FCC calls for nominations to Open Internet Advisory Committee

[Joly MacFie]

The FCC is seeking
nomination
s
 for membership on its Open Internet Advisory Committee (OIAC), established
pursuant to the Order on
Preserving
the Open 
Internet
.

More: http://isoc-ny.org/p2/?p=2300

Don't be shy now!

:)

-- 
---
Joly MacFie  218 565 9365 Skype:punkcast
WWWhatsup NYC - http://wwwhatsup.com
 http://pinstand.com - http://punkcast.com
 VP (Admin) - ISOC-NY - http://isoc-ny.org
--
-

Fwd: RFC 6274 on Security Assessment of the Internet Protocol Version 4

[Fernando Gont]

FYI

 Original Message 
Subject: RFC 6274 on Security Assessment of the Internet Protocol Version 4
Date: Tue,  5 Jul 2011 09:45:51 -0700 (PDT)
From: rfc-edi...@rfc-editor.org
To: ietf-annou...@ietf.org, rfc-d...@rfc-editor.org
CC: op...@ietf.org, rfc-edi...@rfc-editor.org


A new Request for Comments is now available in online RFC libraries.


RFC 6274

Title:  Security Assessment of the Internet
Protocol Version 4
Author: F. Gont
Status: Informational
Stream: IETF
Date:   July 2011
Mailbox:ferna...@gont.com.ar
Pages:  75
Characters: 179909
Updates/Obsoletes/SeeAlso:   None

I-D Tag:draft-ietf-opsec-ip-security-07.txt

URL:http://www.rfc-editor.org/rfc/rfc6274.txt

This document contains a security assessment of the IETF
specifications of the Internet Protocol version 4 and of a number of
mechanisms and policies in use by popular IPv4 implementations.  It
is based on the results of a project carried out by the UK's Centre
for the Protection of National Infrastructure (CPNI).  This document
is not an Internet Standards Track specification; it is published for
informational purposes.

This document is a product of the Operational Security Capabilities for
IP Network Infrastructure Working Group of the IETF.


INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-edi...@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


___
IETF-Announce mailing list
ietf-annou...@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce

Re: MX 80 advantages and shortcomings

[Chuck Anderson]

On Tue, Jul 05, 2011 at 12:48:45PM -0400, Paul Stewart wrote:
> Pros - small footprint, cost, feature rich
> Cons - no redundancy (other than power), 1/3rd the processor power

cons - being a different CPU architecture from its bigger cousins,
features tend to not appear at the same time on MX80 as the others.

Re: MX 80 advantages and shortcomings

[Joel Jaeggli]

I'd consult the list archive, since theres a couple recent and fairly lengthy 
threads on this.

joel

On Jul 5, 2011, at 8:56 AM, chavan sanjay wrote:

> Hi Team,
>  
> Can anyone enlighten me on the pros and cons of MX 80 platform
>  
> Thanks
> 
> Sanjay C.P.
> 
> --- On Tue, 7/5/11, nanog-requ...@nanog.org  wrote:
> 
> 
> From: nanog-requ...@nanog.org 
> Subject: NANOG Digest, Vol 42, Issue 5
> To: nanog@nanog.org
> Date: Tuesday, July 5, 2011, 5:30 PM
> 
> 
> Send NANOG mailing list submissions to
> nanog@nanog.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mailman.nanog.org/mailman/listinfo/nanog
> or, via email, send a message with subject or body 'help' to
> nanog-requ...@nanog.org
> 
> You can reach the person managing the list at
> nanog-ow...@nanog.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of NANOG digest..."
> 
> 
> Today's Topics:
> 
>1. cheapo UUFB solution for Cisco 7201 (Rogelio)
>2. Re: Firewall Appliance Suggestions (Curtis Maurand)
>3. RE: Firewall Appliance Suggestions (Jean CLERY)
>4. Re: Firewall Appliance Suggestions (Peter Nowak)
> 
> 
> --
> 
> Message: 1
> Date: Mon, 4 Jul 2011 11:34:11 -0300
> From: Rogelio 
> Subject: cheapo UUFB solution for Cisco 7201
> To: nanog@nanog.org
> Message-ID:
> 
> Content-Type: text/plain; charset=ISO-8859-1
> 
> I've got a Cisco 7201 with about 500 L2TPv2 tunnels, and I suspect
> that UUFB (unknown unicast flooding) is resulting in spiking (I put an
> ACL on to kill broadcast traffic, so I'm sure that's not related).
> I've googled and don't see anything for the 7201, just the 7600
> series.  :/
> 
> i.e. 
> http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/blocking.html
> 
> Anyone have any suggestions on (something cheap) that I can put in
> front of this box to spare it from (what I suspect) is a gateway that
> unicast floods when a MAC address has aged?
> 
> To add to my challenges, I'm in Brazil and importing gear is insanely
> effing difficult.  :/
> 
> --
> Also on LinkedIn?  Feel free to connect if you too are an open
> networker: scubac...@gmail.com
> 
> 
> 
> --
> 
> Message: 2
> Date: Mon, 04 Jul 2011 17:40:56 -0400
> From: Curtis Maurand 
> Subject: Re: Firewall Appliance Suggestions
> To: nanog@nanog.org
> Message-ID: <4e123368.7020...@xyonet.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:
>> Linux + iptables + fwbuilder
>> 
>> 
>> 
>> On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch  wrote:
>>> Howdy,
>>>  I am looking for something a little unique in a bit of a 
>>> tough situation with some sticky requirements.  First off, my requirements 
>>> are a little weird and I can't bend them a whole lot due to stipulations 
>>> being put on me.  I am in need a firewall appliance which can be run on 
>>> VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within 
>>> a single Phase 1.  I am also in need of something that can support VLAN 
>>> interfaces on the LAN side, and ideally something with multi zoning so I 
>>> can keep LAN side networks separate from each without ridiculous firewall 
>>> rules.  Meaning build a zone for "Customer network 1" and it displays 
>>> separately (ease of management and firewall config hopefully).  I need a 
>>> minimum of 10 "zones" on LAN side (/29 or /30), and NAT support for LAN to 
>>> WAN (to dedicate all outbound connections to a single IP from a specific 
>>> zone), ideally something extremely scalable (100-200 zones).  And here
> is the super fun part!  I need something that is going to be web managed 
> primarily as minions will be doing most of the day to day maintenance, or 
> very simple CLI config.  Willing to pay for something if need be, but looking 
> for something that can easily handly 50-100mbit of throughput.
>>> 
>>> Any Ideas?
>>> 
>>> Thanks!
>>> 
>>> Blake Pfankuch
>>> 
> Vyatta.  They have an appliance on their website.
> 
> --Curtis
> 
> 
> 
> 
> --
> 
> Message: 3
> Date: Tue, 5 Jul 2011 00:58:51 +0200
> From: "Jean CLERY" 
> Subject: RE: Firewall Appliance Suggestions
> To: "'Curtis Maurand'" ,
> Message-ID: 
> Content-Type: text/plain;charset="iso-8859-1"
> 
> Hi Blake
> Try www.netasq.com
> 
> Regards,
> Jean CLERY
> 
> 
> -Message d'origine-
> De?: Curtis Maurand [mailto:cmaur...@xyonet.com] 
> Envoy??: lundi 4 juillet 2011 23:41
> ??: nanog@nanog.org
> Objet?: Re: Firewall Appliance Suggestions
> 
> On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:
>> Linux + iptables + fwbuilder
>> 
>> 
>> 
>> On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch
> wrote:
>>> Howdy,
>>>  I am looking for something a little unique in a bit of a
> tough situation with some sticky requirements

Re: MX 80 advantages and shortcomings

[Paul Stewart]

Pros - small footprint, cost, feature rich
Cons - no redundancy (other than power), 1/3rd the processor power

Paul


On Tue, 5 Jul 2011, chavan sanjay wrote:


Hi Team,
 
Can anyone enlighten me on the pros and cons of MX 80 platform
 
Thanks

Sanjay C.P.

--- On Tue, 7/5/11, nanog-requ...@nanog.org  wrote:


From: nanog-requ...@nanog.org 
Subject: NANOG Digest, Vol 42, Issue 5
To: nanog@nanog.org
Date: Tuesday, July 5, 2011, 5:30 PM


Send NANOG mailing list submissions to
    nanog@nanog.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
    nanog-requ...@nanog.org

You can reach the person managing the list at
    nanog-ow...@nanog.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of NANOG digest..."


Today's Topics:

   1. cheapo UUFB solution for Cisco 7201 (Rogelio)
   2. Re: Firewall Appliance Suggestions (Curtis Maurand)
   3. RE: Firewall Appliance Suggestions (Jean CLERY)
   4. Re: Firewall Appliance Suggestions (Peter Nowak)


--

Message: 1
Date: Mon, 4 Jul 2011 11:34:11 -0300
From: Rogelio 
Subject: cheapo UUFB solution for Cisco 7201
To: nanog@nanog.org
Message-ID:
    
Content-Type: text/plain; charset=ISO-8859-1

I've got a Cisco 7201 with about 500 L2TPv2 tunnels, and I suspect
that UUFB (unknown unicast flooding) is resulting in spiking (I put an
ACL on to kill broadcast traffic, so I'm sure that's not related).
I've googled and don't see anything for the 7201, just the 7600
series.  :/

i.e. 
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/blocking.html

Anyone have any suggestions on (something cheap) that I can put in
front of this box to spare it from (what I suspect) is a gateway that
unicast floods when a MAC address has aged?

To add to my challenges, I'm in Brazil and importing gear is insanely
effing difficult.  :/

--
Also on LinkedIn?  Feel free to connect if you too are an open
networker: scubac...@gmail.com



--

Message: 2
Date: Mon, 04 Jul 2011 17:40:56 -0400
From: Curtis Maurand 
Subject: Re: Firewall Appliance Suggestions
To: nanog@nanog.org
Message-ID: <4e123368.7020...@xyonet.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:

Linux + iptables + fwbuilder



On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch  wrote:

Howdy,
                 I am looking for something a little unique in a bit of a tough situation with some 
sticky requirements.  First off, my requirements are a little weird and I can't bend them a whole 
lot due to stipulations being put on me.  I am in need a firewall appliance which can be run on 
VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within a single Phase 1.  I am 
also in need of something that can support VLAN interfaces on the LAN side, and ideally something 
with multi zoning so I can keep LAN side networks separate from each without ridiculous firewall 
rules.  Meaning build a zone for "Customer network 1" and it displays separately (ease of 
management and firewall config hopefully).  I need a minimum of 10 "zones" on LAN side 
(/29 or /30), and NAT support for LAN to WAN (to dedicate all outbound connections to a single IP 
from a specific zone), ideally something extremely scalable (100-200 zones).  And here

is the super fun part!  I need something that is going to be web managed 
primarily as minions will be doing most of the day to day maintenance, or very 
simple CLI config.  Willing to pay for something if need be, but looking for 
something that can easily handly 50-100mbit of throughput.


Any Ideas?

Thanks!

Blake Pfankuch


Vyatta.  They have an appliance on their website.

--Curtis




--

Message: 3
Date: Tue, 5 Jul 2011 00:58:51 +0200
From: "Jean CLERY" 
Subject: RE: Firewall Appliance Suggestions
To: "'Curtis Maurand'" ,    
Message-ID: 
Content-Type: text/plain;    charset="iso-8859-1"

Hi Blake
Try www.netasq.com

Regards,
Jean CLERY


-Message d'origine-
De?: Curtis Maurand [mailto:cmaur...@xyonet.com]
Envoy??: lundi 4 juillet 2011 23:41
??: nanog@nanog.org
Objet?: Re: Firewall Appliance Suggestions

On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:

Linux + iptables + fwbuilder



On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch

wrote:

Howdy,
                 I am looking for something a little unique in a bit of a

tough situation with some sticky requirements.  First off, my requirements
are a little weird and I can't bend them a whole lot due to stipulations
being put on me.  I am in need a firewall appliance which can be run on
VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within
a single Phase 1.  I am also in need of something that can support VLAN
interfaces on the LAN side,

Re: MX 80 advantages and shortcomings

[sthaug]

> Can anyone enlighten me on the pros and cons of MX 80 platform

There's been quite a bit of discussion about the MX80 on the
juniper-nsp list, and I recommend asking on that list instead
(if you don't find what you already need in the list archives).

As a general rule, people are more likely to be able to help you
if you specify *what* you might want to use the MX80 for.

Steinar Haug, Nethelp consulting, sth...@nethelp.no

MX 80 advantages and shortcomings

[chavan sanjay]

Hi Team,
 
Can anyone enlighten me on the pros and cons of MX 80 platform
 
Thanks

Sanjay C.P.

--- On Tue, 7/5/11, nanog-requ...@nanog.org  wrote:


From: nanog-requ...@nanog.org 
Subject: NANOG Digest, Vol 42, Issue 5
To: nanog@nanog.org
Date: Tuesday, July 5, 2011, 5:30 PM


Send NANOG mailing list submissions to
    nanog@nanog.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
    nanog-requ...@nanog.org

You can reach the person managing the list at
    nanog-ow...@nanog.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of NANOG digest..."


Today's Topics:

   1. cheapo UUFB solution for Cisco 7201 (Rogelio)
   2. Re: Firewall Appliance Suggestions (Curtis Maurand)
   3. RE: Firewall Appliance Suggestions (Jean CLERY)
   4. Re: Firewall Appliance Suggestions (Peter Nowak)


--

Message: 1
Date: Mon, 4 Jul 2011 11:34:11 -0300
From: Rogelio 
Subject: cheapo UUFB solution for Cisco 7201
To: nanog@nanog.org
Message-ID:
    
Content-Type: text/plain; charset=ISO-8859-1

I've got a Cisco 7201 with about 500 L2TPv2 tunnels, and I suspect
that UUFB (unknown unicast flooding) is resulting in spiking (I put an
ACL on to kill broadcast traffic, so I'm sure that's not related).
I've googled and don't see anything for the 7201, just the 7600
series.  :/

i.e. 
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/blocking.html

Anyone have any suggestions on (something cheap) that I can put in
front of this box to spare it from (what I suspect) is a gateway that
unicast floods when a MAC address has aged?

To add to my challenges, I'm in Brazil and importing gear is insanely
effing difficult.  :/

--
Also on LinkedIn?  Feel free to connect if you too are an open
networker: scubac...@gmail.com



--

Message: 2
Date: Mon, 04 Jul 2011 17:40:56 -0400
From: Curtis Maurand 
Subject: Re: Firewall Appliance Suggestions
To: nanog@nanog.org
Message-ID: <4e123368.7020...@xyonet.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:
> Linux + iptables + fwbuilder
>
>
>
> On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch  wrote:
>> Howdy,
>>                 I am looking for something a little unique in a bit of a 
>>tough situation with some sticky requirements.  First off, my requirements 
>>are a little weird and I can't bend them a whole lot due to stipulations 
>>being put on me.  I am in need a firewall appliance which can be run on 
>>VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within a 
>>single Phase 1.  I am also in need of something that can support VLAN 
>>interfaces on the LAN side, and ideally something with multi zoning so I can 
>>keep LAN side networks separate from each without ridiculous firewall rules.  
>>Meaning build a zone for "Customer network 1" and it displays separately 
>>(ease of management and firewall config hopefully).  I need a minimum of 10 
>>"zones" on LAN side (/29 or /30), and NAT support for LAN to WAN (to dedicate 
>>all outbound connections to a single IP from a specific zone), ideally 
>>something extremely scalable (100-200 zones).  And here
 is the super fun part!  I need something that is going to be web managed 
primarily as minions will be doing most of the day to day maintenance, or very 
simple CLI config.  Willing to pay for something if need be, but looking for 
something that can easily handly 50-100mbit of throughput.
>>
>> Any Ideas?
>>
>> Thanks!
>>
>> Blake Pfankuch
>>
Vyatta.  They have an appliance on their website.

--Curtis




--

Message: 3
Date: Tue, 5 Jul 2011 00:58:51 +0200
From: "Jean CLERY" 
Subject: RE: Firewall Appliance Suggestions
To: "'Curtis Maurand'" ,    
Message-ID: 
Content-Type: text/plain;    charset="iso-8859-1"

Hi Blake
Try www.netasq.com

Regards,
Jean CLERY


-Message d'origine-
De?: Curtis Maurand [mailto:cmaur...@xyonet.com] 
Envoy??: lundi 4 juillet 2011 23:41
??: nanog@nanog.org
Objet?: Re: Firewall Appliance Suggestions

On 6/30/2011 12:20 PM, Suresh Rajagopalan wrote:
> Linux + iptables + fwbuilder
>
>
>
> On Thu, Jun 30, 2011 at 8:50 AM, Blake T. Pfankuch
wrote:
>> Howdy,
>>                 I am looking for something a little unique in a bit of a
tough situation with some sticky requirements.  First off, my requirements
are a little weird and I can't bend them a whole lot due to stipulations
being put on me.  I am in need a firewall appliance which can be run on
VMware vSphere, with IPSEC support for multiple Phase 2 negotiations within
a single Phase 1.  I am also in need of something that can support VLAN
interfaces on the LAN side, and ideally something with multi zoning so I can
keep LAN side networks separate from each without r