On Mon, Apr 19, 2010 at 11:47 PM, Adrian Chadd
wrote: > On Tue, Apr 20, 2010, Perry Lorier
wrote:
>> could dimension a NAT box for an ISP. His research is available here
>> http://www.wand.net.nz/~salcock/spnat/tech_report.pdf . If walls of
>> text scare you (why are you reading this mailing lis
On Tue, Apr 20, 2010, Perry Lorier wrote:
> One of my colleagues here (Shane Alcock) did some research into "Service
> Provider NAT" based off passive traces from a New Zealand Residential
> ISP[1]. By passively looking at connections he investigated how you
> could dimension a NAT box for an
I'm with Owen. I have nothing good to say about ScreenOS. In contrast
JunOS has been great.
seph
Owen DeLong writes:
> Much.. Go SRX over SSG every time. For anything that doesn't have an
> SRX analog, consider the J-series.
>
> SRX/J-Series == JunOS == Good.
> SSG Series == ScreenOS == @)#$*#
LSN is not trivial.
Here is some unverified calculations I did on the problem of scaling nat.
One of my colleagues here (Shane Alcock) did some research into "Service
Provider NAT" based off passive traces from a New Zealand Residential
ISP[1]. By passively looking at connections he inv
In message <4bcd203e.3050...@zill.net>, Patrick Giagnocavo writes:
> Mark Andrews wrote:
> > In message <4bcd14ef.8090...@zill.net>, Patrick Giagnocavo writes:
> >> Mark Andrews wrote:
> >>> In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes
> :
> I haven't seen any suc
Mark Andrews wrote:
> In message <4bcd14ef.8090...@zill.net>, Patrick Giagnocavo writes:
>> Mark Andrews wrote:
>>> In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
I haven't seen any such documents or regulations.
>>> People purchaced the service on the understanding
In message <4bcd14ef.8090...@zill.net>, Patrick Giagnocavo writes:
> Mark Andrews wrote:
> > In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
> >>> That'd be easy if you were just starting up an ISP. What do you do with
> >>> your existing customer base? If their current
Much.. Go SRX over SSG every time. For anything that doesn't have an
SRX analog, consider the J-series.
SRX/J-Series == JunOS == Good.
SSG Series == ScreenOS == @)#$*#@)$(*!)(@$...@$
Just my $0.02 having dealt extensively with both environments over the
years.
Owen
On Apr 19, 2010, at 5:32 PM,
On Apr 19, 2010, at 3:10 PM, Florian Weimer wrote:
> * Leo Bicknell:
>
>> I know of no platform that does hardware NAT. Rather, NAT is a CPU
>> function. While this is another interesting scaling issue, it means
>> this data is not going in the FIB (hardware forwarding database),
>> but rather
Mark Andrews wrote:
> In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
>>> That'd be easy if you were just starting up an ISP. What do you do with
>>> your existing customer base? If their current service includes a
>>> dynamic public IPv4 address, you can't gracefully tak
In message <201004200022.o3k0m2ba007...@aurora.sol.net>, Joe Greco writes:
> > That'd be easy if you were just starting up an ISP. What do you do with
> > your existing customer base? If their current service includes a
> > dynamic public IPv4 address, you can't gracefully take it away, without
>
We've had GREAT success with SRX210, SRX240 and SRX650 boxes in the past
3-4 months. There has been some issues I'll admit but they were all
fixed either in service releases or actual JunOS upgrades.
I believe that most of the issues you hear about were in the 9.x JunOS
releases or at least that
SRX seems very new and many comment it as unstable, this includes some of
Juniper engineers I know in person. SSG though is phasing out. 8months ago
while I was looking for these solutions more closely, I had decided to stay
with SSG, which was good for next 3-4 years. However I believe probabyl SR
now now... you know better than that. of course they have IPv6... they
just don't connect to -your- IPv6 cloud... :)
--bill
On Mon, Apr 19, 2010 at 09:01:10PM -0400, valdis.kletni...@vt.edu wrote:
> On Mon, 19 Apr 2010 18:42:06 EDT, Joe Provo said:
> > On Mon, Apr 19, 2010 at 12:58:43PM -0400
On Mon, 19 Apr 2010 18:42:06 EDT, Joe Provo said:
> On Mon, Apr 19, 2010 at 12:58:43PM -0400, Bill Bogstad wrote:
> [snip]
> > be attractive to at least some of them. Come up with some kind of
> > logo for the program "IPv6 READY!". Make it a bandwagon thing so
> > that vendors who aren't part o
Has anyone on Nanog had any hands on experience with the lower end of the
new SRX series Junipers? We're looking to purchase two new firewalls, and
I'm debating going with SSG series or to make the jump to the SRX line. Any
input, especially about the learning curve jumping from ScreenOS to JunOS
> On Mon, 19 Apr 2010 10:01:25 -0500 (CDT)
> Joe Greco wrote:
>
> > > * Nick Hilliard:
> > >
> > > > On 19/04/2010 16:14, Patrick Giagnocavo wrote:
> > > >> The eyeball ISPs will find it trivial to NAT should they ever need to
> > > >> do
> > > >> so [...]
> > >
> > > > Having made this bold c
> Patrick Giagnocavo wrote:
> > The eyeball ISPs will find it trivial to NAT should they ever need to do
> > so however, something servers cannot do - you are looking at numbers,
> > not operational considerations.
>
> I'll recommend this for competitors.
And what'll you do for your customers whe
> On Apr 19, 2010, at 8:23 AM, Joe Greco wrote:
> >> On 19/04/2010 16:51, Florian Weimer wrote:
> >>> I'm pretty sure the acceptance of NAT varies regionally. I think
> >>> there's a large ISP in Italy which has been doing NAT since the 90s.
> >>
> >> to my knowledge, if we're talking about the s
If you consider 10Gbps packet captures cards, there are :
-2 OEMS (all the appliances are built around these)
a) Napatech NT20E
http://www.napatech.com/products/capture_adapters/2x10g_pcie_nt20e.html
b) Endace DAG 9.2X2
http://www.endace.com/dag-9.2x2-packet-capture-card.html
-3 ODMs
a) IN
> There is also the INVEA-TECH Flowmon :
That's a radically different thing. Niksun, NetWitness, Solera are all
about capturing lots of packets at very high speed. INVEA-TECH is a
NetFlow kind of thing. Totally different; tells you completely
different things about your network.
If you wa
On Mon, Apr 19, 2010 at 12:58:43PM -0400, Bill Bogstad wrote:
[snip]
> be attractive to at least some of them. Come up with some kind of
> logo for the program "IPv6 READY!". Make it a bandwagon thing so
> that vendors who aren't part of the program look behind the times.
Wheels, they get re-in
Offering native IPv4 when there's no addresses left will cost the ISP money
if there is a market to buy more. LNS infrastructure and the associated
indirect support costs will cost the ISP money. I'm not sure which customer
base (native IPv4 or LNS) to give discounts to or charge extra for.
All
On Mon, 19 Apr 2010 17:19:23 +0200 (CEST)
sth...@nethelp.no wrote:
> > There is also an aspect of this transition I don't think we've seen
> > before (in networking). A large percentage of end users are on
> > technologies (cable modem, dsl, even dial up) who's configuration
> > is entirely drive
* Leo Bicknell:
> I know of no platform that does hardware NAT. Rather, NAT is a CPU
> function. While this is another interesting scaling issue, it means
> this data is not going in the FIB (hardware forwarding database),
> but rather is stored in a CPU accessible database.
If you NAT all traf
On Mon, 19 Apr 2010 10:01:25 -0500 (CDT)
Joe Greco wrote:
> > * Nick Hilliard:
> >
> > > On 19/04/2010 16:14, Patrick Giagnocavo wrote:
> > >> The eyeball ISPs will find it trivial to NAT should they ever need to do
> > >> so [...]
> >
> > > Having made this bold claim, have you ever actually t
On 4/19/2010 14:07, Leo Bicknell wrote:
> e a few problems with your data
>
> I know of no platform that does hardware NAT. Rather, NAT is a CPU
> function. While this is another interesting scaling issue, it means
> this data is not going in the FIB (hardware forwarding database),
> but rat
There is also the INVEA-TECH Flowmon :
http://www.invea-tech.com/products-and-services/flowmon/flowmon-overvie
w
http://www.cert.org/flocon/2009/presentations/Celeda_FlexibleFlow.pdf
http://en.wikipedia.org/wiki/FlowMon
On 04/19/2010 11:23 PM, Joel M Snyder wrote:
>
>> Looki
Looking for information on a Niksun probe, http://www.niksun.com/.
Anyone have any experience, good or bad with them?
If you're looking at Niksun, you should look at NetWitness and Solera
instead.
My perception based on their presence in the market is that Niksun is on
the way to oblivion,
Leo Bicknell wrote:
NAT scales just fine. I find that quite unfortunate, personally,
but I don't think there's a problem with the technology or economics.
My juniper doesn't have the memory you specify, and honestly will crash
if everything goes processor based. Replacing hundreds of thousa
On Apr 19, 2010, at 1:52 PM, William Herrin wrote:
> On Mon, Apr 19, 2010 at 1:22 PM, Bryan Fields wrote:
>> On 4/19/2010 10:14, Patrick Giagnocavo wrote:
>>> The eyeball ISPs will find it trivial to NAT should they ever need to do
>>> so however, something servers cannot do - you are looking at
Patrick Giagnocavo wrote:
The eyeball ISPs will find it trivial to NAT should they ever need to do
so however, something servers cannot do - you are looking at numbers,
not operational considerations.
I'll recommend this for competitors.
Jack
On Mon, Apr 19, 2010 at 1:22 PM, Bryan Fields wrote:
> On 4/19/2010 10:14, Patrick Giagnocavo wrote:
>> The eyeball ISPs will find it trivial to NAT should they ever need to do
>> so however, something servers cannot do - you are looking at numbers,
>> not operational considerations.
>
> LSN is no
On 04/19/2010 07:45 PM, Bill Bogstad wrote:
On Mon, Apr 19, 2010 at 1:14 PM, Mohacsi Janos wrote:
On Mon, 19 Apr 2010, Bill Bogstad wrote:
On Mon, Apr 19, 2010 at 12:10 PM, Frank Bulk - iName.com
wrote:
Don't forget the home gateway aspect -- it's a huge gaping hole in
Mail from my company, which is under contract with CSX's Corporate
Communications department (and has been for several years) to publish division
and shop newsletters for the CSXT railroad system, began bouncing earlier this
afternoon.
Was hoping there might be someone from CSXT on this list wh
On 4/19/2010 04:09, Martin Rushworth wrote:
> Hi,
>
> can someone that handles Earthlink blacklist/zombie settings please contact
> me off-list?
>
> we have a recently allocated ARIN /20 range, and all our clients allocated
> out of this are having issues emailing earthlink email accounts, our
Hello Nanog,
Looking for information on a Niksun probe, http://www.niksun.com/.
Anyone have any experience, good or bad with them?
Thanks!
We've had this exact issue with Earthlink and have no absolutely no luck
working with Earthlink to resolve it. If you make any progress, please let
me know how you did it.
Thanks,
Todd
-Original Message-
From: Martin Rushworth [mailto:martin.rushwo...@sohonet.co.uk]
Sent: Monday, April
>> Having made this bold claim, have you ever actually tried to run a natted
>> eyeball network? The last two natted eyeball networks I worked with could
>> never figure out which aspect of NAT hurt more: the technical side or the
>> business side.
My small telco-owned ISP NATs all of its DSL use
On 4/19/2010 10:40 AM, David Conrad wrote:
Bryan,
On Apr 19, 2010, at 10:22 AM, Bryan Fields wrote:
Here is some unverified calculations I did on the problem of scaling nat.
Right now I'm using 42 translation entries in my nat table. Each entry takes
up 312 bytes of FIB memory, which is ~12.7
In a message written on Mon, Apr 19, 2010 at 01:22:31PM -0400, Bryan Fields
wrote:
> Right now I'm using 42 translation entries in my nat table. Each entry takes
> up 312 bytes of FIB memory, which is ~12.7 Kib of data in the FIB. Mutiply
> this by 250k users and we have 3,124,237 KiB of FIB ent
On 2010-04-19 13:22, Bryan Fields wrote:
If we look a the total number of translations for 250k users we see 10.5M
entries. As TCP/UDP only has 65,536 ports and about 1025 of them are
unusable, this leaves 64,511 ports to work with per IP. Divided out we need
163 public IP's min just to nat the
On 4/19/2010 13:40, David Conrad wrote:
> Bryan,
>
> On Apr 19, 2010, at 10:22 AM, Bryan Fields wrote:
>> Here is some unverified calculations I did on the problem of scaling nat.
>>
>> Right now I'm using 42 translation entries in my nat table. Each entry takes
>> up 312 bytes of FIB memory, whi
On Mon, Apr 19, 2010 at 1:14 PM, Mohacsi Janos wrote:
>
>
>
> On Mon, 19 Apr 2010, Bill Bogstad wrote:
>
>> On Mon, Apr 19, 2010 at 12:10 PM, Frank Bulk - iName.com
>> wrote:
>>>
>>> Don't forget the home gateway aspect -- it's a huge gaping hole in the
>>> IPv6
>>> deployment strategy for ISPs.
Bryan,
On Apr 19, 2010, at 10:22 AM, Bryan Fields wrote:
> Here is some unverified calculations I did on the problem of scaling nat.
>
> Right now I'm using 42 translation entries in my nat table. Each entry takes
> up 312 bytes of FIB memory, which is ~12.7 Kib of data in the FIB. Mutiply
> th
On Apr 19, 2010, at 8:23 AM, Joe Greco wrote:
>> On 19/04/2010 16:51, Florian Weimer wrote:
>>> I'm pretty sure the acceptance of NAT varies regionally. I think
>>> there's a large ISP in Italy which has been doing NAT since the 90s.
>>
>> to my knowledge, if we're talking about the same organi
On Apr 19, 2010, at 1:22 31PM, Bryan Fields wrote:
> On 4/19/2010 10:14, Patrick Giagnocavo wrote:
>> The eyeball ISPs will find it trivial to NAT should they ever need to do
>> so however, something servers cannot do - you are looking at numbers,
>> not operational considerations.
>
> LSN is no
Dear all,
I think there is some discussion and work at IETF to define
solutions.
http://datatracker.ietf.org/doc/draft-dec-dhcpv6-route-option/
or
http://tools.ietf.org/id/draft-droms-dhc-dhcpv6-default-router-00.txt
Describe valid engineering reqs to have a drafted at IETF, and you will
On 4/19/2010 10:14, Patrick Giagnocavo wrote:
> The eyeball ISPs will find it trivial to NAT should they ever need to do
> so however, something servers cannot do - you are looking at numbers,
> not operational considerations.
LSN is not trivial.
Here is some unverified calculations I did on the
One of our co-workers has left the company so we have been forwarding his
emails to our main support email and we're getting a lot of nanog's posts. Can
you unsubscribe either rma...@nacio.com or rma...@qds-i.com? Thank you.
Chi Tran
Quadrant Support
ct...@qds-i.c
Check your inboxes :)
--
bk
On Mon, 19 Apr 2010, Bill Bogstad wrote:
On Mon, Apr 19, 2010 at 12:10 PM, Frank Bulk - iName.com
wrote:
Don't forget the home gateway aspect -- it's a huge gaping hole in the IPv6
deployment strategy for ISPs. And don't talk to me about Apple's Airport
Extreme. ISPs want (once the volume
sth...@nethelp.no wrote:
*If* the whole IPv6 config can be driven from the same database. For
the time being, DHCPv6 cannot deliver a default gateway to customers
(and there is a religious faction within the IPv6 community which
seem to want to prevent this at all costs).
s/IPv6/IETF/
I don't
On Mon, Apr 19, 2010 at 12:10 PM, Frank Bulk - iName.com
wrote:
> Don't forget the home gateway aspect -- it's a huge gaping hole in the IPv6
> deployment strategy for ISPs. And don't talk to me about Apple's Airport
> Extreme. ISPs want (once the volume of IETF IPv6-related drafts has settled
>
Don't forget the home gateway aspect -- it's a huge gaping hole in the IPv6
deployment strategy for ISPs. And don't talk to me about Apple's Airport
Extreme. ISPs want (once the volume of IETF IPv6-related drafts has settled
down) for every router at Wal-mart to include IPv6 support. If they sta
> On 19/04/2010 16:51, Florian Weimer wrote:
> > I'm pretty sure the acceptance of NAT varies regionally. I think
> > there's a large ISP in Italy which has been doing NAT since the 90s.
>
> to my knowledge, if we're talking about the same organisation, this large
> ISP is moving away from NAT, o
On 19/04/2010 16:51, Florian Weimer wrote:
> I'm pretty sure the acceptance of NAT varies regionally. I think
> there's a large ISP in Italy which has been doing NAT since the 90s.
to my knowledge, if we're talking about the same organisation, this large
ISP is moving away from NAT, or already ha
> There is also an aspect of this transition I don't think we've seen
> before (in networking). A large percentage of end users are on
> technologies (cable modem, dsl, even dial up) who's configuration
> is entirely driven out of a provisioning database.
>
> Once the backbone is rolled out, the
On Mon, 19 Apr 2010, Owen DeLong wrote:
I'm looking at both, and, frankly, LSN (large scale NAT) is not as
trivial as you think. I actually talk to and work with some of these
very large providers on a regular basis. None of them is looking forward
to deploying LSN with anything but dread. The
> * Nick Hilliard:
>
> > On 19/04/2010 16:14, Patrick Giagnocavo wrote:
> >> The eyeball ISPs will find it trivial to NAT should they ever need to do
> >> so [...]
>
> > Having made this bold claim, have you ever actually tried to run a natted
> > eyeball network? The last two natted eyeball net
On 2010-04-19, at 10:51, Florian Weimer wrote:
> * Nick Hilliard:
>
>> On 19/04/2010 16:14, Patrick Giagnocavo wrote:
>>> The eyeball ISPs will find it trivial to NAT should they ever need to do
>>> so [...]
>
>> Having made this bold claim, have you ever actually tried to run a natted
>> eyeba
* Nick Hilliard:
> On 19/04/2010 16:14, Patrick Giagnocavo wrote:
>> The eyeball ISPs will find it trivial to NAT should they ever need to do
>> so [...]
> Having made this bold claim, have you ever actually tried to run a natted
> eyeball network? The last two natted eyeball networks I worked w
Nick Hilliard wrote:
> On 19/04/2010 16:14, Patrick Giagnocavo wrote:
>> The eyeball ISPs will find it trivial to NAT should they ever need to do
>> so [...]
>
> Patrick,
>
> Having made this bold claim, have you ever actually tried to run a natted
> eyeball network? The last two natted eyeball
On 19/04/2010 16:14, Patrick Giagnocavo wrote:
> The eyeball ISPs will find it trivial to NAT should they ever need to do
> so [...]
Patrick,
Having made this bold claim, have you ever actually tried to run a natted
eyeball network? The last two natted eyeball networks I worked with could
never
In a message written on Sun, Apr 18, 2010 at 10:22:25PM -0700, joel jaeggli
wrote:
> Just because the curve doesn't look steep enough now doesn't mean it
> won't in two years. Human behavior is hard to model and panic hasn't set
> in yet.
There is also an aspect of this transition I don't think
On 4/19/10 9:14 AM, "Patrick Giagnocavo" wrote:
> The eyeball ISPs will find it trivial to NAT should they ever need to do
> so however, something servers cannot do - you are looking at numbers,
> not operational considerations.
Personally, I'm just waiting to see which eyeball ISP is the first
On Apr 19, 2010, at 7:14 AM, Patrick Giagnocavo wrote:
> Owen DeLong wrote:
>>
>> I had an interesting discussion with someone from Registration Services at
>> ARIN today.
>>
>> The big requests for IP space (the 11 organizations that hold 75% of all
>> ARIN issued
>> space) do not come from
On Apr 19, 2010, at 10:14 AM, Patrick Giagnocavo wrote:
> Owen DeLong wrote:
>>
>> I had an interesting discussion with someone from Registration Services at
>> ARIN today.
>>
>> The big requests for IP space (the 11 organizations that hold 75% of all
>> ARIN issued
>> space) do not come from t
Owen DeLong wrote:
>
> I had an interesting discussion with someone from Registration Services at
> ARIN today.
>
> The big requests for IP space (the 11 organizations that hold 75% of all ARIN
> issued
> space) do not come from the server side... They come from the eye-ball ISPs.
> The only
On Apr 19, 2010, at 6:50 AM, Florian Weimer wrote:
> * Patrick W. Gilmore:
>
>>> I'm not so sure. Name-based virtual hosting for plain HTTP was
>>> introduced when Windows NT 4.0 was still in wide use. It originally
>>> came with Internet Explorer 2.0, which did not send the Host: header
>>> i
* Patrick W. Gilmore:
>> I'm not so sure. Name-based virtual hosting for plain HTTP was
>> introduced when Windows NT 4.0 was still in wide use. It originally
>> came with Internet Explorer 2.0, which did not send the Host: header
>> in HTTP requests.
>
> NT4 was never heavily adopted by users.
On Apr 19, 2010, at 6:54 AM, Florian Weimer wrote:
> * Patrick W. Gilmore:
>
>>> Reality is that as soon as SSL web servers and SSL-capable web
>>> browsers have support for name-based virtual hosts, the number of
>>> IPv4 addresses required will drop. Right now, you need 1 IP
>>> address for 1
-Original Message-
From: Owen DeLong [mailto:o...@delong.com]
Sent: Monday, April 19, 2010 7:28 AM
To: Chris Campbell
Cc: nanog@nanog.org
Subject: Re: Rate of growth on IPv6 not fast enough?
On Apr 19, 2010, at 3:16 AM, Chris Campbell wrote:
>
> On 19 Apr 2010, at 03:52, joel jaeggli
On Apr 19, 2010, at 3:16 AM, Chris Campbell wrote:
>
> On 19 Apr 2010, at 03:52, joel jaeggli wrote:
>
>> On 4/18/2010 6:28 PM, Patrick Giagnocavo wrote:
>>> Franck Martin wrote:
Sure the internet will not die...
But by the time we run out of IPv4 to allocate, the IPv6 network w
Hi,
can someone that handles Earthlink blacklist/zombie settings please contact me
off-list?
we have a recently allocated ARIN /20 range, and all our clients allocated out
of this are having issues emailing earthlink email accounts, our other ARIN
ranges are fine. No luck through any other cha
On Sun, 18 Apr 2010, joel jaeggli wrote:
Just because the curve doesn't look steep enough now doesn't mean it won't in
two years. Human behavior is hard to model and panic hasn't set in yet.
It's just that I'm in Thailand right now and I am bitter about how lousy
the Internet works here, and
* Patrick W. Gilmore:
>> Reality is that as soon as SSL web servers and SSL-capable web
>> browsers have support for name-based virtual hosts, the number of
>> IPv4 addresses required will drop. Right now, you need 1 IP
>> address for 1 SSL site; SNI spec of SSL gets rid of that.
>
> Agreed.
>
>
* William Herrin:
> On Sun, Apr 18, 2010 at 8:45 PM, Franck Martin wrote:
>> Sure the internet will not die...
>>
>> But by the time we run out of IPv4 to allocate, the IPv6 network
>>will not have completed to dual stack the current IPv4 network.
>>So what will happen?
> Zero-sum game. Deployin
On 19 Apr 2010, at 03:52, joel jaeggli wrote:
> On 4/18/2010 6:28 PM, Patrick Giagnocavo wrote:
>> Franck Martin wrote:
>>> Sure the internet will not die...
>>>
>>> But by the time we run out of IPv4 to allocate, the IPv6 network will not
>>> have completed to dual stack the current IPv4 netwo
79 matches
Mail list logo