RE: [MLUG] morenet today (was "Your thoughts on this")

["McNutt, Justin M." <EMAIL:PROTECTED>]

Cisco does support multiple spanning trees, in the sense that they support
per-VLAN STP.  So each layer two network has its own spanning tree (as it
should).

Nortel doesn't do things this way.  Their layer 3 switches tie certain
things together at layer 2 in bizarre ways, so you use Spanning Tree Groups
(*technically* a proprietary Nortel thing, since it changes the way things
work when you use 802.1Q, although it's standard enough on un-tagged ports).

Spanning Tree Groups basically give you the ability to create per-VLAN
spanning trees, if you want to create that many (although you're limited to
16 STG's per switch).

The real solution in either case is to shut off Spanning Tree in your core
network and use layer 3 to arbitrate routing loops, since you can then take
advantage of all links, rather than blocking on redundant paths (this is
what we went to, by the way).  We also disable STP out to the edge networks,
so STP changes in the customer premise network can't muck with core devices.

--J

> -----Original Message-----
> From: Brent Deterding [mailto:EMAIL:PROTECTED]
> Sent: Tuesday, October 02, 2001 1:42 PM
> To: EMAIL:PROTECTED
> Cc: Justin M. McNutt
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> Justin? Multiple spanning trees.
> 
> We used them in 3 different zones if I recall that somewhat 
> overlapped with our
> OSPF areas. No idea what's going on now though and I'm not 
> 100% on whether I'm
> right in the first place.
> 
> As for ICMP . . . yes it is used for route changes
> 
> ICMP Redirects that were spoofed as coming from the router 
> was my original
> theory. Basically you go that way and a router tells you 
> another way is faster.
> If a machine listens to these then you can tell it "to get to 
> 0.0.0.0 use
> 127.0.0.1" and you've DoSd it. So in this case it really 
> wouldn't apply at all
> but hey I don't know the details.
> 
> -- Brent
> 
> -----Original Message-----
> From: EMAIL:PROTECTED
> [mailto:EMAIL:PROTECTED]On Behalf Of Spurling, Shannon
> Sent: Tuesday, October 02, 2001 1:13 PM
> To: EMAIL:PROTECTED
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> multiple spanning trees? Why would any one want to do that? 
> One should be
> enough to identify any possible loops.
> ISIS, or some people write it IS-IS, it means intermediate system to
> intermediate system. It's a link state routing protocol, kind 
> of like OSPF,
> but without an area 0. We have area's but no area zero, so 
> OSPF did not fit
> our network at all. We were using EIGRP a long time ago, but 
> the number of
> connections was overloading it.
> ICMP isn't used in sending update messages. BGP uses TCP, and 
> ISIS... I'm
> not sure off the top of my head what ISIS uses. you might 
> spoof a bunch of
> ICMP host unreachable messages, but I'm not sure what that 
> would get you.
> 
> Shannon Spurling
> WAN Engineer -Specialist
> 
> MOREnet, Network Services, Core Network
> 3212 Le Mone Industrial Blvd.
> Columbia, MO 65201
> 
> Main:(573) 884-7200   Fax:(573)884-6673
> 
> EMAIL:PROTECTED
> EMAIL:PROTECTED
> 
> -----Original Message-----
> From: Brent Deterding [mailto:EMAIL:PROTECTED]
> Sent: Tuesday, October 02, 2001 12:53 PM
> To: EMAIL:PROTECTED
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> ICMP Route Changes spoofed to a router perhaps?
> 
> Right, got the IGMP part (ISIS sounds cool - what is it?)
> Ahh - got it. I thought IGMP was responsible for passing it 
> to EBGP directly
> -
> didn't know there was a IBGP. thanks!
> 
> I always like knowing a little more than the average joe 
> about networking.
> Although I tried talking to a Cisco guy about multiple 
> spanning trees and
> you
> would have thought I was speaking an Eskimo dialect. 
> Evidently Cisco doesn't
> use
> multiple spanning trees; just one?
> 
> -- Brent
> 
> 
> -----Original Message-----
> From: EMAIL:PROTECTED
> [mailto:EMAIL:PROTECTED]On Behalf Of Spurling, Shannon
> Sent: Tuesday, October 02, 2001 11:41 AM
> To: EMAIL:PROTECTED
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> Not NIMDA. ICMP. Someone must have gotten on someone else's 
> bad side. There
> was something funny about the ICMP, because that stuff should 
> have just
> passed through.
> The idea here is there are layers to the routing tables. When you are
> routing internally, you use the IGMP (We use ISIS). When you 
> have something
> not in your network, you use IBGP to determine the nearest 
> egress circuit,
> and then route to it using the IGMP. Once you get to the 
> boarder, EBGP will
> point the packet out to the next autonomous system. The 
> latency was because
> the IBGP was having trouble converging, because of the ICMP 
> packets, as near
> as we can figure.
> Just say no to flaming on IRC, you don't know how much you 
> really pissed
> them off. (That's just speculation on my part.:-))
> 
> Shannon Spurling
> WAN Engineer -Specialist
> 
> MOREnet, Network Services, Core Network
> 3212 Le Mone Industrial Blvd.
> Columbia, MO 65201
> 
> Main:(573) 884-7200   Fax:(573)884-6673
> 
> EMAIL:PROTECTED
> EMAIL:PROTECTED
> 
> -----Original Message-----
> From: Brent Deterding [mailto:EMAIL:PROTECTED]
> Sent: Tuesday, October 02, 2001 11:00 AM
> To: EMAIL:PROTECTED
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> Ahhh - same problems everyone had with NIMDA. Routers were 
> dropping off and
> on
> causing tables to update. Setting an update threshold works 
> much better.
> 
> Internally shouldn't you use IGMP? Been a while since my 
> network days so go
> easy
> on me . . .
> 
> -- Brent
> 
> -----Original Message-----
> From: EMAIL:PROTECTED
> [mailto:EMAIL:PROTECTED]On Behalf Of Spurling, Shannon
> Sent: Tuesday, October 02, 2001 10:28 AM
> To: EMAIL:PROTECTED
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> Okay, no names though. Here is the official statement:
> 
> The network congestion and latency problem that affected all MOREnet
> customers this afternoon has been identified and resolved as 
> of 5:45pm this
> evening.  The MOREnet Security Group helped identify the origin of the
> network latency as an attack on a workstation within one of MOREnet's
> customer's networks.  This attack was being inadvertently 
> redistributed via
> iBGP routing methods and forcing constant updates of the 
> MOREnet routing
> tables creating an unusually high level of latency throughout 
> the MOREnet
> network.  Adjustments in the Core network filtering 
> configuration have been
> made to prevent similar attacks in the future.
> 
> Christopher Kilbride
> MOREnet
> Network Services, Core Group Supervisor
> (573)882-5444
> 
> 
> 
> 
> Shannon Spurling
> WAN Engineer -Specialist
> 
> MOREnet, Network Services, Core Network
> 3212 Le Mone Industrial Blvd.
> Columbia, MO 65201
> 
> Main:(573) 884-7200   Fax:(573)884-6673
> 
> EMAIL:PROTECTED
> EMAIL:PROTECTED
> 
> -----Original Message-----
> From: Brent Deterding [mailto:EMAIL:PROTECTED]
> Sent: Tuesday, October 02, 2001 10:30 AM
> To: EMAIL:PROTECTED
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> OK now I'm curious. What happened? Security concern? Someone 
> plug a router
> into
> itself? Chancellor plug up the pipe looking at pigsex.com? 
> (wonder if that
> is
> really a site?)
> 
> Do tell!
> 
> -- Brent
> 
> -----Original Message-----
> From: EMAIL:PROTECTED
> [mailto:EMAIL:PROTECTED]On Behalf Of Spurling, Shannon
> Sent: Tuesday, October 02, 2001 9:52 AM
> To: EMAIL:PROTECTED
> Subject: RE: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> There was no "connectivity" problem really. It was more of a traffic
> issue.... Let's just leave it at that. And that it wasn't really our
> fault...
> 
> 
> Shannon Spurling
> WAN Engineer -Specialist
> 
> MOREnet, Network Services, Core Network
> 3212 Le Mone Industrial Blvd.
> Columbia, MO 65201
> 
> Main:(573) 884-7200   Fax:(573)884-6673
> 
> EMAIL:PROTECTED
> EMAIL:PROTECTED
> 
> -----Original Message-----
> From: Aaron Littich [mailto:EMAIL:PROTECTED]
> Sent: Monday, October 01, 2001 10:15 PM
> To: EMAIL:PROTECTED
> Subject: Re: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> Yea,
> all of us down here at umr have been wondering whats up... 
> just picture a
> bunch of geek engineers without internet connection, or a 
> slow one! Pure
> Havoc!
> 
> 
> ----- Original Message -----
> From: "Jeremy Norris" <EMAIL:PROTECTED>
> To: <EMAIL:PROTECTED>
> Sent: Monday, October 01, 2001 6:08 PM
> Subject: Re: [MLUG] morenet today (was "Your thoughts on this")
> 
> 
> > I have been told by my boss that more.net was/is having a 
> connectivity
> problem
> > of late.
> >
> > Jeremy
> > (Public School technician)
> >
> > On Mon, Oct 01, 2001 at 06:06:39PM -0500, Ian Monroe wrote:
> > > The internet connection using the school district 
> connection (which uses
> > > MoreNet) at the Career Center was slow this afternoon. 
> This doesn't mean
> > > it was morenet's fault.
> > >
> > > Ian
> > >
> > > On Mon, 1 Oct 2001, Mike Miller wrote:
> > >
> > > > On Mon, 1 Oct 2001, Aaron Littich wrote:
> > > >
> > > > > PS, is there something wrong with morenet connection today?
> > > >
> > > > Nothing too bad because I've been connected by ssh from 
> umn.edu to
> > > > missouri.edu all day without any slowness that I could detect.
> > > >
> > > > Mike
> > > >
> > > > --
> > > > To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> > > >
> > > > Archives are available at 
> http://mlug.missouri.edu/list-archives/
> > > >
> > >
> > > --
> > > To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> > >
> > > Archives are available at http://mlug.missouri.edu/list-archives/
> > --
> > To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> >
> > Archives are available at http://mlug.missouri.edu/list-archives/
> >
> 
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> 
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> 
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> 
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> --
> To unsubscribe, go to http://mlug.missouri.edu/members/edit.php
> 
> Archives are available at http://mlug.missouri.edu/list-archives/
> 
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/