Re: Certification or College degrees? Was: RE: list problems?
On Wed, 22 May 2002, Kristian P. Jackson wrote: Perhaps a bachelors in network engineering is in order? I'm afraid there's not enough stuff one has to know to sucessfully design networks to fill more than one-semester course. --vadim
Re: Certification or College degrees?
After reading this thread I had to include my thoughts regarding this. Certifications/Degrees can be good, but they should not be regarded as a degree of skill. If employers only wish to look at those items (Certs/Degrees) then it becomes yet another political agenda and further delays the success of a company's goal or target. This of course is not the case for all Certifided folks but none the less. I'll never forget the day (years ago) I walked into work and saw a MCSE with a look like a deer stuck in the headlights of a tractor trailor about to be hit. Yes, a a Cert did a great job there as hundreds of people couldn't access email of months and months, while the fix for this was to call MS support and wait on hold only to be told that the backup of the email was corrupt. Unconventional methods of a non-certifided were able to recover the lost data. Not to generalize here, but most of the Certified folks I have worked with are what we consider paper tigers. If its not in the text book then your in trouble. I'll agree that a Degree will help perhaps in the finer items for the overall picture of a network but I'll not say it makes one a network engineer or expert. The only thing I found useful with college was that it helped when explaining what I do or plan to do to management. Well, you just have to love those job postings that say CCIE + MCSE + CCNE + A++ preferred and note to sell or not buy that stock. just my 2¢s -Joe (No certs)
Re: Certification or College degrees? Was: RE: list problems?
Andrew, The college I am attending, Strayer Univeristy, has a B.S. degree in Internetworking. While it is kinds geared towards Cisco the good part is that they will give credit for life experience etc. I am getting credit for 8 classes due to my work experience in the field. The also have online courses so you do not have to actually go to class. They are a private school so tuition is a bit higher than state run schools but to me worth the cost since I do not think a degree in Computer Science is going to help me in my career. The price for the online courses are the same no matter where you live. Finally, they are fully accredited. www.strayer.edu Monkeys screamed incessantly when Andrew Dorsett said: On Wed, 22 May 2002, Kristian P. Jackson wrote: running around acting like network engineers, just as a bunch of network engineers are no more qualified to program. Perhaps a bachelors in network engineering is in order? EXACTLY my conceptSo why can't we find some university and develop this so I can transfer into a program I enjoy - Andrew --- [EMAIL PROTECTED] http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Cheers, Rick Casarez, CCNP/CCDP Systems Engineer II Phone: 703-886-7468 - WorldCom powered by the UUNET backbone -
Re: Certification or College degrees?
Unnamed Administration sources reported that Brian said:
Computer science does enforce critical thinking skills, which are a very
necessary part of any successful engineer's toolbox.
Remember that Learned everything in Kindergarten book a while back?
Well, a good engineering education teaches you less, but educates
you more, than you might think.
Specifically, you learn how to know what you [don't] know, and
how to learn more as needed.
But most pivotal, it hammers a *rigorous, systematic, problem
solving approach* into you. If you can't grasp embrace that,
you'll be gone. As an older student, I watched lots of bright young
faces, all smarter than YT, trip at that fence and change majors.
(Me? I could never grok the sole philosophy course I tried...)
Just like no one can ever really write a large program, no one
can solve a large problem. Just like a soldier dives for a
foxhole when he hears weapons fire, and THEN thinks; when your
reflex is how do I break up {whatever} into parts I can
handle? then you're over the hump.
THAT won't be obsolete when Billy introduces Windows 2, and we
have 6ESS's DMS 2500's.
--
A host is a host from coast to [EMAIL PROTECTED]
no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433
Routers vs. PC's for routing - was list problems?
I would have to say for any Linux/BSD platform to be a viable routing solution, you have to eliminate all moving parts or as much as possible, ie. no hard drives because hard drives will fail. Not much you can do about the cooling fans in various parts of the machine though which routers also tend to have. Solid state storage would be the way to go as far as what the OS is installed on. You have to have something to imitate flash on the common router. Otherwise, if you can get the functionality out of a PC, I say go for it! The processing power of a modern PC is far beyond any router I can think of. I suppose it would just be a matter of how efficient your kernel, TCP/IP stack and routing daemon would be at that point. :) At 10:48 PM 5/22/2002, you wrote: On Wed, 22 May 2002, Andy Dills wrote: From the number of personal replies I got about these topics, it seems like many people are interested in sharing information about how to do routing on a budget, or how to avoid getting shot in the foot with your Cisco box. Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother with a linux box? Heh, at least use FreeBSD :) Before the dot com implosion, they weren't nearly that inexpensive. The average corporate user will also need smartnet (what's that on a 7200, a K or a few per year?) for support, warranty, and software updates. Some people just don't appreciate being nickled and dimed by cisco and forced to either buy much more router than they need, or risk ending up with another cisco boat anchor router when the platform they chose can no longer do the job in the limited memory config supported. I have a consulting customer who, against my strong recommendation, bought a non-cisco router to multihome with. It's PC based, runs Linux, and with the exception of the gated BGP issue that bit everyone running gated a few months ago, has worked just fine. It's not as easy to work with in most cases, but there are some definite advantages, and some things that Linux actually makes easier. They'd initially bought a 2621 when multihoming was just a thought, and by the time it was a reality, 64mb on a 2621 couldn't handle full routes. The CW/PSI depeering (which did affect this customer, as they were single homed to CW at the time and did regular business with networks single homed to PSI) was proof that without full routes, you're not really multihomed. -- -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Routers vs. PC's for routing - was list problems?
VA Date: Thu, 23 May 2002 09:26:41 -0400 VA From: Vinny Abello VA I would have to say for any Linux/BSD platform to be a viable I suppose it's been awhile since this thread has made the rounds, so I'll jump in for a moment... VA routing solution, you have to eliminate all moving parts or VA as much as possible, ie. no hard drives because hard drives EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. VA will fail. Not much you can do about the cooling fans in It's always nice if the CPU is happy with a big enough heatsink and no fans. VA various parts of the machine though which routers also tend VA to have. Solid state storage would be the way to go as far as VA what the OS is installed on. You have to have something to I think that 128 MB CompactFlash boards are $60 new now. I've not priced drives recently, but I'm sure they're similar. VA imitate flash on the common router. Otherwise, if you can get VA the functionality out of a PC, I say go for it! The VA processing power of a modern PC is far beyond any router I Yes and no. The central CPU, yes. The line cards, no. VA can think of. I suppose it would just be a matter of how VA efficient your kernel, TCP/IP stack and routing daemon would VA be at that point. :) You left out one critical thing: The bus/backplane. For DS1 service or a few DS3s, standard PCI will work fine. But once the bus is maxed out... you need something bigger (wider or faster bus) or better (cPSB ethernet midplane). Has anyone had the privilege of playing with cPSB gear? If so, I'd like to know what your experiences were... That said, I'm definitely a proponent of roll your own routers, although the great prices on used turnkey gear might just make RYO routing more expensive nowadays. (I assume that anyone clueful enough to build a router probably wouldn't need the bigger vendor service contracts.) Then again, if you need different behavior and can cut code, RYO is more flexible. -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
And that's MY real question. Who has actually done this in a production environment that can speak with some real experience on the topic? What can you replace with a linux box to route and run BGP for you in real life? A 7200? Bigger. I don't have the facilities to try these things out for real, and frankly would be worried about the uptime and finding the RIGHT PC hardware that isn't complete junk. So I guess it's really two questions: what is a PC capable of replacing as far as throughput goes, and just how reliable can a clone (or pick your manufacturer) be compared to a unit that was designed by electronic engineers to function as a 24x7 mission critical box? I've done it in a production environment and unless money was extremely tight I wouldn't consider doing it again. You will save on capital expediture but you need an army of resources to support it. When I did it, it was on NetBSD running GateD 3.x.x. And it supported in both cases two of the largest ISPs in Europe. There are more options now with Linux and Zebra etc but don't underestimate having to deal with PC issues and Unix issues. If your running LINUX you have to be subscribed to a million email lists to get an idea of issues etc and that takes up time. Anything above 200M-300Mbps then forget it, but as a cheap ethernet router its fine, and if it doesn't work you can always reuse the machines. I strongly recommend using an AWARD bios machine - everything else that I used had PCI bus timing issues. [ASUS motherboards were a good choice also]. Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Neil J. McRae wrote: I've done it in a production environment and unless money was extremely tight I wouldn't consider doing it again. You will save on capital expediture but you need an army of resources to support it. When I did it, it was on NetBSD running GateD 3.x.x. And it supported in both cases two of the largest ISPs in Europe. Good point, I also did this for cash reasons and would just buy hardware on the used market today. As far as OS, I was using stripped down FreeBSD. I started with Linux, but at the time they did not support radix trees so routing tables killed the box. If I HAD to do it again I would still say away from Linux. -Nathan
Re: Certification or College degrees?
Tis amazing as an engineering major to watch how many students drop as the
calculus gets tougher and tougher..
Bri
On Thu, 23 May 2002, David Lesher wrote:
Unnamed Administration sources reported that Brian said:
Computer science does enforce critical thinking skills, which are a very
necessary part of any successful engineer's toolbox.
Remember that Learned everything in Kindergarten book a while back?
Well, a good engineering education teaches you less, but educates
you more, than you might think.
Specifically, you learn how to know what you [don't] know, and
how to learn more as needed.
But most pivotal, it hammers a *rigorous, systematic, problem
solving approach* into you. If you can't grasp embrace that,
you'll be gone. As an older student, I watched lots of bright young
faces, all smarter than YT, trip at that fence and change majors.
(Me? I could never grok the sole philosophy course I tried...)
Just like no one can ever really write a large program, no one
can solve a large problem. Just like a soldier dives for a
foxhole when he hears weapons fire, and THEN thinks; when your
reflex is how do I break up {whatever} into parts I can
handle? then you're over the hump.
THAT won't be obsolete when Billy introduces Windows 2, and we
have 6ESS's DMS 2500's.
--
A host is a host from coast to [EMAIL PROTECTED]
no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433
Re: list problems? + Certification or College degrees?
The fact that there are actually ways of knowing and characterizing the extent of one's ignorance, while still remaining ignorant, may ultimately be more interesting and useful to people than Yarkovsky That's just a fancy way of saying a Clint Eastwood line from one of his movies (Magnum Force?): A man's gotta know his limitations. But, imho, it does provide the best summary and/or dismissal for the Certification or College degrees? thread. -mark kent, H.B.
Re: Certification or College degrees?
On Wed, 22 May 2002, Stephen Sprunk wrote: Thus spake Nigel Clarke [EMAIL PROTECTED] Certifications are a waste of time. You'd be better off obtaining a Computer Science degree and focusing on the core technologies. If you're looking to write software, sure. A CompSci degree won't help you in the slightest at operating networks. Stephen - I bet I can do networks much much better than most cisco CCIEs, even after years of doing network-unrelated work :) That's because I understand _why_ the stuff is working, not only how to make cisco box to jump through hoops. Yes, but after you'll read a few books when you start working as a network engineer again (if -:)). CCIE just come and say _gays, you need Cisco XXX with IOS YY.YY and configure CEF, RED, packet inspection, bla bla bla... and he remember exact IOS commands. If people want a narrow edicated engineer, they need CCIE-only gay. If they weant someone who can do everything (may be, with extra time to learn specific piece of hardware) - they need someone like Vadim. And CCIE is not a good example - it's the BEST certification degree I ever know; other certifications are much worst - most of them are just _guess an answer_ tests. Of course, knowing _top change a domain, you need to reinstall the system_ (from some old MS exam) is very important one (because no one can guess an answer). Btw, a friend of mine, very (VERY) high skilled gay, is looking for the new job today. When I told about him with someone, I always explain _he worked with MS and CISCO for a 10 years; he teach Microsoft in Moscow, he designed a networks, he worked as a PS for a 2 years, he bring Ascends into the Russia, he know Everything about MS and Cisco. Oh, you need his credentials - btw, he is CCIE and MS certified engineer. I never start from certificates, because they say nothing except _gay can read a books and can learn to answer a questions_. (Do you need jobless CCIE + MS certified _do not remember who_? You can hire one just now).
Re: Certification or College degrees?
Thus spake Vadim Antonov [EMAIL PROTECTED] Stephen - I bet I can do networks much much better than most cisco CCIEs, even after years of doing network-unrelated work :) That's because I understand _why_ the stuff is working, not only how to make cisco box to jump through hoops. ... You don't. You devote your career to learning networking. IOS is a base skill which is necessary (today) to utilize that knowledge and, more importantly, get a job. Yawn. Are you serious? Sure, you need to have some idea of what things are and how they work, but finding a magic incantation in IOS manual is not something which only ceritified cisco engineers can do. Unless both IOS and documentation deteriorated much much further than I think. Where did I say that? Read my statement again; I think you're in violent agreement with me. A person with lots of knowledge and no skills is a liberal arts major, not an engineer. One of the best network engineers is the world is a liberal arts major :) I find most of them make great fry cooks ;) Academic respect doesn't pay the bills. Sure, being a trained _technician_ pays bills. Just about. In my experience, having a real education does much more. If you take a non-logical, non-visual, non-geeky technician and push him through a CS program, he'll emerge still a technician. Will a piece of paper make him a more valuable employee? Probably not. Degrees are, in essence, a certificate that you are capable of learning things by rote and regurgitating them later, possibly applying a small amount of thought (but not too much). Depends on where you got it. Try to get through MIT or Stanford by learning thing by rote :) I think you'll find yourself with self-esteem below the floor, and a ticket home after the very first exams. I do have great respect for MIT, Stanford, and a few others. However, only a tiny fraction of 1% of CS grads come from those programs. I'm basing my stance on the rest of the population. S
Re: Certification or College degrees?
Thus spake Blake Fithen [EMAIL PROTECTED] Stephen Sprunk Thus spake Nigel Clarke [EMAIL PROTECTED] Certifications are a waste of time. You'd be better off obtaining a Computer Science degree and focusing on the core technologies. If you're looking to write software, sure. A CompSci degree won't help you in the slightest at operating networks. Usually what you say is helpful. I have to disagree with you here though. A few things I learned in a CIS degree program which apply to networking: With the exception of Scheme (yuck) and patience (yuck), I learned everything on that list long before I graduated high school. I understand many others didn't have the opportunities or interests I did, but it's hardly necessary to major in CS to understand basic data structures, logical processes, and a few useful Unix skills. A CS degree (or other BS) may be useful to some who have no other means of learning. However, I can't agree that it's the best way of obtaining that knowledge, or that it gives you any immediate way to apply that knowledge. Likewise, a cert doesn't demonstrate knowledge, it demonstrates a particular skill. Obviously, the best engineer will be one with knowledge and skills. Plus, when you are in the labs, and if you have the slightest bit of geek curiosity, the mind wanders and you inevitably have to find out how everything is connected. Luckily the curiosity blossomed from there. I was a unix hack until I got to college; I made the mistake of mouthing off to the network guru (hi cvk!) about the school's network, and got a rapid and thorough education about all the useful stuff that my professors weren't teaching. I was hooked. S
Re: operational: icmp echo out of control?
On Thu, 23 May 2002, Mark Kent wrote: I've observed that our border routers are getting pinged 5 per second, seems consistent throughout the day, roughly 40 different sources every 15 seconds I took a look at the varied sources and discovered that the sites are well connected and those that resolve resolve to akamai names. Congratulations! You've just discovered akamai load balancing. Block it if you want your customers to get akamai content from the less optimal source. ;-} -bryan bradsby NOC: 512-475-2432 Texas State Government Net -- Experience is what you get when you were expecting something else. ==
Re: Routers vs. PC's for routing - was list problems?
Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well. Tell that to Juniper. routing != forwarding routers have two jobs, both critical randy
Re: Who posts to the nanog list -- The top 59 players (Was not: Re: list problems?)
On Wed, May 22, 2002 at 03:16:14PM -0700, [EMAIL PROTECTED] said: [snip] Nice list. Can we sort by helpful/clueful/relevant postings, and ask the top 10 to post more frequently? :) (OTOH, suspect I would quickly drop down out of the top 100 ... =\ ) -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui msg02165/pgp0.pgp Description: PGP signature
Re: list problems?
At 02:42 PM 5/23/2002 -0400, Henry Yen wrote: On Thu, May 23, 2002 at 06:22:50AM -0700, Rachel K. Warren wrote: [ snip ] Of course, there are exceptions to every rule - I've had managers and executive officers in the same companies I worked at who did not have degrees. But more often than not, the degree was there. i was once taught that causation and correlation are different. Stating as fact a causation simply because of a correlation (e.g. degrees == promotion) is probably not a good idea without other evidence. However, lacking evidence or hypotheses to the contrary, it is not unreasonable to tentatively assume a causation given a strong correlation. Assuming correlation and causation are completely unrelated is probably worse, since if there is a cause / effect relationship, correlation is bound to show up. Given that we *do* have other evidence (e.g. HR department which ask for degrees when hiring promoting), why would it be wrong to make a leap such that a degree will help more than it will hurt. As one person said, all else being equal (as it frequently is), a degree (or certification) is a great way to differentiate yourself. Especially to the non-technical (like CFOs and HR departments). The interesting thing about this long (and sometimes interesting) thread which keeps appearing here every year or two is that people without degrees seem to have value experience only, while people with degrees have a relatively high opinion of experience and degrees. IOW: The people who have been to college tend like it, those who have not, do not. Of course, that is just a correlation, and not even a 100% correlation at that. Henry Yen Aegis Information Systems, Inc. -- TTFN, patrick
Re: Certification or College degrees? Was: RE: list problems?
In the immortal words of Paul Vixie ([EMAIL PROTECTED]): The trouble is, often times I'd rather hire the world's smartest garbage man. I never forget that when I got done interviewing for my first full time programming job I went back to my job fixing cars and pumping gas, and my fallback plan in case programming didn't work out was driving a tow truck (which paid better than either.) *blink* You are the second person to tell me this story, almost word-for-word verbatim, including the detail about the tow trucks. The first person was Eugene Kashpureff. (Indeed, Alternic, Inc. was actually a d/b/a identify of his towing company.) It's a small, and very strange world. -n [EMAIL PROTECTED] Transported to a surreal landscape, a young girl kills the first woman she meets and then teams up with three complete stangers to kill again. (-- TV listing for the movie, The Wizard of Oz, in the Marin Paper.) http://blank.org/memory/
Re: Routers vs. PC's for routing - was list problems?
ADC Date: Thu, 23 May 2002 14:30:16 -0400 ADC From: Anthony D Cennami ADC Not to say you can't route well with a linux or bsd system ADC you can but at the high-end probably not as well. ADC ADC Tell that to Juniper. Where can I buy their line cards for my PC? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Certification or College degrees?
A highly skilled gay is *VERY* different than a highly skilled guy... :-) Apologies, I just couldn't restrain myself. scott On Thu, 23 May 2002, Andy Dills wrote: : On Thu, 23 May 2002, Alexei Roudnev wrote: : : : CCIE just come and say _gays, you need Cisco XXX with IOS YY.YY and configure CEF, : snip : If people want a narrow edicated engineer, they need CCIE-only gay. If they weant : snip : Btw, a friend of mine, very (VERY) high skilled gay, is looking for the new job : snip : except _gay can read a books and can learn to answer a questions_. : snip : : I know you're not a native speaker, but that doesn't make this any less : hilarious. : : Andy : : : Andy Dills 301-682-9972 : Xecunet, LLCwww.xecu.net : : Dialup * Webhosting * E-Commerce * High-Speed Access : :
Discussion of Results
Proposal #1 (which passed by over 2/3rds - 67.9%) expresses the sense of the GA that DOC should re-bid the ICANN contract and forget ICANN completely Proposal #2 (which passed by 75%) expresses to ICANN the desire that they reform in a meaningful way, and if they don't, that the DOC should replace ICANN. Interesting AGN Domain Name Services, Inc http://www.adns.net Since 1995. The Registry for .AMERICA, .EARTH, .LION, .USA and .Z Define yourself or Be Defined. Censorship-free GA list at : http://dns-o.org/mailman/listinfo/ga
RE: Certification or College degrees?
Gee. I've know some CCIE's who seemed a little sexually ambiguous, but I'm not sure that a sweeping generalization is appropriate... :) - Daniel Golding -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alexei Roudnev Sent: Thursday, May 23, 2002 11:52 AM To: Vadim Antonov; Stephen Sprunk Cc: Nanog List Subject: Re: Certification or College degrees? On Wed, 22 May 2002, Stephen Sprunk wrote: Thus spake Nigel Clarke [EMAIL PROTECTED] Certifications are a waste of time. You'd be better off obtaining a Computer Science degree and focusing on the core technologies. If you're looking to write software, sure. A CompSci degree won't help you in the slightest at operating networks. Stephen - I bet I can do networks much much better than most cisco CCIEs, even after years of doing network-unrelated work :) That's because I understand _why_ the stuff is working, not only how to make cisco box to jump through hoops. Yes, but after you'll read a few books when you start working as a network engineer again (if -:)). CCIE just come and say _gays, you need Cisco XXX with IOS YY.YY and configure CEF, RED, packet inspection, bla bla bla... and he remember exact IOS commands. If people want a narrow edicated engineer, they need CCIE-only gay. If they weant someone who can do everything (may be, with extra time to learn specific piece of hardware) - they need someone like Vadim. And CCIE is not a good example - it's the BEST certification degree I ever know; other certifications are much worst - most of them are just _guess an answer_ tests. Of course, knowing _top change a domain, you need to reinstall the system_ (from some old MS exam) is very important one (because no one can guess an answer). Btw, a friend of mine, very (VERY) high skilled gay, is looking for the new job today. When I told about him with someone, I always explain _he worked with MS and CISCO for a 10 years; he teach Microsoft in Moscow, he designed a networks, he worked as a PS for a 2 years, he bring Ascends into the Russia, he know Everything about MS and Cisco. Oh, you need his credentials - btw, he is CCIE and MS certified engineer. I never start from certificates, because they say nothing except _gay can read a books and can learn to answer a questions_. (Do you need jobless CCIE + MS certified _do not remember who_? You can hire one just now).
Re: Routers vs. PC's for routing - was list problems?
We've had some rather good success with PC based routers. Typical setup was FreeBSD 4.x, 512mb, 20gb RAID-1, 3com Gigabit Ethernet card, Fore Systems OC3 ATM card. All this, with zebra on top. It worked well for a long time, although it turned out getting deprecated because of some zebra issues (with ospfd. They (the problems) weren't confirmed by the zebra community but thats the only thing we could narrow it down to. ospfd would die periodically.) The line cards were bought off of eBay. We did VLAN trunking through the 3com GBE card to a Catalyst 3548. Did any rate limiting with DUMMYNET and ipfw pipes. Overall, the whole system worked great for a few months without human interaction, until the ospfd problems. Feel free to contact me off list if you have any questions. I dont know all of the exact hardware/software tweaking that were done; alot of them were left default, but i'll try to help. -- James Cornman [EMAIL PROTECTED] Net Access Corporation - http://www.nac.net/ On Thu, 23 May 2002, E.B. Dreger wrote: ADC Date: Thu, 23 May 2002 14:30:16 -0400 ADC From: Anthony D Cennami ADC Not to say you can't route well with a linux or bsd system ADC you can but at the high-end probably not as well. ADC ADC Tell that to Juniper. Where can I buy their line cards for my PC? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
As are f5 proeducts including bigip, 3dns and hmmm they make something else I forget:). On Thu, 23 May 2002, Brian wrote: bsd kernel eh? i believe netapp filers are based on that as well. Bri On Thu, 23 May 2002, Anthony D Cennami wrote: Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well. Tell that to Juniper. Scott Granados wrote: Remember that a pc may have some certain functions that are more powerful than a router but a pc is a much more general computer. Routers are supposed to be and usually designed to do one thing only, route, not play quake, balance your check book, browse the net, etc etc. So although for example a gsr-12000 may hhave a slower cpu than the machine on your desk it probably will route and pass more traffic than your pc ever will because of its design. Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well. On Thu, 23 May 2002, Vinny Abello wrote: I would have to say for any Linux/BSD platform to be a viable routing solution, you have to eliminate all moving parts or as much as possible, ie. no hard drives because hard drives will fail. Not much you can do about the cooling fans in various parts of the machine though which routers also tend to have. Solid state storage would be the way to go as far as what the OS is installed on. You have to have something to imitate flash on the common router. Otherwise, if you can get the functionality out of a PC, I say go for it! The processing power of a modern PC is far beyond any router I can think of. I suppose it would just be a matter of how efficient your kernel, TCP/IP stack and routing daemon would be at that point. :) At 10:48 PM 5/22/2002, you wrote: On Wed, 22 May 2002, Andy Dills wrote: From the number of personal replies I got about these topics, it seems like many people are interested in sharing information about how to do routing on a budget, or how to avoid getting shot in the foot with your Cisco box. Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother with a linux box? Heh, at least use FreeBSD :) Before the dot com implosion, they weren't nearly that inexpensive. The average corporate user will also need smartnet (what's that on a 7200, a K or a few per year?) for support, warranty, and software updates. Some people just don't appreciate being nickled and dimed by cisco and forced to either buy much more router than they need, or risk ending up with another cisco boat anchor router when the platform they chose can no longer do the job in the limited memory config supported. I have a consulting customer who, against my strong recommendation, bought a non-cisco router to multihome with. It's PC based, runs Linux, and with the exception of the gated BGP issue that bit everyone running gated a few months ago, has worked just fine. It's not as easy to work with in most cases, but there are some definite advantages, and some things that Linux actually makes easier. They'd initially bought a 2621 when multihoming was just a thought, and by the time it was a reality, 64mb on a 2621 couldn't handle full routes. The CW/PSI depeering (which did affect this customer, as they were single homed to CW at the time and did regular business with networks single homed to PSI) was proof that without full routes, you're not really multihomed. -- -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Routers vs. PC's for routing - was list problems?
JC Date: Thu, 23 May 2002 15:25:14 -0400 (EDT)
JC From: James Cornman
JC We've had some rather good success with FreeBSD based PC
JC Routers. Typical setup was FreeBSD 4.x, 512mb, 20gb RAID-1,
JC 3com Gigabit Ethernet card, Fore Systems OC3 ATM card. All
JC this, with zebra on top. It worked well for a long time,
JC although it turned out getting deprecated because of some
JC zebra issues (with ospfd. They (the problems) weren't
JC confirmed by the zebra community but thats the only thing we
JC could narrow it down to. ospfd would die periodically.) The
JC line cards were bought off of eBay.
Yes, for = 155 Mbps, it works well.
My intended point was that Juniper != PC. Yes, both are FreeBSD
on x86, which works great. But PCs use the system bus, which is
a much harsher limit than having a fast backplane or midplane
that just switches data.
As Randy said, a router must route _and_ forward. When PCI runs
out of gas, you just can't push any more through it.
Again: Anyone played with cPSB yet? It looks very promising...
The sweet spot for building a PC-based router probably would be
around 2x or 3x DS3 right now. 7200s have come down in price,
but DS3 cards are still fairly valuable. (Not enough price
difference in the DS1 game to make a PC-based router worth the
effort on the low end... unless one is multihoming and needs more
RAM than 26xx or 36{20|40} can hold.)
I'm trying to remember what Buy It Now was on that M20 on eBay
the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE.
JC We did VLAN trunking through the 3com GBE card to a Catalyst
JC 3548. Did any rate limiting with DUMMYNET and ipfw pipes.
JC Overall, the whole system worked great for a few months
JC without human interaction, until the ospfd problems.
How long ago was this? Zebra has been stagnant for nearly a year
now, and my recollection was that late 2000 was when OSPF bugs
were biting...
--
Eddy
Brotsman Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~
Date: Mon, 21 May 2001 11:23:58 + (GMT)
From: A Trap [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to [EMAIL PROTECTED], or you are likely to
be blocked.
Strange Bandwidth drop: 5/21 14:00 to 5/22 02:00: Any one else seeit
Looking at our graphs, we saw a very significant drop in our inbound bandwidth from Tuesday, 21/May/2002 14:00 (UTC -0500) to 22/May/2002 02:00 (UTC -0500). We can't explain it from internal sources. Did anyone else see this? Does anyone have an explanation? Thanks, LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Discussion of Results
Sounds like either way, the consensus was that ICANN has to go..which isn't necessarily a bad thing. Very interesting. rf From: John Palmer (NANOG Acct) [EMAIL PROTECTED] Date: Thu, 23 May 2002 14:14:28 -0500 To: [EMAIL PROTECTED] Subject: Discussion of Results Proposal #1 (which passed by over 2/3rds - 67.9%) expresses the sense of the GA that DOC should re-bid the ICANN contract and forget ICANN completely Proposal #2 (which passed by 75%) expresses to ICANN the desire that they reform in a meaningful way, and if they don't, that the DOC should replace ICANN. Interesting AGN Domain Name Services, Inc http://www.adns.net Since 1995. The Registry for .AMERICA, .EARTH, .LION, .USA and .Z Define yourself or Be Defined. Censorship-free GA list at : http://dns-o.org/mailman/listinfo/ga
Re: Routers vs. PC's for routing - was list problems?
I agree with you on that. Hot swapability for various interfaces is something routers obviously have over PC's. Hot swap PCI is old news. True... unless going for 64 bit PCI at 66MHz... still it's obvious that routers are designed for one simple purpose and generally have larger backplanes to handle that. However, $ for $, even when buying used cisco gear at 80% off from dot-booms, a PC router will outperform any traditional router. I agree a router is probably more efficient in just routing packets, but in complex filtering or traffic manipulation/packet sniffing, a PC might have the edge. :) Yes, ipfw/dummy is very very cool. Like, inducing a few 100 msecs of latency to folks who don't pay on time :) -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: I'm trying to remember what Buy It Now was on that M20 on eBay the other day... IIRC, it had 4x OC3 + 4x DS3 + 4x FE. $39,975 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2025155277 -- Dominic J. Eidson Baruk Khazad! Khazad ai-menu! - Gimli --- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
Re: operational: icmp echo out of control?
On Thu, May 23, 2002 at 10:05:08AM -0700, Mark Kent wrote: I've observed that our border routers are getting pinged a fair bit. I measured on one router and saw: 5 per second, seems consistent throughout the day, roughly 40 different sources every 15 seconds I took a look at the varied sources and discovered that the sites are well connected and those that resolve resolve to akamai names. This isn't more than a nuisance for me, but I run a small net. Should I conclude that an ISP with a population 10 times bigger would have their border routers getting pinged at 10 times the rate I see? If so, should we care, or just ignore it? I can't speak as to what exactly Akamai is doing, but this kind of probing for performance reasons is becoming increasingly common as more people jump on the optimized routing bandwagon. Not only do you have operational networks originating these probes on their own (InterNAP, Digital Island, Akamai, others), but you now have companies making boxes which optimize routing in part by doing these probes from every one of their customers. Right now it's mostly noise, but it has the potential to get way out of hand. A packet or two an hour probably wouldn't hurt anyone, but 5 packets/sec is personally what I would consider to be an acceptable amount of data to be directed at any specific host or router. Not only can this many probes trigger ICMP rate limiting and ruin the data for the prober and others, it is just plain unnecessary. Path latency doesn't change much, you can determine this with very few probes. Reachability does not need to be continuously probed, you can take cues from other data to decide if you need to re-probe. Packet loss cannot be reliably determined without a lot more packets than it is reasonable to send. Much like web spidering, some simple common sense can help keep probes from becoming a hassle: * Control the rate of your probes to a given destination. * Don't allow your probes to continuously hit a destination. * If you are using traceroute-style probes, extra care must be taken as if you were pinging every host along the path. * If at all possible, only target destinations you actually exchange traffic with. For example, get a netflow feed. * Make sure a DoS attack cannot provoke your system into probing innocent third parties. * Consider what is the smallest unit of distinct network topology you need to map. A very reasonable number would be a /24. * Source your probes from an IP which resolves to something that can explain what your probe is doing, and a webpage for people to read more about what you are doing and why (such as how it benefits them). * Have an opt out option for networks who REALLY don't like probes. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Controlling Spam to the NOC
Hello, Has anybody on this list figured out an effective way to eliminiate, or at least severely limit, the amount of spam that arrives in your NOC? I am aware of solutions such as Spamassassin, Vipul's Razor, and the various RBL lists, but has anybody used one of these solutions, or anything else, to reduce the amount of spam going into noc@/trouble@/etc mailboxes without severely restricting the rest of the internet's ability to reach the noc via email for legitimate purposes? Particularly in a NOC where it's quite possible that some of your customers are listed in the RBLs but still need to reach you. -Jeff -- Jeff Workman | [EMAIL PROTECTED] | http://www.pimpworks.org
Re: list problems?
On Thu, May 23, 2002 at 03:00:20AM -0400, Patrick W. Gilmore wrote: At 02:42 PM 5/23/2002 -0400, Henry Yen wrote: On Thu, May 23, 2002 at 06:22:50AM -0700, Rachel K. Warren wrote: Of course, there are exceptions to every rule - I've had managers and executive officers in the same companies I worked at who did not have degrees. But more often than not, the degree was there. i was once taught that causation and correlation are different. Stating as fact a causation simply because of a correlation (e.g. degrees == promotion) is probably not a good idea without other evidence. However, lacking evidence or hypotheses to the contrary, it is not unreasonable to tentatively assume a causation given a strong correlation. i don't disagree, but the your specific observation seems too broad for me. i've long deleted the original post, but ISTR that the OP's interest was in getting a network/engineering/related job, and the degree (no pun intended) to which having a formal college education might contribute toward that goal, at least in the short run. assuming that the companies to which this post refers are those which are in that situation (hiring good network people), the fact that the managers and executives at those companies more often than not had a degree is not necessarily more than a correlation. it doesn't speak to the issue of whether or not they are/were good network people. for instance, perhaps a degree is more useful to managers and executive officers than to network engineers. or perhaps people who get degrees strive more for those management positions than people who don't. or perhaps those companies tend to hire people with degrees more often than not, and this post shows that, but it doesn't necessarily relate to network engineering (i.e. maybe it's a less-than-useful holdover hiring practice, which is what many offshoots of this thread are discussing); perhaps the OP would be just as happy to be hired in a non-network-engineering- oriented position, but that's not the impression i got. Assuming correlation and causation are completely unrelated is probably worse, since if there is a cause / effect relationship, correlation is bound to show up. yes, but i didn't assume that. :) Given that we *do* have other evidence (e.g. HR department which ask for degrees when hiring promoting), why would it be wrong to make a leap such that a degree will help more than it will hurt. yes, i think it would be wrong. the evidence presented above is one person's experience, based on observations of executive officers and managers at places where she has worked. you could certainly say that a college degree will more likely than not lead to a position as an executive officer or manager (not necessarily network-related), especially if you tend to try to work for companies such as those quoted above. the hurt part presumably refers to the time (5+ per cent of your life), as well as the ten-thousands of dollars expenditure. As one person said, all else being equal (as it frequently is), a degree (or certification) is a great way to differentiate yourself. Especially to the non-technical (like CFOs and HR departments). i think it makes a bigger difference when one is young. i tend to believe that the differentiation lessens over time. as well, the opportunity to seriously and formally study computing/networking is relatively recent. The interesting thing about this long (and sometimes interesting) thread which keeps appearing here every year or two is that people without degrees seem to have value experience only, while people with degrees have a relatively high opinion of experience and degrees. it would be interesting to see the age distribution of these two groups. IOW: The people who have been to college tend like it, those who have not, do not. Of course, that is just a correlation, and not even a 100% correlation at that. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Controlling Spam to the NOC
ramble You hit it dead on: use all the tools at your disposal, but preemptively whitelist your customers. Unfortunately, the whitelisting isn't always as easy as it sounds. If they are within your IP space, you're good to go, but if they have the rare portable block, or they are multihomed, etc., you need to be more careful. /ramble In Short: Whitelist like crazy, and then blacklist like mad! On Thu, 23 May 2002, Jeff Workman wrote: Hello, Has anybody on this list figured out an effective way to eliminiate, or at least severely limit, the amount of spam that arrives in your NOC? I am aware of solutions such as Spamassassin, Vipul's Razor, and the various RBL lists, but has anybody used one of these solutions, or anything else, to reduce the amount of spam going into noc@/trouble@/etc mailboxes without severely restricting the rest of the internet's ability to reach the noc via email for legitimate purposes? Particularly in a NOC where it's quite possible that some of your customers are listed in the RBLs but still need to reach you. -Jeff -- Jeff Workman | [EMAIL PROTECTED] | http://www.pimpworks.org -- Yours, J.A. Terranson [EMAIL PROTECTED] If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place...
Re: Routers vs. PC's for routing - was list problems?
At 04:17 PM 5/23/2002 -0400, you wrote: I agree with you on that. Hot swapability for various interfaces is something routers obviously have over PC's. Hot swap PCI is old news. True, but not widely implemented in the standard PC market. If you want a server that has hot swap capability, you're likely paying a premium price for a lot of extra other features. It's not something you can typically just build yourself, and if you can you'll need a case that allows you easy access to swap the PCI cards. By the time you pay for an enterprise level server with this capability, I would rather have put the money towards a good router. True... unless going for 64 bit PCI at 66MHz... still it's obvious that routers are designed for one simple purpose and generally have larger backplanes to handle that. However, $ for $, even when buying used cisco gear at 80% off from dot-booms, a PC router will outperform any traditional router. At what speeds though? As you get into the higher gbic speeds, a PC doesn't have the backplane to cut it. Now if we're talking raw processing power, a PC can blow away a router in calculations per second any day. :) I agree a router is probably more efficient in just routing packets, but in complex filtering or traffic manipulation/packet sniffing, a PC might have the edge. :) Yes, ipfw/dummy is very very cool. Like, inducing a few 100 msecs of latency to folks who don't pay on time :) Hehehehe... Interesting approach. I find it more fun to just shut them off. It makes them take you more seriously. Unfortunately I would say only a small percentage of users, may 20% or so would even notice the latency issues if they were having them. They're more likely to complain about slow transfer speeds. That is even more fun and can be done on any traditional Cisco... Traffic shaping is cool but hindered by being limited to controlling outbound traffic on an interface. Rate limiting even more fun. Hmm... [exceed action drop] Why is there so much damn packet loss on my connection when I put traffic across it??? ;) Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Controlling Spam to the NOC
On Thu, 23 May 2002 [EMAIL PROTECTED] wrote: ramble You hit it dead on: use all the tools at your disposal, but preemptively whitelist your customers. Unfortunately, the whitelisting isn't always as easy as it sounds. If they are within your IP space, you're good to go, but if they have the rare portable block, or they are multihomed, etc., you need to be more careful. /ramble In Short: Whitelist like crazy, and then blacklist like mad! We do both...but I wouldn't say whitelist like crazy. More like whitelist as needed, and find a blacklist or one of the message body parsing utils you like...or both. For the rare emergency when a customer (or non-customer) needs to talk to our NOC and can't get email through, we have these neat things called telephones. They work pretty well. In fact, I think mine often works too well. -- -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Sorry if this is a basic question, but the only EIDE mass-storage devices I've used are more traditional drives. This would be a great solution for a Linux box I want to build as a bridge. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Steven J. Sobol wrote: On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Why would you want to do this? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Certification or College degrees?
A highly skilled gay is *VERY* different than a highly skilled guy... :-) not at work
Re: Routers vs. PC's for routing - was list problems?
SJS Date: Thu, 23 May 2002 17:23:43 -0400 (EDT) SJS From: Steven J. Sobol SJS Can you set flash drives to be write-only? Sorry if this is Depends on the drive, just like traditional HDDs. SJS a basic question, but the only EIDE mass-storage devices SJS I've used are more traditional drives. Why not partition wisely, then mount the desired partition as read-only? Or I guess one _could_ mount each partition as RO... But why? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
JKS Date: Thu, 23 May 2002 17:34:29 -0400 (EDT) JKS From: Jason K. Schechner JKS Why would you want to do this? JKS JKS Logging. If a h@xx0r cracks your box he can't erase JKS anything that's already been written there. Often it takes BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called immutable attrib. JKS a physical change (jumper, dipswitch, etc) to change from JKS write-only to read-only making it pretty tough for the JKS h@xx0r to cover his steps. Why not log to an external bastion host? -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: On Thu, 23 May 2002, E.B. Dreger wrote: EIDE-based flash drives have become very inexpensive. Some embedded systems use CompactFlash boards. Can you set flash drives to be write-only? Why would you want to do this? Duh. Sorry about the brainfart. I was about to launch into a long explanation of what I want to do when I realized I wrote write-only instead of read-only. I meant read-only. Note to self: Engage brain *before* fingers. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
At 02:28 PM 5/23/2002 -0700, Dan wrote: Why would you want to do this? Because flash has a limited number of writes. If you used it like a traditional file system, it would go kaput in no time. -- jb
Re: Routers vs. PC's for routing - was list problems?
Vinny Abello wrote: First off, you're right about moving parts generally being a bad thing. However, it is not always necessary to eliminate the hard drive. Two drives in a RAID-0 configuration may be reliable enough. Especially if the failure of a single drive sets off sufficient alarms so that it can quickly be hot-swapped for a new drive. I'm assuming you meant RAID-1. In RAID-0 if you 'swapped' any drive all your striped data is toast. ;) Oops. Yes. of course I meant RAID-1. Then there's the issue of the PCI bus. Standard PCI (32-bit 33MHz) has a theoretical maximum bandwidth of about 1Gbit/s. But you can never use all of a PCI bus's bandwidth, so actual limits will be less than this. True... unless going for 64 bit PCI at 66MHz... 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better than standard PCI, but hard to find on a PC-compatible motherboard, and expensive when you do find it. Enough bandwidth for 10 line-rate 100M Ethernet ports or six line-rate OC-3 ports (in theory, anyway). But not really enough for anything faster (OC-12 or GigE) if you want line-rate forwarding. -- David
Re: Routers vs. PC's for routing - was list problems?
Let me elaborate. I thought Steve was concerned about the limited writablity of flash. My thought was to build something like a Linux router, you'd have to load the OS into a RAMdisk (or something similar), and only write to flash when the config changed. Which means you'd need some sort of singular configuration file. But I was wrong. :) He meant read-only *back to lurk mode* -- jb At 02:49 PM 5/23/2002 -0700, Dan Hollis wrote: And making it *write-only* as the original poster asked, would fix things how?
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Jason K. Schechner wrote: On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: Can you set flash drives to be write-only? Why would you want to do this? Logging. If a h@xx0r cracks your box he can't erase anything that's already been written there. Often it takes a physical change (jumper, dipswitch, etc) to change from write-only to read-only making it pretty tough for the h@xx0r to cover his steps. Eh? Setting a flash drive to *write-only* would fix this how? Why would anyone want to make a flash drive *write-only*? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]
Re: Certification or College degrees?
On Wed, 22 May 2002, Stephen Sprunk wrote: Thus spake Stephen Kowalchuk [EMAIL PROTECTED] Certification in the IT industry has become a nightmare because people who are less than clueful have abused it in the hiring and compensation processes. Picture yourself as a job-seeker three years ago. Every recruiter you call hangs up on you because you don't have a CCNA. What's the obvious conclusion? CCNA == job. Try getting an accounting job without being a CPA; it's possible in some states, but it's not easy. Your analogy is flawed. You have to be certified by the local bar association to practice law in most states, and unless I'm mistaken (and I might be) you have to have taken the CPA test and be certified as a CPA, because the government says so. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Jake Baillie wrote: the config changed. Which means you'd need some sort of singular configuration file. But I was wrong. :) He meant read-only I'm just throwing ideas out there. I could boot Linux off a floppy or a bootable CD and create a ramdisk upon bootup - Linux has always had this capability. I'm just a person who occasionally comes up with silly half-baked ideas and wonders if he can implement them. ;) And to be honest, I figured that having the OS boot off of some solid-state storage device would be useful... for something... -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, E.B. Dreger wrote: SJS a basic question, but the only EIDE mass-storage devices SJS I've used are more traditional drives. Why not partition wisely, then mount the desired partition as read-only? Or I guess one _could_ mount each partition as RO... But why? The box I want to build is passing packets between the rest of my network (and the public Internet) and one server that will hold sensitive data. It'll be a Linux box with the TCP/IP stack running in bridged mode, with two ethernet adapters installed. The box just needs to boot up and run. It doesn't need to log anything. -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 05:47:40PM -0400, David Charlap wrote: 64/66 PCI has 4 times as much bandwidth - about 4Gbit/s. Much better than standard PCI, but hard to find on a PC-compatible motherboard, and expensive when you do find it. Enough bandwidth for 10 line-rate 100M Ethernet ports or six line-rate OC-3 ports (in theory, anyway). But not really enough for anything faster (OC-12 or GigE) if you want line-rate forwarding. Why is this such a hard concept for people to grasp? If you just need to bat around a couple hundred Mbit, a PC based router could work beautifully for you. If you want to design a scalable but efficient system, you use dedicated hardware for the forwarding plane, cheap but powerful PC hardware for the control plane, and an ASIC to look at bytes in the header and come up with a destination interface. But Juniper has done this, so move on. I wish they would put a little more legitimacy on the Olive though, it could be a very useful product. Everything from very small guys who only need to move 100Mbit but who need more stability and policy power than a linsux box and zebra can provide, to the very big guys who could build a very beefy 2GHz box for computationally intensive tasks (like a route reflector). -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: operational: icmp echo out of control?
RAS I can't speak as to what exactly Akamai is doing, but this I should add that Akamai contacted me with minutes of my initial post to ask for more data and they said that they are looking into it... leaving me with the impression that what I was seeing was not typical. -mark
Re: Routers vs. PC's for routing - was list problems?
Speaking of which: I have been looking for a reasonable priced hardware ramdisk. The ones I've seen (albeit expensive) are essentially a brick with DIMMs in them, and have either a IDE or SCSI interface. Some have a battery to back them up for a few hours. Anyone got some pointers? On Thu, 23 May 2002, Jake Baillie wrote: Let me elaborate. I thought Steve was concerned about the limited writablity of flash. My thought was to build something like a Linux router, you'd have to load the OS into a RAMdisk (or something similar), and only write to flash when the config changed. Which means you'd need some sort of singular configuration file. But I was wrong. :) He meant read-only *back to lurk mode* -- jb At 02:49 PM 5/23/2002 -0700, Dan Hollis wrote: And making it *write-only* as the original poster asked, would fix things how? -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002, Dave Israel wrote: Then why ot boot from a CD-ROM? Sure, it moves, but only for the few minutes it takes to boot. Then it spins down and sits idle for the n days/weeks/months until the next reboot. It would probably last as long as the solid state drive, and would be cheaper. The big problem here, of course, is software upgrades. CD's were the other option I was considering. I'd rather use CD's because they are more durable than floppies. WRT software upgrades, the only thing I'd be rebuilding is the kernel - you rebuild the kernel, create an ISO filesystem, and rip it to CD... Personally, I'd just use a hard drive and initrd (under linux) and leave the hd controller out of the kernel. When it comes time to upgrade, reboot to an alternate kernel that has the hd support code. But that's more of a discussion for a Linux list than here. Yup. Topic drift... -- Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek) JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net In a 32-bit world, you're a 2-bit user/You've got your own newsgroup: alt.total.loser - Weird Al Yankovic, It's All About the Pentiums
Re: operational: icmp echo out of control?
Its important to note a point entioned here that vendors are building boxes to do this as well. I ran a 3dns pair for a while and wow the mail that came in from people with firewalls or simply watching for probes. F5 was opening all sorts of half opened connections and wierd ports other than ones involving dns. I believed they called it iquerry. On Thu, 23 May 2002, E.B. Dreger wrote: RAS Date: Thu, 23 May 2002 16:36:23 -0400 RAS From: Richard A Steenbergen [ moderate snipping throughout ] RAS I can't speak as to what exactly Akamai is doing, but this RAS kind of probing for performance reasons is becoming RAS increasingly common as more people jump on the optimized RAS routing bandwagon. Perhaps most maddening is that ICMP echo/response hardly reflects real-world performance. (At least I don't usually tunnel my HTTP, SMTP, and FTP packets through ICMP, but perhaps I'm just being weird again.) RAS Not only do you have operational networks originating these RAS probes on their own (InterNAP, Digital Island, Akamai, RAS others), but you now have companies making boxes which RAS optimize routing in part by doing these probes from every RAS one of their customers. I'd hope that they're having the IP stack communicate timing info to the apps. The information is superior, and it doesn't require any additional packets. RAS Path latency doesn't change much, you can determine this RAS with very few probes. Reachability does not need to be RAS continuously probed, you can take cues from other data to RAS decide if you need to re-probe. Packet loss cannot be RAS reliably determined without a lot more packets than it is RAS reasonable to send. RAS Much like web spidering, some simple common sense can help RAS keep probes from becoming a hassle: H anyone recall the number of the RFC that says many of the same things? RAS * If at all possible, only target destinations you actually RASexchange traffic with. For example, get a netflow feed. Which, IMHO, is the sane way anyhow. Why spend bandwidth and CPU munching on a point that exchanges 0.0001% of one's traffic? It's silly. Now, if it's an outlier that shows performance worse than, say, 3 sigma slower than average, that might be another story. -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: operational: icmp echo out of control?
I have uploaded a PDF version of our RTT measurement study. You can find it at: http://idmaps.eecs.umich.edu/papers/rtt.pdf Regards, Amgad Path latency doesn't change much, you can determine this with very few probes. . . . . Much like web spidering, some simple common sense can help keep probes from becoming a hassle: . . . . * Consider what is the smallest unit of distinct network topology you need to map. A very reasonable number would be a /24. We have been studying these issues as part of the IDMaps project and have two reports quantifying our results. If interested, you can download our papers from: http://idmaps.eecs.umich.edu/papers/rtt.ps.gz http://idmaps.eecs.umich.edu/papers/ap.pdf Cheers, Amgad
Re: Routers vs. PC's for routing - was list problems?
Didn't National Semiconductor have a spec sheet for write only memory back in the late 70s or early 80s? I think they developed it for the NSA. --On Thursday, 23 May 2002 14:53 -0700 Dan Hollis [EMAIL PROTECTED] wrote: On Thu, 23 May 2002, Jason K. Schechner wrote: On Thu, 23 May 2002, Dan Hollis wrote: On Thu, 23 May 2002, Steven J. Sobol wrote: Can you set flash drives to be write-only? Why would you want to do this? Logging. If a h@xx0r cracks your box he can't erase anything that's already been written there. Often it takes a physical change (jumper, dipswitch, etc) to change from write-only to read-only making it pretty tough for the h@xx0r to cover his steps. Eh? Setting a flash drive to *write-only* would fix this how? Why would anyone want to make a flash drive *write-only*? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-] -- Joseph T. Klein +1 414 628 3380 Senior Network Engineer [EMAIL PROTECTED] Adelphia Business Solutions [EMAIL PROTECTED] ... the true value of the Internet is its connectedness ... -- John W. Stewart III msg02224/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
On Thu, 23 May 2002 18:01:03 EDT, Steven J. Sobol said: The box I want to build is passing packets between the rest of my network (and the public Internet) and one server that will hold sensitive data. It'll be a Linux box with the TCP/IP stack running in bridged mode, with two ethernet adapters installed. The box just needs to boot up and run. It doesn't need to log anything. I've heard tell that a good way to secure a Linux box that's doing this is to have it boot, set up the interfaces, set up iptables, and then do a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the way down, the kernel will happily forward the packets while being immune to exploits (since there's no processes running anymore). I haven't tried it, so I dont know if it works. Maybe there ARE cases where setting the default runlevel to 0 or 6 make sense. ;) msg02225/pgp0.pgp Description: PGP signature
Re: Routers vs. PC's for routing - was list problems?
Date: Fri, 24 May 2002 00:52:14 -0400 From: [EMAIL PROTECTED] I've heard tell that a good way to secure a Linux box that's doing this is to have it boot, set up the interfaces, set up iptables, and then do a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the way down, the kernel will happily forward the packets while being immune to exploits [ snip ] H. A most interesting thought. Even if that doesn't work, one could modify /sbin/init to suit one's needs; several variants for embedded systems already exist. -- Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Routers vs. PC's for routing - was list problems?
[ On Friday, May 24, 2002 at 04:50:27 (-), Joseph T. Klein wrote: ] Subject: Re: Routers vs. PC's for routing - was list problems? Didn't National Semiconductor have a spec sheet for write only memory back in the late 70s or early 80s? I think they developed it for the NSA. Not long ago I finished reading one of Stephen R. Donaldson's The Gap series (the second -- I don't know if I'll bother with more of them) where secure write-only core is said to be the foundation for interstellar security. Basically it's for keeping an unbreakable and unmodifiable record of all ship functions and communications. Only authorised police have keys to read it, but it supposed to be physically unalterable once written. Of course it turns out what's written to it is not quite so indelible as most people are lead to believe :-) -- Greg A. Woods +1 416 218-0098; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED]
