally configuring anything to >> "enable" passing v6 through the box since I wasn't aware of this >> until now. >> >> EX interfaces are plain vanilla: >> >> ge-0/0/1 { >> mtu 9216; >> unit 0 { >> family ethernet-switching { >> port-mode trunk; >> vlan { >> members [ 55 66 ]; >> } >> } >> } >> } > > This was 9.2. We tested only non-tagged regular ports and had to > add something like this: > > interfaces { > vlan { > unit 0 { > family inet6; > } > } > } > > -- > Pekka Savola "You each name yourselves king, yet the > Netcore Oy kingdom bleeds." > Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings > From pekkas at netcore.fi Sat Nov 8 15:25:50 2008 From: pekkas at netcore.fi (Pekka Savola) Date: Sat, 8 Nov 2008 16:25:50 +0200 (EET) Subject: Juniper EX and IPv6 In-Reply-To: References: <491385BB.1060301@he.net> <2EBCE509-4421-4D45-A601-4CF4108D5628@stueberl.de> <3B151F00-7E2A-49C3-B8F6-776EA2DE66EF@maxgigapop.net>

Message-ID: On Sat, 8 Nov 2008, Udo Steinegger wrote: > You need family ethernet-switching rather than family > Inet6 on your Interface/unit. > Guess that was your problem. > > My setup: > Host--ex4200--ex4200--host > > Works just Fine with JunOS 9.x, with x equals to 0, 1 and 2 In our case, it wasn't enough. Example: interfaces { ... ge-0/0/39 { unit 0 { family ethernet-switching; } } ... vlan { unit 0 { family inet { filter { input ACL; } address x.x.x.x/24; } family inet6; <== had to be added } } vlans { default { vlan-id 1; l3-interface vlan.0; <== had to be added } } I'd suspect that adding family inet and a v4 address for management purposes made the software confused whether it should be a switch or router; however, v4 packets were switched fine without adding these two options, v6 weren't. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings From truman at suspicious.org Sun Nov 9 01:23:11 2008 From: truman at suspicious.org (truman at suspicious.org) Date: Sun, 9 Nov 2008 00:23:11 +0000 Subject: Juniper EX and IPv6 Message-ID: <333889517-1226190194-cardhu_decombobulator_blackberry.rim.net-1230367407-@bxe005.bisx.prodap.on.blackberry> After the interesting post regarding ipv6 forwarding on ex-series, I asked one our engineers to test this out. Everything worked fine with no specific IPv6 configuration on the EX running junos 9.3 Details below: it works fine in 9.3 . M10i ------- EX -------- M160 EX in L2 mode with trunk-port to M10i and M160, and also configured a L3-interface vlan.10 on EX, both transit and local originated icmp6 traffic works fine. lab at m10i-re0# run show interfaces terse ge-0/0/0 Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up inet 20.1.1.1/24 inet6 fe80::205:8500:af3:b000/64 fec0:1:1:1::1/64 mpls lab at m160# run show interfaces terse ge-6/1/0 Interface Admin Link Proto Local Remote ge-6/1/0 up up ge-6/1/0.0 up up inet 20.1.1.2/24 inet6 fe80::290:6900:a4e:3f13/64 fec0:1:1:1::2/64 lab at EX4200-IPG# run show interfaces terse vlan.10 Interface Admin Link Proto Local Remote vlan.10 up up inet6 fe80::219:e2ff:fe50:a300/64 fec0:1:1:1::3/64 lab at m10i-re0# run ping fec0:1:1:1::2 PING6(56=40+8+8 bytes) fec0:1:1:1::1 --> fec0:1:1:1::2 16 bytes from fec0:1:1:1::2, icmp_seq=0 hlim=64 time=1.022 ms 16 bytes from fec0:1:1:1::2, icmp_seq=1 hlim=64 time=0.849 ms 16 bytes from fec0:1:1:1::2, icmp_seq=2 hlim=64 time=0.985 ms ^C --- fec0:1:1:1::2 ping6 statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.849/0.952/1.022/0.074 ms [edit] lab at m10i-re0# run ping fec0:1:1:1::3 PING6(56=40+8+8 bytes) fec0:1:1:1::1 --> fec0:1:1:1::3 16 bytes from fec0:1:1:1::3, icmp_seq=0 hlim=64 time=1.069 ms 16 bytes from fec0:1:1:1::3, icmp_seq=1 hlim=64 time=0.763 ms 16 bytes from fec0:1:1:1::3, icmp_seq=2 hlim=64 time=1.097 ms 16 bytes from fec0:1:1:1::3, icmp_seq=3 hlim=64 time=1.029 ms ^C --- fec0:1:1:1::3 ping6 statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/std-dev = 0.763/0.989/1.097/0.133 ms lab at m10i-re0# run show ipv6 neighbors IPv6 Address Linklayer Address State Exp Rtr Interface fec0:1:1:1::2 00:90:69:4e:3f:13 stale 1044 yes ge-0/0/0.0 fec0:1:1:1::3 00:19:e2:50:a3:00 stale 1113 yes ge-0/0/0.0 lab at EX4200-IPG# run show version fpc0: -------------------------------------------------------------------------- Hostname: EX4200-IPG Model: ex4200-24f JUNOS Base OS boot [9.3-20080816.0] JUNOS Base OS Software Suite [9.3-20080816.0] JUNOS Kernel Software Suite [9.3-20080816.0] JUNOS Crypto Software Suite [9.3-20080816.0] JUNOS Online Documentation [9.3-20080816.0] JUNOS Enterprise Software Suite [9.3-20080816.0] JUNOS Packet Forwarding Engine Enterprise Software Suite [9.3-20080816.0] JUNOS Routing Software Suite [9.3-20080816.0] JUNOS Web Management [9.3-20080816.0] Kind regards, Truman Boyes ------Original Message------ From: Pekka Savola Sender: ipv6-ops-bounces+truman=suspicious.org at lists.cluenet.de To: Udo Steinegger Cc: ipv6-ops at lists.cluenet.de Sent: Nov 8, 2008 9:25 AM Subject: Re: Juniper EX and IPv6 On Sat, 8 Nov 2008, Udo Steinegger wrote: > You need family ethernet-switching rather than family > Inet6 on your Interface/unit. > Guess that was your problem. > > My setup: > Host--ex4200--ex4200--host > > Works just Fine with JunOS 9.x, with x equals to 0, 1 and 2 In our case, it wasn't enough. Example: interfaces { ... ge-0/0/39 { unit 0 { family ethernet-switching; } } ... vlan { unit 0 { family inet { filter { input ACL; } address x.x.x.x/24; } family inet6; <== had to be added } } vlans { default { vlan-id 1; l3-interface vlan.0; <== had to be added } } I'd suspect that adding family inet and a v4 address for management purposes made the software confused whether it should be a switch or router; however, v4 packets were switched fine without adding these two options, v6 weren't. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings Sent via BlackBerry? from Telstra