Re: [swinog] Archive.org blocked in .CH soon, too?
On 15 Jan 2009, at 19:08, Silvan Gebhardt wrote: > I just read about the blocking of archive.org (which is for me an > ususal site(!) > (http://www.heise.de/newsticker/Britische-Jugendschuetzer-lassen-Internet-Archiv-blockieren--/meldung/121754 > ) is one source, which refers to > http://www.theregister.co.uk/2009/01/14/iwf_details_archive_blacklisting/ Hi, The IWF in the UK 'blocked' Wikipedia recently because of the portrayal of cover art from a 1970s LP record on their website. Information about this is here. https://publicaffairs.linx.net/news/?p=821 You may find this interesting, if you found the above story interesting. Thanks Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPV6 Go (lazy providers)
On 26 Feb 2009, at 08:50, Andreas Fink wrote: > Sorry but "most windows PCs and home servers would need some tuning > for v6" is just WRONG. > If you have a proper configured IPv6 router and you plug a MacOS X > or Linux box, they get IPv6 addresses automatically and are > connected. This is part of the beauty of IPv6 to have > autoconfiguration. I agree with you, because I have a very good router at home, and Mac OSX - and as you say it just works. But - There seems to be no consensus about how to serve end user addressing for ipv6 - Because there is no clear standard, there are no "normal" consumer CPE that support ipv6. When both of these things happen, some clever people who understand how people buy can invent a 'made for the new internet' sticker that all of the CPE will want to carry on their packaging, and the CPE problem will eventually go away. .. In my opinion. :-) Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPV6 Go (lazy providers)
On 26 Feb 2009, at 12:09, Stanislav Sinyagin wrote: > At home, 80% of computers are not ipv6 ready, and 99% of users have > no idea what it is. > In mass-market hardware shops, ipv6 is terra incognita. They don't know what ipv4 is. The users just want the services. The role of the ISP and CPE is to enable access to services. It should be transparent. ... again, in my opinion :-) Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPV6 Go (lazy providers)
On 26 Feb 2009, at 16:34, Leo Vegoda wrote: > Just labelling things as "new" doesn't mean they'll sell. People > will want > to know what what "new" features they'll get on the "new" Internet. > Will it > be faster? Will there be new content? With DOCSIS 3.0 there is the > promise > of faster connections, which may well be a selling point to > consumers. I am > not sure what IPv6 feature will sell a product to an ordinary > consumer. I > don't think the new features are easy to convey in a sound-bite or a > sticker. I think you over-estimate the average consumer, and under-estimate the ability for the major stores to push the things with the largest amount of stickers to the average end-user. Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Censurship in Germany Take 2
On 20 Apr 2009, at 21:49, Peter Guhl Listenempfänger wrote: > Well, it depends. While blocking without loggin isn't good for > anything at all In the UK we have -- we are told -- blocking without logging, because the intent of the blocking is to prevent the *accidental* discovery of child abuse images. Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Powerfull Routers
On 22 Jun 2009, at 23:25, Reza Kordi wrote: > I am looking for a redundant pair of BGP routers to deal with 0.5-1 > Gbps Internet upstreams capacity with currently 5 but growing number > of interconnects. > > Not sure which Cisco or Juniper platform would fit best still > leaving some headroom for the future growth. > > ---I know the specs, I am looking for real life figures--- > PS: Main traffics are Video and Voice Hi, Reza Do you need a bgp full table ? If not this opens your options at the cheaper end of the market. If so, then I hope you like shopping. :-) Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] ISPs offering IPv6 transit to multi-homed customers in Geneva
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo Vegoda wrote: > I am at ITU World in Geneva and have just spoken to a gentleman who > wants to buy IPv6 transit for his multi-homed network. I’d like to > e-mail him a list of ISPs that offer IPv6 transit services but don’t > think I know all the Swiss ISPs offering it at the moment. Hey Leo -- Fredy at init7 has done a lot of work to promote good operational v6 practice in Switzerland so it makes sense to mention his offering. I think those guys are at Equinix Geneva. If your new contact needs help with the keyboard jockeying to get his v6 bits flowing, please remember me ;-) Thanks Andy -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrSExgACgkQiZH/Ysy8vppT4QCeKBfvWUvPIcnm+mcxo17jYIe1 UgMAn2nvtYA35W2j4DD5rLXiLpL+jFkK =TT+a -END PGP SIGNATURE- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] killer app for IPv6
Stanislav Sinyagin wrote: > some time ago we already discussed that there's no killer application that > would > push the ipv6 deployment forward. Errr, more addresses. Wait until there's no more v4 left. Bang. Killer app. Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Functional Tests - only Nagios?
On 28 Jan 2010, at 12:12, Luca Cappiello wrote: > I'm curious if anybody knows a good framework/application, which is used > for functional tests in enterprise environments. Are any solutions out > there, able to perform a operational check of all services (databases, > remote access, running processes...) after updates, patches or changes > of security baselines? Nagios would be probably the best choice, but > maybe there other concepts I'm not aware of. We like Nagios a lot, and also have been tracking the progress of Icinga, which is a nagios fork, with a similar behaviour to nagios, but the development team are concentrating on the interface ! Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] 4-Byte Private ASN
On 10 May 2010, at 13:00, tu...@tuxli.net wrote: > are there any 4-byte ASN ranges reserved for private use? No - in the 'after world', when everyone is running router code that can support as4, there intention of the assignment policy is that there will be no distinction between 0-65535 and 65536-4b - they will just be 'AS Numbers', so no need to augment the private range of 64512-65534. If you want to do some internal testing, 65536-65551 looks pretty juicy... Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Best Sales 2010!
On 10 Aug 2010, at 11:18, Fredy Kuenzler wrote: > Disagree. This is the first spam in the list for years. If you find at least > three volounteers to moderate the list with guaranteed response time we can > talk about moderation, but even then I don't think it's necessary. This list > became rather low volume in the recent past, despite that it has today 863 > subscribers, and there is not much noise either. Half way house. :-) It should be possible to configure the MLM to pass messages from subscribed members instantly, and hold posts from unsubscribed individuals for moderation. Best wishes Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RANCID alternative
Hi, Stanislav, everyone -- On 11 Oct 2010, at 19:34, Stanislav Sinyagin wrote: > I'm currently working on a new open-source project. Many of you > know the imperfections of RANCID software, and this project is made to > dramatically change this. This is great news, we use rancid all of the time, and find that adding functionality and bespoke behaviour is quite hard work, further when we deviate our custom changes to the scripts it makes it harder to track mainline rancid releases. I love your idea to make the custom behaviour work as pure configuration and via a plugin architecture. Please do preserve the best features of rancid, the main is that configuration is backed up into a version control system, so inspecting former config dating back months or years is possible. Using svn rather than cvs would be nice so that we can run it alongside our codebase. A choice of version control back ends would make a lot of people happy I think. :-) Also, make sure there is an option to 'blank out' passwords in the stored configuration. Some way to import the former rancid cvs database might be a neat feature, but we can probably survive without this by running rancid in parallel with your software for six months or a year. It's really important that a community grows around this software, so that we can both contribute and download plugins for many vendors and config dialects. I'd be delighted to volunteer mailing list hosting. I also would really like to follow development in an rss format so that I can tune our noc guys in and we can start to help with testing and building the community when the features we really need are in the software. Congratulations on getting this far, good luck, and ask for help before you need it :-) Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] BGP Origin ASN Validation
On 15 Nov 2010, at 10:27, Viktor Steinmann wrote: > Wouldn't that do it? > > ! > route-map bar deny 10 > match invalid Hi, Works *only* if you had a direct adjacency with the network being spoofed. If your upstream sends you a /22, and a spoofed /24, you can drop the spoofed /24, but as soon as you send the packet upstream, it will still end up with the spoofer. Another argument in favour of being widely peered. :-) Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Recommanded IOS Package for 7206VXR + NPE400 to do IPv6/BGP + AS Number 4-byte
On 11 Jul 2011, at 17:23, Patrick Studer wrote: > We want to go a step further with our infrastructure and start > testing/implementing IPv6. > > Has anybody here a 7206VXR + NPE400 running and doing IPv6 / Full BGP / > 4-byte ASN? If yes, which > IOS Version and Package do you have installed. How much memory / flash do you > have installed? > > We currently have “only” two upstreams and some SwissIX peering. Hey Patrick. :-) I was running some 7206 in my past job, although these had an NPE-G1 or NPE-G2, with 1GB of RAM. You need Advanced IP Services or Advanced Enterprise services for v6 routing, and Multiprotocol (i.e. v4 and v6) BGP. You need 12.4(24)T, or 12.2(33)SRE1 (or later, including all 15.0) for 4 byte ASNs. So you should get away with, assuming your NPE has the storage and RAM : c7200-advipservicesk9-mz.12.2-33.SRE1 to SRE4, or c7200-advipservicesk9-mz.124-24.T5.bin. And of course, we at as6939/he.net would like to help with your v6. :-) Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Transparent 1Gig Ethernet over IP/Ethernet?
Hi, Chris You wrote: > I need to transparently (especially LACP frames) transport a gigabit > ethernet link with at least 1500 MTU over either IP or Ethernet. Jumbo > frames are enabled on the L2 transport backbone. While I need "full" > (some encap overhead will be acceptable) GigE wire speed, encryption > is unnecessary. > Can anyone suggest a product -ideally some low-maintenance, > high-reliability, perhaps ASIC-based hardware- that can do this? You definitely want hardware forwarding well before the Gig-E traffic level, especially if you plan to have several of them. The MPLS capable Extreme X-series boxes have a feature that can do this well (vpws) and are the cheapest cost-per-port that I can find at the 10GE and 1GE levels. You're looking at the X460 models for Gig copper/SFP, or X670 for 10GE capable SFP+. They are great for deployments which don't need a large number of MPLS LSPs across the platform, or a large number of VPLS instances terminating on the same box (point to point ethernet links that you configure burn two such VPLS instances). Based on what you have written, if there is nothing more complicated with your requirement, I would probably go for the boxes. They don't do so well on high-reliability depending on what you mean - the boxes I run have a reliable history, but they don't have a redundant control plane, redundant power supplies, etc. There can be management-plane limitations sometimes (the config format and cli hurt, and the otherwise great automation isn't complete in the pseudo wire area). There are some other weird limitations which have hurt me on some designs (inability to wrap a single vlan into many vpls instances on a single port is one use case I really want). I run two networks that offer e-line services, one uses Extreme, the other does not. Talk to me off list any time if you want more information. Best wishes, Andy ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
