RE: workhorse of the future...

[Christopher J. Wolff]

dons flame suit

How about a Mikrotik?

/

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, January 11, 2006 4:18 PM
To: Lincoln Dale
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: workhorse of the future...


On Thu, Jan 12, 2006 at 09:56:33AM +1100, Lincoln Dale wrote:
 Bill,
 
 alas, i think the days of being able to deploy one type of god box 
 swiss-army-knife router are passing.

that is too true...  some misty-eyed moments for the demise
of chaosnet support ... 
 
 depending on what it is that the router is planned to be doing defines 
 its PPS requirements  what speeds/feeds you need to run various 
 features at.
 
 from http://www.merit.edu/mail.archives/nanog/2005-09/msg00635.html can 
 you classify what functionality you see yourself as needing?

nice list, but incomplete.  while the pace of innovation
has slowed, OM features have grown, and a raw desire to
keep up the ROI by pandering to the idol of convergence have
not kept me aware of the fact that NEW, UNEXPECTED events
will place demands on my boxen for the forseeable future - and
a s/w driven box has more resilience in that vector.

 that pretty much sets the discussion as to whether you're after 
 something that can be s/w-forwarding or not ...

i guess i was hoping for some kind soul to provide some insight
as to other factors that may be sea-change events to the routing
system in the next 48-60month horizon.  IPv6 table size, on-board
key/sig mgmt/computation are TWO...  are there others?

--bill

 
 
 cheers,
 
 lincoln.
 
 
 [EMAIL PROTECTED] wrote:
 
 first it was the vitalinks, then the bridge gear, then proteon, then
cisco 
 AGS,
 then 7600VXR, then 7301s
 
 looking to find the next-gen workhorse ... looking for 4-6yr life 
 expectancy.
 pointers(private are ok) are appreciated - as well as -why- you think the
 suggested boxen are likely candidates.
 
 --bill
 
 

Quality of User Experience (was RE: image stream routers)

[Christopher J. Wolff]

Thanks for the thoughtful response.

One of the network architecture issues I'm always trying to gauge and get my
arms around is what I'll call, Quality of user experience.  In other
words, what mix of network hardware, software, customer support, and
management will create a perception that the network is performing at
maximum efficiency.

Although the perception of network performance is entirely subjective there
are some factors that I'm sure we can all agree contribute to overall
satisfaction...i.e.

-WAN link latency.
-Packet Loss.
-Consistency in packet generation/serialization (A packet always enters
interface A and leaves interface B in .5 ms)

So, if all other elements (software, customer support, and management) are
equal, what router hardware architecture will contribute to a positive or
negative user experience?  In other words, if the routing device between my
workstation and server is a Juniper M7 instead of Pentium IV running
unix-flavor-of-the-day, how will that affect the quality of user experience?

Thank you,
Christopher

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Lincoln Dale
Sent: Friday, September 16, 2005 11:18 PM
To: Christopher J. Wolff
Cc: nanog@merit.edu
Subject: Re: image stream routers


Christopher J. Wolff wrote:
 I'd be interested to know the relative pros and cons of switching packets
in
 software (Imagestream) versus handing them off to a dedicated ASIC (Cisco,
 Juniper)

[without having looked at Imagestream in any way, shape or form..]

it would be _unlikely_ that any router vendor that wants to support OC3 
could do so with the 'standard' (non-modified) linux IP stack.  if they 
are modifying the 'standard' linux IP stack then its very unlikely that 
one could do so without having to publish the source-code to it.  (i.e. 
as per GPL).

'standard' linux on standard hardware isn't capable of much more than 
100K PPS.  sure - some folks have a few hundred packets/sec - but these 
are minimalist versus the demonstrated performance of ASIC-based 
forwarding, typically 30M-50M PPS.

one advantage of software is programmability.  if there is a bug you can 
fix it.
if there is a bug in an ASIC, it may or may not be possible to fix it - 
it depends on awful lot on how the ASIC is built (whether its 100% fixed 
functionality or supports limited programmability in various stages of 
the forwarding pipeline).
it may be that its not fixable but that the ASIC allows 
software-workarounds - in essence, 'fixing' something by diverting it to 
a (slower) software-path.

note that there is a correction to make here: not all routers _ARE_ 
ASIC-based for forwarding.  in fact, most of the Cisco /router/ product 
portfolio isn't hardware-forwarding based.  generally speaking it isn't 
necessary - UNTIL you get to the point of having interface speeds  
number-of-interfaces which exceed the capabilities of general-purpose 
processors.  that is, typically somewhere between 100K PPS and 1M PPS.


cheers,

lincoln.

RE: image stream routers

[Christopher J. Wolff]

I'd be interested to know the relative pros and cons of switching packets in
software (Imagestream) versus handing them off to a dedicated ASIC (Cisco,
Juniper)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg
Boehnlein
Sent: Friday, September 16, 2005 4:57 PM
To: Matt Hess
Cc: nanog@merit.edu
Subject: Re: image stream routers


On Fri, 16 Sep 2005, Matt Hess wrote:

 I'd like to get some feedback as to what people's experiences are (if 
 any) with image stream routers.. specifically the industrial ones.
 
 http://www.imagestream.com/

Had a discussion with the manager of a large ISP in Turkey. He's a 
transplanted Aussie.. He swears by them.. I believe he is running OC-12
links accross them at near full capacity.

My personal experience has been that they have both the engineering talent 
and the experience (7+ years in the business) to pull it off. Their 
products are logically built, utilize Linux at the core and they stand 
behind their gurantee. If it doesn't work, they'll either fix it, or give 
you your money back.

They are now keepers and developers of the VRRP project for Linux, and 
have also defined a unified driver architecture called Inetics which 
makes adding new hardware to Linux trivial.

I'm going to be attending a presentation by one of their core developers 
at the Ohio Linuxfest on October 1st (http://www.ohiolinux.org). From the 
website, here is the specific talk they will be giving:

Quality of Service using Open Source Linux Tools
Doug Hass, Imagestream

With increasing penetration of wireless and broadband, service providers 
must understand Quality of Service techniques and implement QOS on their 
networks. A proper QOS design helps to avoid network bottlenecks caused by 
converged voice/video/data services , broadband users, file sharing, and 
other bandwidth-intensive applications. Without QOS, service providers are 
especially susceptible to bottlenecks and service degradation.

This presentation covers the key concepts of quality of service. The 
presentation includes an explanation of standard queuing methods as 
defined in the Differentiated Services RFC as well as applications of 
these methods through generic case studies. 

Doug Hass is the COO of ImageStream, a leading router and WAN product 
manufacturer. Prior to joining ImageStream, Mr. Hass was a partner in 
Midwest-based Internet provider Skye/net. An Army veteran, certified 
personal trainer, avid horseman and outdoorsman, Mr. Hass rode 
professional rodeo for five years, and is the founder of Roughstock.com, 
an award-winning country music Web site.

-- 
Vice President of N2Net, a New Age Consulting Service, Inc. Company
 http://www.n2net.net Where everything clicks into place!
 KP-216-121-ST

RE: pppoa and a tnt

[Christopher J. Wolff]

Matt,

I don't remember seeing PPPoA in the 11.0 firmware.  Hope this helps.

Christopher
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Hess
Sent: Sunday, September 19, 2004 10:18 PM
To: [EMAIL PROTECTED]
Subject: pppoa and a tnt


Does anybody know if a max tnt supports ppp over atm?

video distribution

[Christopher J. Wolff]

Hello,

I have a state of the state sort of question for you guru's out there.  If
I wanted to make a number of video streams available across an IP WAN
network, I have a couple of options.  Unicast or Multicast.  Unicast isn't
the most efficient method necessarily so my preference would be Multicast.
Now since it's been years since I've thought about Multicast, are there any
hot new technologies or methods available for video transmission over an IP
network?  Thank you very much for your time.

Regards,
Christopher J. Wolff VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

RE: Proxy scanning for spam

[Christopher J. Wolff]

These are both interesting options.  Thank you.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Christopher L. Morrow
Sent: Monday, July 05, 2004 11:02 PM
To: Christopher J. Wolff
Cc: [EMAIL PROTECTED]
Subject: RE: Proxy scanning for spam



On Mon, 5 Jul 2004, Christopher J. Wolff wrote:

 Christopher,

 I meant option #1.

a quickie google shows:
http://assp.sourceforge.net/

which looks promising... additionally:
http://www.ironport.com/

Though, why not just use brightmail/messagelabs if it's to MX's you can
control? Offer this as a 'service' to your customers for $X/seat/month?

 On Mon, 5 Jul 2004, Christopher J. Wolff wrote:

 
  Hello,
 
  If I have a network segment connected to a BGP peer, is there a way that
I
  can hang a box of some kind off of that segment that will sniff out and
  block malicious/spam email before it hits the customers?

 Do you mean a host that can have all tcp/25 routed to it, transparently
 pick-up/scan/re-deliver emails for your customers? or did you mean
 something you could add to your customer relay boxes? (or your MX hosts
 that customers use) Or thirdly, something to protect the internet from
 your users?

mid-mount server rails

[Christopher J. Wolff]

Hi Nanogers

If I have a two post relay rack, could you advise on any generic rails that
could be used to 'mid-mount' a 1-4U server on that two port rack?  Thank
you.

Regards,
Christopher J. Wolff VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

Proxy scanning for spam

[Christopher J. Wolff]

Hello,

If I have a network segment connected to a BGP peer, is there a way that I
can hang a box of some kind off of that segment that will sniff out and
block malicious/spam email before it hits the customers?

Regards,
Christopher J. Wolff VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

RE: Proxy scanning for spam

[Christopher J. Wolff]

Christopher,

I meant option #1.

-Original Message-
From: Christopher L. Morrow [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 05, 2004 10:36 PM
To: Christopher J. Wolff
Cc: [EMAIL PROTECTED]
Subject: Re: Proxy scanning for spam



On Mon, 5 Jul 2004, Christopher J. Wolff wrote:


 Hello,

 If I have a network segment connected to a BGP peer, is there a way that I
 can hang a box of some kind off of that segment that will sniff out and
 block malicious/spam email before it hits the customers?

Do you mean a host that can have all tcp/25 routed to it, transparently
pick-up/scan/re-deliver emails for your customers? or did you mean
something you could add to your customer relay boxes? (or your MX hosts
that customers use) Or thirdly, something to protect the internet from
your users?

RE: Can a customer take IP's with them?

[Christopher J. Wolff]

David,

Isn't renumbering an obligation?

I wonder if their ARIN application says anything about planning to 
renumber their existing space from NAC into the newly assigned space...

-davidu


   David A. Ulevitch - Founder, EveryDNS.Net
   http://david.ulevitch.com -- http://everydns.net

RE: [url correction] Cable networks RE: best effort has economic problems, maybe OT

[Christopher J. Wolff]

All of these are great observations.  So what's the cable HFC Achilles heel?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 31, 2004 12:58 PM
To: [EMAIL PROTECTED]; ''Christopher J. Wolff''; [EMAIL PROTECTED]
Subject: Re: [url correction] Cable networks RE: best effort has economic
problems, maybe OT

Correcting a previous url error on my part. 

Narad's site is at:

 http://www.naradnetworks.com


Sorry 'bout that, folks.

Frank

On Mon, 31 May 2004 11:30 , [EMAIL PROTECTED] sent:


Agree, this is a great discussion, akin to a recent Cook Report accounting
of 
best 
effort considerations. Several startups (now going into year two) have
addressed 
the cable-HF/C constraints you've mentioned. You may be interested in
perusing 
these two:

http://www.narad.com

Another, Rainmaker Technologies...

http://www.rainmakertechnologies.com

 appears to have fallen on hard times while seeking later round
funding. Not 
sure of their disposition at this time, but doing googles on their name
reveal 
some good articles on their approach to using wavelets to improve bit gain
over 
black coax/fiber systems to homes and businesses.

Metcalfe has financial backing hooks and input into Narad, and Mark E.
Laubach of 
COM21 fame (ATM over HF/C) heads up (headed up?) Rainmaker's technical
pursuits.

[[As an aside, I'm finding increased interest in corporate parks
(especially 
those 
that are boondocks-bound) where MSO fiber-based offerings are being
seriously 
considered for WAN access, both of the type discussed above and enterprise-
tailored rings coming off local head-ends.]]

Frank


On Sun, 30 May 2004 08:47 , 'Christopher J. Wolff' [EMAIL PROTECTED] sent:


Folks,

This is a great discussion.  I'm interested in understanding these types
of
limitations in the context of HFC cable networks.  In my opinion, HDTV
channel bandwidth (30mhz?) , increased demand for voip, and growing demand
for IP connectivity is going to stress the cable network model as well,
forcing cable operators to convert everything to IP before going out
across
the wire.  Any input is appreciated.

Regards,
Christopher

Cable networks RE: best effort has economic problems, maybe OT

[Christopher J. Wolff]

Folks,

This is a great discussion.  I'm interested in understanding these types of
limitations in the context of HFC cable networks.  In my opinion, HDTV
channel bandwidth (30mhz?) , increased demand for voip, and growing demand
for IP connectivity is going to stress the cable network model as well,
forcing cable operators to convert everything to IP before going out across
the wire.  Any input is appreciated.

Regards,
Christopher

RE: Lsass.exe causing shutdown in IE.

[Christopher J. Wolff]

Ejay,  I've seen this for about 36 hours but I haven't been involved in the
resolution process.  Let me know what you find.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 Ejay Hire
 Sent: Saturday, May 01, 2004 1:09 PM
 To: [EMAIL PROTECTED]
 Subject: Lsass.exe causing shutdown in IE.
 
 
 Hi all.
 
 We're starting to take calls from users about an LSASS.EXE error causing
 XP to do the 60 seconds till forced reboot, and the normal blaster
 mitigation and turning on the ICF isn't fixing it.  I've been able to
 reproduce it on one machine locally.  Is anyone else seeing it?
 
 -Ejay

remote reboot power strips

[Christopher J. Wolff]

Hello,

Last time I researched remote reboot power strips it seemed like most of the
power strips were garbage.  Any recommendations for a solid performer would
be appreciated.  Thank you.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

RE: remote reboot power strips

[Christopher J. Wolff]

That makes two votes for the Baytech.  Thank you.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 Will Yardley
 Sent: Monday, April 19, 2004 8:51 AM
 To: 'nanog list'
 Subject: Re: remote reboot power strips
 
 
 On Mon, Apr 19, 2004 at 08:24:29AM -0700, Christopher J. Wolff wrote:
 
  Last time I researched remote reboot power strips it seemed like most of
 the
  power strips were garbage.  Any recommendations for a solid performer
 would
  be appreciated.  Thank you.
 
 We've been pretty happy with the Baytech ones.
 http://www.baytechdcd.com/
 
 --
 Since when is skepticism un-American?
 Dissent's not treason but they talk like it's the same...
 (Sleater-Kinney - Combat Rock)

worm information

[Christopher J. Wolff]

Hello,

Over the last few days I've seen a number of hosts attempt to initiate TCP
connections to the following ports in sequence.

80
139
445
6129
3127
1025
135
2745
...repeat.

At this moment I haven't seen a correlation between this activity and the
port exploitation list on CERT.  Any insight would be appreciated, thank
you.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

RE: worm information

[Christopher J. Wolff]

Thank you for the input.  The 'unique' feature of this infestation is that
affected hosts don't transmit a lot of data...however they do open up
thousands of flows in a very short time.  Perhaps that's not unique but it
certainly is annoying.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 ravi pina
 Sent: Saturday, April 10, 2004 11:30 AM
 To: Darrell Greenwood
 Cc: 'nanog list'
 Subject: Re: worm information
 
 
 On Sat, Apr 10, 2004 at 11:19:19AM -0700, Darrell Greenwood said at one
 point in time:
 
  On 04/4/10 at 1:53 PM -0400, Jeff Workman wrote the following :
 
 
 http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.htm
 
  File Not Found... 'l' missing from end of 'htm'.
 
 
 http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.um.html
 
 this is correct.  my organization has been infected with this
 and it is a particular nasty little bugger.  we may have been
 'patient 0' in terms of sending copies of the virus to symantec
 so they could write signatures for it.  infected hosts flood
 the network with a tremendous amount of data and port opening.
 
 i at least manged to quarantine off all my vpn devices which
 seemed to be the entry point.
 
 -r
 

RE: worm information

[Christopher J. Wolff]

Ravi,

One of the responses to this thread mentioned a 3COM switch.  One of the
infected sites has a 3COM superstack 1100.  I'm not a 3COM fan but these
switches have been up for years, literally.  All it takes to make this
switch reboot is a flow from one infected host.  I'm going to try to move
the web interface port away from 80.  Thank you.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 ravi pina
 Sent: Saturday, April 10, 2004 11:44 AM
 To: Christopher J. Wolff
 Cc: [EMAIL PROTECTED]; 'Darrell Greenwood'; 'nanog list'
 Subject: Re: worm information
 
 
 hmm, honestly i can't vouch for the data rate personally.
 a co-worker said the counters on the VPN connections were
 grossly disproportionate for a short time sample.
 
 bottom line, it is indeed annoying.  i know my server
 and desktop groups have been having a hell of a time
 disinfecting hosts.  i know part of this was that
 symantec, at the time, said it may be a polymorphic
 strain.
 
 -r

RE: Will your cisco have the FBI's IOS?

[Christopher J. Wolff]

Owen,

That sounds like an invitation to have the Jack Booted Thugs barbeque your
home a'la Branch Davidian compound style.

:)
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Owen
DeLong
Sent: Monday, March 15, 2004 7:51 AM
To: 'nanog list'
Subject: RE: Will your cisco have the FBI's IOS?

This whole thing makes me think that we should be encouraging VOIP traffic
to run over IPSEC so we can claim we don't know what it is.

Owen

possible new DoS?

[Christopher J. Wolff]

Over the past week the following error started to appear in the router logs;

Mar  9 19:44:16 fe-0-1-100.blah.net 16: Mar 10 02:44:15.477:
%CRYPTO-4-IKMP_NO_SA: IKE message from 206.207.248.58  has no SA and is not
an initialization offer.

According to Cisco,

1. %CRYPTO-4-IKMP_NO_SA: IKE message from [IP_address] has no SA and is not
an initialization offer 
IKE maintains the current state for a communication in the form of security
associations. No security association exists for the specified packet, and
it is not an initial offer from the peer to establish one. This situation
could indicate a denial-of-service attack.

Any suggestions are appreciated.  The router that generated those log files
dropped part of an IGP routing table.  Since I've never seen this log entry
before, I'm curious whether it's a 'new' DoS.  Thank you.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

RE: Will your cisco have the FBI's IOS?

[Christopher J. Wolff]

David,

I believe that CALEA versions of IOS are already available on cisco.com.  It
has a backdoor for any traffic originating from dhs.gov address space. ;)

C.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Lesher
Sent: Saturday, March 13, 2004 10:41 AM
To: nanog list
Subject: Will your cisco have the FBI's IOS?



X-URL:
http://www.washingtonpost.com/ac2/wp-dyn/A54512-2004Mar12?language=printer



Easier Internet Wiretaps Sought
Justice Dept., FBI Want Consumers To Pay the Cost

By Dan Eggen and Jonathan Krim
Washington Post Staff Writers
Saturday, March 13, 2004; Page A01

The Justice Department wants to significantly expand the
government's ability to monitor online traffic, proposing that
providers of high-speed Internet service should be forced to grant
easier access for FBI wiretaps and other electronic surveillance,
according to documents and government officials.

A petition filed this week with the Federal Communications
Commission also suggests that consumers should be required to
foot the bill.

{meaning guess who does their work?}





Justice Department lawyers argue in a 75-page FCC petition that
Internet broadband and online telephone providers should be treated
the same as traditional telephone companies, which are required
by law to provide access for wiretaps and other monitoring of
voice communications. The law enforcement agencies complain that
many providers do not comply with existing wiretap rules and that
rapidly changing technology is limiting the government's ability
to track terrorists and other threats.


They are asking the FCC to curtail its usual review process to
rapidly implement the proposed changes. The FBI views the petition
as narrowly crafted and aimed only at making sure that terrorist
and criminal suspects are not able to evade monitoring because
of the type of telephone communications they use, according to
a federal law enforcement official who spoke on the condition
of anonymity.

{..}


{It sounds to me like this means:

Tear out backbone

Move MAE-East, West and whatever into the 
Jill Edgar Hoover Building.

Pay them rent for the Colo space...


YMMV}

-- 
A host is a host from coast to [EMAIL PROTECTED]
 no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433

RE: layered security for the modern Internet

[Christopher J. Wolff]

Eddy,

My favorite idiom is; You're either part of the problem or part of the
solution.

What's your solution?

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of E.B.
Dreger
Sent: Sunday, March 07, 2004 12:32 PM
To: [EMAIL PROTECTED]
Subject: layered security for the modern Internet


Looking at last week's NANOG posts: SAV... 30% of spam from
h4x0r3d boxen... bagle...

It seems the original definition and ideology of layered security
are outdated.  Layered security now means:

* Do nothing at a given layer if the problem can be solved, or
  partially solved, at another layer;

* If a problem cannot be completely solved at a given layer, do
  nothing at that layer;

* Approach the problem by arguing on NANOG over who has the most
  representative analogy.


Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman  Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_
  DO NOT send mail to the following addresses :
  [EMAIL PROTECTED] -or- [EMAIL PROTECTED] -or- [EMAIL PROTECTED]
Sending mail to spambait addresses is a great way to get blocked.

Email security Best Practices; was RE: Email Security Poll

[Christopher J. Wolff]

Based on Jon's results, it is reasonable to conclude that most corporate
network operators provide some level of email security.  Any given
corporation can establish top-down policies mandating the use of an email
security product.  Said corporation only needs to manage compliance with the
policy.

However, in the context of the commercial email operation there is a
delicate balance between email security and sales prevention.

My question is, at what point does email security become too onerous for the
ISP customer?  Is it reasonable to completely ban attachments?

Thank you for your time.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jon
R. Kibler
Sent: Sunday, March 07, 2004 1:02 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Email Security Poll Results

Hello all,

We had 39 responses to the poll. The results follow the signature paragraph.

A few words of explanation about the results.
  1) For the Yes-No questions, most answers were either YES or NO. However,
 a few of the results were something like yes, but not encrypted zips.
 For the yes-but answers, I counted them as a half of a yes.

  2) For the AV engines, the percentages add up to 100% because many users
 said they ran multiple AV engines.

  3) For frequency of AV signature updates, several responded something like
 update daily or as new updates become available. For answers that
said
 they updated on a regular frequency plus more often when necessary, the
 frequency was counted as appropriate, plus it was also counted in the
 other, plus as announced category.

A few observations and comments:
  1) Subscribers to the DShield and NANOG mailing lists contributed answers.
 This means the answers are biased (originating from the security
aware
 group of users) and probably do not reflect the general state of email
 security.

  2) It was refreshing to find that everyone claimed to be updating their AV
 signatures on a regular basis. It would be interesting to know how many
 average users and small businesses update on such a regular basis.

  3) Personally, I found it very surprising how many organizations depended
 solely upon their end users to perform AV screening, that none was 
 being performed organization-wide. I was also surprised at how many
 organizations permit executable content to be sent by email.

I hope that everyone finds these results interesting and they are put to
good use!

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214



Please respond YES (Y), NO (N), or Not Applicable (N/A):

Does your organization perform any screening of email attachments?  72%
YES

Does your organization perform A-V checks on all email attachments? 85%
YES

Does your organization perform any checks on email attachment file type?
62% YES

Does your organization allow users to receive executable content
attachments?49% YES

Does your organization allow users to receive zip file or similar compressed
attachments?90% YES

Does your organization allow users to receive MS Office and similar type
files that may contain macro viruses?   95% YES

Does your organization allow users to receive embedded or attached HTML
email?  99% YES

Does your organization allow users to receive active content attachments,
such as HTML with SCRIPT tags?80% YES


Please respond as appropriate:
--
What AV engine do you use to screen email attachments (Symantec, NAI,
FProtect, Trend, ClamAV, etc)?
Symantec53%
McAfee  16%
ClamAV  16%
Trend   16%
Kaspersky8%
AVG  8%
Sophos   5%
Other5%
Fsecure  3%

How often does your organization update its AV signatures?
every 2 hrs or more often   16%
every 4 hrs  8%
every 8 hrs  8%
every 12 hrs 5%
daily   58%
only as announced5%
other, plus as announced16%





==
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

RE: MS is vulnerable

[Christopher J. Wolff]

Hello,

This MS v Unix debate is a very interesting discussion.  However, I'd like
to take a moment to inject my observations.  Thank you for your time.

1.  Microsoft's business plan (pre anti-trust) was in many ways similar to
the Cuban socialist economic model.  In Cuba, the means of production belong
to the state.  In Microsoft, the means of production belong to Microsoft.
The economic power is not in the hands of the workers.  Microsoft's users
were slaves to Microsoft.  Cuba's working class are slaves to the state.  

2.  In our beautiful democratic capitalist model Microsoft's business plan
failed.  The State injected themselves between Microsoft and the working
class when it became apparent that Microsoft tried to control the means of
production and enslave the user directly.  Anti-trust is a nice insurance
policy.  Understand it well and beat it into the head of the nearest commie.

3.  The Microsoft anti-trust action (In both the US and EU) and subsequent
penalties help to preserve a basic and fundamental right; that is, the right
to choose our own destiny.

4.  Right now, at this very moment, you can place a Linux CD in your CD-ROM
drive, reboot, and install Linux over the top of Windows.

5.  The freedom of choice issue is substantial when we look at it in an IT
consulting or IT management context.  Our job is to analyze the situation,
define the need, identify the resources, and propose a solution.  The IT
consultant/manager must objectively present the costs and benefits to the
decision maker (customer, boss) and help them make the decision.

If you are a Windows zealot and bias your observation based on your
love/familiarity with Windows you will fail.  If you are a Linux zealot and
bias your observation based on your love/familiarity with Linux you will
fail.  Present the costs and benefits associated with each option
objectively and help your organization or client grow.  

The whole windows/linux bashing mentality only creates more controversy
rather than exposing the facts.  Windows is still considered a sure thing
by many/most organizations.  In this economy, businesses are looking to
preserve the status quo or gain an advantage, not create more risk or
controversy.  If you inject Linux into the situations that it is best suited
to handle you will be an asset to the community.  If you create more
controversy you will be shunned by the community.

Your mileage may vary.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, January 29, 2004 8:49 AM
To: [EMAIL PROTECTED]
Subject: Re: MS is vulnerable


Microsoft software is inherently less safe than Linux/*BSD software.
This is because Microsoft has favored usability over security.
This is because the market has responded better to that tradeoff.
This is because your mom doesn't want to have to hire a technical
consultant to manage her IT infrastructure when all she wants to do is 
get
email pictures of her grandkids.

Let me see, have I got this right?

Apple software is inherently less safe than Linux/*BSD software.

This is because Apple has favored usability over security.

This is because the market has responded better to that tradeoff.

This is because your mom doesn't want to have to hire a technical
consultant to manage her IT infrastructure when all she wants to do is get
email pictures of her grandkids.

Hmmm...

The last three statements make perfect sense but that first
one just doesn't seem right. Could it be that ease-of-use
has nothing whatsoever to do with security?

--Michael Dillon

RE: Cisco 7600

[Christopher J. Wolff]

Tim,

I can't speak to the 7600 series from experience (I'm using the 6509 with
MSFC2); however, my opinion is that Cisco continues to market their routers
as suitable for core routing whereas the routers are 'just acceptable' as an
edge aggregation device.

Several weeks ago there was a lively debate on Nanog regarding cisco
performance, if I recall correctly, one party indicated that they upgraded
from a 7206 NPE400 to a GSR and only saw a 30% improvement in CPU
utilization.  That's a lot of bling bling for 30%...

I need only a few high capacity interfaces but a lot more acl, mpls, qos
crunching horsepower than what I can get from Cisco right now.  I'm curious
whether vitamin J is a better option for the core at a specific price point.

It would be great to have a comparison chart that showed a correlation
between a Cisco Mach GT and Juniper Diablo at each key price point, $25,000,
$50,000, $75,000 and so on.

YMMV,
Christopher J. Wolff

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Timothy Brown
Sent: Monday, January 26, 2004 3:06 PM
To: [EMAIL PROTECTED]
Subject: Cisco 7600


I'm aware the Cisco 7600 series is really just an evolution/different way
of orienting the chassis of the Catalyst 6500 line.  I'm interested in
talking
to those of you who are doing production tasks in the backbone or core with
the 7600, particularly if you've compared it to vendor J or can comment at
length on MPLS, VRF, and uRPF features in the device.  Please reply
off-list.
No sales droids please, this is a technical discussion.

Tim

RE: GSR, 7600, Juniper M?, oh my!

[Christopher J. Wolff]

Tarko,

What was your CPU utilization prior to the upgrade?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Tarko Tikan
Sent: Wednesday, January 07, 2004 12:55 PM
To: [EMAIL PROTECTED]
Subject: Re: GSR, 7600, Juniper M?, oh my!


hello!

 The G1 processors, so far, have proven to be wonderful...  We only have
 experience with them running in the 7200 uBR chassis, but they've shown
 a huge reduction in CPU utilization...

what is huge reduction for you? we upgraded from npe-400 to npe-g1 on
ubr7200 and processor usage decreased 20-30%. And we are pushing about
100Mbps traffic from GigE to cable and about 20-30Mbps from cable to GigE.

-- 
tarko

RADB

[Christopher J. Wolff]

Hello,

On the RADB site, under features and benefits, the service claims to mirror
more than 30 other IRR databases.

My challenge is that I need to list my information with RADB and don't want
to go through the hassle of manually submitting every subnet owner and
first-born when I can put a RWHOIS server up for ARIN.  RADB should just
poll my RWHOIS server.

Thank you in advance for your advice.

Regards,
Christopher J. Wolff

RE: dns.exe virus?

[Christopher J. Wolff]

Chris,

It was really odd.  Here is an example of what the two hosts .3 and .4
were up to.

10.11.0.4:1420 64.215.170.28:53   64.215.170.28:53
10.11.0.3:4554 216.74.14.155:53   216.74.14.155:53
10.11.0.3:4554 216.239.38.10:53   216.239.38.10:53
10.11.0.3:4554 166.90.208.166:53  166.90.208.166:53
10.11.0.4:1420 192.35.51.30:53192.35.51.30:53
10.11.0.4:1420 192.55.83.30:53192.55.83.30:53
10.11.0.3:4554 64.24.79.2:53  64.24.79.2:53
10.11.0.3:4554 64.24.79.3:53  64.24.79.3:53
10.11.0.3:4554 64.24.79.5:53  64.24.79.5:53
10.11.0.3:4554 192.48.79.30:53192.48.79.30:53
10.11.0.3:4554 205.166.226.38:53  205.166.226.38:53
10.11.0.3:4554 63.240.15.245:53   63.240.15.245:53
10.11.0.4:1420 192.36.148.17:53   192.36.148.17:53
10.11.0.4:1420 192.26.92.30:53192.26.92.30:53 
10.11.0.4:1420 192.43.172.30:53   192.43.172.30:53
10.11.0.3:4554 192.31.80.30:53192.31.80.30:53
10.11.0.3:4554 213.161.66.159:53  213.161.66.159:53
10.11.0.4:1420 65.102.83.43:5365.102.83.43:53
10.11.0.3:4554 216.239.32.10:53   216.239.32.10:53
10.11.0.3:4554 24.221.129.4:5324.221.129.4:53
10.11.0.3:4554 24.221.129.5:5324.221.129.5:53
10.11.0.4:1420 192.5.6.30:53  192.5.6.30:53
10.11.0.3:4554 128.121.26.10:53   128.121.26.10:53
10.11.0.3:4554 64.215.170.28:53   64.215.170.28:53
10.11.0.3:4554 65.102.83.43:5365.102.83.43:53
10.11.0.4:1420 24.221.129.4:5324.221.129.4:53
10.11.0.4:1420 24.221.129.5:5324.221.129.5:53
10.11.0.3:4554 63.210.142.26:53   63.210.142.26:53
10.11.0.4:1420 192.41.162.30:53   192.41.162.30:53
10.11.0.4:1420 192.52.178.30:53   192.52.178.30:53
10.11.0.3:4554 192.5.6.30:53  192.5.6.30:53
10.11.0.3:4554 63.215.198.78:53   63.215.198.78:53
10.11.0.4:1420 64.215.170.28:53   64.215.170.28:53
10.11.0.3:4554 216.239.38.10:53   216.239.38.10:53
10.11.0.4:1420 192.55.83.30:53192.55.83.30:53
10.11.0.3:4554 64.24.79.3:53  64.24.79.3:53
10.11.0.3:4554 205.166.226.38:53  205.166.226.38:53
10.11.0.4:1420 192.43.172.30:53   192.43.172.30:53
10.11.0.3:4554 63.240.144.98:53   63.240.144.98:53

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Chris Lewis
Sent: Monday, September 08, 2003 1:52 PM
Cc: [EMAIL PROTECTED]
Subject: Re: dns.exe virus?


Christopher J. Wolff wrote:

 After tracking down what I believed was an attempted DOS attack, it
 turns out that two Windows 2000 servers, fully updated, were spewing
out
 hundreds of port 53 requests.  Upon further investigation dns.exe was
 hogging 99% of the CPU.  

 I haven't found any reference to this at CERT so I thought I would
drop
 the occurrence into the nanog funnel to see what comes out.  The
attack
 started around 8AM MST.  Thank you for your consideration.

I wonder if this is the tool used to attack Spamhaus, SPEWS and SORBS.

Do you know what the requests were for?

FW: Qwest Dial Access Network Labor Day Week Schedule

[Christopher J. Wolff]

Fun rant from a qwest dial up reseller

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-Original Message-
From: Matt [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 26, 2003 1:45 PM
To: Cho, Mary M
Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Delgado, Jose;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Zach, Ronald M; '[EMAIL PROTECTED]'; Casher,
Mark; Marcum, Gina K; '[EMAIL PROTECTED]'; Vinnola, Kristen;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Jimenez, Dave;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Bloom jr, Nile S;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Robertson, Bruce M; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Wright, Shelestine L.;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Allred, Terri; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Rodrigues,
Al; '[EMAIL PROTECTED]'; Morgan, Amy;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Peterson,
Deborah A; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Liberato, Karen;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Johnson, Tyler; '[EMAIL PROTECTED]'; Schmidt,
Thomas; Bornstein, Ronald J; Brosek, Wayne; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Ozga, Mary; '[EMAIL PROTECTED]'; Rummler,
Natalie; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Doubet, Matt M;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Valentine, James M; Dowell,
Eric R; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Reed,
David (Wholesale); '[EMAIL PROTECTED]'; Bennett, Chris;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Fizer, Mike X; '[EMAIL PROTECTED]'; Quinzon, Cherie;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Wagner, Scott M;
'[EMAIL PROTECTED]'; Wechsel, Tracy L.;
'[EMAIL PROTECTED]'; Hess, Patrick;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Beard, James K; Kean, Scott A; Mortensen,
Cynthia; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Moore, Jeffrey G.;
'[EMAIL PROTECTED]'; Thompson, William P.; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
Greig Bellum; '[EMAIL PROTECTED]'; Myruski, Melissa L; Boat, Dane W;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Major,
Clay D; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; O'Hara, Tripp;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; McGuirk,
Patrick; Chandler, Shirley; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Bullock, Brian; '[EMAIL PROTECTED]'; Kure, Anthony C;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Logan, Mike; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
Mishreki, Rafik (Steve); '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Melara, Mel; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; Hudson, Susan D; Skibicki, Gale A.;
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; Jencks, Nancy;
Peters, Jeffery S.; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
'[EMAIL PROTECTED]'; '[EMAIL PROTECTED

Email virus protection

[Christopher J. Wolff]

Hello,

What is the most common method for providing virus protection for your
hosted email customers?  Thank you in advance.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

Touchamerica

[Christopher J. Wolff]

Hello,

If there are any Touch America techs within reach of this email, could
you please contact me off list.  Thank you.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com
[EMAIL PROTECTED]

Sprintlink

[Christopher J. Wolff]

Is anyone seeing any weirdness with routes dropping to/from Sprintlink
customers in NYC?  

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

OT RE: Anybody know what LARP is?

[Christopher J. Wolff]

Karyn,

I'm not sure about the LARP but I can guide you toward a LARCH.

-Monty python humor, sorry.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Karyn Ulriksen
Sent: Wednesday, May 28, 2003 5:25 PM
To: [EMAIL PROTECTED]
Subject: OT: Anybody know what LARP is?


I know that this is off topic and that there is probably a forum
somewhere
more appropriate, so I'll appreciate any direction as to where would be
better...

But I couldn't think of a group that would more likely know what Locus
Address Resolution Protocol (LARP) is.  I've been Googling variations
and
cross references for LARP for the past hour and am starting to think
it's a
trick question :).  All I can find is all the thousands of RFCs on the
AINA
numbering for it, but not what the protocol does.  If anyone can throw
me a
bone, I'd really appreciate it.

Karyn

Network monitoring/IDS rant - What's hot what's not?

[Christopher J. Wolff]

Tivoli, Openview, Unicenter, ipmonitor, mrtg, nagios?

There are many network monitoring options but each option has its
pitfalls.  I'm rapidly coming to the conclusion that any software
Computer Associates publishes is designed for the criminally insane.
However, there 'has' to be something that offers more visibility into a
major WAN than MRTG/RRDTOOL.  

Perhaps I'm on a Computer Associates rant today but can anyone share any
positive experiences with E-trust intrusion detection?  5 MB of traffic
flow paralyzes a dual P3 with gobs of ram and it still misses signatures
that Snort does not miss.  Originally I was going to blame this lousy
performance on application tuning; however, it was a CA engineer that
set this box up.

Any IDS suggestions would be greatly appreciated as well.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

Operating Agreement

[Christopher J. Wolff]

Hello,

I'm trying to track down a sample operating agreement, specifically when
one network operator offers to manage another's telecommunications
assets, in exchange for an IRU.  Something close to this would be
wonderful.  Google lists many network operating agreements for power
interconnection but not for telecom.  Thank you for your assistance.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

RE: VoIP QOS best practices

[Christopher J. Wolff]

Jason,

My strategy would be to use the same carrier at point A and point B and
purchase some kind of high-priority MPLS switching config between the
two.  I believe Global Crossing offers something like this where they
differentiate between the proletarian traffic and the uber-business
traffic.

The other thing to keep in mind is that QoS only comes into play when
you saturate your links.  

Regards,
Christopher J. Wolff, VP, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jason Lixfeld
Sent: Monday, February 10, 2003 9:47 AM
To: [EMAIL PROTECTED]
Subject: VoIP QOS best practices


Looking for some links to case studies or other documentation which 
describe implementing VoIP between sites which do not have point to 
point links.  From what I understand, you can't enforce end-to-end QoS 
on a public network, nor over tunnels.  I'm wondering if my basic 
understanding of this is flawed and in the case that it's not, how is 
this dealt with if the ISPs of said sites don't have any QoS policies?

-jL

RE: VoIP QOS best practices

[Christopher J. Wolff]

Jason,

I believe Global Crossing supports those sites, keep in mind I don't
sell their product, but UUNET should as well.  

Regards,
Christopher J. Wolff, VP, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Jason Lixfeld
Sent: Monday, February 10, 2003 9:58 AM
To: Christopher J. Wolff
Cc: [EMAIL PROTECTED]
Subject: Re: VoIP QOS best practices


Providing your sites are local to the same ISP, that would be fine.  
Worst case scenario and probably a more likely scenario in most cases 
is that company A has a satellite office in Boston, one in Sydney and 
one in Tokyo while their head office is in Toronto.  Not a very wide 
range of providers who can reach those areas, not to mention wether or 
not they can deliver MPLS.


On Monday, February 10, 2003, at 11:52 AM, Christopher J. Wolff wrote:

 Jason,

 My strategy would be to use the same carrier at point A and point B
and
 purchase some kind of high-priority MPLS switching config between the
 two.  I believe Global Crossing offers something like this where they
 differentiate between the proletarian traffic and the uber-business
 traffic.

 The other thing to keep in mind is that QoS only comes into play when
 you saturate your links.

 Regards,
 Christopher J. Wolff, VP, CIO
 Broadband Laboratories, Inc.
 http://www.bblabs.com

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
 Jason Lixfeld
 Sent: Monday, February 10, 2003 9:47 AM
 To: [EMAIL PROTECTED]
 Subject: VoIP QOS best practices


 Looking for some links to case studies or other documentation which
 describe implementing VoIP between sites which do not have point to
 point links.  From what I understand, you can't enforce end-to-end QoS
 on a public network, nor over tunnels.  I'm wondering if my basic
 understanding of this is flawed and in the case that it's not, how is
 this dealt with if the ISPs of said sites don't have any QoS policies?

 -jL

RE: Level3 routing issues?

[Christopher J. Wolff]

Of the customers I've had to shut off for being DOS targets, all are
windows boxen.  Perhaps there is a new windows exploit?

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
hc
Sent: Friday, January 24, 2003 11:39 PM
To: Joel Perez
Cc: Aaron Burnett; Alex Rubenstein; [EMAIL PROTECTED]
Subject: Re: Level3 routing issues?



Okay this is getting bad.. one of our routers just locked up from udp 
1434's. Can't even telnet to it now.

-hc

Joel Perez wrote:

My firewalls are going nuts with hits on UDP port 1434 also from 
everywhere!

   -Original Message- 
   From: Aaron Burnett [mailto:[EMAIL PROTECTED]] 
   Sent: Sat 1/25/2003 1:19 AM 
   To: Alex Rubenstein 
   Cc: hc; [EMAIL PROTECTED] 
   Subject: Re: Level3 routing issues?
   
   



   On Sat, 25 Jan 2003, Alex Rubenstein wrote:
   
   
   
I dunno about that. But, I am seeing, in the last couple
hours, all kinds
of new traffic.
   
like, customers who never get attacked or anything, all of a
sudden:
   
   
http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.ht
ml
   
   
We are seeing this on ports all across out network -- nearly
1/2 our ports
are in delta alarm right now.
   
Anyone else?
   
   
   Yep. Since about 12:30 am. Getting pounded on UDP port 1434 from
all over
   the world to any address on my network.
   
   

  

DOS?

[Christopher J. Wolff]

Greetings,

It looks like all hell is breaking loose on some of the nations
backbones.  http://www.internethealthreport.com 

The port counters on my ATT DS3 were reading in the 250 megabit range,
that is a DS3, mind you.

Any source IP's I can add to the circular file would be appreciated.
Any ranges I find I'll echo back to the list.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

OT holiday humor: Nasty smell

[Christopher J. Wolff]

I almost fell out of my chair on this kind note from the folks at Daito
Communication Apparatus Co. Ltd.  I found this funny, perhaps you will
too.


Note 1:  The power supply capacity should be more than the fusing
current.  If the power capacity is less than the fusing current, the
fuse may not blow for a short time, and then nasty smell, smoking and so
on may occur.


I read this as follows:

If my power source drains to the point where the power supply can not
power the device at a current higher than the fusing current, the device
has a built in low battery alarm that consists of blasting the user in
the face with a nasty smell followed by and so on that will occur.
I'm concerned about the and so on part.

I can imagine several so ons including but not limited to:  conversion
into dark matter, a tear in the space-time-continuum...

Happy holidays,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

RE: Suggestions for ASP colo space that will be around in 3 years?

[Christopher J. Wolff]

Steve, I feel confident that we'll be around for 3 years; however, our
facility is not elegant, it's industrial in every sense of the word.  If
you feel the need to be elegant I'll gladly throw in a string of pearls
with your order :)

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Steve Francis
Sent: Tuesday, November 19, 2002 2:40 PM
To: [EMAIL PROTECTED]
Subject: Suggestions for ASP colo space that will be around in 3 years?


We're being booted from one of our main colo data centers by CW closing

down that facility.

Our main priorities for picking a new data center to locate in are:
1. not having to move again within three years
2. physical security (or at least the impression thereof.  We don't have

unprotected consoles or anything, but as an ASP, we need an impressive 
facility for dog and pony shows.)
3. multiple providers (preferably carrier neutral, but so long as we can

get 1Gb from another provider, even if via something like Telseon, 
that's OK.)

Our other main datacenter is in an Equinix site, so for risk management,

we don't want to go into any other Equinix site.

So anyone have any insight as to who will be around within 3 years?

Thanks

RE: two questions

[Christopher J. Wolff]

Scott,

I've used the Cisco FE fiber port on a 7206vxr to connect to a CAT5 thru
a cheapie transceiver, works great.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com


-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-nanog;merit.edu] On Behalf Of
Scott Granados
Sent: Friday, November 08, 2002 12:33 PM
To: [EMAIL PROTECTED]
Subject: two questions


I have seen some router cpu questions.  I know this is not the place for
router questions specifically could someone pass on the name of the
group
for cisco users I remember there was one.  Also does anyone happen to
know
if the cisco fast E fiber port interoperates with off the shelf
tranceivers properly ie fiber to cat 5?

Thanks

IP over in-ground cable applications.

[Christopher J. Wolff]

Greetings,

Can anyone recommend a method for integrating TCP/IP with an existing
analog cable television network.   The cable companies do this quite
well; however, it's not immediately clear to me how I would multiplex
the IP traffic and the existing video and deliver it to a home.

My current thoughts on this are to digitize the satellite video into
mpeg2 and deliver it over TCP/IP through the in-ground cable.  This way,
integrating the video and data portion are easy, however the resident
would need to buy a mpeg2 set-top-box to split out the video and
internet.  Thank you very much for your consideration.

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

RE: IP over in-ground cable applications.

[Christopher J. Wolff]

Nathan,

If your MPEG2 video were multicast streams, wouldn't that be a much more
effective utilization of bandwidth?

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Nathan Stratton
Sent: Thursday, September 12, 2002 11:29 AM
To: Christopher J. Wolff
Cc: [EMAIL PROTECTED]
Subject: Re: IP over in-ground cable applications.



On Thu, 12 Sep 2002, Christopher J. Wolff wrote:

 Greetings,

 Can anyone recommend a method for integrating TCP/IP with an existing
 analog cable television network.   The cable companies do this quite
 well; however, it's not immediately clear to me how I would multiplex 
 the IP traffic and the existing video and deliver it to a home.

Ya, build a new two-way HFC network.

 My current thoughts on this are to digitize the satellite video into 
 mpeg2 and deliver it over TCP/IP through the in-ground cable.  This 
 way, integrating the video and data portion are easy, however the 
 resident would need to buy a mpeg2 set-top-box to split out the video 
 and internet.  Thank you very much for your consideration.

The issue is you only have 125 CMTS channels to deal with and most
network have way to many homes passed per head end to make mpeg2 over IP
practical solution.



Nathan Stratton
nathan at robotics.net
http://www.robotics.net

RE: IP over in-ground cable applications.

[Christopher J. Wolff]

Hi Sal,

Thanks for the response.  The 'Broadband' in Broadband Laboratories
actually refers to the Microwave flavor of last-mile and long-haul data
transmission.  As a general operating philosophy, we eschew wired
last-mile network solutions (DSL, Cable) as inefficient, costly to
capitalize, and costly to maintain.  For example, the local cable
company spent over $100m for an HFC buildout of our local market which
only covered 30% of the metropolitan area.  I could probably cover 25 of
the top metropolitan markets with that kind of capital :)

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, September 12, 2002 2:28 PM
To: [EMAIL PROTECTED]
Subject: Re: IP over in-ground cable applications.




Christopher J. Wolff wrote:
 Can anyone recommend a method for integrating TCP/IP with an existing 
 analog cable television network.

Yes Chris, it's called DOCSIS.  I would think that a CIO of a company
named Broadband Labs would have a lab in which to experiment with
cable.

 My current thoughts on this are to digitize the satellite video into 
 mpeg2 and deliver it over TCP/IP through the in-ground cable.

What about the neighborhoods with above-ground cable, how would you
deliver service to them? 

Sal Sabella




Get your free encrypted email at https://www.hushmail.com

RE: IP over in-ground cable applications.

[Christopher J. Wolff]

Sal,

I'm not a big fan of GE period; too many recalls.  However you might
want to take a look at Jennair.  Here's my favorite.

http://www.jennair.com/ja/products/prod_detail.jsp?model=WW30430Pcs=0B
V_UseBVCookie=Yes

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 12, 2002 3:33 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: IP over in-ground cable applications.



Thanks for the response.  The 'Broadband' in Broadband Laboratories 
actually refers to the Microwave

That makes sense.  I have a question you might be able to answer.

I've got some Cerent and Sycamore boxes, and I'm trying
to locate a GE Advantium line card.  We're fixing to sell Advantium
wavelenghts on the same glass as gig-e and OC-x's, catering primarily to
the hospitality and food services industry, by Q1 2003.  You could even
say I bet on it with my boss.  Know where I can buy one?

Also, what type of performance have you seen with Advantium vs.
conventional microwave-based transport technologies?

Sal Sabella




Get your free encrypted email at https://www.hushmail.com

RE: IP over in-ground cable applications.

[Christopher J. Wolff]

Sal,

I've been called a lot of things, but moron isn't one of them.  It's
been fun playing.

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, September 12, 2002 3:46 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: IP over in-ground cable applications.



 I'm not a big fan of GE period; too many recalls.  However you
 might want to take a look at Jennair

I had a bet with my boss that GE would bring good things to life. Please
don't tell me I lost.

Sal Sabella




Get your free encrypted email at https://www.hushmail.com

Bonding ATM circuits for DSL

[Christopher J. Wolff]

Greetings.

Has anyone experienced adding additional ATM DS3's and bonding those
together to form a single fat pipe.  For example if you had a Qwest
megacentral DSL DS3 loop and wanted to add another one to make 90 megs
instead of 45 megs is that done on the ISP side or the Telco side or
both?  Thank you all so much for your wisdom.

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

RE: Bonding ATM circuits for DSL

[Christopher J. Wolff]

I may have answered my own question.  Create an IMA group interface.

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Christopher J. Wolff
Sent: Thursday, August 01, 2002 1:46 PM
To: [EMAIL PROTECTED]
Subject: Bonding ATM circuits for DSL



Greetings.

Has anyone experienced adding additional ATM DS3's and bonding those
together to form a single fat pipe.  For example if you had a Qwest
megacentral DSL DS3 loop and wanted to add another one to make 90 megs
instead of 45 megs is that done on the ISP side or the Telco side or
both?  Thank you all so much for your wisdom.

Regards,
Christopher J. Wolff, CIO
Broadband Laboratories, Inc.
http://www.bblabs.com 

Colocation Enclosures

[Christopher J. Wolff]

Greetings,

I'm trying to find alternative sources for a 2 or 3 section locked
colocation cabinet cosmetically similar to the following:

http://www.budind.com/images/big/DC-8125bg.jpg

It appears that Encoreusa is no longer in business so I would appreciate
any pointers as to where I may locate such an enclosure.  Thank you!

Chris

Maybe OT-Qwest DSL

[Christopher J. Wolff]

Greetings.

Whether or not this is the appropriate forum, I'm going to vent.  So thank
you for your patience.

I just had a Qwest DSL tech tell me to go f--- myself.  Unfortunately his
buddies won't let me know who his management is.  If anyone can refer me to
contact information for the Qwest megacentral management team, I would
greatly appreciate it.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com

How important is IM? was RE: How important is the PSTN

[Christopher J. Wolff]

Jane,

This brings up a good point about IM.  IMHO, IM is a security risk and I am
establishing a company standard where users behind the firewall are
prohibited from using IM, IRC, and peer-to-peer file sharing programs.  My
opinion is that these types of programs contribute more to lack of
productivity than to real problem solving.

So my question for the group is, do chat programs (IM, IRC, yahoo) serve a
substantial network support purpose or are they more of a distraction,
allowing staff to communicate with friends, relatives, drifters, interlopers
on company time?

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Pawlukiewicz Jane
Sent: Tuesday, June 25, 2002 12:06 PM
To: [EMAIL PROTECTED]
Subject: How important is the PSTN


Hi all,

Thanks so much for all the great answers. (Could everyone please stop
telling me that im = instant messaging). I knew I should've never gotten
out of bed this morning.

Anyway, 75% of the respondents said the phone is critical. 25% said some
form of IM is critical.

Just in case anyone was curious.

Is it me or is it very quiet in here today?

Jane

Qwest Megacentral DSL weirdness

[Christopher J. Wolff]

Greetings,

Approximately two weeks ago, dsl customers over our Qwest Megacentral
service began to randomly drop offline.  According to Qwest, each of the
customers had good birectional cell flow.  However, each of the
affected customers were unable to pass any IP traffic.  I was able to
restore traffic to the affected customers by bouncing their ATM
subinterface.  No hardware or software changes were made at our NOC.

I find this to be a curious situation since many of our dsl customers
have been connected continuously for 9-12 months.  A few Qwest
technicians covertly mentioned that something was going on at the CO
but used codewords for fear of losing their jobs, while other Qwest
technicians claim it was not their problem.  Some of the techs outright
hung up on the customer.

So to make a long story short, I'm curious to know if anyone has the
'inside scoop' or has similar issues that just cropped up.  Thanks in
advance for your advice.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 

Portable Fire Suppression

[Christopher J. Wolff]

Greetings;

I would like to protect an unattended server enclosure in a remote
location with some variety of fire suppression device.  I imagine that
some enterprising soul has invented a fire extinguisher with a nozzle
that opens at a preset temperature (i.e. exploding head).  Thank you in
advance for any advice you can provide.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 

Portable Fire Suppression

[Christopher J. Wolff]

From the first few responses I believe some clarification is in
order...This specific 'unattended server enclosure' is sitting outside
in the middle of the desert.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 



Greetings;

I would like to protect an unattended server enclosure in a remote
location with some variety of fire suppression device.  I imagine that
some enterprising soul has invented a fire extinguisher with a nozzle
that opens at a preset temperature (i.e. exploding head).  Thank you in
advance for any advice you can provide.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 

Certification or College degrees? Was: RE: list problems?

[Christopher J. Wolff]

I would add to that statement:  Requiring a technology certification is
equally as obsurd.  I've been told I could pass the Emperor-Level CCIE
test; however, I do not believe it will add more value for my customers.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 

Andrew Dorsett said:
*jumping on my soap box*
I have to say that the idea of requiring a degree for the IT industry is
obsurd.  

RE: Certification or College degrees? Was: RE: list problems?

[Christopher J. Wolff]

Alan,

Thank you for the objective response.  It seems that there is room for
multiple perspectives on this topic.

I take my new volvo to the local equivalent of Joe's Garage for
regular (3000 mile) service.  Joe is not volvo certified, but they do
let me watch over their shoulder to make sure everything is perfect.
The service is a fraction of the cost.  If there was a mistake in
service, they only ask for their cost for the parts to rectify the
mistake (This is the 6th car that I've taken to Joe's Garage.)
However I do take the car to Volvo for the 3 mile service interval
(which, in fact, contains no service, only diagnostics).  If Volvo finds
a problem, I'll take it back to Joe's Garage for the actual repair.

I see your perspective on the HR department.  HR probably deals with
dozens of applicants and the certification is an easy pass/fail
evaluation method.  However, IMHO, there are probably many expertly
qualified candidates that have no paper but are more qualified than the
paper CCNA.  

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Rowland, Alan D
Sent: Wednesday, May 22, 2002 12:00 PM
To: [EMAIL PROTECTED]
Subject: RE: Certification or College degrees? Was: RE: list problems?



While the effectiveness of degree requirements may be argued, they are
efficient. When your HR department gets hundreds or thousands of
applications, they need some way to find the wheat.

The net sector is young and was mostly immune to traditional business
practices. Not all traditional business practices are bad (see
dot.bomb). Lack of business acumen means the days of six figure income
and significant stock options because there were 10 job openings for
every geek who could RTFM are over. Even though the job market is
coming back there's still 20 'techies' in Birkenstocks and Star Wars
t-shirts for every (decent) job hiring. Everything else being equal
(which is often the case) a cert or degree is a great tie-breaker.

Welcome to the traditional job market fellow geeks. Remember all the
jokes about Sanitation Engineers? ;)

Put another way, when you take that expensive car of yours in for
service (you do have one if you're successful in this industry, right?
;) ), do you go to Joe's Garage (apologies to all named Joe) or a
dealer/service center with certified mechanics?

Just my 2¢. The delete key is your friend.

Best regards,
_
Alan Rowland
(BS in Business and Management, UofM, 1990
no warranty expressed or implied, use at 
your own risk, may be terminated at any 
time without notice





-Original Message-
From: Christopher J. Wolff [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 11:16 AM
To: [EMAIL PROTECTED]
Subject: Certification or College degrees? Was: RE: list problems?



I would add to that statement:  Requiring a technology certification is
equally as obsurd.  I've been told I could pass the Emperor-Level CCIE
test; however, I do not believe it will add more value for my customers.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 

Andrew Dorsett said:
*jumping on my soap box*
I have to say that the idea of requiring a degree for the IT industry is
obsurd.  

RE: Certification or College degrees? Was: RE: list problems?

[Christopher J. Wolff]

It's easy, just replace your ICU with a RSP8 :)

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jeff Workman
Sent: Wednesday, May 22, 2002 1:38 PM
To: Christopher J. Wolff; [EMAIL PROTECTED]
Subject: RE: Certification or College degrees? Was: RE: list problems?





Stoned koalas drooled eucalyptus spit in awe as Christopher J. Wolff 
exclaimed:


 I take my new volvo to the local equivalent of Joe's Garage for
 regular (3000 mile) service.  Joe is not volvo certified, but they do
 let me watch over their shoulder to make sure everything is perfect.
 The service is a fraction of the cost.  If there was a mistake in
 service, they only ask for their cost for the parts to rectify the
 mistake (This is the 6th car that I've taken to Joe's Garage.)
 However I do take the car to Volvo for the 3 mile service interval
 (which, in fact, contains no service, only diagnostics).  If Volvo finds
 a problem, I'll take it back to Joe's Garage for the actual repair.

How do I configure my Volvo for BGP?


*ducks*

-Jeff

--
Jeff Workman | [EMAIL PROTECTED] | http://www.pimpworks.org

RE: list problems?

[Christopher J. Wolff]

Shawn,

The claims that you make here are exactly why I went 100K in the hole at
a private university chosen partially because they did not have a strong
athletic program.  And no, I did not have a rich daddy to pay for it.

In my opinion, one of the best things you can do for your children is to
provide a private education for them.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Shawn Solomon
Sent: Wednesday, May 22, 2002 9:07 PM
To: Paul Vixie
Cc: [EMAIL PROTECTED]
Subject: Re: list problems?



no way...

The option where you come out into life 35k in the hole, no
experience, and four years behind your collegues is obviously better.

And its hard to put a value on..

that bitterness you learned from spending the best years of your life
with a bunch of rich, drunken dumbasses.

The tolerence you gained from all those times your learning was
decelerated, just to allow for johnny football star to meet status quo.

The anger from seeing Johnny pull his head of his jock just long enough
to see daddy hand him a 150k VP position.

As mastercard sais.. priceless.


And no, I'm not bitter.. 


--

 Shawn Solomon  Senior State Networks Engineer

 Indiana Telecommunications Network  IHETS INDnet  
 317.263.8875  www.ind.netfx: 317.263.8831


On 22 May 2002, Paul Vixie wrote:

 
 [EMAIL PROTECTED] (Leo Bicknell) writes:
 
  If you ever want to become a team leader, or a manger, or run a 
  theoretical group you are going to need the math and English 
  backgrounds that college provides.  ...
 
 So what you're saying is, if I hadn't dropped out of high school 
 during my 17th trip around Sol, I wouldn't've gotten stuck in this 
 dead end job?
 
 Probably I wouldn't have that honorary MSCS degree either.  
 Wouldn't've wrote all that code, nor those RFC's, nor started those 
 various companies.
 
 Wouldn't've found my various mentors nor been a mentor to any of the 
 folks who count me as having been one?
 
 Is that how a college degree would have improved my career by age 39?
 
 Sounds like a bad deal to me.
 --
 Paul Vixie [EMAIL PROTECTED]
 President, PAIX.Net Inc.
 

The business side of the coin. WAS RE: The market must be coming back

[Christopher J. Wolff]

I recall that, early in my career I had the opportunity to build a new
LAN backbone for a 6 story office building.  It was going to be Category
5! Woohoo. With a 12/24 fiber backbone.

ATM in a LAN environment was new at the time but I was going to make
sure I had an OC3 backhauling each of the floors to a central switch.  I
thought this design was beautiful and marvelous.  There was a neat new
company that made LAN-style ATM gear with performance specs that would
just blow your mind.

So when I took the design to the board they loved the fastethernet fiber
blah blah and gave approval.  But when it came down to selecting vendors
for the hardware I ran right into a brick wall with questions like:

How long has this company been in business?
Are they using open standards?
Do they have knowldgeable tech support?
..and so on.  

So, regardless of whether the hardware is the fastest thing on the
block, pushing 10 nanobits at a megaflop, you can look like a fool if
you don't consider the business repercussions of the vendor you choose.
In the end, I didn't get my design approved until I chose Cisco.  Was I
pissed, sure!  Did I ship off white papers and other propaganda to
support my case? Yes!  But the company went bankrupt about 2 weeks after
I submitted the bid.

Just my .02,

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Gary
Sent: Tuesday, May 21, 2002 12:37 AM
To: Richard A Steenbergen
Cc: [EMAIL PROTECTED]
Subject: RE: The market must be coming back



Richard:

 Personally I would say that Foundry does EVERYTHING less than perfect.

 Nearly everyone I'm aware of (including myself) who has had to 
 misfortune to try and use their devices in a service provider 
 environment and a layer 3 role has come away with a universal loathing

 of biblical proportions.

Not worth a response.  Can't please everybody and you CAN'T design
everyone's network for them.  Sort of like EIGRP.  Even the worst
network engineer can look great with it.  Perhaps you should read JANOG.
Maybe they can help you.  Search for $B%U%"%&%s%I%j!#(B (note, if you cannot
read this, it is Japanese for Foundry in unicode).

 I really can't stress this enough, it DOES NOT MATTER how many 
 gigabits your box forwards. A router is ONLY as useful as the quality 
 of its software and support, if you can't login to it or have working 
 routing protocols, it's just a big paperweight. The only "wannabe 
 cisco" company I have seen learn this lesson is Juniper, and I am 
 firmly convinced this is the reason for their success in the core.

Juniper is an OUSTANDING company.  Much better than many networking
companies in many respects.  I've also heard nothing but good things
about Unisphere here in Japan, so perhaps this will be a good marriage
with benefits to service providers.  I'll enjoy competing.  We will
compete.

 Whenever I read a press release about Foundry in the core, I stop and 
 take a moment to laugh uncontrollably. It has nothing to do with ISIS 
 or MPLS, it has to do with making your existing functionality work 
 correctly and behave in a sensible fashion. Nothing personal against 
 Foundry, but the people in charge couldn't possibly "not get it" any 
 more than they do now.

Remember what you said in this paragraph.  I will refer to it later.

Yoroshiku,

Gary

RE: The business side of the coin. WAS RE: The market must be coming back

[Christopher J. Wolff]

Good point!  The other one is Choose your battles wisely.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Patrick
Sent: Tuesday, May 21, 2002 9:52 PM
To: Christopher J. Wolff
Cc: [EMAIL PROTECTED]
Subject: Re: The business side of the coin. WAS RE: The market must be
coming back



On Tue, 21 May 2002, Christopher J. Wolff wrote:


 So, regardless of whether the hardware is the fastest thing on the 
 block, pushing 10 nanobits at a megaflop, you can look like a fool if 
 you don't consider the business repercussions of the vendor you 
 choose. In the end, I didn't get my design approved until I chose 
 Cisco.  Was I pissed, sure!  Did I ship off white papers and other 
 propaganda to support my case? Yes!  But the company went bankrupt 
 about 2 weeks after I submitted the bid.

No one gets fired for buying IBM.


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
/\/\/\
   Patrick Greenwell
 Asking the wrong questions is the leading cause of wrong
answers
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
\/\/\/

The market must be coming back

[Christopher J. Wolff]

Everyone's so busy there hasn't been a peep on here in weeks.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories
http://www.bblabs.com
 

RE: The market must be coming back

[Christopher J. Wolff]

Jason,

Are you espousing Juniper or Foundry for 10ge?

-Original Message-
From: Jason LeBlanc [mailto:[EMAIL PROTECTED]] 
Sent: Monday, May 20, 2002 9:35 PM
To: Gary; Christopher J. Wolff
Cc: [EMAIL PROTECTED]
Subject: RE: The market must be coming back


Juniper.  Sorry I'm a fan, they've done a lot right.  Cisco is ~$35k per
port of 10ge, and unless you get a 6513 you can't get many interfaces.
This makes 10ge in a real network (where everything needs to be
redundant, multiple interfaces, etc) a bit impossible on the Catalyst
platform.  If your needs are but a few interfaces, maybe it works.
Cisco is woefully behind here.  The SUP2/SFM method of doing things is a
patch at best to boot.  Foundry is cheaper and a bit ahead in many
aspects, granted there are SW issues still looming, but the 'life of a
packet' as a packet is handled by a Foundry switch makes a lot more
sense.  Foundry ASIC's are rockin, as are Juniper's, Cisco seems to be
lost here.  I think the ASIC designers ran off to Foundry and Juniper.
;)

If only Juniper made 'switches', such that density were higher, cost per
port were lower and they were more applicable to switching (L2/STP, etc)
and LAN specific needs.

Additionally, anyone have thoughts on the Unisphere purchase by Juniper?
I think it should scare the bejesus out of Cisco.

Always interested in the opinions of the brightest, let the flames
begin. ;)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gary
Sent: Monday, May 20, 2002 9:15 PM
To: Christopher J. Wolff
Cc: [EMAIL PROTECTED]
Subject: RE: The market must be coming back



Chris:

 I've been thinking about leasing some dark fiber and running one of 
 the new 10gigE blades for the Cat 6500 chassis.

Be careful here.  Last I tested (at one of our channels that also
resells
Cisco) is that the 10GbE on the Catalyst 6500 hasn't broken 4G
throughput yet.  Sort of like buying a GbE interface for a 7200 (It only
get's 10% throughput...  Why waste the money, just buy FE!).  The GSR is
up to about 8G throughput nowadays from what I've seen.

Foundry Networks (my company) can get a perfect clean 8G throughput on
all of our chassis with management modules M2 or above (we don't support
10GbE on the legacy M1).  Our NG chassis will be available later in the
year for those folks that want 4 X 10 GbE on each module (8 slot
chassis).  I expect this will be a perfect 40G throughput since I've
never seen us do anything less than perfect (been working here since
August).

Additionally, you would be the first customer I've heard about doing
standards based 10GbE on a Catalyst.  (feel free to chime in if you're
doing this... Can I bring my SmartBits 600 to your site to test
throughput?). Good luck!

Foundry has a few references:

Deployed:
http://www.foundrynet.com/about/newsevents/releases/pr4_3_02.html
http://www.foundrynet.com/about/newsevents/releases/pr4_2_02.html
http://www.foundrynet.com/about/newsevents/releases/pr2_11_02.html

Many others that we don't press release.  We've got these blades running
in production networks here in Japan that I'm not allowed to talk about.
Also many other places.

Deploying:
http://www.foundrynet.com/about/newsevents/releases/pr5_8_02.html

Performance:
http://www.spirentcom.com/news/press.cfm?id=87

  Throw in the Cisco Flamethrower GBIC and I should be good for 50 
 miles.
Has anyone tried
 this?

Foundry Network's Long Haul (LHB: 150 km, LHA: 70 km) Ethernet optics
exceed Cisco's on GbE (ZX: 100 km).  I'm sure we exceed them on the ER
LAN PHY for 10GbE.  We've only tested to 85 kilometers (ER).  802.3ae
standard is 40 km:

http://biz.yahoo.com/prnews/020508/nyw068_1.html

Cisco's website says they can do the 802.3ae standard 40 km on the 1550
nm blade.  I'm not sure if the optics are changeable either:

http://www.cisco.com/warp/public/cc/pd/ifaa/6500ggml/

I doubt if there is a GBIC for 10GbE available.  We use the same blade
with changeable optics; however, I would not call the SR (300 meters),
LR (10 km), and ER LAN PHY optics GBIC's...

Moral of this story is that BEFORE you buy these blades from Cisco (or
anybody), test them!  If you don't have 10GbE SmartBits or IXIA, you can
use 1GbE interfaces and wrap them around until you get 8G (no need to
produced anything higher 'cause the Cat 6500 has an 8G throughput
limitation).  Don't test latency with this method :-).  I don't believe
the marketing from any company, not even my own.  I test, then tell.

I've personally never seen a packet drop at a steady 8G rate for up to
72 hours; however, one of our customers evaluating the 10GbE blades
reported 2 64 byte packet's were dropped in a 12 hour line rate test.  I
suspect they had bad fiber.

Gary Blankenship
Systems Engineer
Foundry Networks