On 26/01/2010 00:48, Steve Bertrand wrote:
> My original post was completely concerned on automating the process of
> spinning traffic throughput graphs. Are there any software packages that
> stand out that have the ability to differentiate throughput between
> v4/v6, as opposed to the aggregate o
On Mon, 25 Jan 2010 22:34:46 -0500
Christopher Morrow wrote:
> On Mon, Jan 25, 2010 at 7:33 PM, Owen DeLong wrote:
> >
> > On Jan 25, 2010, at 8:14 AM, Mathias Seiler wrote:
> >
> >> Ok let's summarize:
> >>
> >> /64:
> >> + Sticks to the way IPv6 was designed (64 bits host part)
> >> +
With Guard appliance and 65xx module being EoL'd, and Cisco's desire
to exist the DDoS mitigation market, I'd like to get some
recommendations of what other products people are having good success with.
We are looking for something that can support 3Gbps - 10Gbps,
multi-tenancy, seamless inte
Arbor stuff comes to mind and works very well in our experiences
Paul
--
Paul Stewart
Senior Network Administrator
Nexicom Inc.
http://www.nexicom.net/
- Original Message -
From: Tom Sands
To: nanog
Sent: Tue Jan 26 07:40:35 2010
Subject: DDoS mitigation rec
Anyone here with any experience with Jilong fusion splicers ? Our old
Fujikura has died and I have to at least consider the Jilong.
>Arbor stuff comes to mind and works very well in our experiences
Arbor++
> -Original Message-
> From: Christopher Morrow [mailto:morrowc.li...@gmail.com]
> Sent: Monday, January 25, 2010 22:38
> To: Owen DeLong
> Cc: nanog@nanog.org
> Subject: Re: Using /126 for IPv6 router links
>
> On Mon, Jan 25, 2010 at 8:01 PM, Owen DeLong wrote:
>
> >> Once you start pl
> -Original Message-
> From: Mark Smith
> [mailto:na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org]
> Sent: Monday, January 25, 2010 23:07
> To: TJ
> Cc: nanog@nanog.org
> Subject: Re: Using /126 for IPv6 router links
<>
> > I didn't realize "human friendly" was even a nominal d
One more for Arbor.
-Original Message-
From: David Freedman [mailto:david.freed...@uk.clara.net]
Sent: Tuesday, January 26, 2010 8:17 AM
To: nanog@nanog.org
Subject: Re: DDoS mitigation recommendations
>Arbor stuff comes to mind and works very well in our experiences
Arbor++
This
On 26/01/2010 13:35, TJ wrote:
> The US DoD has the equivalent of a /13 ... what is the question?
In fact, they have a little less than a /18. This is still the largest
block when aggregated - France Telecom comes second with a single /19.
http://www.mail-archive.com/nanog@nanog.org/msg01876.htm
There was an interesting thread on this topic a few weeks back. I really liked
the Guards, it's too bad Cisco decided to pull this from the marketplace - it
was as close to a panacea as it gets.
As alternatives, I've worked with the Riorey boxes as well as Arbor gear. They
are both very good
From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
>Why can't IPv6 node addressing be as easy to understand and work with
>as Ethernet addresses? They were designed in the early 1980s*. 28 years
>or so years later, it's time for layer 3 addressing to catch up.
Becase Ethe
Owen DeLong wrote:
No, they're not impossible to exhaust, just pretty difficult.
However, If we see exhaustion coming too soon in this /3, we can always apply a
more conservative
numbering policy to the next /3. (And still have 5 /3s left to innovate and try
other alternatives).
Owen
On Jan 26, 2010, at 9:54 AM, Joe Maimon wrote:
> For me, the entire debate boils down to this question.
>
> What should the objective be, decades or centuries?
If centuries, how many planets and moons will the address space cover? (If we
as a species manages to spread beyond this world before
The RioRey per prefix issue is fixed although the patch they released to us
had a lot of bugs. Were still waiting on a working appliance with the new
code.
IntruGuard fits the bill and is probably 1/5th the cost of Arbor pound for
pound. We use both RR and IG, each having their pros and cons.
Jef
Daniel Senie wrote:
On Jan 26, 2010, at 9:54 AM, Joe Maimon wrote:
For me, the entire debate boils down to this question.
What should the objective be, decades or centuries?
If centuries, how many planets and moons will the address space cover? (If we
as a species manages to spread beyon
On Mon, Jan 25, 2010 at 6:20 PM, Nathan Ward wrote:
> Why do you force POP infrastructure to be a /48? That allows you only 16 POPs
> which is pretty restrictive IMO.
> Why not simply take say 4 /48s and sparsely allocate /56s to each POP and
> then grow the /56s if you require more networks at
On Mon, Jan 25, 2010 at 10:55 PM, Christopher Morrow
wrote:
> some of what you're saying (tim) here is that you could: (one of these)
>
> 1) go to all your remote-office ISP's and get a /48 from each
> 2) go to *RIR's and get / to cover the number of remote
> sites you have in their region(s)
> 3)
I have been notified this morning by several people that there is some
websites that are unreachable from Haiti: http://www.hostcentric.com,
http://www.gama.ht those are examples. It happens with different ISP. When
we change th DNS using the google one 8.8.8.8 it's ok for some but some
others stil
On Mon, Jan 25, 2010 at 11:06 PM, Mark Smith
wrote:
> On Mon, 25 Jan 2010 15:15:55 -0500
> "TJ" wrote:
>> I didn't realize "human friendly" was even a nominal design consideration,
>> especially as different humans have different tolerances for defining
>> "friendly" :)
>>
>
> This from people
On 2010-01-26 at 10:05:29 -0500, Daniel Senie wrote:
> If centuries, how many planets and moons will the address space cover? (If we
> as a species manages to spread beyond this world before we destroy it). Will
> separate /3's, or subdivisions of subsequent /3's, be the best approach to
> deplo
It's Ok Now.
Thanks for your replies.
reynold
On Tue, Jan 26, 2010 at 11:32 AM, Scott Berkman wrote:
> I was able to reach both of these from where I sit in Atlanta.
>
>-Scott
>
> -Original Message-
> From: Reynold Guerrier [mailto:rey...@gmail.com]
> Sent: Tuesday, January 26,
Chris,
Discussion of draft-kohno-ipv6-prefixlen-p2p is on the IETF 6man WG
mailing list. But please do chime in. Operator input very welcomed.
Ron
Christopher Morrow wrote:
> On Sat, Jan 23, 2010 at 7:52 AM, Mathias Seiler
> wrote:
>> Hi
>>
>> In ref
On 1/26/10 7:43 AM, Tim Durack wrote:
>> o will your remote-office's ISP's accept the /48's per site? (vz/vzb
>> > is a standout example here)
> Not too worried about VZ. Given that large content providers are
> getting end-site address space, I think they will have to adjust their
> stance.
>
H
On Tue, Jan 26, 2010 at 11:50 AM, Ron Bonica wrote:
> Chris,
>
> Discussion of draft-kohno-ipv6-prefixlen-p2p is on the IETF 6man WG
> mailing list. But please do chime in. Operator input very welcomed.
oh damned it! almost as many v6 ietf mailing lists as there are v6 addresses :(
subscribe info
On 26-1-2010 1:33, Owen DeLong wrote:
- "Waste" of addresses
- Peer address needs to be known, impossible to guess with 2^64 addresses
Most of us use ::1 for the assigning side and ::2 for the non-assigning side of
the connection. On multipoints, such as exchanges, the popular alter
On Tue, Jan 26, 2010 at 10:43 AM, Tim Durack wrote:
> On Mon, Jan 25, 2010 at 10:55 PM, Christopher Morrow
> wrote:
>> some of what you're saying (tim) here is that you could: (one of these)
>>
>> 1) go to all your remote-office ISP's and get a /48 from each
>> 2) go to *RIR's and get / to cover
I am new to this mailing list - this should be a response to an already
started thread that I cannot see:
IntelliguardIT has a new class of network appliance that installs inline
(layer 2 appliance). It has no impact on current network capacity and
automatically manages flash crowds graceful
On 1/26/10 11:56 AM, Gerald Wluka wrote:
I am new to this mailing list
We can tell.
- this should be a response to an already
started thread that I cannot see:
On Jan 26, 2010, at 6:54 AM, Joe Maimon wrote:
>
>
> Owen DeLong wrote:
>>
>
>> No, they're not impossible to exhaust, just pretty difficult.
>>
>> However, If we see exhaustion coming too soon in this /3, we can always
>> apply a more conservative
>> numbering policy to the next /3. (And s
On Jan 26, 2010, at 7:43 AM, Tim Durack wrote:
> On Mon, Jan 25, 2010 at 10:55 PM, Christopher Morrow
> wrote:
>> some of what you're saying (tim) here is that you could: (one of these)
>>
>> 1) go to all your remote-office ISP's and get a /48 from each
>> 2) go to *RIR's and get / to cover the
On Jan 26, 2010, at 9:22 AM, Grzegorz Janoszka wrote:
> On 26-1-2010 1:33, Owen DeLong wrote:
>>> - "Waste" of addresses
>>> - Peer address needs to be known, impossible to guess with 2^64 addresses
>> Most of us use ::1 for the assigning side and ::2 for the non-assigning side
>> of
>> the
Steve Bertrand wrote:
> Can anyone offer up ideas on how you manage any automation in this
> regard for their infrastructure gear traffic graphs? (Commercial options
> welcome, off-list, but we're as small as our budget is).
By popular request, a list of the most suggested software packages. Some
Sorry but RTFM
http://mailman.nanog.org/pipermail/nanog/2010-January/thread.html#16675
Best regards
On Tuesday 26 January 2010, Ryan Brooks wrote:
> On 1/26/10 11:56 AM, Gerald Wluka wrote:
> >
> >
> > I am new to this mailing list
> We can tell.
> > - this should be a response to an already
> > started thread that I cannot see:
> >
> >
>
> >
> >
> >
>
>
>
Ha, that's great. When wil
Hi List,
Anyone recalls ever seeing the IOS naming convention document. In particular
I'm interested in differences between families and trains.
This is all I found:
http://www.cisco.com/warp/public/620/1.html#topic1
But im looking for something a bit more recent maybe? Can figure out
differences
Andrey,
I could not find a good link, but let me give you some info on SG, SGA, EW
and EWA.
All these trains are for the 4500 family (including 4900). They are just
different generations.
The EW (and then EWA) were the older trains for 4500, which were replaced by
the SG trains.
If I am not too w
Not sure how relevant this still is, but it explains some of the older ones.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1818/products_tech_note09186a0080101cda.shtml
On 1/26/2010 4:21 PM, Arie Vayner wrote:
> Andrey,
>
> I could not find a good link, but let me give you some info on SG, S
Have you checked out the IOS Feature Navigator?
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
On Tue, Jan 26, 2010 at 4:27 PM, Philip Davis wrote:
> Not sure how relevant this still is, but it explains some of the older ones.
>
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1818/products
On Tue, Jan 26, 2010 at 11:08 AM, Reynold Guerrier wrote:
> I have been notified this morning by several people that there is some
> websites that are unreachable from Haiti: http://www.hostcentric.com,
> http://www.gama.ht those are examples. It happens with different ISP. When
> we change th DN
On Mon, 25 Jan 2010, Matt Addison wrote:
:: You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
:: each PtP link, but only configure the first /126 (or whatever /126 you
:: need to get an amusing peer address) on the link.
Matt meant "reserve/assign a /64 for each PtP link, b
Igor Gashinsky wrote:
> On Mon, 25 Jan 2010, Matt Addison wrote:
>
> :: You're forgetting Matthew Petach's suggestion- reserve/assign a /64 for
> :: each PtP link, but only configure the first /126 (or whatever /126 you
> :: need to get an amusing peer address) on the link.
>
> Matt meant "reser
On Tue, 26 Jan 2010 06:38:43 -0800 (PST)
David Barak wrote:
> From: Mark Smith na...@85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
>
> >Why can't IPv6 node addressing be as easy to understand and work with
> >as Ethernet addresses? They were designed in the early 1980s*. 28 years
> >or so
On Tue, 26 Jan 2010 11:13:22 -0500
Tim Durack wrote:
> On Mon, Jan 25, 2010 at 11:06 PM, Mark Smith
> wrote:
> > On Mon, 25 Jan 2010 15:15:55 -0500
> > "TJ" wrote:
>
> >> I didn't realize "human friendly" was even a nominal design consideration,
> >> especially as different humans have differe
On Tue, Jan 26, 2010 at 11:53 PM, Mark Smith
wrote:
>
> The general intent of the /48 allocation is that it is large enough for
> nearly everybody, with nearly everybody including all but the largest
'nearly everybody with a single site' sure. I know of more than a few
VPN deployments (enterpris
On Wed, 27 Jan 2010 00:11:41 -0500
Christopher Morrow wrote:
> On Tue, Jan 26, 2010 at 11:53 PM, Mark Smith
> wrote:
>
> >
> > The general intent of the /48 allocation is that it is large enough for
> > nearly everybody, with nearly everybody including all but the largest
>
> 'nearly everybody
On Tue, 26 Jan 2010, Igor Gashinsky wrote:
Matt meant "reserve/assign a /64 for each PtP link, but only configure the
first */127* of the link", as that's the only way to fully mitigate the
scanning-type attacks (with a /126, there is still the possibility of
ping-pong on a p-t-p interface) w/o u
In message <20100127160401.1a963...@opy.nosense.org>, Mark Smith writes:
> Sure. However I think people are treating IPv6 as just IPv4 with larger
> addresses, yet not even thinking about what capabilities that larger
> addressing is giving them that don't or haven't existed in IPv4 for a
> very l
Hello,
There is different types for the Cisco 7600 Series Ethernet Services cards.
( More expensive cards with high queue values and less expensive cards with
low queue values.)
http://www.cisco.com/en/US/prod/collateral/routers/ps368/data_sheet_c78-549419.html
Hardware queues
ES Plus XT 40G li
On Wed, 27 Jan 2010 07:47:35 +0200 (EET)
Pekka Savola wrote:
> On Tue, 26 Jan 2010, Igor Gashinsky wrote:
> > Matt meant "reserve/assign a /64 for each PtP link, but only configure the
> > first */127* of the link", as that's the only way to fully mitigate the
> > scanning-type attacks (with a /1
50 matches
Mail list logo
