RE: workhorse of the future...
dons flame suit How about a Mikrotik? / -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 4:18 PM To: Lincoln Dale Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: workhorse of the future... On Thu, Jan 12, 2006 at 09:56:33AM +1100, Lincoln Dale wrote: Bill, alas, i think the days of being able to deploy one type of god box swiss-army-knife router are passing. that is too true... some misty-eyed moments for the demise of chaosnet support ... depending on what it is that the router is planned to be doing defines its PPS requirements what speeds/feeds you need to run various features at. from http://www.merit.edu/mail.archives/nanog/2005-09/msg00635.html can you classify what functionality you see yourself as needing? nice list, but incomplete. while the pace of innovation has slowed, OM features have grown, and a raw desire to keep up the ROI by pandering to the idol of convergence have not kept me aware of the fact that NEW, UNEXPECTED events will place demands on my boxen for the forseeable future - and a s/w driven box has more resilience in that vector. that pretty much sets the discussion as to whether you're after something that can be s/w-forwarding or not ... i guess i was hoping for some kind soul to provide some insight as to other factors that may be sea-change events to the routing system in the next 48-60month horizon. IPv6 table size, on-board key/sig mgmt/computation are TWO... are there others? --bill cheers, lincoln. [EMAIL PROTECTED] wrote: first it was the vitalinks, then the bridge gear, then proteon, then cisco AGS, then 7600VXR, then 7301s looking to find the next-gen workhorse ... looking for 4-6yr life expectancy. pointers(private are ok) are appreciated - as well as -why- you think the suggested boxen are likely candidates. --bill
Quality of User Experience (was RE: image stream routers)
Thanks for the thoughtful response. One of the network architecture issues I'm always trying to gauge and get my arms around is what I'll call, Quality of user experience. In other words, what mix of network hardware, software, customer support, and management will create a perception that the network is performing at maximum efficiency. Although the perception of network performance is entirely subjective there are some factors that I'm sure we can all agree contribute to overall satisfaction...i.e. -WAN link latency. -Packet Loss. -Consistency in packet generation/serialization (A packet always enters interface A and leaves interface B in .5 ms) So, if all other elements (software, customer support, and management) are equal, what router hardware architecture will contribute to a positive or negative user experience? In other words, if the routing device between my workstation and server is a Juniper M7 instead of Pentium IV running unix-flavor-of-the-day, how will that affect the quality of user experience? Thank you, Christopher -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lincoln Dale Sent: Friday, September 16, 2005 11:18 PM To: Christopher J. Wolff Cc: nanog@merit.edu Subject: Re: image stream routers Christopher J. Wolff wrote: I'd be interested to know the relative pros and cons of switching packets in software (Imagestream) versus handing them off to a dedicated ASIC (Cisco, Juniper) [without having looked at Imagestream in any way, shape or form..] it would be _unlikely_ that any router vendor that wants to support OC3 could do so with the 'standard' (non-modified) linux IP stack. if they are modifying the 'standard' linux IP stack then its very unlikely that one could do so without having to publish the source-code to it. (i.e. as per GPL). 'standard' linux on standard hardware isn't capable of much more than 100K PPS. sure - some folks have a few hundred packets/sec - but these are minimalist versus the demonstrated performance of ASIC-based forwarding, typically 30M-50M PPS. one advantage of software is programmability. if there is a bug you can fix it. if there is a bug in an ASIC, it may or may not be possible to fix it - it depends on awful lot on how the ASIC is built (whether its 100% fixed functionality or supports limited programmability in various stages of the forwarding pipeline). it may be that its not fixable but that the ASIC allows software-workarounds - in essence, 'fixing' something by diverting it to a (slower) software-path. note that there is a correction to make here: not all routers _ARE_ ASIC-based for forwarding. in fact, most of the Cisco /router/ product portfolio isn't hardware-forwarding based. generally speaking it isn't necessary - UNTIL you get to the point of having interface speeds number-of-interfaces which exceed the capabilities of general-purpose processors. that is, typically somewhere between 100K PPS and 1M PPS. cheers, lincoln.
RE: image stream routers
I'd be interested to know the relative pros and cons of switching packets in software (Imagestream) versus handing them off to a dedicated ASIC (Cisco, Juniper) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Boehnlein Sent: Friday, September 16, 2005 4:57 PM To: Matt Hess Cc: nanog@merit.edu Subject: Re: image stream routers On Fri, 16 Sep 2005, Matt Hess wrote: I'd like to get some feedback as to what people's experiences are (if any) with image stream routers.. specifically the industrial ones. http://www.imagestream.com/ Had a discussion with the manager of a large ISP in Turkey. He's a transplanted Aussie.. He swears by them.. I believe he is running OC-12 links accross them at near full capacity. My personal experience has been that they have both the engineering talent and the experience (7+ years in the business) to pull it off. Their products are logically built, utilize Linux at the core and they stand behind their gurantee. If it doesn't work, they'll either fix it, or give you your money back. They are now keepers and developers of the VRRP project for Linux, and have also defined a unified driver architecture called Inetics which makes adding new hardware to Linux trivial. I'm going to be attending a presentation by one of their core developers at the Ohio Linuxfest on October 1st (http://www.ohiolinux.org). From the website, here is the specific talk they will be giving: Quality of Service using Open Source Linux Tools Doug Hass, Imagestream With increasing penetration of wireless and broadband, service providers must understand Quality of Service techniques and implement QOS on their networks. A proper QOS design helps to avoid network bottlenecks caused by converged voice/video/data services , broadband users, file sharing, and other bandwidth-intensive applications. Without QOS, service providers are especially susceptible to bottlenecks and service degradation. This presentation covers the key concepts of quality of service. The presentation includes an explanation of standard queuing methods as defined in the Differentiated Services RFC as well as applications of these methods through generic case studies. Doug Hass is the COO of ImageStream, a leading router and WAN product manufacturer. Prior to joining ImageStream, Mr. Hass was a partner in Midwest-based Internet provider Skye/net. An Army veteran, certified personal trainer, avid horseman and outdoorsman, Mr. Hass rode professional rodeo for five years, and is the founder of Roughstock.com, an award-winning country music Web site. -- Vice President of N2Net, a New Age Consulting Service, Inc. Company http://www.n2net.net Where everything clicks into place! KP-216-121-ST
RE: pppoa and a tnt
Matt, I don't remember seeing PPPoA in the 11.0 firmware. Hope this helps. Christopher -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hess Sent: Sunday, September 19, 2004 10:18 PM To: [EMAIL PROTECTED] Subject: pppoa and a tnt Does anybody know if a max tnt supports ppp over atm?
video distribution
Hello, I have a state of the state sort of question for you guru's out there. If I wanted to make a number of video streams available across an IP WAN network, I have a couple of options. Unicast or Multicast. Unicast isn't the most efficient method necessarily so my preference would be Multicast. Now since it's been years since I've thought about Multicast, are there any hot new technologies or methods available for video transmission over an IP network? Thank you very much for your time. Regards, Christopher J. Wolff VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: Proxy scanning for spam
These are both interesting options. Thank you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher L. Morrow Sent: Monday, July 05, 2004 11:02 PM To: Christopher J. Wolff Cc: [EMAIL PROTECTED] Subject: RE: Proxy scanning for spam On Mon, 5 Jul 2004, Christopher J. Wolff wrote: Christopher, I meant option #1. a quickie google shows: http://assp.sourceforge.net/ which looks promising... additionally: http://www.ironport.com/ Though, why not just use brightmail/messagelabs if it's to MX's you can control? Offer this as a 'service' to your customers for $X/seat/month? On Mon, 5 Jul 2004, Christopher J. Wolff wrote: Hello, If I have a network segment connected to a BGP peer, is there a way that I can hang a box of some kind off of that segment that will sniff out and block malicious/spam email before it hits the customers? Do you mean a host that can have all tcp/25 routed to it, transparently pick-up/scan/re-deliver emails for your customers? or did you mean something you could add to your customer relay boxes? (or your MX hosts that customers use) Or thirdly, something to protect the internet from your users?
mid-mount server rails
Hi Nanogers If I have a two post relay rack, could you advise on any generic rails that could be used to 'mid-mount' a 1-4U server on that two port rack? Thank you. Regards, Christopher J. Wolff VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
Proxy scanning for spam
Hello, If I have a network segment connected to a BGP peer, is there a way that I can hang a box of some kind off of that segment that will sniff out and block malicious/spam email before it hits the customers? Regards, Christopher J. Wolff VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: Proxy scanning for spam
Christopher, I meant option #1. -Original Message- From: Christopher L. Morrow [mailto:[EMAIL PROTECTED] Sent: Monday, July 05, 2004 10:36 PM To: Christopher J. Wolff Cc: [EMAIL PROTECTED] Subject: Re: Proxy scanning for spam On Mon, 5 Jul 2004, Christopher J. Wolff wrote: Hello, If I have a network segment connected to a BGP peer, is there a way that I can hang a box of some kind off of that segment that will sniff out and block malicious/spam email before it hits the customers? Do you mean a host that can have all tcp/25 routed to it, transparently pick-up/scan/re-deliver emails for your customers? or did you mean something you could add to your customer relay boxes? (or your MX hosts that customers use) Or thirdly, something to protect the internet from your users?
RE: Can a customer take IP's with them?
David, Isn't renumbering an obligation? I wonder if their ARIN application says anything about planning to renumber their existing space from NAC into the newly assigned space... -davidu David A. Ulevitch - Founder, EveryDNS.Net http://david.ulevitch.com -- http://everydns.net
RE: [url correction] Cable networks RE: best effort has economic problems, maybe OT
All of these are great observations. So what's the cable HFC Achilles heel? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, May 31, 2004 12:58 PM To: [EMAIL PROTECTED]; ''Christopher J. Wolff''; [EMAIL PROTECTED] Subject: Re: [url correction] Cable networks RE: best effort has economic problems, maybe OT Correcting a previous url error on my part. Narad's site is at: http://www.naradnetworks.com Sorry 'bout that, folks. Frank On Mon, 31 May 2004 11:30 , [EMAIL PROTECTED] sent: Agree, this is a great discussion, akin to a recent Cook Report accounting of best effort considerations. Several startups (now going into year two) have addressed the cable-HF/C constraints you've mentioned. You may be interested in perusing these two: http://www.narad.com Another, Rainmaker Technologies... http://www.rainmakertechnologies.com appears to have fallen on hard times while seeking later round funding. Not sure of their disposition at this time, but doing googles on their name reveal some good articles on their approach to using wavelets to improve bit gain over black coax/fiber systems to homes and businesses. Metcalfe has financial backing hooks and input into Narad, and Mark E. Laubach of COM21 fame (ATM over HF/C) heads up (headed up?) Rainmaker's technical pursuits. [[As an aside, I'm finding increased interest in corporate parks (especially those that are boondocks-bound) where MSO fiber-based offerings are being seriously considered for WAN access, both of the type discussed above and enterprise- tailored rings coming off local head-ends.]] Frank On Sun, 30 May 2004 08:47 , 'Christopher J. Wolff' [EMAIL PROTECTED] sent: Folks, This is a great discussion. I'm interested in understanding these types of limitations in the context of HFC cable networks. In my opinion, HDTV channel bandwidth (30mhz?) , increased demand for voip, and growing demand for IP connectivity is going to stress the cable network model as well, forcing cable operators to convert everything to IP before going out across the wire. Any input is appreciated. Regards, Christopher
Cable networks RE: best effort has economic problems, maybe OT
Folks, This is a great discussion. I'm interested in understanding these types of limitations in the context of HFC cable networks. In my opinion, HDTV channel bandwidth (30mhz?) , increased demand for voip, and growing demand for IP connectivity is going to stress the cable network model as well, forcing cable operators to convert everything to IP before going out across the wire. Any input is appreciated. Regards, Christopher
RE: Lsass.exe causing shutdown in IE.
Ejay, I've seen this for about 36 hours but I haven't been involved in the resolution process. Let me know what you find. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ejay Hire Sent: Saturday, May 01, 2004 1:09 PM To: [EMAIL PROTECTED] Subject: Lsass.exe causing shutdown in IE. Hi all. We're starting to take calls from users about an LSASS.EXE error causing XP to do the 60 seconds till forced reboot, and the normal blaster mitigation and turning on the ICF isn't fixing it. I've been able to reproduce it on one machine locally. Is anyone else seeing it? -Ejay
remote reboot power strips
Hello, Last time I researched remote reboot power strips it seemed like most of the power strips were garbage. Any recommendations for a solid performer would be appreciated. Thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: remote reboot power strips
That makes two votes for the Baytech. Thank you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Will Yardley Sent: Monday, April 19, 2004 8:51 AM To: 'nanog list' Subject: Re: remote reboot power strips On Mon, Apr 19, 2004 at 08:24:29AM -0700, Christopher J. Wolff wrote: Last time I researched remote reboot power strips it seemed like most of the power strips were garbage. Any recommendations for a solid performer would be appreciated. Thank you. We've been pretty happy with the Baytech ones. http://www.baytechdcd.com/ -- Since when is skepticism un-American? Dissent's not treason but they talk like it's the same... (Sleater-Kinney - Combat Rock)
worm information
Hello, Over the last few days I've seen a number of hosts attempt to initiate TCP connections to the following ports in sequence. 80 139 445 6129 3127 1025 135 2745 ...repeat. At this moment I haven't seen a correlation between this activity and the port exploitation list on CERT. Any insight would be appreciated, thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: worm information
Thank you for the input. The 'unique' feature of this infestation is that affected hosts don't transmit a lot of data...however they do open up thousands of flows in a very short time. Perhaps that's not unique but it certainly is annoying. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ravi pina Sent: Saturday, April 10, 2004 11:30 AM To: Darrell Greenwood Cc: 'nanog list' Subject: Re: worm information On Sat, Apr 10, 2004 at 11:19:19AM -0700, Darrell Greenwood said at one point in time: On 04/4/10 at 1:53 PM -0400, Jeff Workman wrote the following : http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.htm File Not Found... 'l' missing from end of 'htm'. http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.html this is correct. my organization has been infected with this and it is a particular nasty little bugger. we may have been 'patient 0' in terms of sending copies of the virus to symantec so they could write signatures for it. infected hosts flood the network with a tremendous amount of data and port opening. i at least manged to quarantine off all my vpn devices which seemed to be the entry point. -r
RE: worm information
Ravi, One of the responses to this thread mentioned a 3COM switch. One of the infected sites has a 3COM superstack 1100. I'm not a 3COM fan but these switches have been up for years, literally. All it takes to make this switch reboot is a flow from one infected host. I'm going to try to move the web interface port away from 80. Thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ravi pina Sent: Saturday, April 10, 2004 11:44 AM To: Christopher J. Wolff Cc: [EMAIL PROTECTED]; 'Darrell Greenwood'; 'nanog list' Subject: Re: worm information hmm, honestly i can't vouch for the data rate personally. a co-worker said the counters on the VPN connections were grossly disproportionate for a short time sample. bottom line, it is indeed annoying. i know my server and desktop groups have been having a hell of a time disinfecting hosts. i know part of this was that symantec, at the time, said it may be a polymorphic strain. -r
RE: Will your cisco have the FBI's IOS?
Owen, That sounds like an invitation to have the Jack Booted Thugs barbeque your home a'la Branch Davidian compound style. :) Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Owen DeLong Sent: Monday, March 15, 2004 7:51 AM To: 'nanog list' Subject: RE: Will your cisco have the FBI's IOS? This whole thing makes me think that we should be encouraging VOIP traffic to run over IPSEC so we can claim we don't know what it is. Owen
possible new DoS?
Over the past week the following error started to appear in the router logs; Mar 9 19:44:16 fe-0-1-100.blah.net 16: Mar 10 02:44:15.477: %CRYPTO-4-IKMP_NO_SA: IKE message from 206.207.248.58 has no SA and is not an initialization offer. According to Cisco, 1. %CRYPTO-4-IKMP_NO_SA: IKE message from [IP_address] has no SA and is not an initialization offer IKE maintains the current state for a communication in the form of security associations. No security association exists for the specified packet, and it is not an initial offer from the peer to establish one. This situation could indicate a denial-of-service attack. Any suggestions are appreciated. The router that generated those log files dropped part of an IGP routing table. Since I've never seen this log entry before, I'm curious whether it's a 'new' DoS. Thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: Will your cisco have the FBI's IOS?
David, I believe that CALEA versions of IOS are already available on cisco.com. It has a backdoor for any traffic originating from dhs.gov address space. ;) C. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Lesher Sent: Saturday, March 13, 2004 10:41 AM To: nanog list Subject: Will your cisco have the FBI's IOS? X-URL: http://www.washingtonpost.com/ac2/wp-dyn/A54512-2004Mar12?language=printer Easier Internet Wiretaps Sought Justice Dept., FBI Want Consumers To Pay the Cost By Dan Eggen and Jonathan Krim Washington Post Staff Writers Saturday, March 13, 2004; Page A01 The Justice Department wants to significantly expand the government's ability to monitor online traffic, proposing that providers of high-speed Internet service should be forced to grant easier access for FBI wiretaps and other electronic surveillance, according to documents and government officials. A petition filed this week with the Federal Communications Commission also suggests that consumers should be required to foot the bill. {meaning guess who does their work?} Justice Department lawyers argue in a 75-page FCC petition that Internet broadband and online telephone providers should be treated the same as traditional telephone companies, which are required by law to provide access for wiretaps and other monitoring of voice communications. The law enforcement agencies complain that many providers do not comply with existing wiretap rules and that rapidly changing technology is limiting the government's ability to track terrorists and other threats. They are asking the FCC to curtail its usual review process to rapidly implement the proposed changes. The FBI views the petition as narrowly crafted and aimed only at making sure that terrorist and criminal suspects are not able to evade monitoring because of the type of telephone communications they use, according to a federal law enforcement official who spoke on the condition of anonymity. {..} {It sounds to me like this means: Tear out backbone Move MAE-East, West and whatever into the Jill Edgar Hoover Building. Pay them rent for the Colo space... YMMV} -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
RE: layered security for the modern Internet
Eddy, My favorite idiom is; You're either part of the problem or part of the solution. What's your solution? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of E.B. Dreger Sent: Sunday, March 07, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: layered security for the modern Internet Looking at last week's NANOG posts: SAV... 30% of spam from h4x0r3d boxen... bagle... It seems the original definition and ideology of layered security are outdated. Layered security now means: * Do nothing at a given layer if the problem can be solved, or partially solved, at another layer; * If a problem cannot be completely solved at a given layer, do nothing at that layer; * Approach the problem by arguing on NANOG over who has the most representative analogy. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses : [EMAIL PROTECTED] -or- [EMAIL PROTECTED] -or- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Email security Best Practices; was RE: Email Security Poll
Based on Jon's results, it is reasonable to conclude that most corporate network operators provide some level of email security. Any given corporation can establish top-down policies mandating the use of an email security product. Said corporation only needs to manage compliance with the policy. However, in the context of the commercial email operation there is a delicate balance between email security and sales prevention. My question is, at what point does email security become too onerous for the ISP customer? Is it reasonable to completely ban attachments? Thank you for your time. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon R. Kibler Sent: Sunday, March 07, 2004 1:02 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Email Security Poll Results Hello all, We had 39 responses to the poll. The results follow the signature paragraph. A few words of explanation about the results. 1) For the Yes-No questions, most answers were either YES or NO. However, a few of the results were something like yes, but not encrypted zips. For the yes-but answers, I counted them as a half of a yes. 2) For the AV engines, the percentages add up to 100% because many users said they ran multiple AV engines. 3) For frequency of AV signature updates, several responded something like update daily or as new updates become available. For answers that said they updated on a regular frequency plus more often when necessary, the frequency was counted as appropriate, plus it was also counted in the other, plus as announced category. A few observations and comments: 1) Subscribers to the DShield and NANOG mailing lists contributed answers. This means the answers are biased (originating from the security aware group of users) and probably do not reflect the general state of email security. 2) It was refreshing to find that everyone claimed to be updating their AV signatures on a regular basis. It would be interesting to know how many average users and small businesses update on such a regular basis. 3) Personally, I found it very surprising how many organizations depended solely upon their end users to perform AV screening, that none was being performed organization-wide. I was also surprised at how many organizations permit executable content to be sent by email. I hope that everyone finds these results interesting and they are put to good use! Jon Kibler -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 Please respond YES (Y), NO (N), or Not Applicable (N/A): Does your organization perform any screening of email attachments? 72% YES Does your organization perform A-V checks on all email attachments? 85% YES Does your organization perform any checks on email attachment file type? 62% YES Does your organization allow users to receive executable content attachments?49% YES Does your organization allow users to receive zip file or similar compressed attachments?90% YES Does your organization allow users to receive MS Office and similar type files that may contain macro viruses? 95% YES Does your organization allow users to receive embedded or attached HTML email? 99% YES Does your organization allow users to receive active content attachments, such as HTML with SCRIPT tags?80% YES Please respond as appropriate: -- What AV engine do you use to screen email attachments (Symantec, NAI, FProtect, Trend, ClamAV, etc)? Symantec53% McAfee 16% ClamAV 16% Trend 16% Kaspersky8% AVG 8% Sophos 5% Other5% Fsecure 3% How often does your organization update its AV signatures? every 2 hrs or more often 16% every 4 hrs 8% every 8 hrs 8% every 12 hrs 5% daily 58% only as announced5% other, plus as announced16% == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
RE: MS is vulnerable
Hello, This MS v Unix debate is a very interesting discussion. However, I'd like to take a moment to inject my observations. Thank you for your time. 1. Microsoft's business plan (pre anti-trust) was in many ways similar to the Cuban socialist economic model. In Cuba, the means of production belong to the state. In Microsoft, the means of production belong to Microsoft. The economic power is not in the hands of the workers. Microsoft's users were slaves to Microsoft. Cuba's working class are slaves to the state. 2. In our beautiful democratic capitalist model Microsoft's business plan failed. The State injected themselves between Microsoft and the working class when it became apparent that Microsoft tried to control the means of production and enslave the user directly. Anti-trust is a nice insurance policy. Understand it well and beat it into the head of the nearest commie. 3. The Microsoft anti-trust action (In both the US and EU) and subsequent penalties help to preserve a basic and fundamental right; that is, the right to choose our own destiny. 4. Right now, at this very moment, you can place a Linux CD in your CD-ROM drive, reboot, and install Linux over the top of Windows. 5. The freedom of choice issue is substantial when we look at it in an IT consulting or IT management context. Our job is to analyze the situation, define the need, identify the resources, and propose a solution. The IT consultant/manager must objectively present the costs and benefits to the decision maker (customer, boss) and help them make the decision. If you are a Windows zealot and bias your observation based on your love/familiarity with Windows you will fail. If you are a Linux zealot and bias your observation based on your love/familiarity with Linux you will fail. Present the costs and benefits associated with each option objectively and help your organization or client grow. The whole windows/linux bashing mentality only creates more controversy rather than exposing the facts. Windows is still considered a sure thing by many/most organizations. In this economy, businesses are looking to preserve the status quo or gain an advantage, not create more risk or controversy. If you inject Linux into the situations that it is best suited to handle you will be an asset to the community. If you create more controversy you will be shunned by the community. Your mileage may vary. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 29, 2004 8:49 AM To: [EMAIL PROTECTED] Subject: Re: MS is vulnerable Microsoft software is inherently less safe than Linux/*BSD software. This is because Microsoft has favored usability over security. This is because the market has responded better to that tradeoff. This is because your mom doesn't want to have to hire a technical consultant to manage her IT infrastructure when all she wants to do is get email pictures of her grandkids. Let me see, have I got this right? Apple software is inherently less safe than Linux/*BSD software. This is because Apple has favored usability over security. This is because the market has responded better to that tradeoff. This is because your mom doesn't want to have to hire a technical consultant to manage her IT infrastructure when all she wants to do is get email pictures of her grandkids. Hmmm... The last three statements make perfect sense but that first one just doesn't seem right. Could it be that ease-of-use has nothing whatsoever to do with security? --Michael Dillon
RE: Cisco 7600
Tim, I can't speak to the 7600 series from experience (I'm using the 6509 with MSFC2); however, my opinion is that Cisco continues to market their routers as suitable for core routing whereas the routers are 'just acceptable' as an edge aggregation device. Several weeks ago there was a lively debate on Nanog regarding cisco performance, if I recall correctly, one party indicated that they upgraded from a 7206 NPE400 to a GSR and only saw a 30% improvement in CPU utilization. That's a lot of bling bling for 30%... I need only a few high capacity interfaces but a lot more acl, mpls, qos crunching horsepower than what I can get from Cisco right now. I'm curious whether vitamin J is a better option for the core at a specific price point. It would be great to have a comparison chart that showed a correlation between a Cisco Mach GT and Juniper Diablo at each key price point, $25,000, $50,000, $75,000 and so on. YMMV, Christopher J. Wolff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timothy Brown Sent: Monday, January 26, 2004 3:06 PM To: [EMAIL PROTECTED] Subject: Cisco 7600 I'm aware the Cisco 7600 series is really just an evolution/different way of orienting the chassis of the Catalyst 6500 line. I'm interested in talking to those of you who are doing production tasks in the backbone or core with the 7600, particularly if you've compared it to vendor J or can comment at length on MPLS, VRF, and uRPF features in the device. Please reply off-list. No sales droids please, this is a technical discussion. Tim
RE: GSR, 7600, Juniper M?, oh my!
Tarko, What was your CPU utilization prior to the upgrade? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tarko Tikan Sent: Wednesday, January 07, 2004 12:55 PM To: [EMAIL PROTECTED] Subject: Re: GSR, 7600, Juniper M?, oh my! hello! The G1 processors, so far, have proven to be wonderful... We only have experience with them running in the 7200 uBR chassis, but they've shown a huge reduction in CPU utilization... what is huge reduction for you? we upgraded from npe-400 to npe-g1 on ubr7200 and processor usage decreased 20-30%. And we are pushing about 100Mbps traffic from GigE to cable and about 20-30Mbps from cable to GigE. -- tarko
RADB
Hello, On the RADB site, under features and benefits, the service claims to mirror more than 30 other IRR databases. My challenge is that I need to list my information with RADB and don't want to go through the hassle of manually submitting every subnet owner and first-born when I can put a RWHOIS server up for ARIN. RADB should just poll my RWHOIS server. Thank you in advance for your advice. Regards, Christopher J. Wolff
RE: dns.exe virus?
Chris, It was really odd. Here is an example of what the two hosts .3 and .4 were up to. 10.11.0.4:1420 64.215.170.28:53 64.215.170.28:53 10.11.0.3:4554 216.74.14.155:53 216.74.14.155:53 10.11.0.3:4554 216.239.38.10:53 216.239.38.10:53 10.11.0.3:4554 166.90.208.166:53 166.90.208.166:53 10.11.0.4:1420 192.35.51.30:53192.35.51.30:53 10.11.0.4:1420 192.55.83.30:53192.55.83.30:53 10.11.0.3:4554 64.24.79.2:53 64.24.79.2:53 10.11.0.3:4554 64.24.79.3:53 64.24.79.3:53 10.11.0.3:4554 64.24.79.5:53 64.24.79.5:53 10.11.0.3:4554 192.48.79.30:53192.48.79.30:53 10.11.0.3:4554 205.166.226.38:53 205.166.226.38:53 10.11.0.3:4554 63.240.15.245:53 63.240.15.245:53 10.11.0.4:1420 192.36.148.17:53 192.36.148.17:53 10.11.0.4:1420 192.26.92.30:53192.26.92.30:53 10.11.0.4:1420 192.43.172.30:53 192.43.172.30:53 10.11.0.3:4554 192.31.80.30:53192.31.80.30:53 10.11.0.3:4554 213.161.66.159:53 213.161.66.159:53 10.11.0.4:1420 65.102.83.43:5365.102.83.43:53 10.11.0.3:4554 216.239.32.10:53 216.239.32.10:53 10.11.0.3:4554 24.221.129.4:5324.221.129.4:53 10.11.0.3:4554 24.221.129.5:5324.221.129.5:53 10.11.0.4:1420 192.5.6.30:53 192.5.6.30:53 10.11.0.3:4554 128.121.26.10:53 128.121.26.10:53 10.11.0.3:4554 64.215.170.28:53 64.215.170.28:53 10.11.0.3:4554 65.102.83.43:5365.102.83.43:53 10.11.0.4:1420 24.221.129.4:5324.221.129.4:53 10.11.0.4:1420 24.221.129.5:5324.221.129.5:53 10.11.0.3:4554 63.210.142.26:53 63.210.142.26:53 10.11.0.4:1420 192.41.162.30:53 192.41.162.30:53 10.11.0.4:1420 192.52.178.30:53 192.52.178.30:53 10.11.0.3:4554 192.5.6.30:53 192.5.6.30:53 10.11.0.3:4554 63.215.198.78:53 63.215.198.78:53 10.11.0.4:1420 64.215.170.28:53 64.215.170.28:53 10.11.0.3:4554 216.239.38.10:53 216.239.38.10:53 10.11.0.4:1420 192.55.83.30:53192.55.83.30:53 10.11.0.3:4554 64.24.79.3:53 64.24.79.3:53 10.11.0.3:4554 205.166.226.38:53 205.166.226.38:53 10.11.0.4:1420 192.43.172.30:53 192.43.172.30:53 10.11.0.3:4554 63.240.144.98:53 63.240.144.98:53 Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Lewis Sent: Monday, September 08, 2003 1:52 PM Cc: [EMAIL PROTECTED] Subject: Re: dns.exe virus? Christopher J. Wolff wrote: After tracking down what I believed was an attempted DOS attack, it turns out that two Windows 2000 servers, fully updated, were spewing out hundreds of port 53 requests. Upon further investigation dns.exe was hogging 99% of the CPU. I haven't found any reference to this at CERT so I thought I would drop the occurrence into the nanog funnel to see what comes out. The attack started around 8AM MST. Thank you for your consideration. I wonder if this is the tool used to attack Spamhaus, SPEWS and SORBS. Do you know what the requests were for?
FW: Qwest Dial Access Network Labor Day Week Schedule
Fun rant from a qwest dial up reseller Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 1:45 PM To: Cho, Mary M Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Delgado, Jose; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Zach, Ronald M; '[EMAIL PROTECTED]'; Casher, Mark; Marcum, Gina K; '[EMAIL PROTECTED]'; Vinnola, Kristen; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Jimenez, Dave; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Bloom jr, Nile S; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Robertson, Bruce M; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Wright, Shelestine L.; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Allred, Terri; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Rodrigues, Al; '[EMAIL PROTECTED]'; Morgan, Amy; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Peterson, Deborah A; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Liberato, Karen; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Johnson, Tyler; '[EMAIL PROTECTED]'; Schmidt, Thomas; Bornstein, Ronald J; Brosek, Wayne; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Ozga, Mary; '[EMAIL PROTECTED]'; Rummler, Natalie; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Doubet, Matt M; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Valentine, James M; Dowell, Eric R; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Reed, David (Wholesale); '[EMAIL PROTECTED]'; Bennett, Chris; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Fizer, Mike X; '[EMAIL PROTECTED]'; Quinzon, Cherie; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Wagner, Scott M; '[EMAIL PROTECTED]'; Wechsel, Tracy L.; '[EMAIL PROTECTED]'; Hess, Patrick; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Beard, James K; Kean, Scott A; Mortensen, Cynthia; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Moore, Jeffrey G.; '[EMAIL PROTECTED]'; Thompson, William P.; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Greig Bellum; '[EMAIL PROTECTED]'; Myruski, Melissa L; Boat, Dane W; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Major, Clay D; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; O'Hara, Tripp; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; McGuirk, Patrick; Chandler, Shirley; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Bullock, Brian; '[EMAIL PROTECTED]'; Kure, Anthony C; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Logan, Mike; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Mishreki, Rafik (Steve); '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Melara, Mel; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Hudson, Susan D; Skibicki, Gale A.; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Jencks, Nancy; Peters, Jeffery S.; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED
Email virus protection
Hello, What is the most common method for providing virus protection for your hosted email customers? Thank you in advance. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
Touchamerica
Hello, If there are any Touch America techs within reach of this email, could you please contact me off list. Thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com [EMAIL PROTECTED]
Sprintlink
Is anyone seeing any weirdness with routes dropping to/from Sprintlink customers in NYC? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
OT RE: Anybody know what LARP is?
Karyn, I'm not sure about the LARP but I can guide you toward a LARCH. -Monty python humor, sorry. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karyn Ulriksen Sent: Wednesday, May 28, 2003 5:25 PM To: [EMAIL PROTECTED] Subject: OT: Anybody know what LARP is? I know that this is off topic and that there is probably a forum somewhere more appropriate, so I'll appreciate any direction as to where would be better... But I couldn't think of a group that would more likely know what Locus Address Resolution Protocol (LARP) is. I've been Googling variations and cross references for LARP for the past hour and am starting to think it's a trick question :). All I can find is all the thousands of RFCs on the AINA numbering for it, but not what the protocol does. If anyone can throw me a bone, I'd really appreciate it. Karyn
Network monitoring/IDS rant - What's hot what's not?
Tivoli, Openview, Unicenter, ipmonitor, mrtg, nagios? There are many network monitoring options but each option has its pitfalls. I'm rapidly coming to the conclusion that any software Computer Associates publishes is designed for the criminally insane. However, there 'has' to be something that offers more visibility into a major WAN than MRTG/RRDTOOL. Perhaps I'm on a Computer Associates rant today but can anyone share any positive experiences with E-trust intrusion detection? 5 MB of traffic flow paralyzes a dual P3 with gobs of ram and it still misses signatures that Snort does not miss. Originally I was going to blame this lousy performance on application tuning; however, it was a CA engineer that set this box up. Any IDS suggestions would be greatly appreciated as well. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
Operating Agreement
Hello, I'm trying to track down a sample operating agreement, specifically when one network operator offers to manage another's telecommunications assets, in exchange for an IRU. Something close to this would be wonderful. Google lists many network operating agreements for power interconnection but not for telecom. Thank you for your assistance. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: VoIP QOS best practices
Jason, My strategy would be to use the same carrier at point A and point B and purchase some kind of high-priority MPLS switching config between the two. I believe Global Crossing offers something like this where they differentiate between the proletarian traffic and the uber-business traffic. The other thing to keep in mind is that QoS only comes into play when you saturate your links. Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jason Lixfeld Sent: Monday, February 10, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: VoIP QOS best practices Looking for some links to case studies or other documentation which describe implementing VoIP between sites which do not have point to point links. From what I understand, you can't enforce end-to-end QoS on a public network, nor over tunnels. I'm wondering if my basic understanding of this is flawed and in the case that it's not, how is this dealt with if the ISPs of said sites don't have any QoS policies? -jL
RE: VoIP QOS best practices
Jason, I believe Global Crossing supports those sites, keep in mind I don't sell their product, but UUNET should as well. Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jason Lixfeld Sent: Monday, February 10, 2003 9:58 AM To: Christopher J. Wolff Cc: [EMAIL PROTECTED] Subject: Re: VoIP QOS best practices Providing your sites are local to the same ISP, that would be fine. Worst case scenario and probably a more likely scenario in most cases is that company A has a satellite office in Boston, one in Sydney and one in Tokyo while their head office is in Toronto. Not a very wide range of providers who can reach those areas, not to mention wether or not they can deliver MPLS. On Monday, February 10, 2003, at 11:52 AM, Christopher J. Wolff wrote: Jason, My strategy would be to use the same carrier at point A and point B and purchase some kind of high-priority MPLS switching config between the two. I believe Global Crossing offers something like this where they differentiate between the proletarian traffic and the uber-business traffic. The other thing to keep in mind is that QoS only comes into play when you saturate your links. Regards, Christopher J. Wolff, VP, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jason Lixfeld Sent: Monday, February 10, 2003 9:47 AM To: [EMAIL PROTECTED] Subject: VoIP QOS best practices Looking for some links to case studies or other documentation which describe implementing VoIP between sites which do not have point to point links. From what I understand, you can't enforce end-to-end QoS on a public network, nor over tunnels. I'm wondering if my basic understanding of this is flawed and in the case that it's not, how is this dealt with if the ISPs of said sites don't have any QoS policies? -jL
RE: Level3 routing issues?
Of the customers I've had to shut off for being DOS targets, all are windows boxen. Perhaps there is a new windows exploit? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of hc Sent: Friday, January 24, 2003 11:39 PM To: Joel Perez Cc: Aaron Burnett; Alex Rubenstein; [EMAIL PROTECTED] Subject: Re: Level3 routing issues? Okay this is getting bad.. one of our routers just locked up from udp 1434's. Can't even telnet to it now. -hc Joel Perez wrote: My firewalls are going nuts with hits on UDP port 1434 also from everywhere! -Original Message- From: Aaron Burnett [mailto:[EMAIL PROTECTED]] Sent: Sat 1/25/2003 1:19 AM To: Alex Rubenstein Cc: hc; [EMAIL PROTECTED] Subject: Re: Level3 routing issues? On Sat, 25 Jan 2003, Alex Rubenstein wrote: I dunno about that. But, I am seeing, in the last couple hours, all kinds of new traffic. like, customers who never get attacked or anything, all of a sudden: http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.ht ml We are seeing this on ports all across out network -- nearly 1/2 our ports are in delta alarm right now. Anyone else? Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from all over the world to any address on my network.
DOS?
Greetings, It looks like all hell is breaking loose on some of the nations backbones. http://www.internethealthreport.com The port counters on my ATT DS3 were reading in the 250 megabit range, that is a DS3, mind you. Any source IP's I can add to the circular file would be appreciated. Any ranges I find I'll echo back to the list. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
OT holiday humor: Nasty smell
I almost fell out of my chair on this kind note from the folks at Daito Communication Apparatus Co. Ltd. I found this funny, perhaps you will too. Note 1: The power supply capacity should be more than the fusing current. If the power capacity is less than the fusing current, the fuse may not blow for a short time, and then nasty smell, smoking and so on may occur. I read this as follows: If my power source drains to the point where the power supply can not power the device at a current higher than the fusing current, the device has a built in low battery alarm that consists of blasting the user in the face with a nasty smell followed by and so on that will occur. I'm concerned about the and so on part. I can imagine several so ons including but not limited to: conversion into dark matter, a tear in the space-time-continuum... Happy holidays, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: Suggestions for ASP colo space that will be around in 3 years?
Steve, I feel confident that we'll be around for 3 years; however, our facility is not elegant, it's industrial in every sense of the word. If you feel the need to be elegant I'll gladly throw in a string of pearls with your order :) Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steve Francis Sent: Tuesday, November 19, 2002 2:40 PM To: [EMAIL PROTECTED] Subject: Suggestions for ASP colo space that will be around in 3 years? We're being booted from one of our main colo data centers by CW closing down that facility. Our main priorities for picking a new data center to locate in are: 1. not having to move again within three years 2. physical security (or at least the impression thereof. We don't have unprotected consoles or anything, but as an ASP, we need an impressive facility for dog and pony shows.) 3. multiple providers (preferably carrier neutral, but so long as we can get 1Gb from another provider, even if via something like Telseon, that's OK.) Our other main datacenter is in an Equinix site, so for risk management, we don't want to go into any other Equinix site. So anyone have any insight as to who will be around within 3 years? Thanks
RE: two questions
Scott, I've used the Cisco FE fiber port on a 7206vxr to connect to a CAT5 thru a cheapie transceiver, works great. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:owner-nanog;merit.edu] On Behalf Of Scott Granados Sent: Friday, November 08, 2002 12:33 PM To: [EMAIL PROTECTED] Subject: two questions I have seen some router cpu questions. I know this is not the place for router questions specifically could someone pass on the name of the group for cisco users I remember there was one. Also does anyone happen to know if the cisco fast E fiber port interoperates with off the shelf tranceivers properly ie fiber to cat 5? Thanks
IP over in-ground cable applications.
Greetings, Can anyone recommend a method for integrating TCP/IP with an existing analog cable television network. The cable companies do this quite well; however, it's not immediately clear to me how I would multiplex the IP traffic and the existing video and deliver it to a home. My current thoughts on this are to digitize the satellite video into mpeg2 and deliver it over TCP/IP through the in-ground cable. This way, integrating the video and data portion are easy, however the resident would need to buy a mpeg2 set-top-box to split out the video and internet. Thank you very much for your consideration. Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: IP over in-ground cable applications.
Nathan, If your MPEG2 video were multicast streams, wouldn't that be a much more effective utilization of bandwidth? Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nathan Stratton Sent: Thursday, September 12, 2002 11:29 AM To: Christopher J. Wolff Cc: [EMAIL PROTECTED] Subject: Re: IP over in-ground cable applications. On Thu, 12 Sep 2002, Christopher J. Wolff wrote: Greetings, Can anyone recommend a method for integrating TCP/IP with an existing analog cable television network. The cable companies do this quite well; however, it's not immediately clear to me how I would multiplex the IP traffic and the existing video and deliver it to a home. Ya, build a new two-way HFC network. My current thoughts on this are to digitize the satellite video into mpeg2 and deliver it over TCP/IP through the in-ground cable. This way, integrating the video and data portion are easy, however the resident would need to buy a mpeg2 set-top-box to split out the video and internet. Thank you very much for your consideration. The issue is you only have 125 CMTS channels to deal with and most network have way to many homes passed per head end to make mpeg2 over IP practical solution. Nathan Stratton nathan at robotics.net http://www.robotics.net
RE: IP over in-ground cable applications.
Hi Sal, Thanks for the response. The 'Broadband' in Broadband Laboratories actually refers to the Microwave flavor of last-mile and long-haul data transmission. As a general operating philosophy, we eschew wired last-mile network solutions (DSL, Cable) as inefficient, costly to capitalize, and costly to maintain. For example, the local cable company spent over $100m for an HFC buildout of our local market which only covered 30% of the metropolitan area. I could probably cover 25 of the top metropolitan markets with that kind of capital :) Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, September 12, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: Re: IP over in-ground cable applications. Christopher J. Wolff wrote: Can anyone recommend a method for integrating TCP/IP with an existing analog cable television network. Yes Chris, it's called DOCSIS. I would think that a CIO of a company named Broadband Labs would have a lab in which to experiment with cable. My current thoughts on this are to digitize the satellite video into mpeg2 and deliver it over TCP/IP through the in-ground cable. What about the neighborhoods with above-ground cable, how would you deliver service to them? Sal Sabella Get your free encrypted email at https://www.hushmail.com
RE: IP over in-ground cable applications.
Sal, I'm not a big fan of GE period; too many recalls. However you might want to take a look at Jennair. Here's my favorite. http://www.jennair.com/ja/products/prod_detail.jsp?model=WW30430Pcs=0B V_UseBVCookie=Yes Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 3:33 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: IP over in-ground cable applications. Thanks for the response. The 'Broadband' in Broadband Laboratories actually refers to the Microwave That makes sense. I have a question you might be able to answer. I've got some Cerent and Sycamore boxes, and I'm trying to locate a GE Advantium line card. We're fixing to sell Advantium wavelenghts on the same glass as gig-e and OC-x's, catering primarily to the hospitality and food services industry, by Q1 2003. You could even say I bet on it with my boss. Know where I can buy one? Also, what type of performance have you seen with Advantium vs. conventional microwave-based transport technologies? Sal Sabella Get your free encrypted email at https://www.hushmail.com
RE: IP over in-ground cable applications.
Sal, I've been called a lot of things, but moron isn't one of them. It's been fun playing. Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 3:46 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: IP over in-ground cable applications. I'm not a big fan of GE period; too many recalls. However you might want to take a look at Jennair I had a bet with my boss that GE would bring good things to life. Please don't tell me I lost. Sal Sabella Get your free encrypted email at https://www.hushmail.com
Bonding ATM circuits for DSL
Greetings. Has anyone experienced adding additional ATM DS3's and bonding those together to form a single fat pipe. For example if you had a Qwest megacentral DSL DS3 loop and wanted to add another one to make 90 megs instead of 45 megs is that done on the ISP side or the Telco side or both? Thank you all so much for your wisdom. Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: Bonding ATM circuits for DSL
I may have answered my own question. Create an IMA group interface. Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Christopher J. Wolff Sent: Thursday, August 01, 2002 1:46 PM To: [EMAIL PROTECTED] Subject: Bonding ATM circuits for DSL Greetings. Has anyone experienced adding additional ATM DS3's and bonding those together to form a single fat pipe. For example if you had a Qwest megacentral DSL DS3 loop and wanted to add another one to make 90 megs instead of 45 megs is that done on the ISP side or the Telco side or both? Thank you all so much for your wisdom. Regards, Christopher J. Wolff, CIO Broadband Laboratories, Inc. http://www.bblabs.com
Colocation Enclosures
Greetings, I'm trying to find alternative sources for a 2 or 3 section locked colocation cabinet cosmetically similar to the following: http://www.budind.com/images/big/DC-8125bg.jpg It appears that Encoreusa is no longer in business so I would appreciate any pointers as to where I may locate such an enclosure. Thank you! Chris
Maybe OT-Qwest DSL
Greetings. Whether or not this is the appropriate forum, I'm going to vent. So thank you for your patience. I just had a Qwest DSL tech tell me to go f--- myself. Unfortunately his buddies won't let me know who his management is. If anyone can refer me to contact information for the Qwest megacentral management team, I would greatly appreciate it. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com
How important is IM? was RE: How important is the PSTN
Jane, This brings up a good point about IM. IMHO, IM is a security risk and I am establishing a company standard where users behind the firewall are prohibited from using IM, IRC, and peer-to-peer file sharing programs. My opinion is that these types of programs contribute more to lack of productivity than to real problem solving. So my question for the group is, do chat programs (IM, IRC, yahoo) serve a substantial network support purpose or are they more of a distraction, allowing staff to communicate with friends, relatives, drifters, interlopers on company time? Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pawlukiewicz Jane Sent: Tuesday, June 25, 2002 12:06 PM To: [EMAIL PROTECTED] Subject: How important is the PSTN Hi all, Thanks so much for all the great answers. (Could everyone please stop telling me that im = instant messaging). I knew I should've never gotten out of bed this morning. Anyway, 75% of the respondents said the phone is critical. 25% said some form of IM is critical. Just in case anyone was curious. Is it me or is it very quiet in here today? Jane
Qwest Megacentral DSL weirdness
Greetings, Approximately two weeks ago, dsl customers over our Qwest Megacentral service began to randomly drop offline. According to Qwest, each of the customers had good birectional cell flow. However, each of the affected customers were unable to pass any IP traffic. I was able to restore traffic to the affected customers by bouncing their ATM subinterface. No hardware or software changes were made at our NOC. I find this to be a curious situation since many of our dsl customers have been connected continuously for 9-12 months. A few Qwest technicians covertly mentioned that something was going on at the CO but used codewords for fear of losing their jobs, while other Qwest technicians claim it was not their problem. Some of the techs outright hung up on the customer. So to make a long story short, I'm curious to know if anyone has the 'inside scoop' or has similar issues that just cropped up. Thanks in advance for your advice. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com
Portable Fire Suppression
Greetings; I would like to protect an unattended server enclosure in a remote location with some variety of fire suppression device. I imagine that some enterprising soul has invented a fire extinguisher with a nozzle that opens at a preset temperature (i.e. exploding head). Thank you in advance for any advice you can provide. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com
Portable Fire Suppression
From the first few responses I believe some clarification is in order...This specific 'unattended server enclosure' is sitting outside in the middle of the desert. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com Greetings; I would like to protect an unattended server enclosure in a remote location with some variety of fire suppression device. I imagine that some enterprising soul has invented a fire extinguisher with a nozzle that opens at a preset temperature (i.e. exploding head). Thank you in advance for any advice you can provide. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com
Certification or College degrees? Was: RE: list problems?
I would add to that statement: Requiring a technology certification is equally as obsurd. I've been told I could pass the Emperor-Level CCIE test; however, I do not believe it will add more value for my customers. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com Andrew Dorsett said: *jumping on my soap box* I have to say that the idea of requiring a degree for the IT industry is obsurd.
RE: Certification or College degrees? Was: RE: list problems?
Alan, Thank you for the objective response. It seems that there is room for multiple perspectives on this topic. I take my new volvo to the local equivalent of Joe's Garage for regular (3000 mile) service. Joe is not volvo certified, but they do let me watch over their shoulder to make sure everything is perfect. The service is a fraction of the cost. If there was a mistake in service, they only ask for their cost for the parts to rectify the mistake (This is the 6th car that I've taken to Joe's Garage.) However I do take the car to Volvo for the 3 mile service interval (which, in fact, contains no service, only diagnostics). If Volvo finds a problem, I'll take it back to Joe's Garage for the actual repair. I see your perspective on the HR department. HR probably deals with dozens of applicants and the certification is an easy pass/fail evaluation method. However, IMHO, there are probably many expertly qualified candidates that have no paper but are more qualified than the paper CCNA. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rowland, Alan D Sent: Wednesday, May 22, 2002 12:00 PM To: [EMAIL PROTECTED] Subject: RE: Certification or College degrees? Was: RE: list problems? While the effectiveness of degree requirements may be argued, they are efficient. When your HR department gets hundreds or thousands of applications, they need some way to find the wheat. The net sector is young and was mostly immune to traditional business practices. Not all traditional business practices are bad (see dot.bomb). Lack of business acumen means the days of six figure income and significant stock options because there were 10 job openings for every geek who could RTFM are over. Even though the job market is coming back there's still 20 'techies' in Birkenstocks and Star Wars t-shirts for every (decent) job hiring. Everything else being equal (which is often the case) a cert or degree is a great tie-breaker. Welcome to the traditional job market fellow geeks. Remember all the jokes about Sanitation Engineers? ;) Put another way, when you take that expensive car of yours in for service (you do have one if you're successful in this industry, right? ;) ), do you go to Joe's Garage (apologies to all named Joe) or a dealer/service center with certified mechanics? Just my 2ยข. The delete key is your friend. Best regards, _ Alan Rowland (BS in Business and Management, UofM, 1990 no warranty expressed or implied, use at your own risk, may be terminated at any time without notice -Original Message- From: Christopher J. Wolff [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 11:16 AM To: [EMAIL PROTECTED] Subject: Certification or College degrees? Was: RE: list problems? I would add to that statement: Requiring a technology certification is equally as obsurd. I've been told I could pass the Emperor-Level CCIE test; however, I do not believe it will add more value for my customers. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com Andrew Dorsett said: *jumping on my soap box* I have to say that the idea of requiring a degree for the IT industry is obsurd.
RE: Certification or College degrees? Was: RE: list problems?
It's easy, just replace your ICU with a RSP8 :) Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Workman Sent: Wednesday, May 22, 2002 1:38 PM To: Christopher J. Wolff; [EMAIL PROTECTED] Subject: RE: Certification or College degrees? Was: RE: list problems? Stoned koalas drooled eucalyptus spit in awe as Christopher J. Wolff exclaimed: I take my new volvo to the local equivalent of Joe's Garage for regular (3000 mile) service. Joe is not volvo certified, but they do let me watch over their shoulder to make sure everything is perfect. The service is a fraction of the cost. If there was a mistake in service, they only ask for their cost for the parts to rectify the mistake (This is the 6th car that I've taken to Joe's Garage.) However I do take the car to Volvo for the 3 mile service interval (which, in fact, contains no service, only diagnostics). If Volvo finds a problem, I'll take it back to Joe's Garage for the actual repair. How do I configure my Volvo for BGP? *ducks* -Jeff -- Jeff Workman | [EMAIL PROTECTED] | http://www.pimpworks.org
RE: list problems?
Shawn, The claims that you make here are exactly why I went 100K in the hole at a private university chosen partially because they did not have a strong athletic program. And no, I did not have a rich daddy to pay for it. In my opinion, one of the best things you can do for your children is to provide a private education for them. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Shawn Solomon Sent: Wednesday, May 22, 2002 9:07 PM To: Paul Vixie Cc: [EMAIL PROTECTED] Subject: Re: list problems? no way... The option where you come out into life 35k in the hole, no experience, and four years behind your collegues is obviously better. And its hard to put a value on.. that bitterness you learned from spending the best years of your life with a bunch of rich, drunken dumbasses. The tolerence you gained from all those times your learning was decelerated, just to allow for johnny football star to meet status quo. The anger from seeing Johnny pull his head of his jock just long enough to see daddy hand him a 150k VP position. As mastercard sais.. priceless. And no, I'm not bitter.. -- Shawn Solomon Senior State Networks Engineer Indiana Telecommunications Network IHETS INDnet 317.263.8875 www.ind.netfx: 317.263.8831 On 22 May 2002, Paul Vixie wrote: [EMAIL PROTECTED] (Leo Bicknell) writes: If you ever want to become a team leader, or a manger, or run a theoretical group you are going to need the math and English backgrounds that college provides. ... So what you're saying is, if I hadn't dropped out of high school during my 17th trip around Sol, I wouldn't've gotten stuck in this dead end job? Probably I wouldn't have that honorary MSCS degree either. Wouldn't've wrote all that code, nor those RFC's, nor started those various companies. Wouldn't've found my various mentors nor been a mentor to any of the folks who count me as having been one? Is that how a college degree would have improved my career by age 39? Sounds like a bad deal to me. -- Paul Vixie [EMAIL PROTECTED] President, PAIX.Net Inc.
The business side of the coin. WAS RE: The market must be coming back
I recall that, early in my career I had the opportunity to build a new LAN backbone for a 6 story office building. It was going to be Category 5! Woohoo. With a 12/24 fiber backbone. ATM in a LAN environment was new at the time but I was going to make sure I had an OC3 backhauling each of the floors to a central switch. I thought this design was beautiful and marvelous. There was a neat new company that made LAN-style ATM gear with performance specs that would just blow your mind. So when I took the design to the board they loved the fastethernet fiber blah blah and gave approval. But when it came down to selecting vendors for the hardware I ran right into a brick wall with questions like: How long has this company been in business? Are they using open standards? Do they have knowldgeable tech support? ..and so on. So, regardless of whether the hardware is the fastest thing on the block, pushing 10 nanobits at a megaflop, you can look like a fool if you don't consider the business repercussions of the vendor you choose. In the end, I didn't get my design approved until I chose Cisco. Was I pissed, sure! Did I ship off white papers and other propaganda to support my case? Yes! But the company went bankrupt about 2 weeks after I submitted the bid. Just my .02, Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gary Sent: Tuesday, May 21, 2002 12:37 AM To: Richard A Steenbergen Cc: [EMAIL PROTECTED] Subject: RE: The market must be coming back Richard: Personally I would say that Foundry does EVERYTHING less than perfect. Nearly everyone I'm aware of (including myself) who has had to misfortune to try and use their devices in a service provider environment and a layer 3 role has come away with a universal loathing of biblical proportions. Not worth a response. Can't please everybody and you CAN'T design everyone's network for them. Sort of like EIGRP. Even the worst network engineer can look great with it. Perhaps you should read JANOG. Maybe they can help you. Search for $B%U%"%&%s%I%j!#(B (note, if you cannot read this, it is Japanese for Foundry in unicode). I really can't stress this enough, it DOES NOT MATTER how many gigabits your box forwards. A router is ONLY as useful as the quality of its software and support, if you can't login to it or have working routing protocols, it's just a big paperweight. The only "wannabe cisco" company I have seen learn this lesson is Juniper, and I am firmly convinced this is the reason for their success in the core. Juniper is an OUSTANDING company. Much better than many networking companies in many respects. I've also heard nothing but good things about Unisphere here in Japan, so perhaps this will be a good marriage with benefits to service providers. I'll enjoy competing. We will compete. Whenever I read a press release about Foundry in the core, I stop and take a moment to laugh uncontrollably. It has nothing to do with ISIS or MPLS, it has to do with making your existing functionality work correctly and behave in a sensible fashion. Nothing personal against Foundry, but the people in charge couldn't possibly "not get it" any more than they do now. Remember what you said in this paragraph. I will refer to it later. Yoroshiku, Gary
RE: The business side of the coin. WAS RE: The market must be coming back
Good point! The other one is Choose your battles wisely. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Sent: Tuesday, May 21, 2002 9:52 PM To: Christopher J. Wolff Cc: [EMAIL PROTECTED] Subject: Re: The business side of the coin. WAS RE: The market must be coming back On Tue, 21 May 2002, Christopher J. Wolff wrote: So, regardless of whether the hardware is the fastest thing on the block, pushing 10 nanobits at a megaflop, you can look like a fool if you don't consider the business repercussions of the vendor you choose. In the end, I didn't get my design approved until I chose Cisco. Was I pissed, sure! Did I ship off white papers and other propaganda to support my case? Yes! But the company went bankrupt about 2 weeks after I submitted the bid. No one gets fired for buying IBM. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ /\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ \/\/\/
The market must be coming back
Everyone's so busy there hasn't been a peep on here in weeks. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories http://www.bblabs.com
RE: The market must be coming back
Jason, Are you espousing Juniper or Foundry for 10ge? -Original Message- From: Jason LeBlanc [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 9:35 PM To: Gary; Christopher J. Wolff Cc: [EMAIL PROTECTED] Subject: RE: The market must be coming back Juniper. Sorry I'm a fan, they've done a lot right. Cisco is ~$35k per port of 10ge, and unless you get a 6513 you can't get many interfaces. This makes 10ge in a real network (where everything needs to be redundant, multiple interfaces, etc) a bit impossible on the Catalyst platform. If your needs are but a few interfaces, maybe it works. Cisco is woefully behind here. The SUP2/SFM method of doing things is a patch at best to boot. Foundry is cheaper and a bit ahead in many aspects, granted there are SW issues still looming, but the 'life of a packet' as a packet is handled by a Foundry switch makes a lot more sense. Foundry ASIC's are rockin, as are Juniper's, Cisco seems to be lost here. I think the ASIC designers ran off to Foundry and Juniper. ;) If only Juniper made 'switches', such that density were higher, cost per port were lower and they were more applicable to switching (L2/STP, etc) and LAN specific needs. Additionally, anyone have thoughts on the Unisphere purchase by Juniper? I think it should scare the bejesus out of Cisco. Always interested in the opinions of the brightest, let the flames begin. ;) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gary Sent: Monday, May 20, 2002 9:15 PM To: Christopher J. Wolff Cc: [EMAIL PROTECTED] Subject: RE: The market must be coming back Chris: I've been thinking about leasing some dark fiber and running one of the new 10gigE blades for the Cat 6500 chassis. Be careful here. Last I tested (at one of our channels that also resells Cisco) is that the 10GbE on the Catalyst 6500 hasn't broken 4G throughput yet. Sort of like buying a GbE interface for a 7200 (It only get's 10% throughput... Why waste the money, just buy FE!). The GSR is up to about 8G throughput nowadays from what I've seen. Foundry Networks (my company) can get a perfect clean 8G throughput on all of our chassis with management modules M2 or above (we don't support 10GbE on the legacy M1). Our NG chassis will be available later in the year for those folks that want 4 X 10 GbE on each module (8 slot chassis). I expect this will be a perfect 40G throughput since I've never seen us do anything less than perfect (been working here since August). Additionally, you would be the first customer I've heard about doing standards based 10GbE on a Catalyst. (feel free to chime in if you're doing this... Can I bring my SmartBits 600 to your site to test throughput?). Good luck! Foundry has a few references: Deployed: http://www.foundrynet.com/about/newsevents/releases/pr4_3_02.html http://www.foundrynet.com/about/newsevents/releases/pr4_2_02.html http://www.foundrynet.com/about/newsevents/releases/pr2_11_02.html Many others that we don't press release. We've got these blades running in production networks here in Japan that I'm not allowed to talk about. Also many other places. Deploying: http://www.foundrynet.com/about/newsevents/releases/pr5_8_02.html Performance: http://www.spirentcom.com/news/press.cfm?id=87 Throw in the Cisco Flamethrower GBIC and I should be good for 50 miles. Has anyone tried this? Foundry Network's Long Haul (LHB: 150 km, LHA: 70 km) Ethernet optics exceed Cisco's on GbE (ZX: 100 km). I'm sure we exceed them on the ER LAN PHY for 10GbE. We've only tested to 85 kilometers (ER). 802.3ae standard is 40 km: http://biz.yahoo.com/prnews/020508/nyw068_1.html Cisco's website says they can do the 802.3ae standard 40 km on the 1550 nm blade. I'm not sure if the optics are changeable either: http://www.cisco.com/warp/public/cc/pd/ifaa/6500ggml/ I doubt if there is a GBIC for 10GbE available. We use the same blade with changeable optics; however, I would not call the SR (300 meters), LR (10 km), and ER LAN PHY optics GBIC's... Moral of this story is that BEFORE you buy these blades from Cisco (or anybody), test them! If you don't have 10GbE SmartBits or IXIA, you can use 1GbE interfaces and wrap them around until you get 8G (no need to produced anything higher 'cause the Cat 6500 has an 8G throughput limitation). Don't test latency with this method :-). I don't believe the marketing from any company, not even my own. I test, then tell. I've personally never seen a packet drop at a steady 8G rate for up to 72 hours; however, one of our customers evaluating the 10GbE blades reported 2 64 byte packet's were dropped in a 12 hour line rate test. I suspect they had bad fiber. Gary Blankenship Systems Engineer Foundry Networks