Re: Experience on Wanguard for 'anti' DDOS solutions
Hello My 2 cents You can use Wanguard for the detection and A10 for the mitigation, you have just to play with the API. Regards Fabien > Le 12 août 2015 à 16:28, Ramy Hashish a écrit : > >> >> >> Date: Tue, 11 Aug 2015 08:14:54 +0200 >> From: "marcel.durega...@yahoo.fr" >> To: nanog@nanog.org >> Subject: Re: Experience on Wanguard for 'anti' DDOS solutions >> Message-ID: <55c992de.3020...@yahoo.fr> >> Content-Type: text/plain; charset=windows-1252; format=flowed >> >> anybody from this impressive list ?: >> >> https://www.andrisoft.com/company/customers >> >> -- Marcel >> >> >> > Anybody here compared Wanguard's performance with the DDoS vendors in the > market (Arbor, Radware, NSFocus, A10, RioRey, Staminus, F5 ..)? > > Another question, have anybody from the reviewers tested the false > positives of the box, or experienced any false positive incidents? > > Thanks, > > Ramy
Re: Radware vs Arbor
Hi, Maybe you can see what A10 Networks is doing. They build a new product dedicated to DDOS. Regards Fabien Le 26 sept. 2013 à 18:47, Tempest a écrit : > Doing a bunch of research, and I can't find a meaningful comparison of > these two products. Work for a carrier, and I am looking at implementing a > DDoS mitigation service that we can sell to our customers. Radware is > cheaper, but I am seeing a lot of noise in various forums that makes me > question their viability for what we need. Arbor has most of the market, > and I assume there is good reason for it. Both companies seem to be very > deceptive about how they compare to the other. Anyone out there with good > hands on experience that can compare? Not interested in input from either > company, we get plenty of that already. Good experience, or links to good > write ups would be excellent... > > Davis B.
Re: Verizon DSL moving to CGN
CGN is just a solution to save time, it is not a transition mechanism through IPv6 At the end (IPv6 at home) you will need at list : Dual stack or NAT64/ DNS64 My 2 cents On Apr 7, 2013, at 8:42 AM, Mikael Abrahamsson wrote: > On Sun, 7 Apr 2013, Christopher Morrow wrote: > >> I wonder how much more painful just upgrading the dsl plant to support v6 >> would be vs deploying the cgn equipment and funneling users through that :( > > IPv6 deployment is not a short term solution to IPv4 address depletion. Would > you be less upset if there was IPv6 access and CPE based DS Lite (ie your > IPv4 is still CGN:ed, just in a different way)? > > CGN is here to stay for IPv4. The solution for long term Internet growth is > IPv6. > > -- > Mikael Abrahamssonemail: swm...@swm.pp.se >
Re: Metro Ethernet, VPLS clarifications
I thought that PBB was dead :) if not forget VPLS and play with PBB and PBT :) Welcome in the "twilight zone" Fabien Le 6 févr. 2013 à 16:19, Adam Vitkovsky a écrit : > And for fun you can also do: > Ethernet over PBB to VPLS > Ethernet over PBB over VPLS -that's actually called EVPN > > adam > -----Original Message- > From: Fabien Delmotte [mailto:fdelmot...@mac.com] > Sent: Wednesday, February 06, 2013 4:07 PM > To: Scott Helms > Cc: NANOG; Abzal Sembay > Subject: Re: Metro Ethernet, VPLS clarifications > > Hi, > > My 2 cents > >> VPLS can be run across several different kinds of layer 1 & 2 >> technologies and is independent of the underlying technology because >> it builds it pseudo wires at layers 3 & 4. VPLS leverages technologies >> like Metro Ethernet and MPLS to extend a business' Ethernet LAN >> (technically the broadcast domain) to remote sites. At the end of the >> day you can use several kinds of tunneling technologies to provide VPLS, > including GRE, MPLS, and L2TPv3. > > For fun you can also do : > LDP VPLS over a GRE tunnel > LDP over a GRE tunnel within an encrypted network > > I can be wrong but VPLS is running over MPLS (rfc 4762) because it is using > LDP > > Regards > > Fabien > > > > Le 6 févr. 2013 à 15:41, Scott Helms a écrit : > >>> >>> From my understanding M-Ethernet is a some kind of service. >>> Standartized technology that allows to connect multiple different >>> networks. And it is independent from physical and datalink layers. >>> >> >> Metro Ethernet is a datalink (layer 2) protocol. It also has physical >> (layer 1) specifications though there are several kinds of physical >> medium that can be used. Most commonly its delivered over fiber >> (single or multi-mode depending on distance from the last active >> element) or cat 5E/6 twisted pair. >> >> >> >>> And nowadays which tecnology is the most used(VPLS or Metro)? What >>> about MPLS? Sorry I'm a little confused. I really want to understand. >>> >> >> VPLS can be run across several different kinds of layer 1 & 2 >> technologies and is independent of the underlying technology because >> it builds it pseudo wires at layers 3 & 4. VPLS leverages technologies >> like Metro Ethernet and MPLS to extend a business' Ethernet LAN >> (technically the broadcast domain) to remote sites. At the end of the >> day you can use several kinds of tunneling technologies to provide VPLS, > including GRE, MPLS, and L2TPv3. >> >> Here are the main two RFCs: >> >> http://tools.ietf.org/html/rfc4761 >> http://tools.ietf.org/html/rfc4762 >> >> >>> >>> >>> -- >>> Regards, >>> >>> Abzal >>> >>> >> >> >> -- >> Scott Helms >> Vice President of Technology >> ZCorum >> (678) 507-5000 >> >> http://twitter.com/kscotthelms >> > > >
Re: Metro Ethernet, VPLS clarifications
Hi, My 2 cents > VPLS can be run across several different kinds of layer 1 & 2 technologies > and is independent of the underlying technology because it builds it pseudo > wires at layers 3 & 4. VPLS leverages technologies like Metro Ethernet and > MPLS to extend a business' Ethernet LAN (technically the broadcast domain) > to remote sites. At the end of the day you can use several kinds of > tunneling technologies to provide VPLS, including GRE, MPLS, and L2TPv3. For fun you can also do : LDP VPLS over a GRE tunnel LDP over a GRE tunnel within an encrypted network I can be wrong but VPLS is running over MPLS (rfc 4762) because it is using LDP Regards Fabien Le 6 févr. 2013 à 15:41, Scott Helms a écrit : >> >> From my understanding M-Ethernet is a some kind of service. Standartized >> technology that allows to connect multiple different networks. And it is >> independent from physical and datalink layers. >> > > Metro Ethernet is a datalink (layer 2) protocol. It also has physical > (layer 1) specifications though there are several kinds of physical medium > that can be used. Most commonly its delivered over fiber (single or > multi-mode depending on distance from the last active element) or cat 5E/6 > twisted pair. > > > >> And nowadays which tecnology is the most used(VPLS or Metro)? What about >> MPLS? Sorry I'm a little confused. I really want to understand. >> > > VPLS can be run across several different kinds of layer 1 & 2 technologies > and is independent of the underlying technology because it builds it pseudo > wires at layers 3 & 4. VPLS leverages technologies like Metro Ethernet and > MPLS to extend a business' Ethernet LAN (technically the broadcast domain) > to remote sites. At the end of the day you can use several kinds of > tunneling technologies to provide VPLS, including GRE, MPLS, and L2TPv3. > > Here are the main two RFCs: > > http://tools.ietf.org/html/rfc4761 > http://tools.ietf.org/html/rfc4762 > > >> >> >> -- >> Regards, >> >> Abzal >> >> > > > -- > Scott Helms > Vice President of Technology > ZCorum > (678) 507-5000 > > http://twitter.com/kscotthelms >
Re: Switch and router
Hi Forget flow control, because you will use buffer and at the someone will not understant pause frame. Another issue is : with pause frame you block all the traffic from the outbound port ... So very dangerous. Best way : big pipe. Regards Fabien Envoyé de mon iPad Le 6 févr. 2012 à 22:41, Ann Kwok a écrit : > Hello > > There is big congestion between router and switch > > I read some documents about flowcontral > > Do I disable or adjust flowcontral at the same? > > Can flowcontral solve the congestion issue? > > How can I adjust flowcontral in cisco router and HP switch? > > Thank you so much
Re: 10G switchrecommendaton
Partially agree, Extreme has a "quit" good TCL implementation, and you can develop a lot of things around that. The system is able to reconfigure itself without external management console (SNMP) Fabien Le 27 janv. 2012 à 14:53, Drew Weaver a écrit : > I would like to point out that in my experience if you do a lot of > coding/devops/automation work with SNMP extreme is a lot harder to work with > than Cisco and some of their OIDs/MIBs produce unusual results. > > Thanks, > -Drew > > > -Original Message- > From: Grant Ridder [mailto:shortdudey...@gmail.com] > Sent: Friday, January 27, 2012 3:54 AM > To: Erik Bais > Cc: nanog list > Subject: Re: 10G switchrecommendaton > > I have experience with the Extreme's Alpine, Blackdiamond, x250, and x450 and > i discovered that the command line is fairly different than Cisco, HP, or > Dell. However, since they are a relatively small company with a small but > strong customer base, their support is fairly good. I can't speak for > 10G/40G implementations, but from my experiences, they support has a quick > response time and they do quite a bit of lab replication to figure out the > exact root cause. > > -Grant > > On Fri, Jan 27, 2012 at 2:32 AM, Erik Bais wrote: > >> We have a full purple network, so my answer for this would be Extreme >> Networks. >> >> Check out the Lipis report on the X670 / x670v 48 port 10G 1U switches. >> >> vs other vendor equipment : >> >> http://www.extremenetworks.com/libraries/products/ExtremeX670V_Lippis% >> 20Report_Fall.pdf >> >> >> Regards, >> Erik Bais >> >> Verstuurd vanaf mijn iPad >> >> Op Jan 26, 2012 om 21:20 heeft Deric Kwok >> het volgende geschreven: >> >>> Hi all >>> >>> I would like to have 10G switchrecommendaton Ipref software can test >>> around 9.2G but we can have congestion over 6G in single port! >>> >>> Thank you >>> >> >> >
Re: 10G switchrecommendaton
You can use BGP only for the default route no more :) forget a full view Le 27 janv. 2012 à 15:34, Fabien Delmotte a écrit : > Only for a full table BGP, in fact it is not able to learn a full BGP table. > The X480 could do it, but it is very slow and they miss some features > > Fabien > > > Le 27 janv. 2012 à 11:25, Leigh Porter a écrit : > >> >> On 27 Jan 2012, at 10:21, "Fabien Delmotte" wrote: >> >>> I worked for Extreme, and I deployed a lot of X650 (24 10G ports) for >>> DataCenter environment. The box is really good. >>> In fact if you use the box at a layer 2 it is perfect, BUT DON'T use their >>> BGP code, they never understood what is BGP :) >> >> Is that don't use for Internet facing full table BGP or do you include iBGP >> for say VPN as well? >> >> -- >> Leigh >> >> >> __ >> This email has been scanned by the Symantec Email Security.cloud service. >> For more information please visit http://www.symanteccloud.com >> __ >
Re: 10G switchrecommendaton
Only for a full table BGP, in fact it is not able to learn a full BGP table. The X480 could do it, but it is very slow and they miss some features Fabien Le 27 janv. 2012 à 11:25, Leigh Porter a écrit : > > On 27 Jan 2012, at 10:21, "Fabien Delmotte" wrote: > >> I worked for Extreme, and I deployed a lot of X650 (24 10G ports) for >> DataCenter environment. The box is really good. >> In fact if you use the box at a layer 2 it is perfect, BUT DON'T use their >> BGP code, they never understood what is BGP :) > > Is that don't use for Internet facing full table BGP or do you include iBGP > for say VPN as well? > > -- > Leigh > > > __ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > __
Re: 10G switchrecommendaton
I worked for Extreme, and I deployed a lot of X650 (24 10G ports) for DataCenter environment. The box is really good. In fact if you use the box at a layer 2 it is perfect, BUT DON'T use their BGP code, they never understood what is BGP :) Regards Fabien Le 27 janv. 2012 à 09:54, Grant Ridder a écrit : > I have experience with the Extreme's Alpine, Blackdiamond, x250, and x450 > and i discovered that the command line is fairly different than Cisco, HP, > or Dell. However, since they are a relatively small company with a small > but strong customer base, their support is fairly good. I can't speak for > 10G/40G implementations, but from my experiences, they support has a quick > response time and they do quite a bit of lab replication to figure out the > exact root cause. > > -Grant > > On Fri, Jan 27, 2012 at 2:32 AM, Erik Bais wrote: > >> We have a full purple network, so my answer for this would be Extreme >> Networks. >> >> Check out the Lipis report on the X670 / x670v 48 port 10G 1U switches. >> >> vs other vendor equipment : >> >> http://www.extremenetworks.com/libraries/products/ExtremeX670V_Lippis%20Report_Fall.pdf >> >> >> Regards, >> Erik Bais >> >> Verstuurd vanaf mijn iPad >> >> Op Jan 26, 2012 om 21:20 heeft Deric Kwok het >> volgende geschreven: >> >>> Hi all >>> >>> I would like to have 10G switchrecommendaton >>> Ipref software can test around 9.2G but we can have congestion over 6G >>> in single port! >>> >>> Thank you >>> >> >>
Re: accessing multiple devices via a script
Hello, You can use also rancid. Regards Fabien Le 17 janv. 2012 à 20:44, Abdullah Al-Malki a écrit : > Thank you all for your recommendations. > I will sit this weekend and evaluate what fits into my requirements. > > Thanks all > > On Mon, Jan 16, 2012 at 5:05 AM, Rafael Rodriguez > wrote: > >> If your looking for something interactive, check out Mr. CLI >> >> Sent from my iPhone >> >> On Jan 15, 2012, at 12:52, Abdullah Al-Malki >> wrote: >> >>> Hi fellows, >>> I am supporting a big service provider and sometimes I face this problem. >>> Sometimes I want to access my customer network and want to extract some >>> verification output "show commands" from a large number of devices. >>> >>> What kind of scripting solutions you guys are using this case. >>> >>> Appreciate the feedback, >>> Abdullah >>
Re: Foundry MRP cohabit with STP
Hi, You cannot enable MRP and STP on the same physical interface, but you can enable MRP on a specific interface and STP on another, the only issue is MRP and STP are using the CPU, so if you loose a hello packet you may have some network instability. Regards Fabien P.S je suis en France si tu as besoin. Le 15 nov. 2011 à 10:30, Viet-Hung Ton a écrit : > Hi, > > > We are deploying a network using MRP of Foundry (Metro Ring Protocol of > Brocade now) and STP (in this case Rapid Spanning Tree Protocol-802.1W). The > problem is that in some networking segment, we must enable both of protocols > in the same interfaces and vlans for the correct function of our network. By > the way, as MRP and STP are 2 protocols of loop prevention, the devices of > Brocade force us choosing and activating just one among them that not our > intention. > > > Anybody has the same situation of some experiences in this case: how to make > coexist these two protocols. (MRP and STP). > > Best thanks, > > > Viet Ton. > > > >
