Re: NANOG Digest, Vol 145, Issue 25

[Jason Pope <boards188 () gmail com>]

Would it be possible to deploy one switch for every three floors? So each
switch would service the floor that they are on, along with the floor below
and the floor above? That would reduce your switch count to ten and you
should be able to use an the vendors ethernet ring protocol. If you use
bidirectional optics, you should be able to set up two ethernet rings of
five switches.

Jason K Pope
Greater love has no one than this, that one lay down his life for his
friends.
John 15:13



> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 25 Feb 2020 13:40:20 +0100
> From: Alex Band <alex () nlnetlabs nl>
> To: NANOG list <nanog () nanog org>
> Subject: Re: Has Anyone managed to get Delegated RPKI working with
>         ARIN
> Message-ID: <7A5ABDFB-56EA-46C5-B553-94346A52EEEA () nlnetlabs nl>
> Content-Type: text/plain;       charset=utf-8
>
> An update:
>
> The setup process with ARIN has now been fixed in Krill 0.5.0, which was
> just released:
> https://www.nlnetlabs.nl/news/2020/Feb/25/krill.0.5.0-released/
>
> We have worked around the issue by transforming the child request XML file
> in the user interface using a toggle:
> https://rpki.readthedocs.io/en/latest/krill/parent-interactions.html#arin
>
> The ensured that Krill is compatible with both the old and new response
> file format. Once ARIN conforms to RFC 8183, this toggle will be removed in
> a future version. We have also fixed two blocking issues with APNIC,
> ensuring Krill now works with every RIR implementation.
>
> Looking forward to your feedback on this release.
>
> Cheers,
>
> Alex
>
> > On 13 Feb 2020, at 09:48, Alex Band <alex () nlnetlabs nl> wrote:
> >
> > Hi there!
> >
> > There is also this somewhat hacky SED command to transform the Request
> XML into the format that ARIN accepts, in case you’d like to use something
> other than the XSL:
> > https://sed.js.org/?gist=3f08fb293c8825855bb26f2865161575
> >
> > –– Looping in John Curran
> >
> > John, I appreciate ARIN has accepted RFC 8183 compatibility as an ACSP
> suggestion:
> > https://www.arin.net/participate/community/acsp/suggestions/2020-3/
> >
> > Looking at the XML though, the changes needed to make this work are one
> tag, a URL and a version number. Could this please be tracked as a simple
> bug instead of a "feature to include in our future RPKI improvements”?
> > In the mean time I have added a warning to the documentation:
> https://rpki.readthedocs.io/en/latest/krill/manage-cas.html#step-1-get-the-request-xml-file
> > Thanks!
> >
> > -Alex
> >
> > > On 5 Feb 2020, at 16:48, Tim Bruijnzeels <tim () nlnetlabs nl> wrote:
> > >
> > > Hi,
> > >
> > > Everyone is welcome to read that list of course, but the TL;DR is:
> > >
> > > ARIN currently uses a pre RFC 8183 format for the identity exchange. It
> would be good if this were updated. New versions of rpkid as well as Krill
> have issues with the old format.
> > > In the meantime this XSL provided by rpki.net can be of help:
> https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl
> > > Note: if you are planning to give Krill a try we recommend that you
> wait for version 0.5. We expect to have this version ready in 1-2 weeks. It
> will include usability improvements, better monitoring and a UI.
> > > Kind regards,
> > >
> > > Tim
> > >
> > >
> > >
> > > > On 5 Feb 2020, at 16:03, Christopher Munz-Michielin <
> christopher () ve7alb ca> wrote:
> > > > Brilliant! Thanks for the write up Cynthia, I'll have a read through!
> > > >
> > > > Chris
> > > >
> > > > On 2020-02-05 1:56 a.m., Cynthia Revström wrote:
> > > > > (Re-sent as I forgot to include the ML the first time, oops)
> > > > > Hi Chris,
> > > > >
> > > > > I recently figured it out and posted it on the NLNetLabs RPKI mailing
> list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html
> <https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html>
> > > > > I hope it helps :)
> > > > >
> > > > > - Cynthia
> > > > >
> > > > > On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin <
> christopher () ve7alb ca <mailto:christopher () ve7alb ca>> wrote:
> > > > >   Hi Nanog,
> > > > >
> > > > >   Posting here since my Google-fu is coming up short.  I'm trying to
> setup delegated RPKI in ARIN using rpki.net <http://rpki.net>'s rpkid
> Python daemon and am running into an issue submitting the identity file to
> ARIN's control panel. The same file submitted to RIPE's  test environment
> at https://localcert.ripe.net/#/rpki works without issue, while
> submitting to ARIN results in "Invalid Identity.xml file."
> > > > >   The guide I'm following is this one:
> https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md
> and I'm able to get as far as generating the identity file.
> > > > >   Wondering if anyone has gone down this road before and has any
> helpful hints to make this work?
> > > > >   Cheers,
> > > > >   Chris
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 25 Feb 2020 18:32:02 -0800
> From: Norman Jester <nj () jester mx>
> To: nanog () nanog org
> Subject: Hi-Rise Building Fiber Suggestions
> Message-ID: <44DA61E8-1023-466D-A8A7-8CA6369BBD0C () jester mx>
> Content-Type: text/plain; charset=utf-8
>
> I’m in the process of choosing hardware
> for a 30 story building. If anyone has experience with this I’d appreciate
> any tips.
>
> There are two fiber pairs running up the building riser. I need to put a
> POE switch on each floor using this fiber.
>
> The idea is to cut the fiber at each floor and insert a switch and daisy
> chain the switches together using one pair, and using the other pair as the
> failover side of the ring going back to the source so if one device fails
> it doesn’t take the whole string down.
>
> The problem here is how many switches can be strung together and I would
> not try more than 3 to 5. This is not something I typically do (stacking
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet
> switch to switch limits (if they still exist??)
>
> Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
>
> I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor.  Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
>
> Norman
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 25 Feb 2020 23:21:27 -0500
> From: Bradley Burch <bradley () wifastnetworks com>
> To: Norman Jester <nj () jester mx>
> Cc: nanog () nanog org
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID: <4F4AD665-71ED-4423-A591-E737088E014B () wifastnetworks com>
> Content-Type: text/plain; charset=utf-8
>
> Should consider DWDM or GPON and in those look at passive optical
> technologies that can benefit the project.
>
> > On Feb 25, 2020, at 9:33 PM, Norman Jester <nj () jester mx> wrote:
> >
> > I’m in the process of choosing hardware
> > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > There are two fiber pairs running up the building riser. I need to put a
> POE switch on each floor using this fiber.
> > The idea is to cut the fiber at each floor and insert a switch and daisy
> chain the switches together using one pair, and using the other pair as the
> failover side of the ring going back to the source so if one device fails
> it doesn’t take the whole string down.
> > The problem here is how many switches can be strung together and I would
> not try more than 3 to 5. This is not something I typically do (stacking
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet
> switch to switch limits (if they still exist??)
> > Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
> > I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor.  Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
> > Norman
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 25 Feb 2020 20:42:04 -0800
> From: Ryan Hamel <ryan () rkhtech org>
> To: Norman Jester <nj () jester mx>
> Cc: "=?utf-8?Q?nanog=40nanog.org?=" <nanog () nanog org>
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID:
>         <1582691775.local-b755fc33-4b8b-v1.2.1-5f094887 () getmailspring com>
> Content-Type: text/plain; charset="utf-8"
>
> I'd say a pair of Juniper switches on each floor, with their
> virtual-chassis capability. Terminate the top/bottom floor of fiber 1 into
> switch 1, and the other into switch two. Create an LACP bond between each
> floors switches, tag the necessary VLANs, and put the VLAN SVIs onto the
> first pair of switches at the building electrical/telecom room.
>
> The same thing can be done with MLAG across many switch vendors, but that
> will require additional configuration.
> On Feb 25 2020, at 6:32 pm, Norman Jester <nj () jester mx> wrote:
> > I’m in the process of choosing hardware
> > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > There are two fiber pairs running up the building riser. I need to put a
> POE switch on each floor using this fiber.
> > The idea is to cut the fiber at each floor and insert a switch and daisy
> chain the switches together using one pair, and using the other pair as the
> failover side of the ring going back to the source so if one device fails
> it doesn’t take the whole string down.
> > The problem here is how many switches can be strung together and I would
> not try more than 3 to 5. This is not something I typically do (stacking
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet
> switch to switch limits (if they still exist??)
> > Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
> > I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor. Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
> > Norman
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20200225/74e61671/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Tue, 25 Feb 2020 20:44:11 -0800
> From: Tim Požár <pozar () lns com>
> To: Bradley Burch <bradley () wifastnetworks com>, Norman Jester
>         <nj () jester mx>
> Cc: nanog () nanog org
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID: <066d5a1d-ce71-2bd8-7cb5-d194794cab92 () lns com>
> Content-Type: text/plain; charset=utf-8
>
> If you are limited on fiber runs, how about using 10Gb BiDi optics to
> limit a ring to say two sets of 15 switches.
>
> Tim
>
> On 2/25/20 8:21 PM, Bradley Burch wrote:
> > Should consider DWDM or GPON and in those look at passive optical
> technologies that can benefit the project.
> > > On Feb 25, 2020, at 9:33 PM, Norman Jester <nj () jester mx> wrote:
> > >
> > > I’m in the process of choosing hardware
> > > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > > There are two fiber pairs running up the building riser. I need to put
> a POE switch on each floor using this fiber.
> > > The idea is to cut the fiber at each floor and insert a switch and
> daisy chain the switches together using one pair, and using the other pair
> as the failover side of the ring going back to the source so if one device
> fails it doesn’t take the whole string down.
> > > The problem here is how many switches can be strung together and I
> would not try more than 3 to 5. This is not something I typically do
> (stacking switches). I have fears of STP and/or RSTP issue stacking past
> Ethernet switch to switch limits (if they still exist??)
> > > Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
> > > I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor.  Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
> > > Norman
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 25 Feb 2020 20:45:05 -0800
> From: Ryan Hamel <ryan () rkhtech org>
> To: Bradley Burch <bradley () wifastnetworks com>
> Cc: Norman Jester <nj () jester mx>, "=?utf-8?Q?nanog=40nanog.org?="
>         <nanog () nanog org>
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID:
>         <1582692127.local-4a72be00-28c6-v1.2.1-5f094887 () getmailspring com>
> Content-Type: text/plain; charset="utf-8"
>
> How would that work to solve Norman's problem? That sounds like a lot of
> money spending, and setup time, for nothing.
>
> Ryan
> On Feb 25 2020, at 8:21 pm, Bradley Burch <bradley () wifastnetworks com>
> wrote:
> > Should consider DWDM or GPON and in those look at passive optical
> technologies that can benefit the project.
> > > On Feb 25, 2020, at 9:33 PM, Norman Jester <nj () jester mx> wrote:
> > > I’m in the process of choosing hardware
> > > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > > There are two fiber pairs running up the building riser. I need to put
> a POE switch on each floor using this fiber.
> > > The idea is to cut the fiber at each floor and insert a switch and
> daisy chain the switches together using one pair, and using the other pair
> as the failover side of the ring going back to the source so if one device
> fails it doesn’t take the whole string down.
> > > The problem here is how many switches can be strung together and I
> would not try more than 3 to 5. This is not something I typically do
> (stacking switches). I have fears of STP and/or RSTP issue stacking past
> Ethernet switch to switch limits (if they still exist??)
> > > Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
> > > I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor. Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
> > > Norman
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20200225/362dc7df/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 7
> Date: Tue, 25 Feb 2020 20:45:47 -0800
> From: Joel Jaeggli <joelja () bogus com>
> To: Norman Jester <nj () jester mx>
> Cc: nanog () nanog org
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID: <342965FD-6E9A-4827-9BB9-CFE8FF3515AD () bogus com>
> Content-Type: text/plain; charset=utf-8
>
>
>
> Sent from my iPhone
>
> > On Feb 25, 2020, at 18:34, Norman Jester <nj () jester mx> wrote:
> >
> > I’m in the process of choosing hardware
> > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > There are two fiber pairs running up the building riser. I need to put a
> POE switch on each floor using this fiber.
>
> In my experience with retrofitting existing structures, if you have access
> to the riser at each floor as it sounds like you do, you would typically
> drop in a new duct,  blow micro duct through it with a branch for each
> floor, have an MDF  or two In a utility spaces  and them you have the
> ability to reconfigure  the fiber as necessary to meet your present and
> future needs.
>
> You didn’t specify if the existing fiber is single or multi-mode however
> it is unlikely that the was enough slack built into two fiber runs to make
> 30 additional splices so that approach seems dubious as a premise.
>
> As you correctly surmise daisy chaining 30 switches is not an advisable
> network design practice.
>
> > The idea is to cut the fiber at each floor and insert a switch and daisy
> chain the switches together using one pair, and using the other pair as the
> failover side of the ring going back to the source so if one device fails
> it doesn’t take the whole string down.
> > The problem here is how many switches can be strung together and I would
> not try more than 3 to 5. This is not something I typically do (stacking
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet
> switch to switch limits (if they still exist??)
> > Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
> > I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor.  Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
> > Norman
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 25 Feb 2020 21:00:11 -0800
> From: Tim Požár <pozar () lns com>
> To: Norman Jester <nj () jester mx>, nanog () nanog org
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID: <14a36d9a-f68b-4087-b1fb-50db0daecd05 () lns com>
> Content-Type: text/plain; charset=utf-8
>
> Also, Juniper switches will stack over fiber.  I have deployed Virtual
> Chassis over multiple IDFs.  The VC ports can be (and highly suggested)
> to be in a ring.
>
>
> https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-ex4200-overview.html
>
>
> https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/virtual-chassis-ex4300-configuring.html
>
> On 2/25/20 6:32 PM, Norman Jester wrote:
> > I’m in the process of choosing hardware
> > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > There are two fiber pairs running up the building riser. I need to put a
> POE switch on each floor using this fiber.
> > The idea is to cut the fiber at each floor and insert a switch and daisy
> chain the switches together using one pair, and using the other pair as the
> failover side of the ring going back to the source so if one device fails
> it doesn’t take the whole string down.
> > The problem here is how many switches can be strung together and I would
> not try more than 3 to 5. This is not something I typically do (stacking
> switches). I have fears of STP and/or RSTP issue stacking past Ethernet
> switch to switch limits (if they still exist??)
> > Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
> > I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor.  Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
> > Norman
>
>
> ------------------------------
>
> Message: 9
> Date: Tue, 25 Feb 2020 23:02:27 -0800
> From: Ryan Hamel <ryan () rkhtech org>
> To: Tim Požár <pozar () lns com>
> Cc: Norman Jester <nj () jester mx>, "=?utf-8?Q?nanog=40nanog.org?="
>         <nanog () nanog org>
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID:
>         <1582700307.local-913d815c-cd22-v1.2.1-5f094887 () getmailspring com>
> Content-Type: text/plain; charset="utf-8"
>
> I do not recommend doing that, it's 30 members in a single stack. Mine was
> only two, directly connected to each other.
>
> Treat your control plane like your L2, don't extend it farther than
> necessary.
> Ryan
> On Feb 25 2020, at 9:00 pm, Tim Požár <pozar () lns com> wrote:
> > Also, Juniper switches will stack over fiber. I have deployed Virtual
> > Chassis over multiple IDFs. The VC ports can be (and highly suggested)
> > to be in a ring.
> https://www.juniper.net/documentation/en_US/junos/topics/concept/virtual-chassis-ex4200-overview.html
> >
> https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/virtual-chassis-ex4300-configuring.html
> > On 2/25/20 6:32 PM, Norman Jester wrote:
> > > I’m in the process of choosing hardware
> > > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > > There are two fiber pairs running up the building riser. I need to put
> a POE switch on each floor using this fiber.
> > > The idea is to cut the fiber at each floor and insert a switch and
> daisy chain the switches together using one pair, and using the other pair
> as the failover side of the ring going back to the source so if one device
> fails it doesn’t take the whole string down.
> > > The problem here is how many switches can be strung together and I
> would not try more than 3 to 5. This is not something I typically do
> (stacking switches). I have fears of STP and/or RSTP issue stacking past
> Ethernet switch to switch limits (if they still exist??)
> > > Is there a device with a similar protocol as the old 3com (now HP IDF)
> stacking capability via fiber?
> > > I’d like to use something inexpensive as its to power ubiquiti wifi on
> each floor. Ideally if you know something I don’t about ubiquiti switches
> that can do this I’d appreciate knowing.
> > > Norman
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20200225/b7b96df7/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 10
> Date: Wed, 26 Feb 2020 09:59:58 +0100
> From: Bill Woodcock <woody () pch net>
> To: "nanog () nanog org" <nanog () nanog org>
> Subject: Re: Hi-Rise Building Fiber Suggestions
> Message-ID: <E2A6B721-7F54-49BD-AFA6-257287F70118 () pch net>
> Content-Type: text/plain; charset="utf-8"
>
> > On 2/25/20 6:32 PM, Norman Jester wrote:
> > I’m in the process of choosing hardware
> > for a 30 story building. If anyone has experience with this I’d
> appreciate any tips.
> > There are two fiber pairs running up the building riser. I need to put a
> POE switch on each floor using this fiber.
> > The idea is to cut the fiber at each floor and insert a switch and daisy
> chain the switches together using one pair, and using the other pair as the
> failover side of the ring going back to the source so if one device fails
> it doesn’t take the whole string down.
> > The problem here is how many switches can be strung together and I would
> not try more than 3 to 5.
>
> Yeah…  I’d regenerate every five L2 devices as well.  Which just means
> going up to L3 periodically.  Would it work for you to use the first pair
> for daisy-chaining switches on each floor that’s not a multiple of five,
> and then put the switches on the floors that are multiples of five into
> router mode, with a switch-group facing their own floor, but routed ports
> facing other floors?  Then use the second pair as an “express” lane between
> the exit, floor 10, and floor 20, to keep L3 hop-sounds down and provide
> some redundancy?
>
>                                 -Bill
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 833 bytes
> Desc: Message signed with OpenPGP
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20200226/1eefe090/attachment-0001.sig
> >
>
> End of NANOG Digest, Vol 145, Issue 25
> **************************************