It's not the Cisco bashing I was referring to, but the all singing all
dancing Juniper performance claim.
That would not have anything to do with Juniper sucking the least?
Alex
imagestream does this, afaik. not too familiar with their offerings
though.
I stand corrected. The following page comparing Cisco and Imagestream
is quite interesting.
http://www.imagestream.com/Cisco_Comparison.html
How many of you would buy an Imagestream box to evaluate for
your
http://new.onecall.net/timages/dsxcabling.jpg
http://new.onecall.net/timages/cat5patch.jpg
Isn't it amazing how clean cabling in nearly empty collos and mmrs looks?
Alex
How do you do good cabling in dynamic, real environments? :-)
It is not that difficult *if* the money is spent in a short term to make
sure that no ugly and silly stuff is crated in a longer(long) term.
Strategically pre-running certain parts of the facility with cat5/fiber to
minimize the
Hello,
If there is possibly maybe a person from Cogent that does not get
severely confused and say Oh, it is just the way the routers work or Oh
it just takes a long time for routes to be sent to you after being shown
synch errors, garbage in AS_PATH that cogent is sending, I would
No explaination why Sante Fe officials had not patched the city's
computers in the three months since Microsoft announced the vulnerability
and released the software updates. Nor why Sante Fe didn't have up to
date anti-virus programs running on its computers.
Nor why they were using such
On Mon, 17 Nov 2003 06:26:50 EST, Alex Yuriev said:
Because for people outside our little industry the software is a tool to get
a JOB done, not the job itself.
It doesn't take long for the average mechanic to learn that buying cheap
wrenches is a bad idea.
Do you take your car
Valdis Kletnieks responded:
It doesn't take long for the average mechanic to learn that buying cheap
wrenches is a bad idea.
to which Alex replied:
Do you take your car to McLaren service center? Why not? They definitely
have better tools.
To which I say:
No, but if the mechanic
Hi,
Anyone has any good law enforcement contacts that have enough clue
( or could be educated in process ) to work on catching and nailing DOS
originators?
Please drop me email off the list.
Alex
Do you use/develop in-house tools to analyze Netflow on your peering routers
and have that interface in near-realtime with the said routers to null route
(BGP and RPF) the offending sources?
Source or destination? Null routing source of DOS is not going to do you any
good. Null routing
You'd think after three previous disruptions, that Qwest would
have enabled some form of redundancy.
Redundancy hell. How about a *PADLOCK*?
You mean that these places aren't even locked? Who has (had) the key?
That'd be the first place I looked.
The most amazing things
Are you actually saying that providers in the middle should build their
networks to accommodate any amount of DDOS traffic their ingress can
support instead of filtering it at their edge? How do you expect them
to pay for that? Do you really want $10,000/megabit transit costs?
I remember
Do you actually believe that it was a BAD idea for Cisco to build a router
that is more efficient (to the point of being able to handle high-rate
interfaces at all) when presented with traffic flows that look like real
sessions?
Why buy something that works well only sometimes (we are very
I remember GM saying something like that about this car that
put Nader on political arena. Are we that dumb that we need
to be taught the same lessons?
GM seems to still be building cars and trucks, and Nader lost a presidential
election.
GM seems to also have cut a very big check to
Maybe the Yankee Group is a subsidiary of Ncatal Ventures.
That was my thought.
Its Dood, Where's my Core? all over again!
It got lost in san franCisco.
Alex
And how many people here operate non-oversubscribed networks?
The right question here should be How many people here operate non-super
oversubscribed networks? Oversubscribed by a a few percents is one thing,
oversubscribed the way certain cable company in NEPA does it is another.[1]
So
Leave content filtering to the ES, and *force* ES to filter the content.
Its not content filtering, I'm not filtering only certain html traffic
(like access to porn sites), I'm filtering traffic that is causing harm to
my network and if I know what traffic is causing problems for me, I'll
Alex, please re-read the first paragraph. He said
I'm filtering traffic that is causing harm to *my* network...
(emphasis mine).
He's not filtering out packets he thinks are causing problems
to the ES, he's filtering out packets that are causing him
problems directly, as the IS.
And
to the ES, he's filtering out packets that are causing him
problems directly, as the IS.
And since the IS is not the ES, it SHOULD NOT be filtering based on content
since it is NOT IS's content. Again, *force* ES to filter and hold it
responsible for not doing it.
Do you have a
I think the other point that may be escaping some people,
is that as more and more connections take on this VPN-like
quality, as network operators we lose any visibility into
the validity of the traffic itself.
As the network operators, we move bits and that is what we should stick to
On Wed, 29 Oct 2003, Alex Yuriev wrote:
As the network operators, we move bits and that is what we should stick to
moving.
We do not look into packets and see oh look, this to me looks like an evil
application traffic, and we should not do that. It should not be the goal
There is a aparently a major outage in Verio-land between Boston and
Baltiore, touch as far away as Pitts.
Alex
Also what about folks who need to VPN in to their office
(either via PPTP or IPSEC)? How would you take care of that
situation?
IPSEC works over NATs just fine.
Alex
Orchestream has some of this functionality for setting the tunnels up,
you can then use the corba interface to setup management with
tools like SMARTS. The other problem is managing the keys, if you
don't have a CA it will be painful if you need to change the keys. We
have had some success
Hello,
Does anyone have any experience with large scale production IPSEC
tunnel deployment, where large scale is defined as over 100 net-to-net
tunnels to different destination networks active at any time?
If so, would such person(s) mind sharing any
25 matches
Mail list logo
