Richard's employer is exactly the kind of organization that has not
been able to effectively multi-home their discrete branch-offices on
the IPv4 Internet, because RIR allocation policy set the bar for
receiving IPv4 addresses for those small locations just high enough to
steer us away from that
Most people do not know about the multi-homing feature designed into
IPv6. Most people who do, seem to agree that it may not see enough
practical use to have meaningful impact on routing table growth, which
will no longer be kept in check by a limited pool of IP addresses and
policies that
At 22-07-28164 20:59, Richard Barnes wrote:
Hi all,
What IPv6 prefix lengths are people accepting in BGP from
peers/customers? My employer just got a /48 allocation from ARIN, and
we're trying to figure out how to support multiple end sites out of
this (probably around 10). I was thinking
On Thu, 13 Jan 2011, Owen DeLong wrote:
Most people do not know about the multi-homing feature designed into
IPv6. Most people who do, seem to agree that it may not see enough
practical use to have meaningful impact on routing table growth, which
will no longer be kept in check by a limited
This is way offtopic, but I figured this would be a good place to
ask. Anyone using Netgear GSM7352S-200 in production?
http://www.netgear.com/images/GSM7328Sv2_GSM7352Sv2_23Sept1018-10817.pdf
I know, it's Netgear, but how badly does it blow chunks?
Inquiring minds, etc.
(Disclaimer: I am
On Jan 13, 2011, at 10:49 , Owen DeLong wrote:
Most people do not know about the multi-homing feature designed into
IPv6. Most people who do, seem to agree that it may not see enough
practical use to have meaningful impact on routing table growth, which
will no longer be kept in check by a
On Wed, Jan 12, 2011 at 11:10:16PM -0800, Scott Weeks wrote:
To be fair to Cisco and maybe I'm way off here. But it seems they do
come out with a way to do things first which then become a standard
that they have to follow.
ISL/DOT1Q
HSRP/VRRP
etherchannel/LACP
Yes, and then they keep
From my experience - A key thing to consider from any vendor is their
support - Cisco has great support and a large support organization. I've
seen them turn around complex problems very rapidly for their customers.
Additionally, someone already mentioned investment protection and that Cisco
For ISL, I know they are trying to phase that out. For the exams, they are
based on dot1q.
Even if I had all cisco equipment, I'd try to go with standards because you
never know down the road where you may
need to use another vendor.
I wouldn't use EIGRP if given a choice, I'd go with
I have been asked to investigate the costs of adding transit capacity for
a national ISP in the middle east/asia.
they have access to a FLAG landing station.
can someone provide pointers as to where to start?
private emails would be good, and i'll summarize.
thanx.
--
Jim Mercer
- Original Message -
From: Chuck Anderson c...@wpi.edu
To: nanog@nanog.org
Sent: Thursday, January 13, 2011 7:18 AM
Subject: Re: Is Cisco equpiment de facto for you?
On Wed, Jan 12, 2011 at 11:10:16PM -0800, Scott Weeks wrote:
To be fair to Cisco and maybe I'm way off here. But it
- Original Message -
From: Brandon Kim brandon@brandontek.com
To: c...@wpi.edu; nanog group nanog@nanog.org
Sent: Thursday, January 13, 2011 8:46 AM
Subject: RE: Is Cisco equpiment de facto for you?
For ISL, I know they are trying to phase that out. For the exams, they are
On 1/13/2011 8:46 AM, Brandon Kim wrote:
For ISL, I know they are trying to phase that out. For the exams, they are
based on dot1q.
Even if I had all cisco equipment, I'd try to go with standards because you
never know down the road where you may
need to use another vendor.
I wouldn't
On 1/12/2011 9:33 PM, Owen DeLong wrote:
If you are proxying everything, then, there isn't any actual NAT. There are
inside sessions and outside sessions.
Depends on the proxy mechanism used. In a transparent firewall proxy
layout, it generally is still considered NAT. The proxy capabilities
On Jan 13, 2011, at 9:59 AM, Jack Bates wrote:
The proxy capabilities of the firewall are additional security measures on
top of the NAT (and definitely should be deployed for their higher security
value).
Not in front of servers, they shouldn't - because they have a negative security
On 1/13/2011 10:54 AM, Dobbins, Roland wrote:
Not in front of servers, they shouldn't - because they have a negative security
value in that context.
I agree. Any content checks and reporting should be handled by the
server and not a firewall proxy which might have it's own security
ARIN is pleased to offer a Meetings Fellowship Program to bring new
voices and ideas to public policy discussions. This call is for Fellows
to attend ARIN XXVII in San Juan, Puerto Rico from 10-13 April 2011. If
you have never attended an ARIN meeting and are interested in
participating in the
On Thu, Jan 13, 2011 at 11:54 AM, Dobbins, Roland rdobb...@arbor.net wrote:
On Jan 13, 2011, at 9:59 AM, Jack Bates wrote:
The proxy capabilities of the firewall are additional security
measures on top of the NAT (and definitely should be
deployed for their higher security value).
Not in
On Thu, Jan 13, 2011 at 1:11 PM, Jack Bates jba...@brightok.net wrote:
On 1/13/2011 11:56 AM, William Herrin wrote:
So all the folks who use reverse proxies like an http accellerator are
wrong?
They have their purpose. However, depending on the security rating of the
accelerator versus the
if you have multiple sites you should request a direct assignmnet later
than /48. previous $employer recieved a /44 direct assignment on the
basis of north american footprint.
On 1/13/11 4:49 AM, Richard Barnes wrote:
Hi all,
What IPv6 prefix lengths are people accepting in BGP from
On Wednesday, January 12, 2011 12:01:27 pm George Bonser wrote:
With v4 PAT, you can not
be sure which address/port on the external IP maps to which address/port
on the inside IP at any given moment and PAT is stateful in that an
outbound packet is required to start the mapping.
On Cisco at
I know where I have worked we have had a mixture of Juniper and Cisco
equipment. Personally buying a Juniper Router like a M or a T series is
like buying a Ferrari. I like Cisco personally and they are cheaper than
buying a Juniper. For example a M-series is always going to cost some
bucks after
Once upon a time, Michael Ruiz mr...@lstfinancial.com said:
I like Cisco personally and they are cheaper than
buying a Juniper. For example a M-series is always going to cost some
bucks after you factor the FPC and the PICS that need to be loaded.
We didn't find that to be the case, after you
On 1/13/2011 1:35 PM, Michael Ruiz wrote:
For example a M-series is always going to cost some
bucks after you factor the FPC and the PICS that need to be loaded.
I find this usually has to do with the fact that there is no backup to
software processing on a Juniper. Every feature it supports,
On Wednesday, January 12, 2011 12:16:27 pm valdis.kletni...@vt.edu wrote:
140 million compromised PC's, most of them behind a NAT, can't be wrong. :)
How many more would there be if most PC's were not behind NAT or stateful
firewalling?
Or, to turn it on its ear, Windows is the best OS; 250
I find this usually has to do with the fact that there is no backup to
software processing on a Juniper. Every feature it supports, it does
so
in hardware. If the hardware won't do it, then JUNOS won't do it.
The exception has been the multiservices PIC, which is being obsoleted
with the trio
On 1/13/2011 1:48 PM, Michael Ruiz wrote:
Yeah another thing I love about the JUNOS is the rollback command. Whew
I can tell you a few times where that has saved my bacon a few times and
the commit and check command.:-)
Cisco IOS has a similar feature.
reload in 5
make changes
verify things
On Thu, 13 Jan 2011, Michael Ruiz wrote:
Yeah another thing I love about the JUNOS is the rollback command. Whew
I can tell you a few times where that has saved my bacon a few times and
the commit and check command. :-)
Definite +1 for rollback and commit check - and also show | compare
jms
The catch is being able to do it without reloading!
commit confirm will help a lot as well. In case your commit
annihilates your ssh session. ;)
Scott
On 1/13/11 2:51 PM, Jack Bates wrote:
On 1/13/2011 1:48 PM, Michael Ruiz wrote:
Yeah another thing I love about the JUNOS is the rollback
In a message written on Thu, Jan 13, 2011 at 01:48:27PM -0600, Michael Ruiz
wrote:
Yeah another thing I love about the JUNOS is the rollback command. Whew
I can tell you a few times where that has saved my bacon a few times and
the commit and check command. :-)
Cisco marketing seems to have
Cisco marketing seems to have dropped the ball on this one, but IOS has
had a feature that allows you to save a number of configurations, do
diff's, and generally behave similar to the JunOS method for quite a
while. You'll want to check out the archive command.
at one shop were i considered using Juniper instead of a Cisco internet edge
router, the cost of the Juniper was so close to the Cisco it was a non
consideration.The only reason we went with Cisco that time was due to the
fact most of the other gear was Cisco, and it seemed to make more
On Wednesday, March 21, 2007 05:41:00 am Tarig Ahmed wrote:
Is it true that NAT can provide more security?
Blast from the past
Whew, is there any subject more guaranteed to cause a long thread than this? :-)
I have some ideas on this; there are some creative manglings one can do with
NAT
Cisco IOS has a similar feature.
reload in 5
make changes
verify things are working
reload cancel
There seems to be a better way to do it in IOS that will not reload the router:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtrollbk.html
I haven't tried it since all my gear
Subway subs started offering toasted as an option in response to the
success of Quiznos Subs.
So many vendors have been chasing the me too feature match behind
Cisco for so many years it interesting to see Cisco doing the same
behind Juniper.
-b
--
Bill Blackford
Network Engineer
Logged
On Jan 13, 2011, at 11:44 AM, Lamar Owen wrote:
On Wednesday, January 12, 2011 12:16:27 pm valdis.kletni...@vt.edu wrote:
140 million compromised PC's, most of them behind a NAT, can't be wrong. :)
How many more would there be if most PC's were not behind NAT or stateful
firewalling?
On Jan 13, 2011, at 11:51 AM, Jack Bates wrote:
On 1/13/2011 1:48 PM, Michael Ruiz wrote:
Yeah another thing I love about the JUNOS is the rollback command. Whew
I can tell you a few times where that has saved my bacon a few times and
the commit and check command.:-)
Cisco IOS has a
On 1/13/2011 2:58 PM, Owen DeLong wrote:
reload in 5
make changes
verify things are working
reload cancel
It's a little different on a redundant processor system, as you have to reload
both processors. It's also a 2-20 minute outage while you reload, but it does
beat 2 hour drives.
Not
On Jan 13, 2011, at 11:51 AM, Jack Bates wrote:
On 1/13/2011 1:48 PM, Michael Ruiz wrote:
Yeah another thing I love about the JUNOS is the rollback command.
Whew
I can tell you a few times where that has saved my bacon a few times
and
the commit and check command.:-)
Cisco IOS has a
On Wednesday, January 12, 2011 03:50:28 pm Owen DeLong wrote:
That's simply not true. Every end user running NAT is running a stateful
firewall with a default inbound deny.
This is demonstrably not correct. Even in the case of dynamic overloaded NAT,
at least on Cisco, there is no
On Jan 13, 2011, at 1:21 PM, Lamar Owen wrote:
On Wednesday, January 12, 2011 03:50:28 pm Owen DeLong wrote:
That's simply not true. Every end user running NAT is running a stateful
firewall with a default inbound deny.
This is demonstrably not correct. Even in the case of dynamic
Cheers.. to M.A.R.'s related view
On Jan 13, 2011 12:37 PM, Michael Ruiz mr...@lstfinancial.com wrote:
I know where I have worked we have had a mixture of Juniper and Cisco
equipment. Personally buying a Juniper Router like a M or a T series is
like buying a Ferrari. I like Cisco personally and
On Thursday, January 13, 2011 04:32:17 pm Owen DeLong wrote:
No match, no rewrite, no forward.
This is what you're missing; 'no rewrite' does not mean 'no forward'.
Non-rewritten packets along with the rewritten *are* forwarded to routing; in a
firewall they're not forwarded to routing. What
On 1/13/2011 2:44 PM, Thomas Magill wrote:
Cisco IOS has a similar feature.
reload in 5
make changes
verify things are working
reload cancel
There seems to be a better way to do it in IOS that will not reload the router:
JC Dill wrote:
Scruz is ~30-45 minutes from the heart of the internet on the west coast
(Silicon Valley). If your $dayjob isn't in scruz, then it's most likely
IN Silicon Valley. So locate your 1U server in Silicon Valley, where
Yes it's in the Valley and I do consider locating it there.
On 1/13/11 11:30 PM, Jeroen van Aart wrote:
JC Dill wrote:
Scruz is ~30-45 minutes from the heart of the internet on the west
coast (Silicon Valley). If your $dayjob isn't in scruz, then it's
most likely IN Silicon Valley. So locate your 1U server in Silicon
Valley, where
Yes it's in
The problem is, it doesn't seem to support an automated rollback
function. You'd need OOB to get access in many cases to do the rollback.
I thought that is what 'configure terminal revert timer x' did. It looks like
you have to do a 'configure confirm' before the revert time expires or it
On Wed, Jan 12, 2011 at 10:02 PM, Mark Andrews ma...@isc.org wrote:
In message aanlktikixf_mbuo-oskpjsw98vn5_d5wznui_pl37...@mail.gmail.com,
William
Herrin writes:
There's actually a large difference between something that's
impossible for a technology to do (even in theory), something that
I know the way I used to do it at a previous company is we
deployed the Cisco 12000 series router with the CHOC12-DS1-IR-SC module
so we can 336 T1 out of that puppy. The only down side is there is a
limitation on the number of channel groups. If doing something other
than just handing
We used that topology, with an Adtran MX 2800 19 rack version. We
would take our channelize DS-3 from the Telco and the Cisco PA-MC2T3
cards and in turn wire those to a DSX-1 panel. We then did 1 to 1 DS1
X-connects on the panel. That was starting to get too much of a pain as
services grew, so
On Jan 13, 2011, at 5:48 PM, William Herrin wrote:
On Wed, Jan 12, 2011 at 10:02 PM, Mark Andrews ma...@isc.org wrote:
In message aanlktikixf_mbuo-oskpjsw98vn5_d5wznui_pl37...@mail.gmail.com,
William
Herrin writes:
There's actually a large difference between something that's
impossible
On 1/13/11 5:48 PM, William Herrin wrote:
On Wed, Jan 12, 2011 at 10:02 PM, Mark Andrewsma...@isc.org wrote:
In messageaanlktikixf_mbuo-oskpjsw98vn5_d5wznui_pl37...@mail.gmail.com,
William
Herrin writes:
There's actually a large difference between something that's
impossible for a
52 matches
Mail list logo
