Just a quick post on an oft-ignored subject: Cable Labelers. I've seen quite a few tool kit posts, but I don't recall seeing any respected networkers talk about them.

For the past 4 years I've been using the Brady BMP21, and I just purchased the current model for a new site, the BMP-21 PLUS.

Things I like about the labeler:

Unlimited line length
one-handed use
easy to use
All of the features that I've needed.

For Cat 5/6 cables, you can use the 1.25" labels. For anything larger (power cables, etc, the offer a 1.5" label, which of course works just fine on network cables.

Send me any feedback on labelers that you have found work great @ocdune on twitter.

AuthorKelly McDowell

Previously I wrote about how to configure using a Juniper SRX as a DNS proxy. I've been testing now for our guest network and I've got some hard numbers and some experience to share about using the feature.


First the setup, we're using a little ol' SRX 100B as the gateway for a cable modem service. Attached to that service we have 200-300 clients, mostly wireless. This network services our guest network, as well as a dedicated SSID for employee owned devices (personal phones, computers, tablets, etc). This network is largely unfiltered, with guests and employees pretty much having free reign to the internet. At the moment there are 220 devices active in the ARP table.  The cable modem is a standard business class connection, 50 Mb service. Surprisingly the cable modem holds up well to this type of load, with no user complaints and observed speed is always good. This SRX is running 12.1.x44D25.5.


For the past 3 weeks this SRX has been performing as the DNS proxy for 100% of all DNS requests for this network. Let's take a look at our counts during that time:


> show system services dns-proxy statistics       

DNS proxy statistics        :

    Status                  : enabled          

    IPV4 Queries received   : 3557611          

    IPV6 Queries received   : 0                

    Responses sent          : 3520092          

    Queries forwarded       : 1699966          

    Negative responses      : 429619           

    Positive responses      : 3090473          

    Retry requests          : 37456            

    Pending requests        : 63               

    Server failures         : 29099            

    Interfaces              : fe-0/0/2.0


In the past 3 weeks we have proxied approximate 3.5 million DNS requests through the SRX.

I've been monitoring the statistics throughout the time and we consistently hit the cache about 50% of the time. Currently there are about 5600 entries in the cache. 430k requests received a negative response. 29k server failures also seems notable. 



As a second test, I also wanted to experiment with blocking ad sites through the DNS cache. There is a site that maintains a large list of DNS entries to block for this very purpose. That list is approximately 15k entries long. I took that list and converted it to set commands, i.e. 

set system services dns-proxy cache adwords.com x.x.x.x

Using the ever convenient 'load set terminal' I pasted in all 15k entries into my SRX. The SRX only was able to parse the first 6999 entries, so that must be a hard limit. I'll have to try this on another model to test if it is platform specific. I didn't attempt to commit that many entries, my fear was that if I statically assign 7000 entries then I won't have any room for any cached entries. 


Finally, how is the performance?  As a user on that guest network, the performance seems fine. I didn't notice any change for better or worse to be honest. Ultimately I need to test against something more well known, like a linux box with DNSMasq to compare, especially the hit rate. Anything in cache tends to respond in 7-8 ms, things not in cache are the typical 45-90ms. 


As a bonus, here are some stats, out of those 5xxx entries in the cache, here are some stats by domain:


Anything containing Apple, MobileMe or iCloud: 674 entries

Anything containing Google: 422 entries

Anything containing Akamai: 794

Anything containing Amazon: 365

Anything containing Cloudfront: 100

Any response that is a CNAME: 2950

Anything containing Facebook: 24

Anything containing Twitter:2


AuthorKelly McDowell