Although it would seem that double-stack is still the preferred method of linux
distribution, I want my next deployed in IPv6 only.
For linux there is NAT-PT tomicki and NAT64 Viagenie.
I don't have Cisco equipment although I'd like tested their NAT-PT, even if
it's obsolete.
Are some of you
On Wed, 19 Jan 2011, jarod smith wrote:
Are some of you have installed one of these two implementations in
production on recent versions of linux? Is it stable, secure, ... ?
Not in production, but we've installed it for testing. We immediately ran
into problems that was MTU related where
Thanks to all for the responses, certainly illuminating. I'm now more aware
of what I can do and what tools are available. The following makes sense to
me:
- Take full routing tables and default from both ISPs and decide
how I filter the routes that get installed in my routers.
-
Thanks for your reply.
In summary it's not possible to deployed IPv6 only if I want to access the
whole internet :)
On Wed, Jan 19, 2011 at 10:18 AM, jarod smith jarod.smo...@gmail.comwrote:
Although it would seem that double-stack is still the preferred method of
linux
distribution, I
On 01/18/2011 07:42 AM, Sergey Voropaev wrote:
Does any one know software sollutions (free is preferable) like as cisco GSS
and F5 BIG-IP? The main point is that DNS-server (or dns server plugin) must
be able to monitor server availability (for example by TCP connect) and from
DNS-reply
On 2011-01-19, at 08:17, Joe Greco wrote:
You wouldn't use Zebra; it isn't actively developed anymore and has
not been updated in many years. Use Quagga instead, which is the
community-based offshoot.
I don't think this is what the original post was asking about, but for the sake
of
Am 19.01.11 01:01, schrieb david raistrick:
On 01/18/2011 09:42 AM, Sergey Voropaev wrote:
Does any one know software sollutions (free is preferable) like as
cisco GSS
and F5 BIG-IP? The main point is that DNS-server (or dns server
plugin) must
be able to monitor server availability (for
You can do some switching by stuffing a virtual NM-16ESW into your
faketastic 3660 in Dynamips. Then there are the built-in frame-relay and
ethernet switches you could dump into the mix as well.
-Ryan
On Mon, Jan 17, 2011 at 10:23 AM, Brandon Kim brandon@brandontek.comwrote:
James:
I've
If you looking for network simulator for Cisco equipment it's been my
experience that Boson (www.boson.com) has best network simulator for Cisco
equipment. It behaves and process information the way real Cisco equipment
does. I've tried GS3, it great for routing situations but lacks in
On Wed, 19 Jan 2011 10:23:47 -, Ahmed Yousuf wrote
- Accept that we are never going to get an ideal
distribution of traffic and continue monitoring and adjusting local
pref/prepends etc. as and when we need to change the distribution of
traffic. Hopefully we don't need to do
Anything for Junipers ?
On Wed, Jan 19, 2011 at 11:52 AM, Gary Gladney glad...@stsci.edu wrote:
If you looking for network simulator for Cisco equipment it's been my
experience that Boson (www.boson.com) has best network simulator for Cisco
equipment. It behaves and process information the
We're doing BGP to announce our PI space and make sure that our PI space is
reachable through both ISPs in case one link goes down. This is the primary
need to do the BGP here. Unfortunately my boss has requested that we make
use of the capacity of both links, rather than pref traffic out of the
On 2011/01/19 5:28 PM, nanog-requ...@nanog.org nanog-requ...@nanog.org
wrote:
Send NANOG mailing list submissions to
nanog@nanog.org
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject
On Wed, 19 Jan 2011 14:26:32 -, Ahmed Yousuf wrote
We're doing BGP to announce our PI space and make sure that our PI
space is reachable through both ISPs in case one link goes down.
This is the primary need to do the BGP here. Unfortunately my boss
has requested that we make use of
On 1/19/2011 8:27 AM, Carlos Martinez-Cagnazzo wrote:
Anything for Junipers ?
Olive? Do you dare?
On Wed, Jan 19, 2011 at 11:52 AM, Gary Gladneyglad...@stsci.edu wrote:
If you looking for network simulator for Cisco equipment it's been my
experience that Boson (www.boson.com) has best
Folks,
See http://www.nanog.org/meetings/nanog51/agenda.php
See you in Miami,
Dave
(for the NANOG PC)
On Wed, Jan 19, 2011 at 1:18 AM, jarod smith jarod.smo...@gmail.com wrote:
Although it would seem that double-stack is still the preferred method of
linux
distribution, I want my next deployed in IPv6 only.
For linux there is NAT-PT tomicki and NAT64 Viagenie.
I don't have Cisco equipment
Hi,
I didn't use NAT-PT, but have lot of experience with NAT64/DNS64.
We've deployed NAT64 with DNS64 in our test lab with last Fedora linux
workstations , so far, it works fine.
--
Sincerely,
Mikhail Strizhov
Email: striz...@netsec.colostate.edu mailto:striz...@netsec.colostate.edu
On
I have a question about a Verizon FiOS business connection with an
ethernet hand off and I am hoping that someone out there has done the
same thing.
We have a FiOS business connection coming into our building. This
includes an Ethernet hand off into the usual Actiontec router as well
as a block
I have done this exact thing. We had a client with a block of public ips and
they needed the actiontec router to stay connected for the cable boxes. Just
put the switch between the ONT ethernet port and the actiontec WAN port and you
should be fine. Just make sure the ethernet port is active on
Not that this is a requirement, but good practice none the less with this
setup... Turn off cdp on the port facing the LEC...
-graham
- Reply message -
From: Chris Burwell cburw...@gmail.com
Date: Wed, Jan 19, 2011 2:56 pm
Subject: Verizon FiOS Distribution Switch
To: NANOG
On 01/19/2011 01:28 PM, GP Wooden wrote:
Not that this is a requirement, but good practice none the less with this
setup... Turn off cdp on the port facing the LEC...
+1
also add 'nonegotiate' and turn off spanning tree on the port while
you're at it. There's a list somewhere of standard
Talari management apparently has experience at the old Routescience BGP
load-balancer startup, so this warrants a closer look. Has anyone used their
products?
We are considering them but bit concern as they do forwarding plane
optimization instead of control plane in case of Route Science.
thanks,
Shahid
On Wed, Jan 19, 2011 at 2:50 PM, Holmes,David A dhol...@mwdh2o.com wrote:
Talari management apparently has experience at the old Routescience BGP
Gents:
What measures do you take to protect your border routers? Our routers are
running BGP so I'm interested
if there is any way to secure them without interfering with BGP? Is it normal
to put a firewall in front of the
border routers?
I'm concerned about DDOS attacks mainlyalthough
I ALWAYS start with the CYMRU secure bgp templates, found here:
http://www.team-cymru.org/ReadingRoom/Templates/secure-bgp-template.html
I personally would not recommend a firewall in front of your router, sufficient
ACL'ing should be enough for securing the router itself.
Bryan
-Original
A stateful firewall outside of your router may create a new bottleneck which
increases your risk of DoS. Making sure that you know (and document, and
test) how to effectively contact your service providers should you be
attacked would be a good idea. Find out if your service providers have BGP
What an insightful link! Thank you, I am reading it now.
From: bryan.we...@arrisi.com
To: nanog@nanog.org
Date: Wed, 19 Jan 2011 16:38:43 -0800
Subject: RE: Securing Border Routers
I ALWAYS start with the CYMRU secure bgp templates, found here:
Previous conversations made me decide this would be fun to do so I ignored all
my real work today and made it happen.
I built a TCL script that can be mapped to an alias (alias exec updatedrop
tclsh updatedrop.tcl) that will connect to the Spamhaus DROP list and route
all of the prefixes to
On Jan 19, 2011, at 9:04 PM, Thomas Magill wrote:
Previous conversations made me decide this would be fun to do so I ignored
all my real work today and made it happen.
I built a TCL script that can be mapped to an alias (alias exec updatedrop
tclsh updatedrop.tcl) that will connect to
Did you try this
http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ#168
LInks to Marco d'Itri's cisco tools package -
http://www.linux.it/~md/software/cisco-tools-0.2.tgz
Pretty neat, can update bogons as well
On Thu, Jan 20, 2011 at 7:34 AM, Thomas Magill
tmag...@providecommerce.com
Does anybody have a technical contact for United Airlines? I can't seem to
get in touch with any of the phone numbers or email addresses listed in
whois.
Regards,
Nathan Charles
Does anybody have a technical contact for United Airlines? I can't seem to
get in touch with any of the phone numbers or email addresses listed in
whois.
Regards,
Nathan Charles
Using non-world routable space on interfaces makes for difficulties in some
situations with PMTU-D and with troubleshooting (useless information in
traceroutes for example).
Owen
On Jan 19, 2011, at 6:04 PM, jim deleskie wrote:
Never put a firewall in front of a router, it will die first. The
34 matches
Mail list logo
