Re: AH is pretty useless and perhaps should be deprecated

Junos VRRP with md5 authentication does. On Sat, 2009-11-14 at 07:57 +0530, Jack Kohn wrote: > So who uses AH and why? > > Jack > > On Sat, Nov 14, 2009 at 6:19 AM, Owen DeLong wrote: > > I've never seen anyone use AH vs. ESP. I've always used ESP and so has > > every other IPSEC implement

Re: AH is pretty useless and perhaps should be deprecated

If I recall correctly what an implementor once told me, the work involved in taking the fields that are immutable, then hashing packet, then sticking those immutable fields back in is actually more work than encrypting. Surprised me at the time but seems to be the case. - merike On No

Re: AH is pretty useless and perhaps should be deprecated

I've seen some vendor implementations in which ESP actually outperformed AH during performance testing... go figure... Stefan Fouant --Original Message-- From: Jack Kohn To: nanog@nanog.org Subject: AH is pretty useless and perhaps should be deprecated Sent: Nov 13, 2009 7:22 PM Hi, Int

Re: AH is pretty useless and perhaps should be deprecated

So who uses AH and why? Jack On Sat, Nov 14, 2009 at 6:19 AM, Owen DeLong wrote: > I've never seen anyone use AH vs. ESP. I've always used ESP and so has > every other IPSEC implementation I've seen anyone do. > > Owen > > On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote: > >> Hi, >> >> Interesting

Re: ESPN360 Access

Chris Gotstein wrote: We've been getting more and more requests for ESPN360 from our customers. From what i understand, ESPN requires that the ISP "subscribe" to their content and pay a fee to do so. I have been unable to find much information on what it takes to subscribe and what the fees are

Re: AH is pretty useless and perhaps should be deprecated

I've never seen anyone use AH vs. ESP. I've always used ESP and so has every other IPSEC implementation I've seen anyone do. Owen On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote: Hi, Interesting discussion on the utility of Authentication Header (AH) in IPSecME WG. http://www.ietf.org/mail-arc

AH is pretty useless and perhaps should be deprecated

Hi, Interesting discussion on the utility of Authentication Header (AH) in IPSecME WG. http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html Post explaining that AH even though protecting the source and destination IP addresses is really not good enough. http://www.ietf.org/mail-arch

The Cidr Report

This report has been generated at Fri Nov 13 21:11:22 2009 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date

BGP Update Report

BGP Update Report Interval: 05-Nov-09 -to- 12-Nov-09 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS980828471 2.5% 167.5 -- CMNET-GD Guangdong Mobile Communication Co.Ltd. 2 - AS9829

Re: Layer 2 vs. Layer 3 to TOR

Disagree, the EX is a very capable L3 router for LANs. On Nov 13, 2009, at 1:17 PM, Cord MacLeod wrote: > On Nov 13, 2009, at 4:14 AM, Matthew Walster wrote: > >> 2009/11/12 David Coulson >> >>> You could route /32s within your L3 environment, or maybe even leverage >>> something like VPLS -

Weekly Routing Table Report

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith . Routing

Re: Layer 2 vs. Layer 3 to TOR

On Nov 13, 2009, at 4:14 AM, Matthew Walster wrote: 2009/11/12 David Coulson You could route /32s within your L3 environment, or maybe even leverage something like VPLS - Not sure of any TOR-level switches that MPLS pseudowire a port into a VPLS cloud though. Just to let you know - the J

Re: Layer 2 vs. Layer 3 to TOR

>From a colleague here at NASA (high-performance computing area): "We are currently using our three Arista switches as an extremely economical way to get a 10G non-blocking testbed for our various test areas. We have every intention of looking at them as an option for their routing capabilities,

Re: Layer 2 vs. Layer 3 to TOR

I've been using Arista's 7124S in a ToR deployment for a new build out for a high frequency trading client I've been engaged with. For the aggregation layer I went with Cisco 4900m's and have had much success with this deployment especially with the Arista's. Sent from my iPhone 3GS. On No

Re: Layer 2 vs. Layer 3 to TOR

Good point about Arista - Doug Gourlay, of [ex-]Cisco fame, is probably the person to ask all possible questions about those solutions. Cisco UCS is missing, also - looking at the Nexus deployment as ToR solution (2K + 5K, even 1KV, considering the needs for virtualization, also) with all benefits

Re: Layer 2 vs. Layer 3 to TOR

i have seen no mention of arista as a tos switch/router, yet folk tell me it is one of the hottest on the block today. is there anyone who is actuallly using it who would care to report? randy

Re: Layer 2 vs. Layer 3 to TOR

2009/11/12 David Coulson > You could route /32s within your L3 environment, or maybe even leverage > something like VPLS - Not sure of any TOR-level switches that MPLS > pseudowire a port into a VPLS cloud though. > Just to let you know - the Juniper EX4200 series only support a single label sta

Re: Layer 2 vs. Layer 3 to TOR

* Jonathan Lassoff > Are there any applications that absolutely *have* to sit on the same > LAN/broadcast domain and can't be configured to use unicast or multicast > IP? FCoE comes to mind. -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ Tel: +47 21 54 41 27