Would it be possible to deploy one switch for every three floors? So each switch would service the floor that they are on, along with the floor below and the floor above? That would reduce your switch count to ten and you should be able to use an the vendors ethernet ring protocol. If you use bidirectional optics, you should be able to set up two ethernet rings of five switches. Jason K Pope Greater love has no one than this, that one lay down his life for his friends. John 15:13
----------------------------------------------------------------------
Message: 1 Date: Tue, 25 Feb 2020 13:40:20 +0100 From: Alex Band <alex@nlnetlabs.nl> To: NANOG list <nanog@nanog.org> Subject: Re: Has Anyone managed to get Delegated RPKI working with ARIN Message-ID: <7A5ABDFB-56EA-46C5-B553-94346A52EEEA@nlnetlabs.nl> Content-Type: text/plain; charset=utf-8
An update:
The setup process with ARIN has now been fixed in Krill 0.5.0, which was just released: https://www.nlnetlabs.nl/news/2020/Feb/25/krill.0.5.0-released/
We have worked around the issue by transforming the child request XML file in the user interface using a toggle: https://rpki.readthedocs.io/en/latest/krill/parent-interactions.html#arin
The ensured that Krill is compatible with both the old and new response file format. Once ARIN conforms to RFC 8183, this toggle will be removed in a future version. We have also fixed two blocking issues with APNIC, ensuring Krill now works with every RIR implementation.
Looking forward to your feedback on this release.
Cheers,
Alex
On 13 Feb 2020, at 09:48, Alex Band <alex@nlnetlabs.nl> wrote:
Hi there!
There is also this somewhat hacky SED command to transform the Request XML into the format that ARIN accepts, in case you’d like to use something other than the XSL:
https://sed.js.org/?gist=3f08fb293c8825855bb26f2865161575
–– Looping in John Curran
John, I appreciate ARIN has accepted RFC 8183 compatibility as an ACSP suggestion:
https://www.arin.net/participate/community/acsp/suggestions/2020-3/
Looking at the XML though, the changes needed to make this work are one tag, a URL and a version number. Could this please be tracked as a simple bug instead of a "feature to include in our future RPKI improvements”?
In the mean time I have added a warning to the documentation:
https://rpki.readthedocs.io/en/latest/krill/manage-cas.html#step-1-get-the-r...
Thanks!
-Alex
On 5 Feb 2020, at 16:48, Tim Bruijnzeels <tim@nlnetlabs.nl> wrote:
Hi,
Everyone is welcome to read that list of course, but the TL;DR is:
ARIN currently uses a pre RFC 8183 format for the identity exchange. It
In the meantime this XSL provided by rpki.net can be of help:
https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/o...
Note: if you are planning to give Krill a try we recommend that you
wait for version 0.5. We expect to have this version ready in 1-2 weeks. It will include usability improvements, better monitoring and a UI.
Kind regards,
Tim
On 5 Feb 2020, at 16:03, Christopher Munz-Michielin <
christopher@ve7alb.ca> wrote:
Brilliant! Thanks for the write up Cynthia, I'll have a read through!
Chris
On 2020-02-05 1:56 a.m., Cynthia Revström wrote:
(Re-sent as I forgot to include the ML the first time, oops) Hi Chris,
I recently figured it out and posted it on the NLNetLabs RPKI mailing
would be good if this were updated. New versions of rpkid as well as Krill have issues with the old format. list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html <https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html>
I hope it helps :)
- Cynthia
On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin < christopher@ve7alb.ca <mailto:christopher@ve7alb.ca>> wrote:
Hi Nanog,
Posting here since my Google-fu is coming up short. I'm trying to setup delegated RPKI in ARIN using rpki.net <http://rpki.net>'s rpkid Python daemon and am running into an issue submitting the identity file to ARIN's control panel. The same file submitted to RIPE's test environment at https://localcert.ripe.net/#/rpki works without issue, while submitting to ARIN results in "Invalid Identity.xml file."
The guide I'm following is this one: https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial... and I'm able to get as far as generating the identity file.
Wondering if anyone has gone down this road before and has any helpful hints to make this work?
Cheers, Chris
------------------------------
Message: 2 Date: Tue, 25 Feb 2020 18:32:02 -0800 From: Norman Jester <nj@jester.mx> To: nanog@nanog.org Subject: Hi-Rise Building Fiber Suggestions Message-ID: <44DA61E8-1023-466D-A8A7-8CA6369BBD0C@jester.mx> Content-Type: text/plain; charset=utf-8
I’m in the process of choosing hardware for a 30 story building. If anyone has experience with this I’d appreciate any tips.
There are two fiber pairs running up the building riser. I need to put a POE switch on each floor using this fiber.
The idea is to cut the fiber at each floor and insert a switch and daisy chain the switches together using one pair, and using the other pair as the failover side of the ring going back to the source so if one device fails it doesn’t take the whole string down.
The problem here is how many switches can be strung together and I would not try more than 3 to 5. This is not something I typically do (stacking switches). I have fears of STP and/or RSTP issue stacking past Ethernet switch to switch limits (if they still exist??)
Is there a device with a similar protocol as the old 3com (now HP IDF) stacking capability via fiber?
I’d like to use something inexpensive as its to power ubiquiti wifi on each floor. Ideally if you know something I don’t about ubiquiti switches that can do this I’d appreciate knowing.
Norman
------------------------------
Message: 3 Date: Tue, 25 Feb 2020 23:21:27 -0500 From: Bradley Burch <bradley@wifastnetworks.com> To: Norman Jester <nj@jester.mx> Cc: nanog@nanog.org Subject: Re: Hi-Rise Building Fiber Suggestions Message-ID: <4F4AD665-71ED-4423-A591-E737088E014B@wifastnetworks.com> Content-Type: text/plain; charset=utf-8
Should consider DWDM or GPON and in those look at passive optical technologies that can benefit the project.
On Feb 25, 2020, at 9:33 PM, Norman Jester <nj@jester.mx> wrote:
I’m in the process of choosing hardware for a 30 story building. If anyone has experience with this I’d appreciate any tips.
There are two fiber pairs running up the building riser. I need to put a POE switch on each floor using this fiber.
The idea is to cut the fiber at each floor and insert a switch and daisy chain the switches together using one pair, and using the other pair as the failover side of the ring going back to the source so if one device fails it doesn’t take the whole string down.
The problem here is how many switches can be strung together and I would not try more than 3 to 5. This is not something I typically do (stacking switches). I have fears of STP and/or RSTP issue stacking past Ethernet switch to switch limits (if they still exist??)
Is there a device with a similar protocol as the old 3com (now HP IDF) stacking capability via fiber?
I’d like to use something inexpensive as its to power ubiquiti wifi on each floor. Ideally if you know something I don’t about ubiquiti switches that can do this I’d appreciate knowing.
Norman
------------------------------
Message: 4 Date: Tue, 25 Feb 2020 20:42:04 -0800 From: Ryan Hamel <ryan@rkhtech.org> To: Norman Jester <nj@jester.mx> Cc: "=?utf-8?Q?nanog=40nanog.org?=" <nanog@nanog.org> Subject: Re: Hi-Rise Building Fiber Suggestions Message-ID: <1582691775.local-b755fc33-4b8b-v1.2.1-5f094887@getmailspring.com> Content-Type: text/plain; charset="utf-8"
I'd say a pair of Juniper switches on each floor, with their virtual-chassis capability. Terminate the top/bottom floor of fiber 1 into switch 1, and the other into switch two. Create an LACP bond between each floors switches, tag the necessary VLANs, and put the VLAN SVIs onto the first pair of switches at the building electrical/telecom room.
The same thing can be done with MLAG across many switch vendors, but that will require additional configuration. On Feb 25 2020, at 6:32 pm, Norman Jester <nj@jester.mx> wrote:
I’m in the process of choosing hardware for a 30 story building. If anyone has experience with this I’d
appreciate any tips.
There are two fiber pairs running up the building riser. I need to put a
The idea is to cut the fiber at each floor and insert a switch and daisy chain the switches together using one pair, and using the other pair as the failover side of the ring going back to the source so if one device fails it doesn’t take the whole string down. The problem here is how many switches can be strung together and I would not try more than 3 to 5. This is not something I typically do (stacking switches). I have fears of STP and/or RSTP issue stacking past Ethernet switch to switch limits (if they still exist??) Is there a device with a similar protocol as the old 3com (now HP IDF) stacking capability via fiber? I’d like to use something inexpensive as its to power ubiquiti wifi on each floor. Ideally if you know something I don’t about ubiquiti switches
POE switch on each floor using this fiber. that can do this I’d appreciate knowing.
Norman