Speed validation for compliance on ISP networks

Does your ISP network need a way to validate customer speeds? RDOF compliance? State compliance for broadband speeds and latency? as many of you know there are problems with using public speedtest servers to validate customer speeds.

J2networks, in conjunction with Aloremnetworks, has an on-premise solution that is easy to manage, small footprint, and scalable. Our appliance lets you add a speed test server in almost any part of your network. It’s small footprint and low power draw makes it easy to fit in remote cabinets as well as the data center.

Contact us for more details and pricing.

BGP, a single /24 and two diverse non-connected exit points

I am starting to see the following scenario more and more as IPv4 space is hard to get, but isn’t.

With ARIN it is still possible to get an IPv4 allotment. Many smaller ISPs qualify for a /24 and can get one if they wait long enough on the ARIN waiting list. a /24 of IPv4 space is the smallest block that 99% of the Internet allows to be advertised on the Capital I Internet. There are filter rules in place that drop smaller prefixes because that is the agreed upon norm.

So what happens if you are an ISP and you have a shiny new /24 but you have two networks which are not connected. Let’s look at our scenario.

The above network have no connectivity between the two of them on the internal side. These could be half way across the world or next door. If they were half way across the world it would make sense to try and get another /24. Maybe they are either side of a big mountain or one is down in a valley and there is no way to get a decent link between the two networks.

So what is a way you can use this /24 and still be able to assign IP addresses to both sides of the network? One way is to use a tunnel between your two edge routers.

Without the tunnel the scenario is traffic could come into network1, but if the IP is assigned on network 2 it will come back as unreachable. BGP is all about networks finding the shortest path to other networks. You don’t have much control over how networks find your public IP space if you have two providers advertising the same information. Some of the Internet will come in Network2 and some will come in Network1.

By running a tunnel between the two you can now subnet out that /24 into two eqal /25s and assign one /25 Network1 and one /25 to Network2 or however you want to. You can make the tunnel a GRE, EOIP, or other tunnel type. If I am using Mikrotik I prefer to use EOIP. If it’s another vendor I tend to use GRE.

Once the tunnel is established you can use static routing, OSPF, or your favorite IGP (interior Gateway Protocol) to “tell” one side about the routes on the other side. Let’s look at a fictional use.

In the above example our fictional ISP has an IPv4 block of 1.2.3.0/24. They have two networks separated by a tall mountain range in the center. It’s too cost prohibitive to run fiber or a wireless backhaul between the two networks so they have two different upstream providers. The ISP is advertising this /24 via BGP to Upstream1 from the Network 1 router. Network 2 router is also advertising the same /24 via BGP to Upstream 2.

We now create a Tunnel between the Mikrotiks. As mentioned before this can be EOIP, GRE, etc. We won’t go into the details of the tunnel but let’s assume the ISP is using Mikrotik. We create an EOIP tunnel (tons of tutorials out there) between Network 1 router and Network 2 router. Once this is established we will use 172.16.200.0/30 as our “Glue” on our tunnel interfaces at each side. Network 1 router gets 172.16.200.1/30. Network 2 router gets 172.16.200.2/30

To keep it simple we have a static route statement on the Network 1 Mikrotik router that looks like this:

/ip route add dst-address=1.2.3.129/25 gateway=172.16.200.2

This statement routes any traffic that comes in for 1.2.3.128/25 via ISP 1 to network1 across the tunnel to the Network 2 router. The Network 2 router then send it to the destination inside that side of the network.

Conversely, we have a similar statement in the Network 2 Mikrotik router

/ip route add dst-address=1.2.3.0/25 gateway=172.16.200.1

This statement routes any traffic that comes in for 1.2.3.0/25 via ISP 2 to network2 across the tunnel to the Network 2 router. The Network 2 router then send it to the destination inside that side of the network.

It’s as simple as that. You can apply this to any other vendor such as Cisco, Juniper, PFSense, etc. You also do not have to split the network into even /25’s like I did. You can choose to have os of the ips available on one side and route a /29 or something to the other side.

The major drawback of this scenario is you will takef a speed hit because if the traffic comes in one side and has to route across the tunnel it will have to go back out to the public internet and over to the other ISP.

#packetsdownrange

Netbox Mikrotik Ansible Config generator

So, due to Covid, weather and everything else I am quite behind on blog updates and such. this is one that kinda fell through the cracks. I meant to get this out much sooner than now. My buddy Schylar Utley has a pretty cool projects for optimizing CPE deployments and such.

Check them out at https://github.com/MajesticFalcon

I have included an old video to give you an idea. I am sure things have changed since this video was created.

Mikrotik Connection tracking and CPU usage

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon
Already a qualifying Patreon member? Refresh to access this content.

Opinions on Versitron SG162147M switch?

Has anyone used one of these switches?
https://www.versitron.com/product/all-fiber-switches/SG162147M-16port-101001000-fiber-optic-switch-sfp-technology-1g10g-management-features

Their sales staff has been very helpful. I have not come across a switch manufacturer that has had no software updates to their product. I asked about firmware and software updates and they do not have any.

The switch itself looks very intriguing for the WISP market. It’s a small form-factor SFP and SFP+ switch. It appears ports 1-14 are 2 1 gig, and 15-16 are SFP+.

Feedback from anyone who has deployed one. I asked for a reduced price demo and they don’t have one.

#switch #versitron #SG162147M

Preseem now supports IPv6

https://docs.preseem.com/changes

Features

IPv6

Preseem now supports IPv6 for all use cases. This includes the ability to assign subscribers a prefix of arbitrary length.

IPv4 with Prefixes of Arbitrary Length

Previously Preseem modelled subnet assignments to customers as a number of /32 assignments. For example a subscriber who was assigned a /30 would result in four internal /32 mappings. Preseem now supports assigning any prefix length to a subscriber without expanding these into /32 entries internally.

FD-IX: Local-pref and default routes

I just finished up an article over on the FD-IX blog about local-prefs, default routes, and Internet exchanges.

https://www.fd-ix.com/uncategorized/local-pref-and-default-routes/

Not everyone on the Internet needs full feeds from their provider. In this case, how does learning routes from an Internet Exchange such as FD-IX benefit you if all you are doing is default routes?

So let’s take a scenario. You are a local hosting company. You don’t provide Internet to customers, you just do hosting of websites and data. You have a couple of providers you are buying Internet from, mainly for redundancy. One of these is primary and the other is a backup. You are doing BGP just because. All you are receiving from these providers is a default route and that is it. Why would you want to receive all these routes from an IX?

What is routing? MANRS

The Internet has over 68,000 publicly visible networks, which means it’s impractical to know about the existence of every other network or how they’re connected. Networks can also appear and disappear, whilst connections are constantly coming and going due to various faults and reconfigurations. This makes it too complex to take manual decisions about how to route packets across the Internet.