Re: 100Gb/s TOR switch

On 09/04/2015 21:54, Christopher Morrow wrote: > the math on their page is 'interesting'... it's a t2 chipset. should be all forwarded at asic level, i.e. at line rate per port. Nick

Re: 100Gb/s TOR switch

Fairly certain thats a typo and supposed to be 960M pps :) On Thu, Apr 9, 2015 at 2:54 PM, Christopher Morrow wrote: > On Thu, Apr 9, 2015 at 8:54 AM, Nick Hilliard wrote: > > > http://whiteboxswitch.com/products/edge-core-as5610-52x > > the math on their page is 'interesting'... > > 1.28tbps t

Re: Cisco/Level3 takedown

--- skho...@neutraldata.com wrote: From: Sameer Khosla Was just reading http://blogs.cisco.com/security/talos/sshpsychos then checking my routing tables. Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published the ssh attack dictio

Re: 100Gb/s TOR switch

On Thu, Apr 9, 2015 at 8:54 AM, Nick Hilliard wrote: > http://whiteboxswitch.com/products/edge-core-as5610-52x the math on their page is 'interesting'... 1.28tbps throughput (which is .08 or so tbps better than 64 10g ports equivalent) 960mbps forwarding err... so for just plain switching line

Re: Cisco/Level3 takedown

> On Apr 9, 2015, at 3:01 PM, Matt Olney (molney) wrote: > > In response to Sameer Khosla's comment that we should work with the entire > service provider community: > > Talos is the threat intelligence group within Cisco. We absolutely > welcome discussions with any network operator on how we

Re: Multi-gigabit edge devices as CPE [TOPIC DRIFT!]

There is no redirecting as all the hosts have the same IP (typically on the loopback interface). Traffic goes back directly. You can even do priority but I would not. You get host down detection as the route will be withdrawn. You do not get server overload. On the other hand I am not sure I want

Re: Cisco/Level3 takedown

In response to Sameer Khosla's comment that we should work with the entire service provider community: Talos is the threat intelligence group within Cisco. We absolutely welcome discussions with any network operator on how we can improve the state of security on the Internet. Please contact me d

RE: Cisco/Level3 takedown

Seems like it this is pretty ineffective. The group already moved subnets once, they will likely do this again, all Cisco/L3 have done is slow them down a bit. Stephen Mikulasik -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Sameer Khosla Sent: Thursday, Ap

Re: Voip encryption

Hi Simon, My understanding is that since your 3rd party VPLS instance is a private ³MPLS² network, there is no requirement for application-level encryption. However if you wanted to encrypt VOIP that carries credit card data, some PBX/handsets offer application-level media encryption if that¹s the

Re: Multi-gigabit edge devices as CPE [TOPIC DRIFT!]

On April 9, 2015 at 20:50 baldur.nordd...@gmail.com (Baldur Norddahl) wrote: > You can do this for free with equal cost multi path routing. You announce > the same IP from multiple servers with eg. OSPF. True, and thanks, but that's just the beginning of an implementation, you still need all th

Re: Cisco/Level3 takedown

Warrior Nun Areala wears a black hat. http://en.wikipedia.org/wiki/Warrior_Nun_Areala -b On April 9, 2015 at 18:29 m...@beckman.org (Mel Beckman) wrote: > Wrong. Batman, for example, wears a black hat. > > -mel via cell > > On Apr 9, 2015, at 11:17 AM, "Randy Bush" wrote: > > >

RE: G/L Coding for RIR resources

I don’t use a credit card. I expense through finance RIR fees go under a Maintenance code Database stuff would go under a Contractor code Cheers Marla -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Christopher Morrow Sent: Thursday, April 09, 2015 11:13 AM

Re: Cisco/Level3 takedown

folk are getting kinda bent out of shape about this, and about L3 doing 'something' but look at: what's 4134 doing there? This one as well:

Re: Cisco/Level3 takedown

On Thu, Apr 9, 2015 at 2:52 PM, Jeff Shultz wrote: > I think that, properly, Batman wears a cowl, not a hat. > "... the details of his costume from time to time, it is most often depicted as consisting of: matching black (or blue) scalloped cape, bat-like co

Re: Cisco/Level3 takedown

> On Apr 9, 2015, at 11:29 AM, Mel Beckman wrote: > > Wrong. Batman, for example, wears a black hat. Thank you, Mask Man. -Bill signature.asc Description: Message signed with OpenPGP using GPGMail

Re: Cisco/Level3 takedown

I think that, properly, Batman wears a cowl, not a hat. On 4/9/2015 11:29 AM, Mel Beckman wrote: Wrong. Batman, for example, wears a black hat. -mel via cell

Re: Multi-gigabit edge devices as CPE [TOPIC DRIFT!]

You can do this for free with equal cost multi path routing. You announce the same IP from multiple servers with eg. OSPF. Den 09/04/2015 19.34 skrev "Barry Shein" : > > On April 9, 2015 at 09:11 raphael.timo...@gmail.com (Tim Raphael) wrote: > > VyOS is a community fork of Vyatta and is still be

Re: Cisco/Level3 takedown

Just to add to the noise I think batman wears a black mask/helmet, but I've never considered it a mask. I didn't look at the details on this, but did L3 sink the routes at their border or did they expressly announce the route to sink it? -jim On Thu, Apr 9, 2015 at 3:35 PM, Randy Bush wrot

Re: Cisco/Level3 takedown

> Wrong. Batman, for example, wears a black hat. >> vigilantes always wear white hats. i stand corrected

Re: Cisco/Level3 takedown

Wrong. Batman, for example, wears a black hat. -mel via cell On Apr 9, 2015, at 11:17 AM, "Randy Bush" wrote: >> It does make one wonder why Cisco or Level 3 is involved, why they >> feel they have the authority to hijack someone else's IP space, and >> why they didn't go through law enforceme

Re: Cisco/Level3 takedown

> It does make one wonder why Cisco or Level 3 is involved, why they > feel they have the authority to hijack someone else's IP space, and > why they didn't go through law enforcement. This is especially true > for the second netblock (43.255.190.0/23), announced by a US company > (AS26484). vigil

Re: G/L Coding for RIR resources

On Thu, Apr 9, 2015 at 2:09 PM, Bill Blackford wrote: > Group. How do your respective bean counting teams code RIR resources, > ASN's, Addr allocations, etc.? Software subscription? Licensing? honestly I bet in a lot of places: "Office Supplies" because: 1) no one's finance department accounts

G/L Coding for RIR resources

Group. How do your respective bean counting teams code RIR resources, ASN's, Addr allocations, etc.? Software subscription? Licensing? Thank you -- Bill Blackford Logged into reality and abusing my sudo privileges.

Re: Multi-gigabit edge devices as CPE [TOPIC DRIFT!]

On April 9, 2015 at 09:11 raphael.timo...@gmail.com (Tim Raphael) wrote: > VyOS is a community fork of Vyatta and is still being developed very > actively and it pushing ahead with many new features! It's pretty stable too > imo. > > http://vyos.net/wiki/Main_Page SPEAKING of OSS routers.

Re: Cisco/Level3 takedown

I was wondering why a non-allocated AS was being allowed to announce the blocks but it appears that APNIC has revoked the 63854 ASN? http://wq.apnic.net/apnic-bin/whois.pl?searchtext=AS63854&object_type=aut-num Based on google's cache, it was still there late March. BGP routing table entry for 1

Re: Cisco/Level3 takedown

Reading the article, I assumed that perhaps Level 3 was an upstream carrier, but RIPE stats shows that the covering prefix (103.41.120.0/22) is announced by AS63509, an Indonesian organization. It looks like they're fighting back by announcing their own /24 now. I love the AS's address: descr:

Re: Voip encryption

On Thu, Apr 09, 2015 at 11:04:06AM -0400, Christopher Morrow wrote: > On Thu, Apr 9, 2015 at 6:21 AM, Simon Brilus wrote: > > Hi - I have a PCIDSs requirement to encrypt VoIP over a 3rd party VPLS > > network. Has anyone dealt with this. I'd really not use VPN's over the VPLS > > so am looking at

Re: Cisco/Level3 takedown

On Thu, Apr 9, 2015 at 11:31 AM, Sameer Khosla wrote: > Was just reading http://blogs.cisco.com/security/talos/sshpsychos then > checking my routing tables. > > Looks like the two /23's they mention are now being advertised as /24's, and > I'm also not sure why cisco published the ssh attack dic

RE: Multi-gigabit edge devices as CPE

I didn’t research the full feature list, but you might take a quick look at Mikrotik. www.mikrotik.com -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Tim Raphael Sent: Thursday, April 9, 2015 10:51 AM To: Daniel Rohan Cc: nanog@nanog.org Subject: Re: Multi

Cisco/Level3 takedown

Was just reading http://blogs.cisco.com/security/talos/sshpsychos then checking my routing tables. Looks like the two /23's they mention are now being advertised as /24's, and I'm also not sure why cisco published the ssh attack dictionary. It seems to me that this is something that if they wan

Re: Voip encryption

On Thu, Apr 9, 2015 at 6:21 AM, Simon Brilus wrote: > Hi - I have a PCIDSs requirement to encrypt VoIP over a 3rd party VPLS > network. Has anyone dealt with this. I'd really not use VPN's over the VPLS > so am looking at hardware WAN encrypters. wait, you don't want to do some VPN thing over the

Re: Multi-gigabit edge devices as CPE

You could possibly look at rolling vMX (if it's even available yet) on x86 hardware. It's licensed by throughput and feature set. If you are doing L3VPN, I think you would need the advanced license. This may fit within your budget. On Thu, Apr 9, 2015 at 10:50 AM, Tim Raphael wrote: > You’ll

Re: Multi-gigabit edge devices as CPE

You’ll be looking at a Juniper MX or a Cisco ASK9K I think. The MXs are targeted as being full-features edge routers. An MX5 will take a full feed just fine and do all the *VPN you want. If you’re talking about multiple full feeds then you’ll need a MX240 with one of the higher-power REs for a d

Re: Multi-gigabit edge devices as CPE

On Thu, Apr 9, 2015 at 7:25 AM, Tim Raphael wrote: > L3VPN hand off is the only thing I can think of from the top of my head. > But then, there would be no need to have a full table unless you had > customers requesting a full table. I have one customer who needs an L3VPN for some shared priva

Re: Multi-gigabit edge devices as CPE

On Thu, Apr 9, 2015 at 7:25 AM, Tim Raphael wrote: > It sounds like the OP is looking for one device to do multiple roles where > two/three different device types and/or sizes would fit better. Yes, correct. And thanks for your work and suggestions.

Re: Multi-gigabit edge devices as CPE

I think e in ren is edu not edge L3vpn or L2vpn for pseudo back haul or l2 extensions State ren I assume to stand for regional education network so likely vrf would be public internet possibly Internet 2 , district traffic, maybe higher Ed access for night class and vice versa. One way to a

Re: Multi-gigabit edge devices as CPE

On Thu, Apr 9, 2015 at 7:25 AM, Tim Raphael wrote: > L3VPN hand off is the only thing I can think of from the top of my head. But > then, there would be no need to have a full table unless you had customers > requesting a full table. Well my interpretation was that IPv4 address space had become s

Re: Multi-gigabit edge devices as CPE

L3VPN hand off is the only thing I can think of from the top of my head. But then, there would be no need to have a full table unless you had customers requesting a full table. It sounds like the OP is looking for one device to do multiple roles where two/three different device types and/or siz

Re: Multi-gigabit edge devices as CPE

On Thu, Apr 9, 2015 at 2:37 AM, Tim Raphael wrote: > I find this rather offensive as you clearly have no idea what I have > contributed to the OSS community or more specifically to the VyOS project. > > Among working, studying a masters degree and a little sleep to keep me sane, > I already do w

Re: Voip encryption

On Thu, Apr 9, 2015 at 1:21 PM, Simon Brilus wrote: > Hi - I have a PCIDSs requirement to encrypt VoIP over a 3rd party VPLS > network. Has anyone dealt with this. I'd really not use VPN's over the VPLS > so am looking at hardware WAN encrypters. > > SafeNet and Thales sell L2 WAN encryptors for

Re: BGP offloading (fixing legacy router BGP scalability issues)

Hi Frederik, > On 09 Apr 2015, at 13:24, Frederik Kriewitz wrote: > > Thank you very much for all your responses. > > First of all, the problems we see are really RIB (Processor memory) > and CPU related. > The TCAM/FIB limits are properly configured. From the FIB capacity > view they should la

Re: 100Gb/s TOR switch

On 09/04/2015 13:30, Colton Conor wrote: > So are we expecting these new switches to be the same price or cheaper than > the current 40G uplinks models? Do you think the vendors will heavily > discount the switches with 10G user port and 40G uplinks? like this? http://whiteboxswitch.com/products/

Re: 100Gb/s TOR switch

So are we expecting these new switches to be the same price or cheaper than the current 40G uplinks models? Do you think the vendors will heavily discount the switches with 10G user port and 40G uplinks? On Wed, Apr 8, 2015 at 9:33 PM, Phil Bedard wrote: > Everyone. These should also support 25

Re: BGP offloading (fixing legacy router BGP scalability issues)

Thank you very much for all your responses. First of all, the problems we see are really RIB (Processor memory) and CPU related. The TCAM/FIB limits are properly configured. From the FIB capacity view they should last a couple of more years. Software routing doesn't cause the problem. The most ext

Voip encryption

Hi - I have a PCIDSs requirement to encrypt VoIP over a 3rd party VPLS network. Has anyone dealt with this. I'd really not use VPN's over the VPLS so am looking at hardware WAN encrypters. Any guidance appreciated. Thanks Simon

Re: Multi-gigabit edge devices as CPE

I find this rather offensive as you clearly have no idea what I have contributed to the OSS community or more specifically to the VyOS project. Among working, studying a masters degree and a little sleep to keep me sane, I already do what I can. Tim > On 9 Apr 2015, at 10:42 am, Dave Taht wro