Re: Clarification needed on ATM
You are only nailing the PVP/PVC to your physical port. The provider almost certainly has sPVP/C's to route througout their actual ATM backbone, each of those routes with a destination NSAP of your ATM port (the port that terminates your physical link) I'm not sure how this raises any security issue since any traffic that you feel should remain secure must be encrypted long before it reaches your carriers transit backbone. Were these statically mapped (which I might add would be a horrific job for the network engineers and admins at a carrier) then one link failing in between any of your facilities would cause the entire PVP/C to collapse. sPVP/C's on NNI links are very common and beneficial/necessary to continuity on an ATM network. Rich Sena wrote: > OK - sorry if this is elementary - however I am dealing with a challenge > to the security of some ATM links that we have connecting remote > facilities to a main campus. The connections are all PVPs with individual > PVCs defined point to point. The concern that is being raised is that > although these connections appear point-to-point PVCs to the router > interfaces at our sites and our main campus - they are more than likely > switched SVCs on the provider backbone... > > I had thought that a PVC was a nailed up connection between vpi-vci pairs > throughout the provider ATM network - is that an incorrect assumption? And > if so is the scenario that was raised possible/probable and a concern? > > Thanks for any info kids... >
Re: Routers vs. PC's for routing - was list problems?
"Not to say you can't route well with a linux or bsd system you can but at the high-end probably not as well." Tell that to Juniper. Scott Granados wrote: > Remember that a pc may have some certain functions that are "more > powerful" than a router but a pc is a much more general computer. > Routers are supposed to be and usually designed to do one thing only, > route, not play quake, balance your check book, browse the net, etc etc. > So although for example a gsr-12000 may hhave a slower cpu than the > machine on your desk it probably will route and pass more traffic than > your pc ever will because of its design. Not to say you can't route > well with a linux or bsd system you can but at the high-end probably not > as well. > > On Thu, 23 May 2002, Vinny Abello wrote: > > >>I would have to say for any Linux/BSD platform to be a viable routing >>solution, you have to eliminate all moving parts or as much as possible, >>ie. no hard drives because hard drives will fail. Not much you can do about >>the cooling fans in various parts of the machine though which routers also >>tend to have. Solid state storage would be the way to go as far as what the >>OS is installed on. You have to have something to imitate flash on the >>common router. Otherwise, if you can get the functionality out of a PC, I >>say go for it! The processing power of a modern PC is far beyond any router >>I can think of. I suppose it would just be a matter of how efficient your >>kernel, TCP/IP stack and routing daemon would be at that point. :) >> >>At 10:48 PM 5/22/2002, you wrote: >> >> >>>On Wed, 22 May 2002, Andy Dills wrote: >>> >>> >>From the number of personal replies I got about these topics, it seems >like many people are interested in sharing information about how to do >routing on a budget, or how to avoid getting shot in the foot with your >Cisco box. Routing on a budget? Dude, you can buy a 7200 for $2 grand. Why bother with a linux box? Heh, at least use FreeBSD :) >>> >>>Before the dot com implosion, they weren't nearly that inexpensive. The >>>average corporate user will also need smartnet (what's that on a 7200, a K >>>or a few per year?) for support, warranty, and software updates. Some >>>people just don't appreciate being nickled and dimed by cisco and forced >>>to either buy much more router than they need, or risk ending up with >>>another cisco boat anchor router when the platform they chose can no >>>longer do the job in the limited memory config supported. >>> >>>I have a consulting customer who, against my strong recommendation, bought >>>a non-cisco router to multihome with. It's PC based, runs Linux, and with >>>the exception of the gated BGP issue that bit everyone running gated a few >>>months ago, has worked just fine. It's not as easy to work with in most >>>cases, but there are some definite advantages, and some things that Linux >>>actually makes easier. They'd initially bought a 2621 when multihoming >>>was just a thought, and by the time it was a reality, 64mb on a 2621 >>>couldn't handle full routes. The C&W/PSI depeering (which did affect >>>this customer, as they were single homed to C&W at the time and did >>>regular business with networks single homed to PSI) was proof that without >>>full routes, you're not really multihomed. >>> >>>-- >>>-- >>> Jon Lewis *[EMAIL PROTECTED]*| I route >>> System Administrator| therefore you are >>> Atlantic Net| >>>_ http://www.lewis.org/~jlewis/pgp for PGP public key_ >> >> >>Vinny Abello >>Network Engineer >>Server Management >>[EMAIL PROTECTED] >>(973)300-9211 x 125 >>(973)940-6125 (Direct) >> >>Tellurian Networks - The Ultimate Internet Connection >>http://www.tellurian.com (888)TELLURIAN >> > >
Re: Linux routing
You might want to try Zebra and some actual traffic, rather than an extremely CPU intensive compression program. Compressing a file, even in swap, is by no means a good way to judge the aggregate throughput and routing capabilities of a system, regardless of the OS or platform. (That is unless you were planning on bzip2'ing all of your packet flows.) [EMAIL PROTECTED] wrote: >>On Tue, May 21, 2002 at 06:34:47PM -0400, Ralph Doncaster wrote: >> >>>I don't really trust the vmstat system time numbers. Based on some >>>suggestions I received, I ran some CPU intensive benchmarks during >>>different traffic loads, and determined how much system time was being >>>used by comparing the real and user times. The results seem to show that >>>if I want to do 50Mbps full-duplex on 2 ports (200M aggregate) that the >>>standard Linux 2.2.20 routing code won't cut it. >>> >>[snip bogus benchmark] >> >>Why are you benchmarking network troughput by bzip2'ing a file in >>/tmp? It makes no sense. >> > > interrupts are taking up CPU time, and vmstat is not accurately reporting > it. I need *something* compute intensive to infer load by seeing how many > cycles are left over. > > -Ralph > > >
Re: DoS on ftp port
In addition to David's suggestion, you would also want to ensure that newly create files are umasked unreadable as well. Should the directory be masked unreadable but still executable (which it must be to actually enter it) users could still externally link to the files, even though one could not view them in a directory listing. [EMAIL PROTECTED] wrote: > Rob Thomas wrote: > >>There is a huge increase in FTP scanning as well as the building of >>warez botnets. The warez scanning is generally for anonymous FTP >>servers with plentiful bandwidth, copious disk space, and generous >>write permissions. ... >> > > One things I know of that helps here is to make sure you never have a > single directory that is both readable and writeable to an anonymous > user. > > In general, restrict writing to users with logins and passwords. If you > must have an anonymous-write directory (like an incoming folder), make > sure that that directory is not also readable by anonymous users. > > This probably won't eliminate all the abuse, but it should make it > impractical enough that the warez servers will probably start looking > elsewhere. > > -- David >
Re: Interconnects
Yes, it does. A company who cannot pay their engineers or hire new ones will certainly wind up performing poorly compared to one with adequate resources. As an on-going customer having to deal with their support engineers, or better yet, lack thereof, I can attest to this. Valiant attempt at sarcasm is duly noted though. Anthony [EMAIL PROTECTED] wrote: > MH> Date: Fri, 17 May 2002 13:39:13 -0400 (EDT) > MH> From: Mitch Halmu > > MH> "Incredibly rich environments" indeed: > > > > Well, I guess that financial status says everything about their > technical ability, doesn't it? > > > > > -- > Eddy > > Brotsman & Dreger, Inc. - EverQuick Internet Division > Phone: +1 (316) 794-8922 Wichita/(Inter)national > Phone: +1 (785) 865-5885 Lawrence > > ~ > Date: Mon, 21 May 2001 11:23:58 + (GMT) > From: A Trap <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Please ignore this portion of my mail signature. > > These last few lines are a trap for address-harvesting spambots. > Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to > be blocked. > >
Re: Interconnects
I don't think a story detailing a companies fiscal standing and near future liklihood of a Chapter 11 filing would be characterized as a 'personal grievance.' Not until that company pulls the plug on its customers, facilities and network and leaves a lot of companies out to dry. In any case, I think it's only fair that people are afforded the opportunity to make an informed decision about who they do business with, whether that information is technical or financial in nature would appear to be irrelevant. That is one of the main purposes of this and other similar lists. If anything, I think it is you who is fending your 'personal' opinion of a company, rather than providing a sound argument in their defence. [EMAIL PROTECTED] wrote: > > Is it necessary for you to continually air personal grievances on this > public list? > > The question related to places where network interconnect, not who's > friends with who this week. > > Flames welcome in private!! > > Steve > > > On Fri, 17 May 2002, Mitch Halmu wrote: > > >> >>On Fri, 17 May 2002, todd glassey wrote: >> >> >>>PAIX is a division of MFN (Metropolitan Fiber Networks) as Above.NET is as >>>well. That means they share MFN's connectivity and peering agreements and as >>>such are incredibly rich environments. Especially with someone like Paul >>>Vixie running it, (PAIX that is) my take is that these are number one >>>providers. >>> >>>I must admit though that I am a staunch Above.NET supporter and have been >>>for ages having a single digit customer ID. >>> >>>Todd >>> >>"Incredibly rich environments" indeed: >> >>-- >> >>Metromedia Fiber misses interest payment >> >>By BARBARA WOLLER >>THE JOURNAL NEWS >>(Original publication: May 17, 2002) >> >>WHITE PLAINS - Metromedia Fiber Network - which has been struggling for >>months to avoid a filing for bankruptcy court protection - reported >>Wednesday night that it did not pay about $32 million in interest that >>was due that day on $650 million of 10 percent senior notes. >> >>The White Plains-based company, which has built fiber-optic broadband >>communications systems within cities, said it will be in default on the >>loan if it does not make the payment before a 30-day grace period expires. >> >>The company also announced that it is delaying the filing with the U.S. >>Securities and Exchange Commission of its quarterly report for the period >>ended March 31. Metromedia Fiber had previously announced that it had >>delayed filing with the SEC of its annual report for the year ending >>Dec. 31, 2001. >> >>"We're attempting to restructure the debt," said company spokeswoman >>Kara Carbone. "We're still working on all alternatives. But if we don't, >>we may have to seek protection under Chapter 11." >> >>Industry analyst Victor Valdivia of Hudson River Analytics said yesterday >>that he expects the company will ultimately file for Chapter 11 protection >>under the U.S. Bankruptcy Code. >> >>"We don't think there's a lot of upside at this point," Valdivia said. >> >>In March, the company defaulted on an $8.1 million interest payment due >>to Nortel Networks on a $231 million loan. In mid-April the company >>defaulted on a $30 million interest payment on a loan of $975 million >>from Verizon Communications. >> >>Metromedia Fiber was able to stave off Chapter 11 in October when it >>secured a $611 financial package in an environment where lenders have >>not been willing to provide money to telecom companies. But the company's >>troubles did not go away. >> >>The industry has seen a meltdown in the weak economy, and Metromedia Fiber >>has suffered because many of its customers cannot pay their bills. >> >> >
Re: Interconnects
If that is true then everybody is a Tier-1 carrier. [EMAIL PROTECTED] wrote: > >>Tier-1 means what? >> > > Lately, 'Tier-1' and '[near] bankruptcy' seem to be interchangable. > > > > > -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- > --Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- > > >
Re: IS-IS information
Cisco's online documentation, though obviously tailored to their product line, provides a great overview of most 'common' routing scenarios, protocols and configurations. [EMAIL PROTECTED] wrote: > What is a good reference for IS-IS and Integrated IS-IS? I'm looking for an > overview of how the protocol works as well as specific vendors' > implementations. Any suggestions? > > Greg > >
Re: genuity - any good?
My company has been utilizing multiple DS3 facilities from Genuity for several years with few complaints. Until recently we had almost 100% uptime (minus the outage following the WTC attack) and their NOC/Engineering staff are top notch and very responsive. I would feel comfortable using them as a secondary provider, and wouldn't hesitate for a moment to recommend them as a tertiary transit provider. Regards, Anthony [EMAIL PROTECTED] wrote: > > I've gotten attractive pricing from Genuity but I haven't used them in a > couple years. Is there any reason I wouldn't want to use them as a third > upstream OC3 provider? > > > Thanks. > > - mz > > -- > matthew zeier - "In mathematics you don't understand things. You just > get used to them." - John von Newmann > >
Re: Stealth p2p network in Kazaa and Morpheus?....
The utilization of your network is something that you should address in your AUP. If your clients accepting the license agreement on their network/peer-to-peer software interferes with the operation of your facility or bandwidth then perhaps it's time to sit down at the drawing board again. You aren't maintaining anybodies distributed server farm. You're maintaining the infrastructure that your clients pay you to use, and they're allowing this application to function in the manner described in plain english within the license agreement. [EMAIL PROTECTED] wrote: > > > Maybe ISPs and carriers can file a class action suit against these guys for > something. I wanted to run a network, not manage someone else's distributed > server farm. > > >>-Original Message- >>From: Craig Holland [SMTP:[EMAIL PROTECTED]] >>Sent: Tuesday, April 02, 2002 6:35 PM >>To: Nanog@Merit. Edu >>Subject: Stealth p2p network in Kazaa and Morpheus? >> >> >>This was news to me, so I'm passing it along. Sorry if it's spam. >>Checked >>the archives, and didn't see anything to this affect. >> >> >>http://story.news.yahoo.com/news?tmpl=story&u=/cn/20020402/tc_cn/stealth_p >>2p >>_network_hides_inside_kazaa >>
Re: looking to reduce hops from toronto to singtel
I'm guessing any carrier that provides PtP leased line services could facilitate that, if you wanted to spend the money =) Though transparently you'd probably still be making just as many hops in the TDM or SONET world. [EMAIL PROTECTED] wrote: > > anyone got any ideas on who might be able to reduce my hopcount from > toronto to singtel? > > currently we are seeing uunet->alternet->bbnplanet->singtel. > > i'd like to reduce the points of failure from here to there. > >
