> It's not the Cisco bashing I was referring to, but the all singing all
> dancing Juniper performance claim.
That would not have anything to do with Juniper sucking the least?
Alex
> >imagestream does this, afaik. not too familiar with their offerings
> though.
>
> I stand corrected. The following page comparing Cisco and Imagestream
> is quite interesting.
>
> http://www.imagestream.com/Cisco_Comparison.html
>
> How many of you would buy an Imagestream box to evaluate f
Hello,
Can anyone confirm claims from Cogent that there is an MFN fiber
issue between PHL and DCA that creates 10-15% packet loss? Simple test are
pointing at the Cogtent not having enough capacity between PHL and DCA.
According to Cogent that issue had been happening for several days now
> How do you do good cabling in dynamic, real environments? :-)
It is not that difficult *if* the money is spent in a short term to make
sure that no ugly and silly stuff is crated in a longer(long) term.
Strategically pre-running certain parts of the facility with cat5/fiber to
minimize the "dy
>
> http://new.onecall.net/timages/dsxcabling.jpg
>
> http://new.onecall.net/timages/cat5patch.jpg
Isn't it amazing how clean cabling in nearly empty collos and mmrs looks?
Alex
Hello,
If there is possibly maybe a person from Cogent that does not get
severely confused and say "Oh, it is just the way the routers work" or "Oh
it just takes a long time for routes to be sent to you" after being shown
synch errors, garbage in AS_PATH that cogent is sending, I would gre
> Valdis Kletnieks responded:
> > > It doesn't take long for the average mechanic to learn that buying cheap
> > > wrenches is a bad idea.
>
> to which Alex replied:
> > Do you take your car to McLaren service center? Why not? They definitely
> > have better tools.
>
> To which I say:
> No, but
> On Mon, 17 Nov 2003 06:26:50 EST, Alex Yuriev said:
>
> > Because for people outside our little industry the software is a tool to get
> > a JOB done, not the job itself.
>
> It doesn't take long for the average mechanic to learn that buying cheap
> wrenches
> >No explaination why Sante Fe officials had not patched the city's
> >computers in the three months since Microsoft announced the vulnerability
> >and released the software updates. Nor why Sante Fe didn't have up to
> >date anti-virus programs running on its computers.
>
> Nor why they were u
Hi,
Anyone has any good law enforcement contacts that have enough clue
( or could be educated in process ) to work on catching and nailing DOS
originators?
Please drop me email off the list.
Alex
> > > You'd think after three previous disruptions, that Qwest would
> > > have enabled some form of redundancy.
> >
> > Redundancy hell. How about a *PADLOCK*?
>
> You mean that these places aren't even locked? Who has (had) the key?
> That'd be the first place I looked.
The most ama
> Do you use/develop in-house tools to analyze Netflow on your peering routers
> and have that interface in near-realtime with the said routers to null route
> (BGP and RPF) the offending sources?
Source or destination? Null routing source of DOS is not going to do you any
good. Null routing dest
> > I remember GM saying something like that about this car that
> > put Nader on political arena. Are we that dumb that we need
> > to be taught the same lessons?
> GM seems to still be building cars and trucks, and Nader lost a presidential
> election.
GM seems to also have cut a very big che
> Do you actually believe that it was a BAD idea for Cisco to build a router
> that is more efficient (to the point of being able to handle high-rate
> interfaces at all) when presented with traffic flows that look like real
> sessions?
Why buy something that works well only sometimes ("we are ve
> Are you actually saying that providers in the middle should build their
> networks to accommodate any amount of DDOS traffic their ingress can
> support instead of filtering it at their edge? How do you expect them
> to pay for that? Do you really want $10,000/megabit transit costs?
I remembe
> > It is content filtering. You are filtering packets that you think are
> > causing problems to the ES that you may not control.
>
> No, he said quite clearly he's filtering packets (such as Nachi ICMP) that are
> causing harm to *his* network. He gets to make a choice - filter the known
> pro
> >The way currently people propose everyone operates is equivalent to a
> >company that transmits AC to customer deciding that some part of the AC
> >waveform is "harmful" to its equipment, and therefore should be filtered
> >out. Of course, no one bothers to tell the customer that the filter exi
> > > to the ES, he's filtering out packets that are causing him
> > > problems directly, as the IS.
> >And since the IS is not the ES, it SHOULD NOT be filtering based on content
> >since it is NOT IS's content. Again, *force* ES to filter and hold it
> >responsible for not doing it.
> Do you hav
> Alex, please re-read the first paragraph. He said
> "I'm filtering traffic that is causing harm to *my* network..."
> (emphasis mine).
>
> He's not filtering out packets he thinks are causing problems
> to the ES, he's filtering out packets that are causing him
> problems directly, as the IS.
> > Leave content filtering to the ES, and *force* ES to filter the content.
> Its not content filtering, I'm not filtering only certain html traffic
> (like access to porn sites), I'm filtering traffic that is causing harm to
> my network and if I know what traffic is causing problems for me, I
> And how many people here operate non-oversubscribed networks?
The right question here should be "How many people here operate non-super
oversubscribed networks?" Oversubscribed by a a few percents is one thing,
oversubscribed the way certain cable company in NEPA does it is another.[1]
> So ha
> > Maybe the Yankee Group is a subsidiary of Ncatal Ventures.
>
> That was my thought.
> Its "Dood, Where's my Core?" all over again!
It got lost in san franCisco.
Alex
> On Wed, 29 Oct 2003, Alex Yuriev wrote:
> > As the network operators, we move bits and that is what we should stick to
> > moving.
> >
> > We do not look into packets and see "oh look, this to me looks like an evil
> > application traffic", and we sh
> I think the other point that may be escaping some people,
> is that as more and more connections take on this VPN-like
> quality, as network operators we lose any visibility into
> the validity of the traffic itself.
As the network operators, we move bits and that is what we should stick to
m
There is a aparently a major outage in Verio-land between Boston and
Baltiore, touch as far away as Pitts.
Alex
> Also what about folks who need to VPN in to their office
> (either via PPTP or IPSEC)? How would you take care of that
> situation?
IPSEC works over NATs just fine.
Alex
> Orchestream has some of this functionality for setting the tunnels up,
> you can then use the corba interface to setup management with
> tools like SMARTS. The other problem is managing the keys, if you
> don't have a CA it will be painful if you need to change the keys. We
> have had some succe
Hello,
Does anyone have any experience with large scale production IPSEC
tunnel deployment, where large scale is defined as over 100 net-to-net
tunnels to different destination networks active at any time?
If so, would such person(s) mind sharing any
quirks/platforms/implementati
I am seeing rather strange behaviour on VZ DSL starting from about midnight
today, corresponding with 20% or so traffic drop in a few webfarms. The
troubles start around lo0-0.CORE-RTR2.SYR.verizon-gni.net (130.81.4.10), and
manifest themselves with large sections of the internet (including place
29 matches
Mail list logo