Their products seem to be named 'MPC' or 'ASR,' reminds me of J and C
respectively.
PacketFront/Waystream actually owns the ASR trademark.
We got quite surprised when Cisco released their ASR routers
(Yes, I did work there from 2004-2011)
/Anders
I really like the Intel NUC. Standard x86 hardware, multiple choices of
CPUs, runs debian/ubuntu/fedora etc with zero modifications.
/Anders
MVH / Regards
Anders Löwinger
Founder, Senior Consultant
Abundo AB
Murkelgränd 6
94471 Piteåhttp://abundo.se
office: +46 911 400021
mobile: +46 72 206 0322
On 2014-12-27 17:37, Enno Rey wrote:
> true, but some (most) of them only apply in networks where multicasting/ND is
> fully supported which is not necessarily the case in the above type of
> networks.
Yes. I'm aware of the various types of solutions for security in IPv6 with
shared VLANs. I was
On 2014-12-27 17:27, Tarko Tikan wrote:
> Split-horizon (switchport protected in Cisco world). Customers can't send
> packets directly to each other, all communication has to go via BNG router.
> Obviously we protect L2 as well like limiting number of MACs per customers,
> make sure BNG MAC cannot
On 2014-12-22 16:27, Tarko Tikan wrote:
> Our access network is mix of DSL/GPON/wimax/p2p-ETH and broadband service is
> deployed in shared service vlans. IPv6 traffic shares vlan with IPv4.
How do you protect customers from each other?
There are many nasty IPv6 attacks you can do when on a shar
>> 4. Do you block non-UDP DNS requests or rate-limit requests?
>
> Yes
Why? RFC5966 DNS Transport over TCP - Implementation Requirements
You make it very hard for DNSSEC
>> 5. Anything else you block/filter on your DNS servers?
>
> block fragmented packets
Why? You then block EDNS0, which D
On 2014-02-12 05:47, Frank Bulk wrote:
In the scenario you're describing does each PC get its own /64 (or /56 or
/48) directly from the service provider? Or are they in the same netblock?
They are connected through a L2 switch directly to the access port.
Mikael responded in another email, an
On 2014-02-11 23:41, Mikael Abrahamsson wrote:
Is there not an issue with this if the customer is connected directly to the
access device over L2? They will not communicate with each other direcly,
all traffic will be exchanged through the default gateway?
Yes, what's the problem with that?
B
On 2014-02-08 05:38, Mikael Abrahamsson wrote:
Has there been any test if modern operating systems honor this?
Well, they would be defective if they didn't. Also, you don't even need to
announce the prefix at all, even with L-bit cleared. You can make RAs with M
and O bit set that won't contai
On 2014-02-07 07:14, Mikael Abrahamsson wrote:
and for IPv6 it's easily solvable by not announcing an on-link network so they
won't even try to communicate directly with each other but instead everything
is routed via the ISP upstream router and then down again to the other
customer CPE/computer.
Active-E and GPON AN's support split horizons where shared
VLAN's allow for simple service delivery to the CPE, but do
not permit inter-customer communications at Layer 2.
Yes.
All communications happens upstream at the BNG, which works
for IPv4 and IPv6.
And no, Proxy ARP is recommended for m
On 2014-02-06 20:04, Mikael Abrahamsson wrote:
No, you don't. It works perfectly well without direct port-to-port
communication, you just have to align L3 configuration with this L2 behavior
(which can be done in IPv6 but not in IPv4).
IPv6 can be made to work without on-link /64, with only DHC
On 2014-02-06 15:08, Mark Tinka wrote:
You need a bunch of stuff, proxy ND, proxy DAD, DHCPv6 inspection
If you have a reasonably intelligent AN (like some of
today's Active-E devices), you can create so-called split
horizons on the same bridge domain (VLAN, really) where
customers will on
On 2014-02-06 09:01, Mark Tinka wrote:
1. SVLAN N:1 model
The SVLAN (N:1) model is simple; just have a single VLAN for
each service (VLAN 10 for Internet/Unicast, VLAN 20 for
VoIP, VLAN 30 for IPTv/Multicast).
This is a deep hole, and basically does not work with IPv6.
You need a bun
14 matches
Mail list logo
