800 IPSec throughput [7:63547]
Hi all. I was wondering if anyone has practical experience with the 800 series as ipsec devices. I'm particularly interested in field-measured throughput and delay stats, but i'd settle for anecdotal evidence as well. FWIW, I just got a few in and I'm underwhelmed... Granted, I didn't order them to spec, but they shipped with 4MB DRAM and 8MB Flash. Guess how many images run in 4MB... Then when I went to bump the image up (after upping the RAM), the stupid tftp transfer kept timing out half way through. A little etherealing showed that the device stopped responding to ARP requests during the transfer (which had to be done from ROM due to limited flash space and the fact that you can't delete the running IOS from flash). I finally had to add static arp entries to my tftp server. Don't ask me why the server felt the need to re-arp after 5 seconds, either. :-) Anyhow, thanks in advance. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63547&t=63547 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to spoof a IP? [7:65559]
A couple of amplifications: On Sun, 2003-03-16 at 20:51, Priscilla Oppenheimer wrote: > Alan Stone wrote: > > > > Hi.. Group > > > > I always heard of those hacker spoof a IP and hack other people > > system. Does spoof IP mean they are changing their source IP > > so that they pass thru firewall? If yes, may I know what tool > > can they use in order to change their source IP .. > To change your address, use the TCP/IP Control Panel or equivalent in the > operating system that you are using. More commonly (in my experience) people (skr1pt k1dd3z) use some stupid program on a UNIX computer that writes to the network on a raw socket. This way the administrator of the system doesn't have to know (as long as the user has root - required for raw sockets). > You probably won't get through any firewalls, though. Firewalls make sure an > outsider isn't using an inside address. Routers ensure this too. It can be > easily accomplished with a simple access list. Those ACLs are far less common in enterprises than one would hope. Routers should do ingress filtering, but if the attacker chooses just a random address, it won't be in the filter list. Most of the packet floods I've been on the business end of have been completely random addresses. In fact, some of them pick a random address per packet. On networks that do ingress filtering, the user may only have to pick an address in the network's range, which will often still disguise his true identity. > Even before firewalls and routers watched for this, IP spoofing didn't mean > you could hack much unless you had additional hacking abilities. You had to > spoof the IP address of a trusted host and you had to be running software > that didn't care that you didn't see any replies. The replies go to the > legitimate holder of the IP address. Another scenario is the above-mentioned packet flood attack, which still happens every day to somebody. Outside of SYN floods, this is usually done with non-TCP datagrams, and the sender never reallly cares about responses. A special case of this is the smurf attack - the attacker writes the address of the victim host into the source address field and sends a big directed-broadcast ping to a big network. Each host on the network sends a big response to the victim, chewing up most/all of its bandwidth. As Priscilla pointed out, hijacking attacks are pretty difficult these days, given the ISN randomization and ingress filtering that many firewalls and routers tend to do. It's usually easier to just exploit a security hole directly. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65572&t=65559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to spoof a IP? [7:65559]
A couple of amplifications: On Sun, 2003-03-16 at 20:51, Priscilla Oppenheimer wrote: > Alan Stone wrote: > > > > Hi.. Group > > > > I always heard of those hacker spoof a IP and hack other people > > system. Does spoof IP mean they are changing their source IP > > so that they pass thru firewall? If yes, may I know what tool > > can they use in order to change their source IP . > To change your address, use the TCP/IP Control Panel or equivalent in the > operating system that you are using. More commonly (in my experience) people (skr1pt k1dd3z) use some stupid program on a UNIX computer that writes to the network on a raw socket. This way the administrator of the system doesn't have to know (as long as the user has root - required for raw sockets). > You probably won't get through any firewalls, though. Firewalls make sure an > outsider isn't using an inside address. Routers ensure this too. It can be > easily accomplished with a simple access list. Those ACLs are far less common in enterprises than one would hope. Routers should do ingress filtering, but if the attacker chooses just a random address, it won't be in the filter list. Most of the packet floods I've been on the business end of have been completely random addresses. In fact, some of them pick a random address per packet. On networks that do ingress filtering, the user may only have to pick an address in the network's range, which will often still disguise his true identity. > Even before firewalls and routers watched for this, IP spoofing didn't mean > you could hack much unless you had additional hacking abilities. You had to > spoof the IP address of a trusted host and you had to be running software > that didn't care that you didn't see any replies. The replies go to the > legitimate holder of the IP address. Another scenario is the above-mentioned packet flood attack, which still happens every day to somebody. Outside of SYN floods, this is usually done with non-TCP datagrams, and the sender never reallly cares about responses. A special case of this is the smurf attack - the attacker writes the address of the victim host into the source address field and sends a big directed-broadcast ping to a big network. Each host on the network sends a big response to the victim, chewing up most/all of its bandwidth. As Priscilla pointed out, hijacking attacks are pretty difficult these days, given the ISN randomization and ingress filtering that many firewalls and routers tend to do. It's usually easier to just exploit a security hole directly. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65898&t=65559 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE written [7:58400]
I must admit that I was surprised to see so many product questions on my last CCIE recert (security). I was expecting difficult technical questions and (relatively) easy product questions, and I got the reverse - the technical questions were simple, and the product questions were surprisingly detailed. In general, though, I found the blueprint on the website to be pretty accurate. My $0.02, anyway. -sd On Tue, 2002-12-03 at 11:11, [EMAIL PROTECTED] wrote: > Someone should say this already : > There is no experties-checking in any ccie written exam! > The ccie is a rip-off! > 50% memory questions (like "what vip version is eprom-value:01e00" and other > shit.." > I got the "official exam certification guide" I am a ccip/ccdp/ccnp and I > never got so miss-leaded! this book from july 2002 (very new) and it says > (page 4) the exam is 100 question + does not include the fddi and many more > ... it is missleading in many areas > + > the question and cd-test is 80% less > hard then the actual test and it tells > you that they are harder! > i payed the price for getting the book for an idea of the test and i got the > wrong idea! > i think that cisco is doing something very wrong with this > The material are quite broad and you can ask many hard questions on the > technologies But there are so many of them about "how many slots in > this..?","what version support that..?","what ip precedence number is > flush.." that gets you thinking cisco is not Concern about checking your > experties but something complitly different - that gets people like us > talking about the exams like it is something to brag about! -- Steve Dispensa Chief Technology Officer Positive Networks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58472&t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Darth Reid R1 Access-list [7:58644]
> > Barring intentional obfusication, why would anyone actually use that > > wildcard mask in an access list instead of a longer more readable > > alternative? > > CL: since the publication of RFC 1812, the so called "whacky" wildcard masks > are not supported. In other words, for a router to be RFC1812 compliant, it > should not permit you to enter masks that do not consist of cintiguous 1's > and 0's/ Nothing in the rfc would prohibit using funny wildcard masks in an ACL. The point of the contiguous-netmask restriction is to allow cidr to work. Slash notation (e.g. /24) wouldn't make much sense if some of those 24 bits were zeros. One might use an oddball wildcard mask for effeciency - the router wouldn't have to match as many acl lines. Then again, it would only really matter on old routers, and it's operational suicide anyway since nobody will be able to work on it. It might also simplify configs in some places, but (IMHO) at a prohibitive cost in operational simplicity. You can contrive more cases (acls for debug ip packet, servers are all even numbers, whatever...), but i don't think it ever makes sense to actually use this. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58709&t=58644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dumb question [7:58783]
> A loop could exist at the physical layer too. A newbie could connect the > hubs in such a way that there was a loop. And it could indeed cause problems heh... I just did this last weekend at a local high school i volunteer at sometimes, and I've been doing this a while. The hubs were old and didn't have any error detection/avoidance circuitry, so it took me a minute to figure out what had happened... While we're on the topic of physical ethernet design, don't forget the 5/4/3 rule for 10Mbps. Also, IIRC, the 100Mbps spec requires not more than 2 >100m segments between layer 3 devices. Anyone remember the details? -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58837&t=58783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX 501 and MSN Messanger Voice / Video Chat [7:58809]
On Mon, 2002-12-09 at 13:38, Curious wrote: > Guys > I have just installed PIX 501 at my home network, i can not do VOICE / VIDEO > chat through MSN Messanger / Net Meeting. > For testing i am permitting IP ANY ANY on outside Interface. Still same > issue, > Let Me know if you know the fix or work around to this problem. are you doing NAT? what protocol do NetMeeting and messenger use for video/voice? -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58839&t=58809 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is there a redirect traffic command in IOS ? [7:58887]
Yeah, it's not too complicated. I do this in one of my production networks. You need a route map that matches packets somehow - i use source address. Then you just set the next hop to whatever you want for your server. If your server isn't directly connected, you need to either rewrite the dest address or source-route it from there to the final server, or some combination of both. At the server, you usually need to do some advanced configuration if you don't rewrite the dest address, in order to get it to accept connections that aren't destined for it. For more info, do a google search on setting up squid to be a transparent proxy. It's basically the same thing. Let me know if you want more details. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58899&t=58887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Perhaps O/T: Window TCP Rcv Window [7:59400]
On Tue, 2002-12-17 at 14:34, s vermill wrote: > On a W2k machine, I've tried several different recommendations for adjusting > the TCP receive window size. None of them, including those directly from > Microsoft, seem to have any impact. I'm capturing my own traffic and my > advertised window is always in the 64k range. Are you trying to increase the max window or decrease it? If you're trying to increase it, you have to send data faster than it can be ack'd by the server to see the effect. If you're trying to decrease the window, can you see spots in the TCP stream where your outstanding data is greater than the max window? What analyzer are you using? > I've tried editing the \tcpip\parameters to include 'TcpWindowSize' and > 'GlobalMaxTcpWindowSize' - neither of which had any effect. I've tried > editing \VxD\MSTCP to include 'DefaultRcvWindow' - also no effect. The VxD thing is a windows-9x specific key and won't be used (or even present) on win2000 under normal circumstances. > Anyone know how to manipulate the rcv window that my machine will > advertise. For that matter, what about the other MS OSes? XP? Win98? the MSTCP key you mentioned is what to use on 9x. Our software does this and it works. Also, many broadband providers publish tech notes on how to do this sort of thing, since windows typically isn't configured optimally for this out of the box. Let me know if you need me to dig up code; otherwise, just try google. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59410&t=59400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Perhaps O/T: Window TCP Rcv Window [7:59400]
> An interesting side note: Ethereal apparently doesn't support window > scaling. Do you mean the tcp window scale option or just the phenomenon of having data outstanding? You can always just count un-acked bytes for an idea of how big the window is. It's dyanmic, of course, and don't forget about slow start, which says that during the start of a TCP connection, the window starts out small and increases to the configured maximum. Many of these parameters are tunable on some OSes, including (to a certain extent) Windows. I only use ethereal these days, and this is what I do. Understanding of Slow Start (and related algorithms) as defined in RFC 2001 is important in order to understand TCP performance charasteristics. For example, at an ISP I did network architecture for a cuople of years ago, we really felt the pinch because of the way HTTP operates - it makes lots of very short-lived connections. This not only causes an extra 3-way handshake and 4-way disconnect each time, but *every* connection has to go through slow start. This results in extremely restricted throughput. In other words, traffic flow was: 1 SYN-> 2 4 HTTP GET> 5 8 11 13 FIN-> 14 I use a download test site that will tell you your rcv window if > it remains consistent enough throughout the test. It follows exactly what I > enter into the registry, whether above or below 65535. However, when using > a value above 65535 (such as 93360), Ethereal reports it only as 65535. > This may have been why I was only "seeing" a range of 64420 - 65535 > earlier. This further confused the situation. Serves me right for using an > open-source PA, but the price is right. > > Thanks all for your insightful feedback. You were a great help. And I was > able to do what I originally set out to - seriously restrict my download > rates by manipulating this value. I'm hopeful it will go a long way towards > demonstrating a very technical issue to somewhat non-technical people. It's > something tangible for them to wrap their minds around sitting right in > front of a desktop machine. > > Regards all, > > Scott -- Steve Dispensa Chief Technology Officer Positive Networks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59440&t=59400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Perhaps O/T: Window TCP Rcv Window [7:59400]
> So one wild idea would be to remove memory from the host. Or maybe you could > get it to use up a chunk of memory by opening lots of large docs and/or > using a RAM disk!? In practice, you'd have to really restrict the amount of RAM to a level that the OS wouldn't function. You're talking about an 8K buffer here... squeezing 8K out of a 256MB machine is usually pretty easy. :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59441&t=59400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What would be most valuable [7:59475]
On Wed, 2002-12-18 at 11:11, Loechel, Michelle wrote: > I am working on an IT degree and have a requirement of either C++ or JAVA > programming. C++, hands down. It's more complicated but a heck of a lot more valuable. Java is basically limited to enterprise apps and some web-related content. C++ is used for *everything*. With .NET looming, I'd be reluctant to pour time into Java until I saw where C# is going. It may make a huge dent in the enterprise app space. Also, as someone who runs a commercial software development team, i have no need for Java and unlimited need for C/C++. My $0.02, anyway. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59479&t=59475 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
> I've been arguing with a collegue of mine which one would be tougher to > achieve. I told him that it would be much more harder to have a computer > science or a networking degree (you have to take the GRE and complete 2 or 3 > years of school works) than a CCIE, but my collegue think other wise. He > literally believes that having a CCIE is equivalent of having a Ph.d in > Networking. I'd like to hear your thought. I have a BA and have been blocked for a number of years on my MS in comp sci. The CCIE cert has meant much more to my career than any of the school-related stuff, in a direct sense: it allows me to get jobs/engagements/etc, and none of the jobs i'm interested in have required completion of the MS. If you were more interested in theoretical work, or perhaps with some employers (with dubious ability to evaluate a candidate), the degrees would be much more important. This *only* applies in the field of computer networking, though. If you want to do anything else, the CCIE is pretty worthless. Even in the networking world, the thought leadership doesn't much care about certs - witness IETF, NANOG, etc - nobody there mentions or cares about CCIE. Also, i have found in my career that many CCIEs (to say nothing of the rest) don't have a sound theoretical grounding at all. Things you learn in CS school really are important - queuing theory, optimization problems, statistics, problem complexity, and even (in particular) programming. You don't truly understand network protocols until you've done network programming IMHO. CCIE is a certification for people who like to get their hands dirty with routers. CCIEs are the best in the world at fixing broken networks, setting up new ones, and so on. They're *not* necessarily any good at anything else. This is a big difference from a Ph.D. or MS, which imply a solid, broad theoretical base in addition to an area of expertise. -sd (CCIE #5444) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59494&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Terminate a session [7:59656]
On Fri, 2002-12-20 at 16:01, John McCartney wrote: > I'm looking for the deinitive answer on who can terminate a session in > IP/IPX/Appletalk networks. [my apologies for the long-winded reply] Well... it depends. In the strictest sence, all of the protocols you mentioned are connectionless, so there's nothing to break. Any state added is added at the transport layer immediately above. In the case of IP, the connection-oriented general-purpose transport layer protocol is TCP. Narrowing it down to TCP/IP (because I have mostly forgotten about session-related stuff on top of appletalk and ipx and it's too late to look it up ;)... TCP is connection-oriented. Only one side can initiate a connection (duh) but either side can break it. There are several ways. Each application protocol defines the way connections are broken if they spec a connection-orient transport. Also, TCP can break its own connections. In one common scenario, the client will connect, do its thing, and initiate the disconnect. This is the way protocols such as SMTP, POP3, TELNET, SSH, and most others work. The "I'm ready to close" signal gets sent from client to server. In one notable exception to this practice, HTTP is often handled differently. The client connects to the server, and the server, after sending back the full response, initiates the disconnection. Also, in a slight warping of the terms client and server, FTP servers close data connections. Also, TCP can close its own connections by sending a RST packet to the peer. This is usually done when state gets screwed up, but it can be done for any reason, really. It is not the nice way to close a connection, though, as it implies an error condition. Also, this can't (usually) be done by a program; rather, this is done by an OS. Also, I've been imprecise up to now on the meaning of "close". TCP connection termination involves a "four-way disconnect". Each end sends a FIN packet, ack'd by the opposite end. Only when all four segments have been sent/received will both ends consider the connection to be closed. There's an intermediate state that a connection can be in called "half-closed". This is where one end has sent its FIN (and possibly had that FIN ack'd by the other side), but the other end is still sending data. Programmatically, this is accomplished by a call to shutdown(). For example, a web browser might send its full request (something like "GET / HTTP/1.0\r\n\r\n") and then call shutdown() and wait for the response. The server would then send back its data and the client would just be able to ACK, until the server finally closes its half. In a more abstract sense, a connection is just an agreement between two end systems to communicate together with some operational parameters. Connections over connectionless protocols (such as IP) require additional state to keep things straight - they have to manage flow control, data integrity, and so on. People do occasionally re-impliment the ideas behind TCP using other protocols. Several routing protocols implement their own network protocols. Real-time streams are inappropriate for TCP due to its retransmission and segmentation behaviors (among other things), but they still maintain the concept of a connection. You occasionally hear of ATM, Frame Relay, X.25, and kin referred to as connection-oriented protocols. They are, but in a much different sense. These are connection-oriented *network* protocols. Connectionless network protocols rely on communication endpoints to maintain state of connections (done with transport protocols like TCP). A packet is a packet on the network. Other than for the sake of optimization, no state exists in the network for a given pair of hosts in an IP network. This makes packet forwarding (relatively) expensive but is not sensitive to the number of hosts or the number of communicating hosts (which, if you think about it, is in the neighborhood of the square of the number of hosts on the network ( O(N^2) ), and would be hard to keep up with). The downside is the expense of figuring out the next hop for a given packet. Tons of optimizations have been made here, but they generally involve a trade-off between RAM and CPU. In the best case, you could have O(log N) lookup times (N is the number of IP addresses on the network), but it'd cost O(N) bytes of RAM. In fact, a trivial implementation would be 8 bytes per address (address and next hop, 32 bits each), leading to a 32GB memory requirement, which is not feasible in current routers. Perhaps Howard or someone else could comment on the state of the art with regard to the CPU vs. RAM compromise. In contrast, a frame relay network (for example) requires state in every switch between communicating endpoints. Specific signalling protocols have to set these connections up and tear them down, or (commonly) the connections have to be hard-coded in switches. This makes for a different problem - you have a O(N^2) scal
Re: CCIE Vs. BS or MS dergree [7:59481]
> >As stated by someone else on this thread, the CCIE may prove to be valuable > >in the network engineering profession, but has essentially zero value in any > >other profession. > > And a fairly specific part of network engineering, which is Cisco > enterprise support oriented. As currently defined, it has relatively > little relevance to ISPs, and doesn't test large-scale design skills. Agreed. I was always disappointed with this aspect of the cert. I realize it's hard to simulate Internet routing in a lab, but at least the design principles could have been covered. Also, my R&S CCIE didn't cover access at all. There was a CCIE Dial for that, but it wouldn't have hurt to at least addresss the issues a bit. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59726&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
Gawd, are we still on this thread? This whole question of "which is harder" is (to use a technical term) dumb. Which is harder, number theory or translating Beowulf? How about coaching a pro football team vs. directing a movie like lord of the rings? This whole thing is becoming an apples vs oranges argument. what follows may be outdated, but it's my story and i'm stickin' to it. it's based on experience with a local university. On Thu, 2003-01-02 at 17:41, Howard C. Berkowitz wrote: > I hope the smiley means you aren't serious. Let me pose some CS > questions, which I swear are off the top of my head. In all > fairness, I'm not sure if some of these will be advanced > undergraduate or graduate level, but we have been talking about CCIE > vs. PhD... I have tried to select questions that bear on real > networks. > > CS-programming. > Compare and contrast NP-hard, NP-complete, and NP-incomplete algorithms > Review the optimal search and update algorithms for trees and tries. > Identify four major searching and sorting algorithms and describe their > advantages and disadvantages where i went to school, this was CS 594 territory - 2nd year MS students. > Extract a square root using Newton-Raphson iteration, or select a > different > method and explain why it is superior. high school? the analysis part would be more of a CS thing, but it doesn't really fit into undergrad discrete math programs either, so perhaps it's a grad school topic. > Describe a strategy for change control in a programming team. The > software > library will include documentation, source, linkable elements, and > executables. this is so undertaught in school that it really irritates me just thinking about it. This is one that you have to be a pro to grok. > What record locking mechanisms are needed to ensure integrity of a > hierarchical linked list? i've hired numerous programmers from cs that don't comprehend multithreading at all. perhaps this is another learn-on-the-job thing, or at least something learned indirectly while engaging in school projects. these issues are particularly significant in the context of threaded programming, but UNIX hasn't had good thread support until recently, and the "good" is arguable, outside of solaris. I'd be interested to hear from other CS students to know if issues like this were a part of your education. > What are the types of commitment protocols and the basic ACID properties > of transactions? CS 570, 2nd year MS students. > How can a buffer overflow be exploited to gain control? haha... i wish this were taught... it'd make for better programmers. think java and stl here - programming instruction never gets this detailed, except *maybe* in assembly or computer architecture classes, and even then you'd have to expect a student to reason through it and figure it out - they wouldn't be taught this. > Build a Monte Carlo simulator for network traffic following Markov, > exponential, fractal, and Erlang B and C pdf's for both interarrival > and service time. CS 522, second-year MS students > Characterize the major conceptual differences among the FORTH, FORTRAN > IV, > LISP, PROLOG, Pascal, C, Ada, C++ and SQL languages > Give examples of data structures using isomorphism, homomorphism, and > monomorphism. > What is a context-free grammar? > Differentiate between abstract syntax, operational semantics, and > transfer > syntax. compiler design classes in undergrad, probably, but the compare/contrast question is unanswerable by most undergrads due to lack of experience with many of those languages. And, you're forgetting java. :-) > > > CS-operating systems > Describe the difference between a kernel and a microkernel and their > relationships to operating systems. > Discuss strategies for managing buffer allocation, fragmentation, and > garbage collection. > Compare and contrast polling versus interrupts in a real-time OS. > Describe at least four major types of multiprocessing. You may include > multistream single processors. > How can you do a hitless software upgrade on a real-time OS? > Differentiate between processes, tasks, and threads in POSIX. > Describe the requirements for transparent failover among multiple > processors, including the context switching issues. > What are the differences between reentrancy and serial reusability? > Compare backup strategies and management, including serial media, > various types of RAID, and write-once optical storage. > What is a deadly embrace? > What is the difference between mandatory and discretionary access > control? > Is compartmentation orthogonal to sensitivity? > What is the Bell-Lapadula theorem and where is it used? > What is a covert channel and how do you protect against it? > What is the differenc
Re: The Physiology of Thread Death [7:60276]
On Fri, 2003-01-03 at 21:52, Howard C. Berkowitz wrote: > In an industry where vampire taps were once the standard of > connecting to Ethernet cable, where zombies and daemons are common > software constructs, can a thread truly be said to be dead? you just have to wait() for zombies to die. daemons, though, can certainly be kill()ed. :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60280&t=60276 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Motivations for Certifications and Chocolate, [7:60429]
> May I suggest, as a complementary or replacement discussion to > certification versus degree, a thread on the relative values of > butterscotch and chocolate? I have nothing against chocolate as a > means of getting in the door, but it takes subtle understanding of > butterscotch, how to avoid it becoming cloying caramel, how to avoid > the CEO losing his bridgework in it, to really climb the corporate > ladder. I promised myself I wouldn't post on this thread again, but IIRC, Bill Parkhurst (as in the OSPF guy) is CCIE #[something] and has a Ph.D. in Philosophy. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60429&t=60429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: On Topic Design Question - sizing a router or switch [7:60445]
On Sun, 2003-01-05 at 15:52, The Long and Winding Road wrote: > Some of us are just debating whether or not CPU utilization is the "best" > measure. Over what period? What other factors might be best brought into the > mix of factors to consider? I'm a big fan of delay as the key performance metric for a link/router combination. In the simple case where you're just using a router to push IP packets up and down a pipe (leaving out time-sensitive stuff, QoS, etc), the real question is delay. In particular, queue depth is probably the most accurate measure of link performance. I've been hoping for better queue depth measurement tools in IOS (and other routers) for a while. There are two significant kinds of delay - transmission and queuing delay. The first one is obvious - it takes a bit X ms to get from one side of the pipe to the other. The second is a wastebasket category for everything else that causes delay, including processing time, CPU utilization, coding delay, and link utilization. You can indirectly measure queue depth by looking at ping times, but that doesn't get you directly at the real issue. You know a link is instantaneously highly utilized when it starts dropping packets off the back of the queue, etc. Also, this is complicated a bit by predictive dropping algorithms (RED, etc), and by out-of-order queuing like WFQ. There are lots of reasons that CPU is bad - think ASICs for starters, not to mention offloaded processing that happens in every variant of every major router these days. Also, re-calculating LS databases or running BGP path vectors doesn't have to impact switching performance, even though it can peg the CPU. Bits in/out isn't as much a performance metric as a utilization metric. You have no idea what the performance was like for those bits, unless you guess by inferring that the link was "pretty full", or something. MRTG-style utilization plots miss out on a lot of important detail too, because they take the bits in/out problem and make it worse by only reporting on it every 5 minutes. So, the bottom line is this: If you're seeing large queue depths and/or queue drops paired with a less-than-full link utilization over corresponding periods of time, it's time to upgrade the router. -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60445&t=60445 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SVC & MRTG [7:60423]
On Mon, 2003-01-06 at 09:03, Cliff Cliff wrote: > Another is how can I write program in Linux (using red hat v7.3) for MRTG. I > want to get the max point in each day (use 5 min as the reference point) of > MRTG for billing to our customer. How can I do as I am not familiar with the > MRTG programming. Do you know perl? It'd be pretty easy to write a little snmp script to query the router and log it to a text file or mysql or something. Cron it for every 5 minutes. Then write another script to analyze the collected data, i.e. "select max(col) from table" in sql, or parse your log file out. Don't try to "program" mrtg. If you want to use the stuff MRTG uses to store the data, you should look at RRDTool. That's at http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/ along with a bunch of documentation on how to integrate it. Also, check out cacti (http://www.raxnet.net/products/cacti/) for lots of examples of collection scripts, and in general, for a much better MRTG replacement. I've run hundreds and hundreds of routers in cacti, and it works well enough on a fast machine. All of this stuff is free-ish (gpl i think). -sd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60446&t=60423 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SUBNET CLASS Ranges [7:11618]
Nearly all, I'd guess. -sd On Thu, 2003-01-09 at 12:48, Howard C. Berkowitz wrote: > Just out of curiosity, how many CCIEs and people that have at least > had a shot at the lab can comfortably do VLSM calculations in their > heads? > > I think this is quite common among ISP operators, but I really don't > know about people in an enterprise orientation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60743&t=11618 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
