Re: IPv6 Netowrk Device Numbering BP
On Sat, Nov 3, 2012 at 8:28 AM, Karl Auer wrote: > - if you need to remember an IP address, you are doing it wrong Because DNS always works flawlessly and you never need to remember IP addresses, right ? > - cultural sensitivity and plain good sense suggest that many words or > combinations might not be a good idea. How do your female techs feel > about "BAD:BABE"? Only marginally better than they feel about > "B16:B00B:EEZ", probably. Your markets in India, with its 900 million > Hindus, might take a dim view of "DEAD:BEEF". Etc. I think you're looking for problems where there are none. I see nothing wrong with BAD:BABE or with DEAD:BEEF. Your thinking suggests that there are only good babes and live beef, which is wrong on so many levels. Positive discrimination is as bad as discrimination and it creates more problems than it solves. In India you can have beef steak at restaurants, so I see no problem with the term. > > - clever addresses are guessable addresses for scanners, and highly > identifiable in data as probably attached to high-value targets What is a clever IP address ?
Re: Looking for recommendation on 10G Ethernet switch
On Fri, Nov 2, 2012 at 5:13 PM, Eric Germann wrote: > Colleagues, > > I'm looking for a recommendation on a smallish 10G Ethernet switch for a > small virtualization/SAN implementation (4-5 hosts, 2 SAN boxes) over > iSCSI with some legacy boxes on GigE. > > Preferably > > - 8-16 10G ports > - several GigE ports for legacy GigE hosts or cross connect to a legacy > GigE switch > - preferably not a large chassis based solution with blades > > The hosts aren't going to be driving full line rate, nor the SAN boxes > providing full line rate, but their offered loads will definitely exceed > 1Gbps. Assessing whether it is better to go 10G now vs. multi-pathing > with quad GigE cards. Trying to find the best solution for > 1G on a > trunk and < $50K per box. You can look ar Brocade TurboIron 24. It has 24 ports of 1/10G depending on the SFP you put in.
Re: Looking for recommendation on 10G Ethernet switch
ARISTA 7xxx series would be one of the options to consider cheers! Gopi... __ please ignore typo's if any... sent from handheld device __ Eugeniu Patrascu wrote: >On Fri, Nov 2, 2012 at 5:13 PM, Eric Germann wrote: >> Colleagues, >> >> I'm looking for a recommendation on a smallish 10G Ethernet switch for a >> small virtualization/SAN implementation (4-5 hosts, 2 SAN boxes) over >> iSCSI with some legacy boxes on GigE. >> >> Preferably >> >> - 8-16 10G ports >> - several GigE ports for legacy GigE hosts or cross connect to a legacy >> GigE switch >> - preferably not a large chassis based solution with blades >> >> The hosts aren't going to be driving full line rate, nor the SAN boxes >> providing full line rate, but their offered loads will definitely exceed >> 1Gbps. Assessing whether it is better to go 10G now vs. multi-pathing >> with quad GigE cards. Trying to find the best solution for > 1G on a >> trunk and < $50K per box. > >You can look ar Brocade TurboIron 24. It has 24 ports of 1/10G >depending on the SFP you put in. >
Re: IPv6 Netowrk Device Numbering BP
On Mon, 2012-11-05 at 10:07 +0200, Eugeniu Patrascu wrote: > On Sat, Nov 3, 2012 at 8:28 AM, Karl Auer wrote: > > - if you need to remember an IP address, you are doing it wrong > Because DNS always works flawlessly and you never need to remember IP > addresses, right ? If you are NOT memorising IP addresses and NOT wasting time on fragile encodings buried in your IP addresses, then your addressing is more robust and more flexible. So you occasionally have a problem with whatever system maps your IP addresses to human-usable entities - so what? You can't memorise ALL your addresses, so you have that problem anyway. And let's not forget your (possibly emergency) replacement - sure, *you* have lots of addresses memorised, but what about other people? You need a suitable mapping system *anyway*. > I think you're looking for problems where there are none. I see > nothing wrong with BAD:BABE or with DEAD:BEEF. Your thinking suggests > that there are only good babes and live beef, which is wrong on so > many levels. Positive discrimination is as bad as discrimination and > it creates more problems than it solves. *You* don't see a problem, so there is no problem? I *personally* have no problem with either example, but I can see how others might, and how others might have a problem with constructs similar in nature to these ones. I think it is likely that others would find those sorts of things objectionable, I see no benefit to using them, and I see several technical and non-technical disadvantages to using them - so my recommendation is not to use them. As to "my thinking", your comments on that are confused. I don't recommend crafting words, regardless of what words they are. How you got from one OP-supplied example and one well-known example to "my thinking" and thence to positive discrimination is a mystery to me. The OP asked for reasons why embedding wordiness in IPv6 addresses might not be a good idea. I gave several reasons, some technical, some not. You've attacked two non-technical ones, with counterarguments that amount to "is not!". > > - clever addresses are guessable addresses for scanners, and highly > > identifiable in data as probably attached to high-value targets > What is a clever IP address ? One that has obviously been constructed by a human - such as one containing readable words, obvious numeric patterns and the like. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://www.biplane.com.au/blog GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Re: Looking for recommendation on 10G Ethernet switch
The Juniper ex4500/4550 could work, small chassis, can be made part of a virtual chassis. Works well in an enterprise setup but can cause configuration headaches if within a service provider environment where vlans need to be translated. Darius On Fri, Nov 2, 2012 at 4:13 PM, Eric Germann wrote: > Colleagues, > > I'm looking for a recommendation on a smallish 10G Ethernet switch for a > small virtualization/SAN implementation (4-5 hosts, 2 SAN boxes) over > iSCSI with some legacy boxes on GigE. > > Preferably > > - 8-16 10G ports > - several GigE ports for legacy GigE hosts or cross connect to a legacy > GigE switch > - preferably not a large chassis based solution with blades > > The hosts aren't going to be driving full line rate, nor the SAN boxes > providing full line rate, but their offered loads will definitely exceed > 1Gbps. Assessing whether it is better to go 10G now vs. multi-pathing > with quad GigE cards. Trying to find the best solution for > 1G on a > trunk and < $50K per box. > > Any recommendations appreciated. > > Thanks > > EKG > > >
Operational Experience with SSR
All, I was looking for anyone who has operational experience with the SSR platform used as a SGW and/or PGW function in mobile environment. Please contact me off-list. Thanks, Victor Kuarsingh
Re: NJ impact
On 10/31/2012 12:24 PM, Alex Rubenstein wrote: I had to summarize this recently for a news article I was interviewed for, so I figured I forward: > Of our three datacenters, this is what we saw: Parsippany 1 (OCT) - The worst we saw here was several sub-second power hits. UPS's held without problem, and we did not transfer to generator at all yet. Parsippany 2 (WBR) - Transferred to generator at about 7:55 PM EST Monday as a precautionary measure due to ongoing utility power hits. However, shortly after transfer, utility voltage went to 0 on all phases; around 10p power returned, but abnormally high (seeing about 550 volts on 480 volt bus). We retransferred last night as utility voltage settled down. Cedar Knolls 1 (MMU) - Briefly transferred to generator around 7:10, then back to utility. We then force transferred to generator around 8pm and stayed until this morning. Returned to utility and all systems are normal. I would be interested to know how the power outages due to the storm have negatively affected air pollution and the smog problem in the area. Due to generators burning huge amounts of diesel, generators which undoubtedly have no meaningful air pollution control to speak of. http://www.nytimes.com/2012/09/23/technology/data-centers-waste-vast-amounts-of-energy-belying-industry-image.html?pagewanted=all&_r=0 "Most data centers, by design, consume vast amounts of energy in an incongruously wasteful manner, interviews and documents show. Online companies typically run their facilities at maximum capacity around the clock, whatever the demand. As a result, data centers can waste 90 percent or more of the electricity they pull off the grid, The Times found. To guard against a power failure, they further rely on banks of generators that emit diesel exhaust. The pollution from data centers has increasingly been cited by the authorities for violating clean air regulations, documents show. In Silicon Valley, many data centers appear on the state government’s Toxic Air Contaminant Inventory, a roster of the area’s top stationary diesel polluters." Greetings, Jeroen -- Earthquake Magnitude: 4.6 Date: Monday, November 5, 2012 13:07:59 UTC Location: western Xizang Latitude: 28.4112; Longitude: 86.2001 Depth: 65.60 km
dhcpy6d - a MAC address aware DHCPv6 server
Hello World, like other people we had the problem that existing DHCPv6 servers do not evaluate the MAC address of clients, following RFC 3315. The IPv4 clients already are managed via their MAC addresses so we wanted to use these identifiers for IPv6 too for our dualstack network. At the end we had to write our own DHCPv6 server dhcpy6d which I want to present here to a larger audience. It runs on Linux, tested on Debian and CentOS. It gets the client MAC addresses from neighbor cache by calling "ip -6 neigh" and caches them itself, allowing to access the already working MAC-based IPv4 infrastructure. This obviously only works on the local subnet but might be worked around with several servers being connected via database storage of clients and leases. Features are: - identifies clients by MAC address, DUID or hostname - generates addresses randomly, by MAC address, by range or by given ID - filters clients by MAC, DUID or hostname - assignes more than one address per client - allows to organize clients in different classes - stores leases in MySQL or SQLite database - client information can be retrieved from database or textfile - dynamically updates DNS (Bind) We run it with ~500 clients without problems. I am interested if it would run in larger environments too. If not, how to make it running. Bugs and ideas how to improve it are welcome too. Packages are not yet available but the Python code should run as is. See further details at http://dhcpy6d.ifw-dresden.de Best regards Henri Wahl -- Henri Wahl IT Department Leibniz-Institut für Festkörper- u. Werkstoffforschung Dresden tel. (03 51) 46 59 - 797 email: h.w...@ifw-dresden.de http://www.ifw-dresden.de Nagios status monitor for your desktop: http://nagstamon.ifw-dresden.de IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden VR Dresden Nr. 1369 Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: dhcpy6d - a MAC address aware DHCPv6 server
cool. this is the fifth version of a DHCP server modified to work with IPv4 and IPv6 in accord with the DHCP specs. a feature request... some sites run IVI, and so the have a MAC and and v6 address and need to be dynamically assigned a v4 address. My crude attempt uses the last 48bits of the v6 address asa proxy MAC. It works ok in my small network. It might be useful in larger nets that run IVI or carrier-grade NAT ... /bill On Mon, Nov 05, 2012 at 09:14:54AM +0100, Henri Wahl wrote: > Hello World, > like other people we had the problem that existing DHCPv6 servers do not > evaluate the MAC address of clients, following RFC 3315. The IPv4 > clients already are managed via their MAC addresses so we wanted to use > these identifiers for IPv6 too for our dualstack network. > > At the end we had to write our own DHCPv6 server dhcpy6d which I want to > present here to a larger audience. It runs on Linux, tested on Debian > and CentOS. It gets the client MAC addresses from neighbor cache by > calling "ip -6 neigh" and caches them itself, allowing to access the > already working MAC-based IPv4 infrastructure. This obviously only works > on the local subnet but might be worked around with several servers > being connected via database storage of clients and leases. > > Features are: > - identifies clients by MAC address, DUID or hostname > - generates addresses randomly, by MAC address, by range or by given ID > - filters clients by MAC, DUID or hostname > - assignes more than one address per client > - allows to organize clients in different classes > - stores leases in MySQL or SQLite database > - client information can be retrieved from database or textfile > - dynamically updates DNS (Bind) > > We run it with ~500 clients without problems. I am interested if it > would run in larger environments too. If not, how to make it running. > Bugs and ideas how to improve it are welcome too. > > Packages are not yet available but the Python code should run as is. > > See further details at http://dhcpy6d.ifw-dresden.de > > Best regards > Henri Wahl > > -- > Henri Wahl > > IT Department > Leibniz-Institut f|r Festkvrper- u. > Werkstoffforschung Dresden > > tel. (03 51) 46 59 - 797 > email: h.w...@ifw-dresden.de > http://www.ifw-dresden.de > > Nagios status monitor for your desktop: > http://nagstamon.ifw-dresden.de > > IFW Dresden e.V., Helmholtzstra_e 20, D-01069 Dresden > VR Dresden Nr. 1369 > Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle >
Re: IPv6 Netowrk Device Numbering BP
On Sat, 03 Nov 2012 00:44:14 -0500, Randy said: > > Veering off this topic's course, Is there any issue with addresses like > this ? > 2001:470:1f00:1aa:abad:babe:8:beef < I have a bunch of these type > 'addresses' configured for my various machines. > > I make it a point to come up with some sort of 'hex' speak address, what > are peoples opinions on this? Google for "microsoft hyperv hex constant". Show the results to whoever handles your PR. Follow their advice. pgplY5qf3lYam.pgp Description: PGP signature
Re: Looking for recommendation on 10G Ethernet switch
Dell Force10 S4810 is a decent ToR switch: 48 dual-speed 1/10GbE (SFP+) ports and four 40GbE (QSFP+) uplinks Peter > > > On Fri, Nov 2, 2012 at 4:13 PM, Eric Germann wrote: > >> Colleagues, >> >> I'm looking for a recommendation on a smallish 10G Ethernet switch for a >> small virtualization/SAN implementation (4-5 hosts, 2 SAN boxes) over >> iSCSI with some legacy boxes on GigE. >> >> Preferably >> >> - 8-16 10G ports >> - several GigE ports for legacy GigE hosts or cross connect to a legacy >> GigE switch >> - preferably not a large chassis based solution with blades >> >> The hosts aren't going to be driving full line rate, nor the SAN boxes >> providing full line rate, but their offered loads will definitely exceed >> 1Gbps. Assessing whether it is better to go 10G now vs. multi-pathing >> with quad GigE cards. Trying to find the best solution for > 1G on a >> trunk and < $50K per box. >> >> Any recommendations appreciated. >> >> Thanks >> >> EKG >> >> >>
RE: NSA and the exchanges
And don't forget about the NSA's "Operation Backhoe". What more convenient way of installing a tap than cutting the fibre, then installing a passive tap while repairs are in progress ... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org > -Original Message- > From: John Adams [mailto:j...@retina.net] > Sent: Wednesday, 31 October, 2012 12:38 > To: andy lam > Cc: nanog@nanog.org > Subject: Re: NSA and the exchanges > > Allegedly? No, definately. > > https://www.eff.org/nsa-spying > > https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf > > > > -j > > On Wed, Oct 31, 2012 at 11:25 AM, andy lam wrote: > > > Anyone knows if there's a way to find out how involved NSA monitors 151 > > front street at Toronto? NSA allegedly monitors data centres in the US, > > but does it have the same influence at a building sitting in its neighbor's > > soil? > > > > There's something on the web like www.ixmaps.ca that tries to piece it > > together. but not sure how helpful the information on there really is? > > > > > > feedback welcome. > >
RE: NSA and the exchanges
That would be the CSE, not CSIS ... --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org > -Original Message- > From: Erik Soosalu [mailto:erik.soos...@calyxinc.com] > Sent: Wednesday, 31 October, 2012 12:53 > To: jim deleskie; andy lam > Cc: nanog@nanog.org > Subject: RE: NSA and the exchanges > > I'd assume the NSA and CSIS would be talking as needed. > > Whether CSIS is actually monitoring in there is another question. I'd > assume yes, but have never heard anything to confirm or deny. > > > -Original Message- > From: jim deleskie [mailto:deles...@gmail.com] > Sent: Wednesday, October 31, 2012 2:37 PM > To: andy lam > Cc: nanog@nanog.org > Subject: Re: NSA and the exchanges > > If your talking "the NSA" I doubt anyone would tell you. That being > said: it would mean the US gov't breaking Canadian law I suspect. Now > in Canada it is quite possible that the Canadian Fed gov't monitors > traffic but I would also say no one would tell you because telling you > would also be in violation in wiretap laws. > > Best advice, assume they do and hope they don't. :) > > -jim > > On Wed, Oct 31, 2012 at 3:25 PM, andy lam wrote: > > Anyone knows if there's a way to find out how involved NSA monitors > 151 front street at Toronto? NSA allegedly monitors data centres in the > US, but does it have the same influence at a building sitting in its > neighbor's soil? > > > > There's something on the web like www.ixmaps.ca that tries to piece it > together. but not sure how helpful the information on there really is? > > > > > > feedback welcome. > >