Many ISPs run into this problem as part of their growing pains. This scenario usually starts happening with their third or 4th peer.
Scenario. ISP grows beyond the single connection they have. This can be 10 meg, 100 meg, gig or whatever. They start out looking for redundancy. The ISP brings in a second provider, usually at around the same bandwidth level. This way the network has two pretty equal paths to go out.
A unique problem usually develops as the network grows to the point of peaking the capacity of both of these connections. The ISP has to make a decision. Do they increase the capacity to just one provider? Most don’t have the budget to increase capacities to both providers. Now, if you increase one you are favouring one provider over another until the budget allows you to increase capacity on both. You are essentially in a state where you have to favor one provider in order to keep up capacity. If you fail over to the smaller pipe things could be just as bad as being down.
This is where many ISPs learn the hard way that BGP is not load balancing. But what about padding, communities, local-pref, and all that jazz? We will get to that. In the meantime, our ISP may have the opportunity to get to an Internet Exchange (IX) and offload things like streaming traffic. Traffic returns to a little more balance because you essentially have a 3rd provider with the IX connection. But, they growing pains don’t stop there.
As ISP’s, especially WISPs, have more and more resources to deal with cutting down latency they start seeking out better-peered networks. The next growing pain that becomes apparent is the networks with lots of high-end peers tend to charge more money. In order for the ISP to buy bandwidth they usually have to do it in smaller quantities from these types of providers. This introduces the probably of a mismatched pipe size again with a twist. The twist is the more, and better peers a network has the more traffic is going to want to travel to that peer. So, the more expensive peer, which you are probably buying less of, now wants to handle more of your traffic.
So, the network geeks will bring up things like padding, communities, local-pref, and all the tricks BGP has. But, at the end of the day, BGP is not load balancing. You can *influence* traffic, but BGP does not allow you to say “I want 100 megs of traffic here, and 500 megs here.” Keep in mind BGP deals with traffic to and from IP blocks, not the traffic itself.
So, how does the ISP solve this? Knowing about your upstream peers is the first thing. BGP looking glasses, peer reports such as those from Hurricane Electric, and general news help keep you on top of things. Things such as new peering points, acquisitions, and new data centers can influence an ISPs traffic. If your equipment supports things such as netflow, sflow, and other tools you can begin to build a picture of your traffic and what ASNs it is going to. This is your first major step. Get tools to know what ASNs the traffic is going to You can then take this data, and look at how your own peers are connected with these ASNs. You will start to see things like provider A is poorly peered with ASN 2906.
Once you know who your peers are and have a good feel on their peering then you can influence your traffic. If you know you don’t want to send traffic destined for ASN 2906 in or out provider A you can then start to implement AS padding and all the tricks we mentioned before. But, you need the greater picture before you can do that.
One last note. Peering is dynamic. You have to keep on top of the ecosystem as a whole.
Below, We have some visio diagrams we have done for customers.
This first design is a customer mesh into a couple of different data centers. We are referring to this as a switch-centric design. This has been talked about in the forums and switch-centric seems like as good as any.
This next design is a netonix switch and a Baicells deployment.
We like to refer to Indianapolis, Indiana as an “NFL City” when explaining the connectivity and peering landscape. It is not a large network presence like Chicago or Ashburn but has enough networks to make it a place for great interconnects.
At the heart of Indianapolis is the Indy Telcom complex. www.indytelcom.com (currently down as of this writing). This is also referred to as the “Henry Street” complex because West Henry Street runs past several of the buildings. This is a large complex with many buildings on it.
One of the things many of our clients ask about is getting connectivity from building to building on the Indy Telcom campus. Lifeline Data Centers ( www.lifelinedatacenters.com ) operates a carrier hotel at 733 Henry. With at least 30 on-net carriers and access to many more 733 is the place to go for cross-connect connectivity in Indianapolis. We have been told by Indy Telcom the conduits between the buildings on the campus are 100% full. This makes connectivity challenging at best when going between buildings. The campus has lots of space, but the buildings are on islands if you wish to establish dark fiber cross-connects between buildings. Many carriers have lit services, but due to the ways many carriers provision things getting a strand, or even a wave is not possible. We do have some options from companies like Zayo or Lightedge for getting connectivity between buildings, but it is not like Chicago or other big Date centers. However, there is a solution for those looking for to establish interconnections. Lifeline also operates a facility at 401 North Shadeland, which is referred to as the EastGate facility. This facility is built on 41 acres, is FEDRAMP certified, and has a bunch of features. There is a dark fiber ring going between 733 and 401. This is ideal for folks looking for both co-location and connectivity. Servers and other infrastructure can be housed at Eastgate and connectivity can be pulled from 733. This solves the 100% full conduit issue with Indy Telcom. MidWest Internet Exchange ( www.midwest-ix.com ) is also on-net at both 401 and 733.
Another location where MidWest-IX is at is 365 Data Centers (http://www.365datacenters.com ) at 701 West Henry. 365 has a national footprint and thus draws some different clients than some of the other facilities. 365 operates Data centers in Tennessee, Michigan, New York, and others. MidWest has dark fiber over to 365 in order to bring them on their Indy fabric.
Another large presence at Henry Street is Lightbound ( www.lightbound.com ). They have a couple of large facilities. According to PeeringDB, only three carriers are in their 731 facility. However, their web-site lists 18+ carriers in their facilities. The web-site does not list these carriers.
I am a big fan of peeringdb for knowing who is at what facilities, where peering points are, and other geeky information. Many of the facilities in Indianapolis are not listed on peering DB. Some other Data Centers which we know about:
On the north side of Indianapolis, you have Expedient ( www.expedient.com ) in Carmel. Expedient says they have “dozens of on net carriers among all markets”. There are some other data centers in the Indianapolis Metro area. Data Cave in Columbus is within decent driving distance.
A few days ago Homeland Security published an e-mail on threats to network devices and securing them. Rather than cut and paste I exported the e-mail to a PDF. Some good best practices in here.
So today UPS dropped off a brand new EdgeSwitch 16XG. I won’t bore you with all the cool stats. You can read the official product literature here. This is just a first look. Future posts will dive into configuration, testing, and other such things. For those wanting the cliff notes version of what this switch is about:
- (12) SFP+ Ports
- (4) 10G RJ45 Ports
- (1) RJ45 Serial Console Port
- Non-Blocking Throughput: 160 Gbps
- Switching Capacity: 320 Gbps
- Forwarding Rate: 238.10 Mpps
- (12) 1/10 Gbps SFP+ Ethernet Ports
- (4) 1/10 Gbps RJ45 Ethernet Ports
- Rack Mountable with Rack-Mount Brackets (Included)
- DC Input Option (Redundant or Stand-Alone)
UBNT is following a natural trend in the switch world. As more and more networks are looking at 1Gig being their minimum, the switches are reflecting this. Gone are the days of 10/100 ports. Now are going toward 1/10 gig ports, even on copper. 10/100/1000 switches still have their place, but usually not on switches with 10 gig ports.
Out of the box the switch isn’t anything sexy. I feel like it should have a shiny UBNT logo somewhere.
I like the fact that none of the ports are shared ports. You can use all 16 ports. It always annoys me when I buy a switch and can’t use all the ports because they are shared on the bus.
An interesting feature on this switch is a redundant DC input option. This can be anything from 16-25volts and be able to support 56watts. This results in a minimum of a 2.2 Amp power supply. This is assuming a full load on the switch as well. For the WISP market this could be a very handy option. You could install the switch where it is drawing from AC power but in the event of AC outage it will switch to a DC source. One of my questions to UBNT is if you can run it off total DC.
Now on to some nitpicky design things. None of these really affect the performance of the switch, just are annoyances.
-The console port not being on the front. In today’s dense rack environments we are putting patch panels and Transfer switches in the backs of the rack. If we have to get to the back of the front mounted devices then anything other than power becomes an annoyance. This is not an issue if you install every new switch with a console cable back to a console server like we do, but even that doesn’t always happen.
-The SFP cages should stick out just a tad from the front. During inserting and re-inserting SFPs I actually pushed the cage back a little. This resulted in some of the SFPs not clicking in correctly. The little tabs holding the top of the SFP cages aren’t sturdy enough to hold some repeated clicking in and out.
After seeing this I was prompted to open the switch and see what is under the hood.
I think this will be a hugely popular switch for anybody looking to do 10Gig. At a $600 approximate price these are, by far, the most cost effective 10 Gig switch out there. Many manufacturers have tacked on one or two, sometimes 4 SFP+ ports, but if you need to go beyond that you are talking 4 digit pricing. This is something we have struggled with MidWest-IX. It usually leads to us buying something on the used market that has the port density we need.
There you have it for a first look at this switch. More articles to follow that include:
-Questions I and you, the reader, have for UBNT
Direct from their web-site.
How to Report
when reporting for a service outage. Once verified we will plot it on tracker.
For e.g. #outage #loc (street, city – location name) #start (time), followed by #back (time)#planned or #unplanned (if its a planned or unexpected outage).
Send comments/feedback/feature requests tovirendra[dot]rode[at]outages.org
Help spread the word!
If you are like me and enjoy technical manuals here is a good one from Commscope for you installers out there. It is a good overall manual, with some Commscope specific products thrown in.
From the manual
The Drop Cable Applications and Construction Guide is written for the cable installation professional who, due to the diverse services offered by CATV and telecommunication service providers, needs a quick and handy reference to practical installation information, especially in the case of retrofitting.
We’ve tried to simplify the decision-making process as to which cables to choose for what installation, taking into account factors such as performance over distance, preventing RF interference and fire/safety codes.
As you get more and more into Cisco Data Center terminology you come across the term DCI. DCI is a Data Center Interconnect. DCI’s typically come in 3 categories.
Dark Fiber (CWDM/DWDM)
MPLS Layer 2 VPN (VPWS/VPLS)
MPLS Layer 3 VPN
A DCI is basically a LAN extension over one of the above methods.
Routing Registries are a mysterious underpinning of the peering and BGP world. To many they are arcane and complicated. If you have found this article you are at least investigating the use of a registry. Either that or you have ran out of fluffy kittens to watch on YouTube. Either way one of the first questions is “Why use a routing registry”.
As many of us know BGP is a very fragile ecosystem. Many providers edit access lists in order to only announce prefixes they have manually verified someone has the authority to advertise. This is a manual process for many opportunities for error. Any time a config file is edited errors can occur. Either typos, misconfiguration, or software bugs.
Routing registries attempt to solve two major issues. The first is automating the process of knowing who has authority to advertise what. The second is allowing a central repository of this data.
So what is a routing Registry?
From Wikipedia: An Internet Routing Registry (IRR) is a database of Internet route objects for determining, and sharing route and related information used for configuring routers, with a view to avoiding problematic issues between Internet service providers.
The Internet routing registry works by providing an interlinked hierarchy of objects designed to facilitate the organization of IP routing between organizations, and also to provide data in an appropriate format for automatic programming of routers. Network engineers from participating organizations are authorized to modify the Routing Policy Specification Language (RPSL) objects, in the registry, for their own networks. Then, any network engineer, or member of the public, is able to query the route registry for particular information of interest.
What are the downsides of a RR?
Not everyone uses routing registries. So if you only allowed routes from RR’s you would get a very incomplete view of the Internet and not be able to reach a good amount of it.
Okay, so if everyone doesn’t use it why should i go to the trouble?
If you are at a formal Internet Exchange (IX) you are most likely required to use one. Some large upstream providers highly encourage you to use one to automate their process.
What are these objects and attributes?
In order to partipate you have to define objects. The first one you create is the maintainer object. This is what the rest of the objects are referenced to and based from. Think of this as setting up your details in the registry.
From this point you setup “object types”. Object types include:
If you want to learn more about each of these as well as templates visit this ARIN site.
So what do I need to do to get started?
The first thing you need to do is setup your mntner object in the registry. I will use ARIN as our example. You can read all about it here:https://www.arin.net/resources/routing/.
You will need a couple of things before setting this up
1.Your ARIN ORGID
2.Your ADMIN POC for that ORGID
3.Your TECH POC for that ORGID
Once you have these you can fill out a basic template and submit to ARIN.
descr: Example, Inc.
auth: MD5-PW $1$ucVwrzQH$zyamFnmJ3XsWEnrKn2eQS/
changed: firstname.lastname@example.org 20150202
The templates is very specific on what to fill out. The mnt-by and referral-by are key to following instructions. MD5 is another sticking point. The process is documented just in a couple of places. In order to generate your MD5-PW follow these instructions.
1.Go to https://apps.db.ripe.net/crypt/ Enter in a password. Make sure you keep this cleartext password as you will need it when sending future requests to ARIN’s Routing Registry.
2.Submit the password to get the md5 crypt password. Keep this password for your records, as you may need it when interacting with ARIN’s IRR in the future.
3.Add the following line to your mntner object template in the text editor.
Our example above has a MD5 password already generated.
Once this is done and created you can add objects. The most commonly added objects are your ASN and IP space.
Create your ASN object using the as-num template
descr: Example, Inc.
descr: 114 Pine Circle
descr: ANYWHERE, IN 12345
import: from AS65535 accept ANY
import: from AS65533 accept AS65534
export: to AS65533 announce ANY
export: to AS65535 announce AS2 AS65533
changed: email@example.com 20150202
The things to know about the above template are the import and export attributes.
Now on to adding IP space
Suppose you have IP space of 192.0.2.0/24 Your template would look like:
inetnum: 192.0.2.0 – 192.0.2.255
descr: Example, Inc.
descr: 115 Oak Circle
descr: ANYWHERE, IN 12345
changed: firstname.lastname@example.org 20150202
The password attribute is the cleartext password for your MD5 key.
Using RPSL in practice