On 8 Jul 2010, at 03:00, Antonio Querubin wrote:
On Wed, 7 Jul 2010, Zaid Ali wrote:
Are there any folks here who would be inclined to do SMTP over IPv6? I have
a test v6 network with is ready to do email but getting some real world data
to verify headers would be more helpful. Please send
On Thu, 8 Jul 2010, Tim Chown wrote:
Received: from s0.nanog.org (s0.nanog.org =
[2001:48a8:6880:95::20]) by crow.ecs.soton.ac.uk (crow.ecs.soton.ac.uk =
[2001:630:d0:f110::25b]) envelope-from =
nanog-bounces+tjc=3decs.soton.ac...@nanog.org with ESMTP id =
m673381995435214jA
On Thu, Jul 8, 2010 at 1:16 AM, Michael Painter tvhaw...@shaka.com wrote:
Have we all gone mad?
I find it hard to understand that a nuclear power plant, air-traffic control
network, or electrical grid would be 'linked' to the Internet in the
interest of 'efficiency'. Air gap them all and let
On Wed, 7 Jul 2010, Michael Painter wrote:
Have we all gone mad?
I find it hard to understand that a nuclear power plant, air-traffic control
network, or electrical grid would be 'linked' to the Internet in the interest
of 'efficiency'. Air gap them all and let them apply for Inefficiency
On Wed, 7 Jul 2010, Michael Painter wrote:
Have we all gone mad?
I find it hard to understand that a nuclear power plant, air-traffic
control
network, or electrical grid would be 'linked' to the Internet in the
interest
of 'efficiency'. Air gap them all and let them apply for
On Wed, 07 Jul 2010 19:16:27 -1000, Michael Painter said:
I find it hard to understand that a nuclear power plant, air-traffic control
network, or electrical grid would be 'linked' to the Internet in the interest
of 'efficiency'. Air gap them all and let them apply for Inefficiency
Relief
On Jul 8, 2010, at 10:12 AM, valdis.kletni...@vt.edu wrote:
What's the going rate these days that you have to pay to make sure your fiber
gets spliced first rather than that other customer's 10GE? And what's it
cost to do it for all 2,397 links? And if your electrical-grid fiber is
in the
On Jul 8, 2010, at 10:12 AM, valdis.kletni...@vt.edu wrote:
On Wed, 07 Jul 2010 19:16:27 -1000, Michael Painter said:
I find it hard to understand that a nuclear power plant, air-
traffic control
network, or electrical grid would be 'linked' to the Internet in
the interest
of 'efficiency'.
valdis.kletni...@vt.edu wrote:
What's the going rate these days that you have to pay to make sure your fiber
gets spliced first rather than that other customer's 10GE?
I'm not familiar with cable break splicing procedures, but is it even
possible to pay extra to have your splice done
I find it hard to understand that a nuclear power plant, air-traffic
control network, or electrical grid would be 'linked' to the Internet
in the interest of 'efficiency'.
The Davis-Besse nuclear generating station computers were hit by the SQL
Slammer / Saphire worm back in 2003.
On Thu, 08 Jul 2010 08:12:29 PDT, JC Dill said:
valdis.kletni...@vt.edu wrote:
What's the going rate these days that you have to pay to make sure your
fiber
gets spliced first rather than that other customer's 10GE?
I'm not familiar with cable break splicing procedures, but is it even
In a message written on Thu, Jul 08, 2010 at 08:12:29AM -0700, JC Dill wrote:
I'm not familiar with cable break splicing procedures, but is it even
possible to pay extra to have your splice done first? I would think
that the logistics of splicing are such that the guy down in the hole
Michael Painter wrote:
Have we all gone mad?
I find it hard to understand that a nuclear power plant, air-traffic
control network, or electrical grid would be 'linked' to the Internet
in the interest of 'efficiency'. Air gap them all and let them apply
for Inefficiency Relief from the $100
On 7/8/10 1:20 AM, Mikael Abrahamsson wrote:
On Thu, 8 Jul 2010, Tim Chown wrote:
One other thing I also notice is that there is a high correlation
between use of TLS and IPv6, I guess a lot of people with IPv6 clue also
enable TLS:
By default, at least on Debian, TLS and IPv6 (if available,
On Thu, 8 Jul 2010, Joe Greco wrote:
There's a happy medium in there somewhere; it's not clear that having (to
use the examples given) air traffic control computers directly on the
Internet has sufficient value to outweigh the risks. However, it seems
that being able to securely gateway
On Thu, Jul 08, 2010 at 09:51:52AM -0400, Brandon Ross wrote:
On Wed, 7 Jul 2010, Michael Painter wrote:
Have we all gone mad?
Absolutely! For example, those thousands of flight plans filed every day
by airlines across the globe, not to mention private flights, should be
done manually
Brandon Ross wrote:
Do people really think the guy in the airport control tower is really
surfing Facebook while he's controlling aircraft on the same computer, or
that capability is even what is under consideration?
Air traffic controller suspended for allowing son to radio instructions
to
On Thu, 8 Jul 2010, J. Oquendo wrote:
Brandon Ross wrote:
Do people really think the guy in the airport control tower is really
surfing Facebook while he's controlling aircraft on the same computer, or
that capability is even what is under consideration?
Air traffic controller suspended for
On Thu, 8 Jul 2010, Brielle Bruns wrote:
By default, at least on Debian, TLS and IPv6 (if available, even if only
using link local addresses) are on by default, so there's not too much
that needs to be done to use TLS on the SMTP side.
TLS wasn't enabled on my Debian using Postfix, so I
andrew.wallace wrote:
Article:
http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html
My opinion:
http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html#articleTabs%3Dcomments%26commentId%3D1330685
Politifact has an interesting article on
-Original Message-
From: Brandon Ross
Sent: Thursday, July 08, 2010 6:52 AM
To: Michael Painter
Cc: nanog@nanog.org
Subject: Re: U.S. Plans Cyber Shield for Utilities, Companies
On Wed, 7 Jul 2010, Michael Painter wrote:
Have we all gone mad?
I find it hard to understand
On Jul 8, 2010, at 9:00 AM, Brandon Ross wrote:
On Thu, 8 Jul 2010, Joe Greco wrote:
There's a happy medium in there somewhere; it's not clear that having (to
use the examples given) air traffic control computers directly on the
Internet has sufficient value to outweigh the risks.
On 7/8/2010 9:51 AM, Brandon Ross wrote:
On Wed, 7 Jul 2010, Michael Painter wrote:
Have we all gone mad?
I find it hard to understand that a nuclear power plant, air-traffic
control network, or electrical grid would be 'linked' to the Internet
in the interest of 'efficiency'. Air gap them
On Jul 8, 2010, at 10:13 AM, George Bonser wrote:
-Original Message-
From: Brandon Ross
Sent: Thursday, July 08, 2010 6:52 AM
To: Michael Painter
Cc: nanog@nanog.org
Subject: Re: U.S. Plans Cyber Shield for Utilities, Companies
On Wed, 7 Jul 2010, Michael Painter wrote:
Owen DeLong wrote:
[snip]
I know this from being a pilot, and, also from having toured the following
ATC facilities:
Towers:
TRACONs:
ARTCCs:
Ditto to absolutely EVERYTHING that Owen said, and I can guarantee this
further, having had experience with various east coast and southeastern
On 7/8/10 11:04 AM, Mikael Abrahamsson wrote:
On Thu, 8 Jul 2010, Brielle Bruns wrote:
By default, at least on Debian, TLS and IPv6 (if available, even if
only using link local addresses) are on by default, so there's not too
much that needs to be done to use TLS on the SMTP side.
TLS wasn't
On Jul 8, 2010, at 11:56 AM, J. Oquendo wrote:
@Jared's TSP link... Wonder how this will affect VoIP ITSP's etal, e.g.,
how many local NS/EP's have swapped over to VoIP. Logically, anyone with
a network running a managed VoIP service, trunk, etc., could qualify.
This certainly is a frequent
On 08/07/10 19:04 +0200, Mikael Abrahamsson wrote:
On Thu, 8 Jul 2010, Brielle Bruns wrote:
By default, at least on Debian, TLS and IPv6 (if available, even if
only using link local addresses) are on by default, so there's not too
much that needs to be done to use TLS on the SMTP side.
TLS
On Thu, 8 Jul 2010, Joe Greco wrote:
There's a happy medium in there somewhere; it's not clear that having (to
use the examples given) air traffic control computers directly on the
Internet has sufficient value to outweigh the risks. However, it seems
that being able to securely gateway
On 7/8/2010 09:59, Marshall Eubanks wrote:
I think that there needs to be a balance.
I think it needs to be the purview of the custodian of the facility.
Not some political wonk.
--
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have for dinner.
Freedom
On Jul 8, 2010, at 2:21 PM, Dan White wrote:
On 08/07/10 19:04 +0200, Mikael Abrahamsson wrote:
On Thu, 8 Jul 2010, Brielle Bruns wrote:
By default, at least on Debian, TLS and IPv6 (if available, even if only
using link local addresses) are on by default, so there's not too much that
On Jul 8, 2010, at 9:26 AM, valdis.kletni...@vt.edu wrote:
I'm not familiar with cable break splicing procedures, but is it even
possible to pay extra to have your splice done first? I would think
that the logistics of splicing are such that the guy down in the hole
doesn't know whose
A few people have sent private replies commenting on the email/IPv6 deployment
stats I posted.
I thought I would also share some nameserver statistics to give an idea of what
I see (at least at puck.nether.net) for IPv6 vs IPv4 queries.
I won't break down the numbers for everyone, just posting
Thanks again for all the responses to my previous post.
We have a Cisco 7206VXR router with IOS of 12.4(12) and a PA-POS-1OC3
card ofr our OC3.
The problem we have now is that we are only paying for 80 MB/s of the
OC-3, and the ISP is leaving the capping of it up to us. I have
googled and the
On Thu, 8 Jul 2010, Alan Bryant wrote:
We have tried the rate-limit command with various parameters and we
are unable to keep it at 80. I have read that this is not the correct
way to do it, but I'm not sure what is.
What burst parameters are you using?
Try something along the lines of:
On Thu, 8 Jul 2010, Alan Bryant wrote:
The problem we have now is that we are only paying for 80 MB/s of the
OC-3, and the ISP is leaving the capping of it up to us. I have
BTW, rate-limiting of traffic that the ISP router sends to your router is
best done at the ISP router.
Antonio
That's strange, Are you paying for a CIR of 80Mb/s?
Normally they only leave the limiting up to you if its more of a
burstable connection, Like you pay for 80Mb/s but its a full line rate
interface and its billed per Mb/s over 80 on a 95th percentile scheme.
If that is the case you can safely go
traffic-shape rate 7500 9000 9000 1000 for example. Your rate limit
will police your traffic and drop it all.
Traffic shaping produces a queue, and does not completely junk a packet. It
becomes q'd, and produces a smoother output.
~Jay Murphy
IP Network Specialist
NM State
I think if you try to traffic-shape 80Mbps on that platform you'll have
problems. We have a 7200 with NPE-G1 (rate limited at 80Mbps) and it killed
the CPU when the threshold was hit. I imagine that traffic-shaping would do
the same to CPU and memory. I'd lab it first.
Kenny
On Thu, Jul 8,
Agree...when you rate limit verse shaping you can actually cause more
traffic because the packets need to be retransmitted to deal with those
that got dropped.
On 07/08/2010 06:43 PM, Murphy, Jay, DOH wrote:
traffic-shape rate 7500 9000 9000 1000 for example. Your rate limit
On Thu, 8 Jul 2010, Murphy, Jay, DOH wrote:
Traffic shaping produces a queue, and does not completely junk a packet.
It becomes q'd, and produces a smoother output.
Traffic-shaping 80Mb/s of traffic is probably not a good idea for your
router cpu :)
Antonio Querubin
808-545-5282 x3003
Antonio Querubin wrote:
Traffic-shaping 80Mb/s of traffic is probably not a good idea for your
router cpu :)
Honestly, cpu overhead shouldn't be an issue with a traffic shape queue.
If it is, probably a seriously underpowered router or poor code. Now if
you applied extensive rules for
What about purchasing a low-end packetshaper to be used in between?
I know this doesn't answer the question but could it be an option?
Date: Thu, 8 Jul 2010 13:43:17 -1000
From: t...@lava.net
To: jay.mur...@state.nm.us
Subject: RE: Rate Limiting on Cisco Router
CC: nanog@nanog.org
On
On Thu, 2010-07-08 at 16:35 -0700, Kenny Sallee wrote:
I think if you try to traffic-shape 80Mbps on that platform you'll have
problems. We have a 7200 with NPE-G1 (rate limited at 80Mbps) and it killed
the CPU when the threshold was hit. I imagine that traffic-shaping would do
the same to
On Thu, 2010-07-08 at 18:54 -0500, Jack Bates wrote:
underpowered router or poor code
Agreed. So which is it? :)
To be fair, some IOS versions were better than others at it in my
limited experience of that chassis.
Gord
--
I hold you XAP
So you guys would not recommend the traffic shaping route on a 7206
with a NPE-G1? Is it the processor or memory that would not be able to
handle it?
I don't necessarily plan on doing anything other than limiting it at
80Mbps or whatever it is that we are capping ourselves at at the time.
On
Also, are there any upgrades that can be done to this router to
increase it's processing power? Is there something better for the
7206VXR than the NPE-G1? I see the NPE-G2, but even on ebay it is very
costly.
On Thu, Jul 8, 2010 at 8:32 PM, Alan Bryant a...@gtekcommunications.com wrote:
So you
On 7/8/2010 18:40, Alan Bryant wrote:
Also, are there any upgrades that can be done to this router to
increase it's processing power? Is there something better for the
7206VXR than the NPE-G1? I see the NPE-G2, but even on ebay it is very
costly.
The NPE-G2 is the next step after the
On Thu, Jul 08, 2010 at 01:43:17PM -1000, Antonio Querubin wrote:
Traffic-shaping 80Mb/s of traffic is probably not a good idea for your
router cpu :)
I concur, we shape a 100Mb/s ethernet down to 50Mb/s on a 3845,
so that QoS is doable. The router gets brought to its knees
around 40Mb/s.
On Jul 8, 2010, at 4:05 PM, Alan Bryant wrote:
Thanks again for all the responses to my previous post.
We have a Cisco 7206VXR router with IOS of 12.4(12) and a PA-POS-1OC3
card ofr our OC3.
The problem we have now is that we are only paying for 80 MB/s of the
OC-3, and the ISP is
On Thu, 8 Jul 2010, Alan Bryant wrote:
So you guys would not recommend the traffic shaping route on a 7206
with a NPE-G1? Is it the processor or memory that would not be able to
handle it?
With a G1 you'll be able to shape just fine, even do fancy stuff like
fair-queue within those 80 megs.
On Thu, 2010-07-08 at 20:01 -0400, Brandon Kim wrote:
What about purchasing a low-end packetshaper to be used in between?
If -
1/ budget is a problem
and
2/ you have no BSD knowledge inhouse
and
3/ the LAN side is all ethernet
you could have a stab at using a PFsense box with two (and
Mikael Abrahamsson wrote:
With a G1 you'll be able to shape just fine, even do fancy stuff like
fair-queue within those 80 megs. I've done this on a NPE-300, but only
egress, and as long as packet sizes were fairly large (normal TCP
sessions with mostly 1500 byte packets + ACKs) it coped
53 matches
Mail list logo