> From: David Conrad
> Date: Sun, 11 Apr 2010 13:52:24 -1000
>
> On Apr 11, 2010, at 10:57 AM, Paul Vixie wrote:
> > ... i'd like to pick the easiest problem and for that reason i'm urging
> > dual-stack ipv4/ipv6 for all networks new or old.
>
> Is anyone arguing against this?
yes. plenty of
> plenty of people have accused ipv6 of being a solution in search of a
> problem. on this very mailing list within the last 72 hours i've seen
> another person assert that "ipv6 isn't needed." while i tend to agree
> with tony li who of ipv6 famously said it was "too little and too
> soon" we ha
Ahh so it was Cosmic Rays that caused all the VIPs to crash and CEF to
route traffic up its own ass?
Now I understand..
--
Leigh Porter
On 11/04/10 22:06, Joe wrote:
The topic of sunspots is certainly familiar from long ago. We had a
7513
that crashed unexpectedly, upon a review o
Erik,
We have several customers being attacked from the same EC2 instance on
their network for 2 full days now. Contacted them at
ec2-ab...@amazon.com and 25 hours later received a message that
basically said, "Yep, we can confirm that a customer of ours is
attacking you but that's their f
I am in the process of sourcing for a carrier class email security
solution that will replace our current edge spam gateways based on open
source solutions. Some solutions that am currently considering are
Ironport, Fortinet Fortimail, MailFoundry and Barracuda. I'd therefore
wish to know, based on
* Paul Vixie:
> as you have pointed out many times, ipv6 offers the same number of /32's
> as ipv4. however, a /32 worth of ipv6 is enough for a lifetime even for
> most multinationals,
With 6RD on the table, this is not quite correct anymore.
You have multiple options
1. Ironport / Fortinet etc gateways. [Not barracuda - hardly carrier
class, enterprise grade more like it]
2. Outsource to a provider like Messagelabs or MXLogic that only
handles the spam filtering, lets you host your own mailboxes
3. Outsource to one or more vendors
Suresh,
I am more interested in option 1 and would want opinion from those with
experience on that.
-Original Message-
From: Suresh Ramasubramanian
To: Alex Kamiru
Cc: nanog
Subject: Re: Carrier class email security recommendation
Date: Mon, 12 Apr 2010 15:37:46 +0530
You have multip
Right. Just to add one more choice into your mix .. Bizanga is one
such vendor that I've seen deployed by carriers who want an appliance.
They were recently acquired by Cloudmark.
There are also "rate limiting .. kind of like netflow for email" type
devices - Symantec E160, and Mailchannels (mai
"George Bonser" writes:
>> -Original Message-
>> From: Pete Carah [mailto:p...@altadena.net]
>> Sent: Sunday, April 11, 2010 8:41 PM
>> To: nanog@nanog.org
>> Subject: Re: Solar Flux
>>
>> And to top it all off, how many picojoules are stored in a modern ram
>> cell
>> compared to the s
On 4/11/2010 10:04 AM, Joel M Snyder wrote:
SNIP
>
> On the other hand, another effect of solar flares is UV radiation, so a
> good pair of sunglasses and some high-SPF sunblock would be good to
> have, plus make you look less like a nerd. Unless you use that zinc
> stuff on your nose, in which
>
>
> On Apr 11, 2010, at 9:17 AM, Joe Greco wrote:
>
> >>> Put less tersely:
> >>>
> >>> We were assigned space, under a policy whose purpose was primarily to
> >>> guarantee uniqueness in IPv4 numbering. As with other legacy holders,
> >>> we obtained portable space to avoid the technical pr
Michael,
I've received numerous off-list responses yesterday. Most of them were asking
if I've made contact with anyone there as they were being attacked as well. One
gentleman who works at AWS (but not EC2 abuse) promised to forward my e-mail to
them. I've also been reading the asterisk-users
Hello Erik,
Do you care to share the IP address? So everyone could update their
firewalls to block the attacks? Even only blocking known SIP ports (5060)
could be a good idea.
With kind regards,
Mark Scholten
> -Original Message-
> From: Erik L [mailto:erik_l...@caneris.com]
> Sent: Mon
--
David B. Loutrel, Operations Manager
ACME Hosting & Design
[1]www.acme-ent.net
References
1. http://www.acme-ent.net/
On 4/12/2010 6:39 AM, Mark Scholten wrote:
> Hello Erik,
>
> Do you care to share the IP address? So everyone could update their
> firewalls to block the attacks? Even only blocking known SIP ports (5060)
> could be a good idea.
The easiest thing to do is to block all of EC2 and not worry about i
On Sat, 10 Apr 2010, David Loutrel wrote:
--
David B. Loutrel, Operations Manager
ACME Hosting & Design
[1]www.acme-ent.net
References
1. http://www.acme-ent.net/
If you look in the message headers, you will see list management info,
including how to unsubscribe yourself from the
On 4/12/2010 2:49 AM, Alex Kamiru wrote:
> I am in the process of sourcing for a carrier class email security
> solution that will replace our current edge spam gateways based on open
> source solutions. Some solutions that am currently considering are
> Ironport, Fortinet Fortimail, MailFoundry an
On Mon, 2010-04-12 at 07:09 -0700, todd glassey wrote:
> On 4/12/2010 2:49 AM, Alex Kamiru wrote:
> > I am in the process of sourcing for a carrier class email security
> > solution that will replace our current edge spam gateways based on open
> > source solutions. Some solutions that am currently
On 4/12/2010 7:14 AM, William Pitcock wrote:
> On Mon, 2010-04-12 at 07:09 -0700, todd glassey wrote:
>> On 4/12/2010 2:49 AM, Alex Kamiru wrote:
>>> I am in the process of sourcing for a carrier class email security
>>> solution that will replace our current edge spam gateways based on open
>>> so
The man did say "carrier class" .. not "small webhost for four
families and dog". You're talking multiple mailservers + filtering
gateways / appliances etc, clustered .. rather tough to do that with
one pizzabox 1U running a linux that's not updated in years and
configured with webmin.
And have
>I am in the process of sourcing for a carrier class email security
>solution that will replace our current edge spam gateways based on open
>source solutions. Some solutions that am currently considering are
>Ironport, Fortinet Fortimail, MailFoundry and Barracuda.
A lot of the answer depends on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings everyone!
Team Cymru is pleased to announce a significant addition to our bogon
reference project. The new portions of the project are offered at no
cost to the community, and the original bogon lists and feeds are not
being changed or canc
On 4/12/2010 7:22 AM, Suresh Ramasubramanian wrote:
> The man did say "carrier class" .. not "small webhost for four
> families and dog".
yes he did Suresh ... meaning that something larger and more secure than
the off-the-shelf copy of Linux is needed. Funny the NSA and many others
would disagr
On Apr 12, 2010, at 8:51 AM, Joe Greco wrote:
>
> Further, given the purported role that InterNIC played, "exchange of
> value" as a prerequisite is a rather questionable position to rely on;
> InterNIC had motivations other than a purely financial one to organize
> IP allocations. The number ass
On Mon, 12 Apr 2010 07:09:12 -0700
todd glassey wrote:
> Alex there are many email systems out there - but make sure that
> whatever you buy can support NTPv4 and not SNTP or unauthenticated NTP
> since this is how the GW is going to be able to put time-marks on
> receipts which must have legal a
Hi,
For our need, we use : http://www.lem.com/ They have a lot of products
to do that. We use a magnetic meter. You don't need to break the circuit
to implement it.
Regards,
Bastien
Wallace Keith a écrit :
-Original Message-
From: Jay Nakamura [mailto:zeusda...@gmail.com]
Sent: T
On Mon, Apr 12, 2010 at 8:45 PM, todd glassey wrote:
> On 4/12/2010 7:22 AM, Suresh Ramasubramanian wrote:
>> The man did say "carrier class" .. not "small webhost for four
>> families and dog".
>
> yes he did Suresh ... meaning that something larger and more secure than
> the off-the-shelf copy o
I haven't seen the man ask support for messages/hour, 3M..10M..1B ? Or maybe
I missed this question?
Zaid
On 4/12/10 8:47 AM, "Suresh Ramasubramanian" wrote:
> On Mon, Apr 12, 2010 at 8:45 PM, todd glassey wrote:
>> On 4/12/2010 7:22 AM, Suresh Ramasubramanian wrote:
>>> The man did say "carr
Its nanog and not an RFQ process or I'd have asked him that too :)
On Mon, Apr 12, 2010 at 9:29 PM, Zaid Ali wrote:
> I haven't seen the man ask support for messages/hour, 3M..10M..1B ? Or maybe
> I missed this question?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
> On Apr 12, 2010, at 8:51 AM, Joe Greco wrote:
> > Further, given the purported role that InterNIC played, "exchange of
> > value" as a prerequisite is a rather questionable position to rely on;
> > InterNIC had motivations other than a purely financial one to organize
> > IP allocations. The num
On Mon, Apr 12, 2010 at 11:23 AM, John Curran wrote:
> On Apr 12, 2010, at 8:51 AM, Joe Greco wrote:
>> Further, given the purported role that InterNIC played, "exchange of
>> value" as a prerequisite is a rather questionable position to rely on;
>> InterNIC had motivations other than a purely fin
I think it is a perfectly reasonable question to ask in NANOG. If someone
asks how much memory do I need on my router to do BGP, you have to ask the
fundamental question of how big your routing table will be. I don't see this
as any different. Its helpful to provide opinions when you are guided by
I did ask him how many users he was looking to size email for. But a
lot of questions like, and beyond, that - you may or may not want to
answer on nanog.
The man said carrier class .. and you have a set of assumptions. If
you say enterprise you're assuming like 300K..400K mailboxes for the
very
On 4/12/2010 10:22 AM, Suresh Ramasubramanian wrote:
The man did say "carrier class" .. not "small webhost for four
families and dog". You're talking multiple mailservers + filtering
gateways / appliances etc, clustered .. rather tough to do that with
one pizzabox 1U running a linux that's not
Scale it all. Then manage it centrally. Provision users. Manage
security. etc etc.
You use much the same IOS whether you run a router for a T1 or run
networks for a tier 1 :)
On Mon, Apr 12, 2010 at 9:51 PM, joel jaeggli wrote:
>
> I build basically the same mail-system where is collapsed into
On Apr 12, 2010, at 5:37 AM, todd glassey wrote:
Barbie is "geek girl" or "Engineer Barbie" the idea that being a
geek is
offensive may have finally been put to death as it should have 20
years ago.
Of course, Joel used the word "nerd", so..
So, does anyone actually talk about networks on
Many thanks again to the large number of off-list responses. After making human
contact, the issue was very promptly resolved by Amazon and a gentleman there
has promised to look into the error on the abuse form as well.
Erik
From: Mark Scholten [m...@st
On 4/12/2010 11:51, Erik L wrote:
> Many thanks again to the large number of off-list responses. After
> making human contact, the issue was very promptly resolved by Amazon
> and a gentleman there has promised to look into the error on the
> abuse form as well.
And people say talk of routing thei
Before I get taken for a ride by salespeople, I figured it would be best to
ask the experts of Nanog
My company is currently in talks to bring an ethernet circuit into our
headquarters, initially committing around 40Mbps. The ISP will be providing
ethernet handoff, but I do not want their man
a PowerRouter at http://www.mikrotikrouter.com can handle several
hundred meg without issues.
---
Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE,
MTCTCE, MTCUME
Link Technologies, Inc -- Mikrotik & WISP Support Servi
Jeffrey,
We have deployed metro Ethernet in our network... some things to consider:
1) Is metro Ethernet available end to end, if not will you utilize MPLS?
2) We've deployed Juniper EX3200s, Cisco has great solutions as well... for
example 2800 series router. We use Cisco as well.
3) Metro Ethe
We use metro E for our WAN and our internet access delivery. The 2600 series
routers do not have enough horsepower to do a 40 Mb connection and eigrp. The
2811 can do 40 mb and eigrp but they start to have difficulty when you add in
inspection or large ACLs. We just last week turned a 40mb metro
On Mon, Apr 12, 2010 at 05:55:29PM +, Dylan Ebner wrote:
> also terminiating. For our 100mb metro e connections we use
> 3845s. The 100 mb service terminates into NM-GEs, which have a
FWIW, we made the mistake of going for 3825s on a 50Mb/s policed
GigE. Running GRE/IPSec (AIM-VPN'd) and QoS,
In our case I believe we would be dealing with just static routes and a
lines of ACL. Do you think the routing protocols are your largest resource
usage in your scenario, or is it also just simple routing as well?
Jeffrey Negro, Network Engineer
Billtrust - Improving Your Billing, Improving Your
On Mon, Apr 12, 2010 at 10:55 AM, Dylan Ebner wrote:
> However, this router also has 2 100mb connections from local lans that it is
> also terminiating.
> For our 100mb metro e connections we use 3845s. The 100 mb service terminates
> into NM-GEs, which have a faster throughput than the hwics.
Jeffrey Negro wrote:
In our case I believe we would be dealing with just static routes and a
lines of ACL.
In that case a linux/FreeBSD router would work great.
- Kevin
John,
On Apr 12, 2010, at 5:23 AM, John Curran wrote:
> On this matter we do agree, since allocations prior to ARIN's formation were
> generally made pursuant to a US Government contract or cooperative agreement.
>
As we're both aware, Jon was funded in part via the ISI Teranode Network
Tech
One of the things I like about e-mail lists is learning things about
myself that I never knew before, especially regarding my occupation. For
the last 9 months or so I've been working part-time with a Washington
think tank in an analyst capacity, not as a lobbyist, and not on the
Comcast payrol
On 4/12/10 2:42 PM, Richard Bennett wrote:
> ... the guy who wrote the first IEEE 802 standard for
> Ethernet over twisted pair ...
I'm certain that's who you are. Hell, what I do for CORE means I'm a
ICANN lobbyist when I'm not writing code, and I'd prefer to be the guy
who wrote XPG/1 and XPG/4.
> question is about hardware. Can I assume that I can use something like
a
> Cisco 2000 series router with two built in fast/gig ethernet ports,
> without a WIC?
For Cisco, check out the ME3400 series of switches. Be sure to look at
the IOS licensing carefully to see if the features you need are
I am currently looking at using RouterOS as a way to build a Metro
Ethernet solution. Does anyone have experience with the device and the
OS? How is the performance? Are there any "Gotchas"?
-James
Taffic shaping and eigrp eat a lot. inspection is huge as well. I have no ida
what the new zone based firewalling will do to a 2800, but after seeing it on
an 1800, I know it will not be pretty. static acls should be easy if they are
not really large. I wouldn't go out and grab the new CRYMU
On Mon, Apr 12, 2010 at 2:42 PM, Richard Bennett wrote:
> One of the things I like about e-mail lists is learning things about myself
> that I never knew before, especially regarding my occupation. For the last 9
> months or so I've been working part-time with a Washington think tank in an
> analy
On Mon, 12 Apr 2010, Jeffrey Negro wrote:
In our case I believe we would be dealing with just static routes and a
lines of ACL. Do you think the routing protocols are your largest resource
usage in your scenario, or is it also just simple routing as well?
If your needs are simple IP routing +
James Jones wrote:
I am currently looking at using RouterOS as a way to build a Metro
Ethernet solution. Does anyone have experience with the device and the
OS? How is the performance? Are there any "Gotchas"?
-James
Be carefull not to crash the whole internet:
http://www.renesys.com/blog/2
On Apr 12, 2010, at 3:08 PM, Paul WALL wrote:
> On Mon, Apr 12, 2010 at 2:42 PM, Richard Bennett wrote:
>> One of the things I like about e-mail lists is learning things about myself
>> that I never knew before, especially regarding my occupation. For the last 9
>> months or so I've been working
its was an old bug, that had been fixed for a while..
2010/4/12 Adrian Minta
> James Jones wrote:
>
>>
>> I am currently looking at using RouterOS as a way to build a Metro
>> Ethernet solution. Does anyone have experience with the device and the
>> OS? How is the performance? Are there any "Got
As it said, it was two fold, one the MT allowed it, and 2, the Cisco's
crashed with it!
---
Dennis Burgess, CCNA, Mikrotik Certified Trainer, MTCNA, MTCRE, MTCWE,
MTCTCE, MTCUME
Link Technologies, Inc -- Mikrotik & WISP Support Services
Off
On 12-4-2010 21:44, Gustavo Santos wrote:
its was an old bug, that had been fixed for a while..
You should still keep in mind Mikrotik is just Linux, with all its
(dis)advantages, plus some scripts and weird CLI.
--
Grzegorz Janoszka
It runs the Linux kernal, bout it anymore! A few existing linux apps
but super clean CLI, easy to use, awsome GUI. ;) Heck, the whole OS
runs within 64meg of disk space if you wanted it too!
---
Dennis Burgess, CCNA, Mikrotik Certified T
You're speculating that ITIF gets funding from Comcast, and therefore
guessing I'm singing Comcast's song. But you don't know whether Comcast
actually is an ITIF sponsor, just as you don't know whether Google,
Intel, and Microsoft are ITIF sponsors. And then you're speculating
again
http://www.vyatta.com/ ?
kind ofrouterOS supports MPLS, linux does not
On 4/12/10 3:48 PM, Grzegorz Janoszka wrote:
On 12-4-2010 21:44, Gustavo Santos wrote:
its was an old bug, that had been fixed for a while..
You should still keep in mind Mikrotik is just Linux, with all its
(dis)advantages, plus some script
Most of the major features of RouterOS are not "Linux" native apps
anymore. Back in v2.9 this was the case, i.e. the Proxy server was
SQUID, OSPF was again, the same way using a Linux app. However,
especially in v3, and 4, as well as now v5, MikroTik has really made
their own system.
Not wishi
On Mon, 2010-04-12 at 21:48 +0200, Grzegorz Janoszka wrote:
> On 12-4-2010 21:44, Gustavo Santos wrote:
> > its was an old bug, that had been fixed for a while..
>
> You should still keep in mind Mikrotik is just Linux, with all its
> (dis)advantages, plus some scripts and weird CLI.
That's like
On Apr 12, 2010, at 1:05 PM, Richard Bennett wrote:
You're speculating that ITIF gets funding from Comcast, and therefore
If only the ITIF released information about their funding sources.
So, does Comcast contribute funds or otherwise sponsor ITIF?
Does Google, Intel, or Microsoft?
Cheers
David, in 1997 and 1998 I was spending about 25% of my time interview the
principals and engaged in informal conversations with Ira Magaziner,Kim
Hubbard, DonMitchell and others. I was in Londone in late jan 1998 when Jon
tried to redirect the root. Magaziner was there and daniel karenburg an
On Mon, Apr 12, 2010 at 2:42 PM, Richard Bennett wrote:
> One of the things I like about e-mail lists is learning things about myself
> that I never knew before, especially regarding my occupation. For the last 9
> months or so I've been working part-time with a Washington think tank in an
> analy
Thanks for pointing that out.
RB
On 4/12/2010 2:06 PM, Stonix Farstone wrote:
On Mon, Apr 12, 2010 at 2:42 PM, Richard Bennett
<[1]rich...@bennett.com> wrote:
One of the things I like about e-mail lists is learning things about
myself that I never knew before, especially
[SNIP]
Richard, and anyone else who missed the last dozen or more times this has been
discussed:
The NANOG list would appreciate if people who are sent Dean's private missives
do not "reply all" and CC the list. Those who were not CC'ed personally (and
do not filter Dean) do not see his posts
On 4/9/10 5:27 AM, Joe Greco wrote:
>
> ARIN might not have a contract with us, or with other legacy holders.
> It wasn't our choice for ARIN to be tasked with holding up InterNIC's
> end of things. However, it's likely that they've concluded that they
> better do so, because if they don't, it'll
On Mon, 2010-04-12 at 16:06 -0400, James Jones wrote:
> kind ofrouterOS supports MPLS, linux does not
It could (unfortunately) be a while before a full linux implementation
of MPLS gains enough speed, it's very much out on the fringe of what
linux "does daily". This mean that getting enough de
I've been considering routerOS boxes to my "less important" POPs that are
candidates to be promoted to MPLS-enabled POPs, although I am still a
little skeptical about it. Still doing some lab trials with it, but have not
deployed it yet besides as a CE router. The reason is that I've ran into
probl
Yes, but, according to the Mikrotik web site they appear to be obsolete
and incapable of routing IPv6.
Owen
On Apr 12, 2010, at 10:32 AM, Dennis Burgess wrote:
> a PowerRouter at http://www.mikrotikrouter.com can handle several
> hundred meg without issues.
>
> ---
On Mon, Apr 12, 2010 at 3:28 PM, Jake Khuon wrote:
> On Mon, 2010-04-12 at 21:48 +0200, Grzegorz Janoszka wrote:
>> On 12-4-2010 21:44, Gustavo Santos wrote:
>> > its was an old bug, that had been fixed for a while..
>>
>> You should still keep in mind Mikrotik is just Linux, with all its
>> (dis)
We run a 3845 at over 300 Mbps and it's less than 50% CPUmost times less
than 30%. No BGP, just OSPF.
Frank
-Original Message-
From: Bill Stewart [mailto:nonobvi...@gmail.com]
Sent: Monday, April 12, 2010 1:27 PM
To: nanog@nanog.org
Subject: Re: Router for Metro Ethernet
On Mon, Ap
I stand corrected on the Mikrotik... Apparently, while not well documented, they
do, indeed support IPv6 and their Wiki even includes tunnel configuration
information.
Apologies to Mikrotik (and some encouragement to add this to your main-line
documentation).
Owen
On Apr 12, 2010, at 8:56 PM, F
On Mon, 12 Apr 2010, Jeffrey Negro wrote:
In our case I believe we would be dealing with just static routes and a
lines of ACL. Do you think the routing protocols are your largest resource
usage in your scenario, or is it also just simple routing as well?
Get a used 3550 or a new 3400ME or so
79 matches
Mail list logo
