Re: Real ops talking to future ops

> >   > John, I could not help but take a peak at the class topics. I nearly jumped out of my seat with joy in seeing the e2e principle http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf But, then went sad and jaded again when poking ar

Re: Real ops talking to future ops

On Mon, 23 Aug 2010 20:17:53 -0400 ML wrote: > I'm just as surprised as you are. They left out AppleTalk. A few classes ago I had a student tell me they had an instructor spend two full classes (out of 10) on Token Ring. I think Token Ring is interesting and I feel a little bit sad about all t

Re: Real ops talking to future ops

On 8/23/2010 7:54 PM, Dave CROCKER wrote: > > > On 8/23/2010 3:38 PM, John Kristoff wrote: >> many of the other instructors they come into contact with >> are focusing only on class A, B, C addressing > > > wow. I'm just as surprised as you are. They left out AppleTalk.

Re: Real ops talking to future ops

On 8/23/2010 3:38 PM, John Kristoff wrote: many of the other instructors they come into contact with are focusing only on class A, B, C addressing wow. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net

Real ops talking to future ops

I'm afraid this is only slightly operational and limited to a subset of the NANOG crowd. I apologize profusely in advance for abusing the list as I might, but I can't think of a more suitable group of people to approach. I think the essence of the request is in line with the spirit of NANOG. As s

Re: PacketShader

> Really, in this day and age, a chassis throughput of 100G is pretty > trivial. When you start getting up to the Tbps range on a system using > "standard components", then I'll be really interested. i suspect that a rule of thumb is that leading edge home appliances are one decimal digit behind l

Re: DNSSEC and SSL

On 08/23/2010 08:03, Curtis Maurand wrote: PowerDNS resolver. Very fast, very light. For the purpose of DNSSEC support powerdns might not be the best choice. They are late to the game, and only added DNSSEC support reluctantly due to market pressure. There have been other good suggestions in

web site counter-phishing services

My company has used Perimeter E-Security's CounterPhish service for a while but we are not completely happy with it. Is anyone familiar with any other vendors that provide such service and are you happy with it?

Re: Should routers send redirects by default?

On Sat, 21 Aug 2010 20:42:01 -0400, Mark Smith wrote: In IPv6, redirects serve two purposes, where as in IPv4 they only served one - IPv4 redirects serve exactly the same two situations... both are situations where a router would be required to hairpin a packet -- either the destination i

Re: Looking for suggestions for an internet content filteringappliance

On 23/08/2010 22:14, valdis.kletni...@vt.edu wrote: Does anybody have any real-world stats on what size local Squid/whatever cache they're using and what % of bandwidth savings they're seeing? (Bonus points if you've identified specific things it helps, like Patch Tuesday or whatever). I have s

RE: Looking for suggestions for an internet content filtering appliance

Jeroen: Their filtering appliance also filters out free HTTP proxies and anonymizers, some because their known, others because of signatures. It's not perfect, but it catches a lot more than what you might think. And we don't market it as the silver bullet and we let our customers know that t

Re: PacketShader

On 8/23/10 12:25 PM, Andrew Kirch wrote: > On 8/23/2010 1:17 PM, Joel Jaeggli wrote: >> What it really comes down to is packets per watt or packets per dollar, >> if it's cheaper to do it this way then people will, if not BFD. > > I disagree here. Core routing isn't purchased based on cost, it's

Re: PacketShader

On Aug 23, 2010, at 12:25 PM, Andrew Kirch wrote: > On 8/23/2010 1:17 PM, Joel Jaeggli wrote: >> What it really comes down to is packets per watt or packets per dollar, >> if it's cheaper to do it this way then people will, if not BFD. > > I disagree here. Core routing isn't purchased based on

Re: Looking for suggestions for an internet content filteringappliance

On Mon, 23 Aug 2010 19:46:59 -, khatfi...@socllc.net said: > This would give you some advantages: > 1) Content caching - increasing speeds for users while decreasing your > overall bandwidth utilization. Does anybody have any real-world stats on what size local Squid/whatever cache they're us

Re: PacketShader

Vyatta's commercial products (the bundles with OS+Hardware) come with adequate support in my experience. William (Sorry for topposting. The android email experience is depressingly lacking.) Andrew Kirch wrote: > On 8/23/2010 1:17 PM, Joel Jaeggli wrote: >> What it really comes down to is p

Re: Looking for suggestions for an internet content filteringappliance

(Excuse me if I missed part of the email chain. This may have already been mentioned) It could be a bit of an annoyance for configuration but the one method you could use is to force a proxy internally. I am a bit unsure why most don't do this already but it has it's flaws. 1) Lack of static/dy

Re: PacketShader

On 8/23/2010 1:17 PM, Joel Jaeggli wrote: What it really comes down to is packets per watt or packets per dollar, if it's cheaper to do it this way then people will, if not BFD. I disagree here. Core routing isn't purchased based on cost, it's purchased based on support. People have not ado

Re: Looking for suggestions for an internet content filtering appliance

On 2010-08-23 20:52, Frank Bulk - iName.com wrote: > We offer an optional internet content filtering service to our residential > and business customers using M86's appliance > (http://www.m86security.com/products/web_security/m86-web-filtering-reportin > g-suite.asp). > > I've been in conversat

Re: PacketShader

> Date: Mon, 23 Aug 2010 06:27:00 -0700 > From: Jim Shankland > > Mark Smith wrote: > > On Mon, 23 Aug 2010 05:59:43 -0400 > > valdis.kletni...@vt.edu wrote: > > > > I missed that, and that answers the "was it a GigaBytes verses Gigabits > > error" question. Nothing new here by the looks of it -

Looking for suggestions for an internet content filtering appliance

We offer an optional internet content filtering service to our residential and business customers using M86's appliance (http://www.m86security.com/products/web_security/m86-web-filtering-reportin g-suite.asp). I've been in conversation with them since Q1 regards IPv6 support, but the update I r

Re: Tagged vlan inside isolated pvlan

> Hello, > > I have a catalyst 6503 with sup32 and was trying to set a tagged vlan > inside a pvlan. Basically I wanna have the behavior of: > > switchport mode access > switchport access vlan 101 > switchport protected. > > So that other machines connected to the 6503 won't be able to > communic

Re: DNSSEC and SSL

> The fact hat Verisign kept the domain business and sold the CA > business to Symantec tells which business they think is stronger. FWIW, I remember being at a tech company some of you have heard of when the CEO announced we'd just sold one of the more profitable non-core units to help fund co

Re: PacketShader

On 8/23/10 2:59 AM, valdis.kletni...@vt.edu wrote: > On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said: >> Researchers in South Korea have built a networking router that >> transmits data at record speeds from components found in most >> high-end desktop computers >> http://www.technologyr

Tagged vlan inside isolated pvlan

Hello, I have a catalyst 6503 with sup32 and was trying to set a tagged vlan inside a pvlan. Basically I wanna have the behavior of: switchport mode access switchport access vlan 101 switchport protected. So that other machines connected to the 6503 won't be able to communicate with this po

Re: on network monitoring and security - req for monitoring tools

On 08/23/2010 07:40 AM, Scott Berkman wrote: Are you looking only at Open Source tools? If not you are missing all of the most widely deployed tools out there (including): You will also need to look at separate security monitoring software if your goal is to cover that. Not including any comm

RE: BCP38 exceptions for RFC1918 space

Oh I do, just not to my workstation ;-) -Original Message- From: Joel Jaeggli [mailto:joe...@bogus.com] Sent: 23 August 2010 16:48 To: Leigh Porter Cc: valdis.kletni...@vt.edu; Joe Greco; na...@merit.edu Subject: Re: BCP38 exceptions for RFC1918 space On 8/23/10 2:31 AM, Leigh Porter wro

Re: BCP38 exceptions for RFC1918 space

On 8/23/10 2:31 AM, Leigh Porter wrote: > I very often see 1918 space in ICMP responses. It's quite dumb. you wouldn't if you filtered rfc 1918 source addresses on your border. > -Original Message- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: 16 August 2010 14

Re: DNSSEC and SSL

The fact hat Verisign kept the domain business and sold the CA business to Symantec tells which business they think is stronger. Rubens On Sat, Aug 21, 2010 at 10:00 PM, ML wrote: > Would a future with a ubiquitous DNSSEC deployment eliminate the market > for commercial CAs? > > Would function

Re: DNSSEC and SSL

On 8/22/2010 3:57 PM, Mans Nilsson wrote: a DNSSEC capable stub resolver not in the cards? The best option today is to run a full-service resolver on the host; which is a tad heavy for most desktops, not to speak about the cache misses that would cause root server system load. The latter of co

Re: BCP38 exceptions for RFC1918 space

Hahahahah How do we prevent BGP loops? Hahahhaahb Sent via mobile. On Aug 23, 2010, at 2:31 AM, "Leigh Porter" wrote: > I very often see 1918 space in ICMP responses. It's quite dumb. > > -Original Message- > From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] > Sent: 16

Re: DNSSEC and SSL

On 23 aug 2010, at 16.35, Tony Finch wrote: > Unbound is a full service resolver not a stub resolver. depending on configuration, unbound can be used as both a full service resolve and a stub. jakob

Re: DNSSEC and SSL

On Sun, 22 Aug 2010, Mans Nilsson wrote: > > OTOH: A thicker stub resolver does indeed exist; lwresd in the BIND > suite. Calling it from applications does however mean using new API > calls; since the traditional resolver API is oblivious to DNSSEC. lwresd is in fact a full service resolver, thou

RE: on network monitoring and security - req for monitoring tools

Are you looking only at Open Source tools? If not you are missing all of the most widely deployed tools out there (including): HP Open View Cisco Works IBM Tivoli/NetCool Smarts (now EMC Ionix) Also a few other open tools: ZenOSS Zabbix You will also need to look at separate security monitoring

Re: DNSSEC and SSL

On Sun, 22 Aug 2010, bmann...@vacation.karoshi.com wrote: > On Sun, Aug 22, 2010 at 09:11:43AM -0400, ML wrote: > > > > Is a DNSSEC capable stub resolver not in the cards? > > yes it is. unbound was originally designed for that very niche. Unbound is a full service resolver not a stub resolv

Re: DNSSEC and SSL

> On Sun, 22 Aug 2010 21:57:27 +0200, Mans Nilsson > said: MN> The best option today is to run a full-service resolver on the host; The DNSSEC-Tools project has instrumented a large number of applications with an in-application validating resolver. Including OpenSSH (with a new auto-ac

RE: Other NOGs around the world?

> > What other "network operator groups" are there around the world The Latin America and the Caribbean NOG meeting will be 19-22 October.http://www.lacnog.org/en/eventos/lacnog-2010/inicio Call for Presentations deadline, 30 August.http://www.lacnog.org/en/meetings/lacnog-2010/call-presentation

Re: PacketShader

Mark Smith wrote: On Mon, 23 Aug 2010 05:59:43 -0400 valdis.kletni...@vt.edu wrote: I missed that, and that answers the "was it a GigaBytes verses Gigabits error" question. Nothing new here by the looks of it - people in this thread were getting those sorts of speeds a year ago out of PC hardwar

Re: PacketShader

On Mon, 23 Aug 2010 05:59:43 -0400 valdis.kletni...@vt.edu wrote: > On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said: > > Researchers in South Korea have built a networking router that transmits > > data > > at record speeds from components found in most high-end desktop computers > > ht

Re: PacketShader

On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said: > Researchers in South Korea have built a networking router that transmits data > at record speeds from components found in most high-end desktop computers > http://www.technologyreview.com/communications/26096/?nlid=3423 Two great quotes

RE: BCP38 exceptions for RFC1918 space

I very often see 1918 space in ICMP responses. It's quite dumb. -Original Message- From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] Sent: 16 August 2010 14:27 To: Joe Greco Cc: na...@merit.edu Subject: Re: BCP38 exceptions for RFC1918 space On Mon, 16 Aug 2010 06:50:00 CDT,

PacketShader

Researchers in South Korea have built a networking router that transmits data at record speeds from components found in most high-end desktop computers. A team from the Korea Advanced Institute of Science and Technology created the router, which transmits data at nearly 40 gigabytes per second--m