Backbone-News

Juniper Networks announced today the general availability of the EX 3200 and EX 4200 Ethernet switches. The new high performance Ethernet Switch platform had been announced in January.

Juniper EX 3200:
- fixed-configuration simple, cost-effective and standalone Ethernet platform
- 24- and 48-port 10/100/1000BASE-T chassis
- Optional four-port GbE and two-port 10GbE uplink modules with pluggable optics
- Full and partial Power over Ethernet (PoE) options available
- field-replaceable power supply and fan tray

Juniper EX 4200:
- Virtual Chassis technology
- 24- and 48-port 10/100/1000BASE-T chassis
- Optional four-port GbE and two-port 10GbE uplink modules with pluggable optics
- Full and partial Power over Ethernet (PoE) options available
- up to 10 EX 4200 series switches can be interconnected over a 128 Gigabit-per-second (Gbps) backplane
- redundant, hot-swappable internal power supplies and field-replaceable, multi-blower fan trays

The list price for the EX 3200 series starts at USD $4,000 while the list price of the EX 4200 series starts at USD $6,000.

The EX 8200 series remains on schedule for availability in the second half of 2008.

Danny McPherson from Arbor Networks announced today on their “Security to the Core” blog their  (Active Threat Level Analysis System) portal.  Over the last 18 months, Arbor has been working with their customers who have deployed the Arbor Peakflow SP platform to gather global statistics around DDoS traffic and other security threads.

So far 68 providers are participating in the program, and according to Arbor, more then 70% of the Internet is protected by the Peakflow platform. The data is collected on nearly 1300 routers and the peak traffic levels are up to 1.5 Tbps.

Some trends have become visible over the past 18 months:

• IRC servers are still the most comment target
• the most common attacks are TCP SYN flood based, with ICMP floods at a close second

According to Arbor, DDoS traffic has accounted for an average of 1.3% of all traffic, with peaks up to 5%!

Teh Atlas portal includes the following items at the moment:

• Global Threat Map: Real-time visibility into globally propagating threats
• Threat Briefs: Summarizing the most significant security events that have taken place over the past 24 hours
• Top Threat Sources: Multi-dimensional visualization of originating attack activity
• Threat Index: Summarizing Internet malicious activity by offering detailed threat ratings
• Top Internet Attacks: 24-hour snapshot of the most prevalent exploits being used to launch attacks globally
• Vulnerability Risk Index: Determines the most dangerous vulnerabilities being exploited on the Internet today

Exactly 14 days after the “dispute” between Cogent and Telia started, it seems that both parties have finally reached an agreement.

Since 17:53 UTC today, there is again direct connectivity between both networks, and as a consequence customers on both networks can reach each others again.

Below is the view of the connectivity of one of the Cogent prefixes (38.0.0.0/8) as it was seen again today. (Click on the image for a larger version)

We did some test using the Cogent Looking Glass, and we can see that connectivity between both networks has been restored at multiple locations in the US and Europe.

Traceroute from Washington towards www.teliasonera.se:

 1 fa0-8.na01.b005944-0.dca01.atlas.cogentco.com (66.250.56.189) 4 msec 4 msec 0 msec
  2 gi3-9.3507.core01.dca01.atlas.cogentco.com (66.28.67.225) 4 msec 4 msec 4 msec
  3 te3-1.ccr02.dca01.atlas.cogentco.com (154.54.3.158) 4 msec 4 msec 0 msec
  4 vl3493.mpd01.dca02.atlas.cogentco.com (154.54.7.230) 4 msec
    te4-1.mpd01.dca02.atlas.cogentco.com (154.54.2.182) 0 msec 0 msec
  5 vl3494.mpd01.iad01.atlas.cogentco.com (154.54.5.42) 0 msec
    vl3497.mpd01.iad01.atlas.cogentco.com (154.54.5.66) 0 msec 4 msec
  6 ash-bb1-geth7-3-3-0.telia.net (213.248.88.41) 4 msec 4 msec 4 msec
  7 nyk-bb2-link.telia.net (80.91.250.18) 8 msec
    nyk-bb2-pos0-3-0.telia.net (213.248.80.137) 12 msec
    nyk-bb1-link.telia.net (213.248.83.21) 8 msec

Hop 6 is the first hop on the TeliaSonera network and the hostanme identifies this as Ashburn/US.

Traceroute from Los Angeles:

  1 gi10-0.224.core01.lax01.atlas.cogentco.com (66.250.4.5) 0 msec 4 msec 4 msec
  2 te3-1.mpd01.lax01.atlas.cogentco.com (154.54.2.102) 0 msec 0 msec 4 msec
  3 vl3492.mpd01.lax05.atlas.cogentco.com (154.54.3.10) 0 msec
    vl3493.mpd01.lax05.atlas.cogentco.com (154.54.6.230) 0 msec 0 msec
  4 gi0-0-0.core01.lax05.atlas.cogentco.com (154.54.6.185) 4 msec 4 msec 0 msec
  5 las-bb1-link.telia.net (213.248.72.177) 4 msec 4 msec 4 msec
  6 nyk-bb1-link.telia.net (80.91.254.18) 76 msec 72 msec 72 msec
  7 kbn-bb1-link.telia.net (80.91.249.25) 168 msec 172 msec 168 msec
  8 s-bb1-link.telia.net (213.248.65.141) 172 msec 176 msec 176 msec
  9 s-b4-link.telia.net (80.91.251.21) 176 msec 176 msec 176 msec

Hop 5 shows us the second interconnect in the US, located in LA.

Traceroute from Amsterdam:

 1 vl3.mpd01.ams03.atlas.cogentco.com (130.117.16.125) 0 msec 0 msec 4 msec
  2 gi2-0-0.core01.ams03.atlas.cogentco.com (130.117.0.33) 0 msec 0 msec 4 msec
  3 po1-0.core01.lon01.atlas.cogentco.com (130.117.1.225) 68 msec 220 msec 228 msec
  4 ldn-b4-link.telia.net (213.248.70.237) 8 msec 8 msec 12 msec
  5 ldn-bb1-link.telia.net (80.91.251.18) 8 msec
    ldn-bb1-link.telia.net (80.91.250.234) 8 msec 24 msec
  6 hbg-bb1-link.telia.net (80.91.250.220) 24 msec
    hbg-bb2-link.telia.net (80.91.254.218) 24 msec 24 msec

Hop 4 is the first router on the TeliaSonera network. This time located in London/UK.

Traceroute tests from the other Cogent routers in Europe all go through London, even from Stockholm, indicating that we London is the only interconnect between the two networks in Europe.

The rumours which were spreading since a few days have been confirmed today: Juniper has hired David W. Yen. In a press release, Juniper provides details about the role Yen will have at Juniper. As Executive VP, Emerging Technologies, Yen will assemble a talented engineering team and lead the company’s emerging technology initiatives. Before joining Juniper, Yen served as executive vice president of the Microelectronics group at Sun overseeing the company’s developments in network, cryptography and high-performance computing. On the bad side, Yen has been linked to some of the delay of some UltraSPARC projects and also wasn’t very successful in improving Sun’s role in the storage business during hsi time as head of that division.

At Juniper, Yen will be a member of the executive management team, reporting directly to Scott Kriens (Chairman and CEO).

Over a week has now past since the disconnection between the Cogent and Telia networks happened. It is unprecedented that such a dispute goes on for such a long period, but interestingly enough, there doesn’t seem to be a lot of outcry happening.

Why is that? Are there really only very few networks out there who buy solely from one of the two and as such have alternate path to the affected networks?

Earl Zmijewski from Renesys posted an update on the Renesys Blog where he analyses further the situation. Interesting read.

The following animation shows you the actual routing changes as seen by BGPlay (Routeviews.org).

Click on the image to view the animation in a new window.

You can also download the PowerPoint presentation here.

As reported earlier, at the end of last week Cogent and Telia got disconnected from each other. The peering relationship between both networks has been terminated, and the fact that both Cogent and Telia customers can no longer reach each others shows that at least one of the two parties is preventing the normal flow of traffic through alternative paths (i.e. their upstream connections). Neither Cogent, nor Telia is a so-called Tier1 provider, and each one of them is buying Transit from at least one other network. As mentionned on the Renesys blog, this was actually the case during the first 12 hours after the peering connections got disconnected. During that period of time, traffic rerouted Verizon.

There is still no official comment from either side regarding this topic. Whenever Cogent had been de-peered in the past (Level3, OpenTransit,etc…) it didn’t take Cogent very long to release information blaming the other party. Well that isn’t the case this time.

Interestingly enough, the overall opinion out there seems to be that Cogent is the bad guy this time. This is mainly based upon the original post on Gigaom.

I was never really convinced that this is the case, since it doesn’t really make any sense for Cogent to de-peer Telia. If they would, it would clearly indicate a rather radical change of direction in Cogent’s peering policy, which was rather open over the past years (at least compared to other networks of the same size).

It is very interesting to see that Cogent only very recently extended their network footprint into the Nordics (Finland, Sweden, Norway), and as such straight into the heart of Telia-land! Until then, Cogent wasn’t a major competitor for Telia in these countries.

Now, we obviously don’t have any facts here, but it very suspicious that this peering dispute happens shortly after Cogent enters Telias home-market!

UPDATE: Gigaom has published further information, and although the source isn’t given, the article provides comments from Dave Schaeffer (Founder and CEO of Cogent):

Quote: Getting specific about Telia, Schaffer says that the Nordic carrier is in breach of a contract with his company. The bone of contention is quite arcane. Cogent says that Telia was obligated to install certain peer connections with Cogent at specific locations, but hasn’t done so because it wants to degrade the experience for Cogent customers.

Cogent says that Telia was obligated to install certain peer connections with Cogent at specific locations, but hasn’t done so because it wants to degrade the experience for Cogent customers.

“They are resentful of our expansion in these markets,” he says. Schaffer also says his company remains “willing and anxious for settlement-free peering” and that “Telia needs to meet their contractual obligations.”

Juniper announced today the release of JUNOS 9.0. As indicated previously, the new major release integrates the ScreenOS security features, and as allows using those features on the J-Series routers.
Jon Oltsik, senior analyst, Enterprise Strategy Group said: “Running a single-source operating system across a high-performance network infrastructure enables faster innovation by providing network administrators with the confidence to quickly turn on new network features without compromising network performance, stability and security. A common operating system across the enterprise network infrastructure can further reduce administrative, training and management costs, which translates into lower cost of ownership.”
JUNOS 9.0 adds the following features to the J-series services routers:

• Industry-leading high-performance firewall capabilities based on Juniper’s field proven ScreenOS, including zones, policies, and application-layer gateway support to secure both critical information and the network from external threats and denial-of-service attacks;
• Simplified configuration for IPSec VPN supporting secure connectivity over a variety of public networks, allowing flexibility in network design and the ability to optimize for cost or performance; and
• Chassis clustering that enables stateful device and services failover with an active/backup control plane and active/active data plane, all within a single system view, delivering continuity by maintaining high availability and systems-level resiliency for networks.

JUNOS 9.0 software is also available for the T-series and M-series routers, the MX-series Ethernet services router, and the EX-series Ethernet switches.

Read the full press release.

Until last Friday, Cogent and TeliaSonera were in a bilateral peering relationship, meaning they exchanged traffic between their networks for free.

By what is known at the moment, it looks like Cogent is at the origin of the problem. They have decided to end the peering agreement no longer exchange traffic with TeliaSonera. The consequence is that people with Cogent only connectivity are no longer able to connect to sites on teh telia network, and vice-versa.

There is no official word yet from Cogent, but Telia has informed their customers and blames Cogent. Funny enough they basically recommend to their Transit customers to buy additional Upstream from a second ISP to get around the issue. Interesting approach.

It isn’t the first time that Cogent finds itself in a peering fight. In 2005 Level3 de-peered Cogent, the same year OpenTransit de-peered Cogent and I could continue to go on.

It shows unfortunately yet again one thing: Don’t rely on a single provider if you want reliable connectivity! get multihomed to at least to different Transit providers!

We will provide you with more updates on the current situation as soon as further details appear.

Further coverage:
GigaOm
Nanog

Everybody who has tried to get floorspace in one of the many facilities in London, will be aware that there is a huge demand and not a lot of available free space. As a consequence the prices are rather high.
Telehouse Europe has announced today an investment of £80 million in a new build, which will almost double its London Docklands data centre facilities.
The new location will be an 8-storey, 12,000 m2 state-of-the-art data centre, named Telehouse South, adjacent to its two existing data centres (Telehouse North and Telehouse East) in the heart of London’s Docklands. It should be operational by 2010.
John Souter, CEO of LINX (London Internet Exchange), welcomed the announcement, saying: “Telehouse’s major investment reaffirms London’s pre-eminence as a world class centre for communications interconnect.” LINX is already located at the existing Telehouse Data Centres in London.