On 2021-01-19 15:45, Mark Tinka wrote:
On 1/19/21 11:49, adamv0...@netconsultings.com wrote:
Hopefully starlink and other similar projects will help bring these
numbers
down a bit.
But I think starlink has been already outlawed in some countries?
Moonshine satellite links abound in many plac
No need for all that fancy RF tools.
Moreover, detecting >10Ghz transmission is not such an easy task.
The beam is most likely narrow enough to be difficult to detect.
But, (for example) it's enough to visit from foreign IPs some local
website,
to have cookie set: SATELLITE_USER=xyz
Then when p
It can't be zero.
In 1000BaseT specs, BER, 1 in 1*10^10 bits error is considered
acceptable on each link.
So it should be defined same way, as acceptable BER.
And until which point? How to measure?
Same for bandwidth, port rate can be 1Gbit, ISP speedtest too, but most
websites 100Kbit.
On 20
On 2021-07-29 20:46, Randy Bush wrote:
Looks like it did shown on news only.
:)
i wondered
They have installed devices called "TSPU" on major operators.
Isolation of specific networks is done without changing BGP
announcements, obviously.
And the drills do not mean at all "we will turn off t
On 2021-07-30 18:45, Christopher Morrow wrote:
On Fri, Jul 30, 2021 at 10:57 AM Christopher Morrow
wrote:
On Thu, Jul 29, 2021 at 9:07 PM Denys Fedoryshchenko
wrote:
On 2021-07-29 20:46, Randy Bush wrote:
Looks like it did shown on news only.
:)
i wondered
They have installed devices
List-Id: North American Network Operators Group
IMO good enough for mail filters.
On 2021-08-10 19:20, Mike Hammett wrote:
Are you referring to mailing lists that lack some kind of added prefix
to the subject?
-
Mike Hammett
Intelligent Computing Solutions [1]
[2] [3] [4] [5]
Midwest Inte
It would be really nice if the major CDNs had virtual machines small
network operators with very expensive regional transport costs could
spin up. Hit rate would be very low, of course, but the ability to
grab some of these mass-market huge updates and serve them on the
other end of the regional
Good luck responding to such SYN/ACK, when you get 10+Gbps of them (real
case happened while ago with colleague).
Sure those SYN/ACK are not from single location, and attackers might use
whole /24 for SYN spoofing.
On 2020-02-21 03:34, Amir Herzberg wrote:
If I read your description correctly:
On 2020-03-24 18:59, Randy Bush wrote:
He's a network operator. From North America, on the North American
Network
Operators mailing list. Something you are not, so please stop spouting
your
drivel on a list that has nothing to do with you.
this is not how we should act in under pressure
+1
On 2020-04-13 17:25, Kushal R. wrote:
From the past few months we have been receiving a constant stream of
abuse reports from a company that calls themselves RiskIQ
(RiskIQ.com).
The problem isn’t the abuse reports themselves but the way they send
them. We receive copies of the report, on our sa
There is simple use case that will prove this page is giving false
positive
for their "name&shame" strategy.
Any AS owner with default route only (yes it happens a lot) users will
get:
"YOUR ISP TERRIBLE, HIS BGP NOT SAFE!".
But he have nothing to validate! His BGP is implemented safely,
its ju
On 2020-04-20 19:24, Tom Beecher wrote:
Technical people need to make the business case to management for RKPI
by laying out what it would cost to implement (equipment, resources,
ongoing opex), and what the savings are to the company from protecting
themselves against hijacks. By taking this ste
On 2020-04-20 22:01, Rubens Kuhl wrote:
On Mon, Apr 20, 2020 at 3:37 PM Denys Fedoryshchenko
wrote:
There is simple use case that will prove this page is giving false
positive
for their "name&shame" strategy.
Any AS owner with default route only (yes it happens a lot) users
w
On 2020-04-23 18:13, Colton Conor wrote:
Do any of the large transit providers support FlowSpec to transit
customers / other carriers, or is that not a thing since they want to
sell DDoS protection services? FlowSpec sounds much better than RTBH
(remotely triggered blackhole), but I am not sure i
On 2020-04-23 18:13, Colton Conor wrote:
Do any of the large transit providers support FlowSpec to transit
customers / other carriers, or is that not a thing since they want to
sell DDoS protection services? FlowSpec sounds much better than RTBH
(remotely triggered blackhole), but I am not sure i
On 2020-04-23 19:12, Roland Dobbins wrote:
On 23 Apr 2020, at 22:57, Denys Fedoryshchenko wrote:
In general operators don't like flowspec
Its increasing popularity tens to belie this assertion.
Yes, you're right that avoiding overflowing the TCAM is very
important. But as Ric
On 2020-04-28 18:57, Mike Hammett wrote:
I noticed over the weekend that a Fail2Ban instance's complain
function wasn't working. I fixed it. I've noticed a few things:
1) Abusix likes to return RIR abuse contact information. The vast
majority are LACNIC, but it also has kicked back a couple for
On 2020-04-30 02:43, Mark Andrews wrote:
And it is still on going. Just got 4 of these.
Mark
Technical proposal how to solve that.
At 1st of month send monthly reminder manually, to each subscriber, but
encode recipient address in Reply-To: a bit special way.
First, you need catch-all alia
On 2020-05-03 01:10, Anne P. Mitchell, Esq. wrote:
There is a woman torturing animals on Omegle, she is advertising it on
her Instagram account. Need to get this in front of the right people
to have her traced and shut down.
Please let me know if you can provide a contact for either org.
Anne
What about introducing some cache offloading, like CDN doing? (Google,
Facebook, Netflix, Akamai, etc)
I think it can be rolled pretty quickly, with minimum labor efforts, at
least for heavy content.
Maybe some opensource communities can help as well, and same scheme can
be applied then to other
On 2020-05-13 11:00, Mark Delany wrote:
On 13May20, Denys Fedoryshchenko allegedly wrote:
What about introducing some cache offloading, like CDN doing? (Google,
Facebook, Netflix, Akamai, etc)
Maybe some opensource communities can help as well
Surely someone has already thought thru the
On 2020-05-13 13:10, Bill Woodcock wrote:
On 2020-05-13 11:00, Mark Delany wrote:
On 13May20, Denys Fedoryshchenko allegedly wrote:
What about introducing some cache offloading, like CDN doing?
(Google,
Facebook, Netflix, Akamai, etc)
Maybe some opensource communities can help as well
Surely
On 2020-05-13 22:53, Töma Gavrichenkov wrote:
Peace,
On Wed, May 13, 2020 at 10:43 PM Elad Cohen wrote:
For you nothing will work.
Is it a personal attack?
IPv6 is working good for me so far ;-)
--
Töma
It works for Elad as well.
He is pushing others for IPv4+ suffering, while he is happi
On 2020-06-07 12:35, Daniel Sterling wrote:
On Sun, Jun 7, 2020 at 2:00 AM Fred Baker
wrote:
I'm sorry you have chosen to ignore documents like RFC 3315, which is
where DHCP PD was first described (in 2003). It's not like anyone's
hiding it.
So while it may be true that no one is hiding this
On 2020-06-07 19:02, Brandon Martin wrote:
On 6/7/20 6:01 AM, Denys Fedoryshchenko wrote:
There are very interesting and unobvious moments on IPv4 vs IPv6, for
example related to battery lifetime in embedded electronics. In ipv4,
many devices are forced to send "keepalives" so th
Did anybody noticed that Netflix just became useless due to tons of
proxy/unblocker false detection on CGNAT ranges?
Even my home network is dual stack, i am absolutely sure there is no
proxy/vpn/whatsoever (but ipv4 part is over CGNAT) - and i got
"proxy/unblocker" message on my personal TV.
An
On 2020-06-25 19:20, Dave Temkin via NANOG wrote:
If you or others are not receiving a satisfactory reply from us
(Netflix) on this issue, please feel free to reach out directly and
I'll make sure it gets handled.
So far as we know, we handle CGNAT (and IPv6) appropriately. Sometimes
ranges get
On 2020-06-26 01:32, Mike Hammett wrote:
IPv6?
-
By some reason my smart TV doesn't use IPv6 for Netflix, even everything
else in same network using it properly (even developed for ESP8266/ESP32
- IPv6 enabled apps).
And what is worse:
"Netflix Kimberly
The Network settings is to check
On 2020-07-07 05:04, joe mcguckin wrote:
Theoretically, Starlink should be faster cross country than terrestrial
fiber.
Joe McGuckin
ViaNet Communications
j...@via.net
650-207-0372 cell
650-213-1302 office
650-969-2124 fax
When there is no clouds.
lions are unaware of basic
rain fade and link budget methodology, do you?
On Mon, Jul 6, 2020, 8:44 PM Denys Fedoryshchenko
wrote:
On 2020-07-07 05:04, joe mcguckin wrote:
Theoretically, Starlink should be faster cross country than
terrestrial
fiber.
Joe McGuckin
ViaNet Communicatio
On 2020-07-07 08:32, Eric Kuhnke wrote:
"no clouds" is overstating the effect somewhat. I've operated a number
of mission critical Ku band based systems that met four nines of
overall link uptime. The operational effect of a cloud that isn't an
active downpour of rain is negligible. Continual ove
On 2020-07-08 10:05, Mark Tinka wrote:
On 7/Jul/20 21:58, Eric Kuhnke wrote:
Watching the growth of terrestrial fiber (and PTP microwave) networks
going inland from the west and east African coasts has been
interesting. There's a big old C-band earth station on the hill above
Freetown, Sierra Le
Proprietary startups for M2M in most of cases bad idea, especially if
they require
custom hardware (those operate in VHF band).
And with such history:
Hi,
Interesting, it seems AS6185 moved traffic from all CDN to their own
content network.
I noticed big spikes in traffic and complaints about slowness, figured
out, Apple content (especially updates) are not coming from a numerous
co-hosted CDN, but became "live",
congesting upstreams.
So mu
wrote:
Breaking from current CDN infrastructure without reasonable
accessibility to the new CDN is a problem.
-
Mike Hammett
Intelligent Computing Solutions [1]
[2] [3] [4] [5]
Midwest Internet Exchange [6]
[7] [8] [9]
The Brothers WISP [10]
[11] [12]
-
From: "
On 2021-09-19 09:20, Masataka Ohta wrote:
John Levine wrote:
Unless their infrastructure runs significantly on hardware and
software pre-2004 (unlikely), so does the cost of adding IPv6 to
their content servers. Especially if they’re using a CDN such as
Akamai.
I wasn't talking about switches
AFAIK they don't do that just because they are not being droned.
When they were killed, just because cell towers was used by coordinators
and as a source of information.
Which once again reminds that if telecom doesnt stay neutral as much as
possible, or worse, they side with one of conflicting p
This is typical "Beg bounty".
https://www.troyhunt.com/beg-bounties/
On 2022-03-03 00:30, Brie wrote:
I just got this in my e-mail...
--
From: xxx
Date: Thu, 3 Mar 2022 03:14:03 +0500
Message-ID:
Subject: Found Security Vulnerability
To: undisclosed-recipients:;
Bcc: sxx...@ahbl.o
As bad as it is to break an internet service, it's even worse technical
side of your idea.
Given that there is an agency in Russia that has the ability to
intercept and modify all DNS queries,
countering your "idea" is trivial. They will just route root servers
locally and setup their own zones.
On 2019-03-18 23:24, Ronald F. Guilmette wrote:
In message
,
Eric Kuhnke wrote:
Looking at the AS adjacencies for Webzilla, what would prevent them
from
disconnecting all of their US/Western Euro based peers and transits,
and
remaining online behind a mixed selection of the largest Russian A
Good day,
I am writing here, as in technical support ticket I will most likely end
up to the outsourcing guys, who will try to write some formal reply and
close the ticket quickly to keep KPI high:)
I have a faint hope that someone will read and listen. It may also be
useful to colleagues.
I n
On 2019-03-24 00:32, Thomas Bellman wrote:
They do have limited feature set, though. E.g, they only look at
the first 64 octets of each packet (and that includes L2 and L2.5
headers) when deciding what to do with a packet, and can't chase
the IPv6 header chain; thus, if there is an extension hea
I wanted to mention one additional important point in all these
monitoring discussion.
Right now, for one of my subnets Google services stopped working.
Why? Because it seems like someone from Russia did BGP hijack, BUT,
exclusively for google services (most likely some kind of peering).
Quite b
Fastnetmon have that:
https://fastnetmon.com/fastnetmon-advanced-traffic-persistency/
I used it for such purposes.
On 2019-05-17 17:26, Dennis Burgess via NANOG wrote:
I am looking for a free program to take netflow and output what the
top traffic ASes to and from my AS are. Something that we
On 2019-06-21 14:19, Niels Bakker wrote:
* j...@west.net (Jay Hennigan) [Fri 21 Jun 2019, 05:19 CEST]:
On 6/20/19 07:39, David Bass wrote:
What are folks using these days for smaller organizations, that need
to dole out time from an internal source?
If you want to go really cheap and don't va
Africa, Russia...
You can take as example Lebanon.
Capital and major city in tiny country, ~40km away from each other, and
only way you can get 2 points connected over microwaves(due mountains -
several hops), over "licensed" providers, DSP, who hook this points for
$10-$30/mbps/month. And man
On 2019-07-31 23:13, Scott Christopher wrote:
Valdis Klētnieks wrote:
On Wed, 31 Jul 2019 16:36:08 -, Richard Williams via NANOG said:
> To contact AWS SES about spam or abuse the correct email address is
ab...@amazonaws.com
You know that, and I know that, but why doesn't the person at
Hi,
Same happened in Lebanon(country). Similar pattern: carpet bombing for
multiple prefixes of specific ASN.
I suspect it is a new trend in DDoS-for-hire, and ISP who did not
install data scrubbing appliances will feel severe pain from such
attacks, since they use SYN + ACK from legit servers
On 2019-08-28 02:23, Damian Menscher via NANOG wrote:
On Wed, Aug 21, 2019 at 3:21 PM Töma Gavrichenkov
wrote:
On Thu, Aug 22, 2019 at 12:17 AM Damian Menscher
wrote:
Some additional questions, if you're able to answer them (off-list
is fine if there are things that can't be shared broadly)
On 2019-09-02 15:52, Baldur Norddahl wrote:
Maturity is such a subjective word. But yes there are plenty of
options for routing protocols on a Linux. Every internet exchange is
running BGP on Linux for the route server after all.
I am not recommending a server over MX204. I think MX204 is brill
On 2019-09-02 17:16, Saku Ytti wrote:
On Mon, 2 Sep 2019 at 16:26, Denys Fedoryshchenko
wrote:
or some QFX, for example, Broadcom Tomahawk 32x100G switches only do
line-rate with >= 250B packets according to datasheets.
Only is peculiar term here. 100Gbps is 148Mpps, give or take 100PPM,
On 2019-10-30 15:35, Matthew Huff wrote:
Any recommendations to keep track of different SFP and keep them
organized? Any storage boxes / trays designed for SFPs?
3D printed some, but i have small amounts.
Like this one: https://www.thingiverse.com/thing:2855165
There is many more designs, for ex
On 2019-11-18 04:23, Richard wrote:
I would say you are making some assumptions that are not fact based.
The OP is very knowledgeable and would not mince words or waste
bandwidth. Let us see what he has to say in regards to your remarks.
He will be able to make this more clear once he has read wh
Same here, i was considering Arista, because they are quite cost
effective,feature rich, interesting hardware for developing some custom
solutions. But no more, after reading about unreasonable vendor lock-in.
But such inflexibility are very bad sign, this "openness" looks like
marketing only, u
Not a case with Intel X*710 new chipset, check is in firmware.
Someone hacked it, but ...
On 2016-08-18 15:41, Mike Hammett wrote:
Intel does allow DAC of any vendor (assuming they properly identify as
DACs. You can also disable Intel's check in the Linux drivers.
-
Mike Hammett
Intellig
or similar doesn't work for that model?
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From: "Denys Fedoryshchenko"
To: "Mike Hammett"
Cc: "NANOG Mailing List"
Sent: Thursday, A
I noticed now many customers using tp-links reported issues with
internet connection.
Analyzing internet traffic, i noticed that tp-link seems excessively
requesting ntp from those ip addresses, and not trying others:
> 192.5.41.40.123: NTPv3, Client, length 48
> 192.5.41.41.123: NTPv3, Clien
Many sorry! Update, seems illiterate in english (worse than me, hehe)
customer was not precise about model of router, while he reported issue.
I noticed now many customers using specific models of routers reported
issues with internet connection.
Analyzing internet traffic, i noticed that this
mit Timestamp: 3691177073.0 (2016/12/19 22:57:53)
Originator - Receive Timestamp: 0.0
Originator - Transmit Timestamp: 3691177073.0 (2016/12/19
22:57:53)
On 2016-12-19 21:40, Roland Dobbins wrote:
On 20 Dec 2016, at 2:22, Denys Fedoryshchenko wrote:
terested in the root of the the problem.
If possible, would you please tell me the model numbers of Tenda and
TP-Link??
--
Sho FUJIMURA
Information Technology Center, Fukuoka University.
8-19-1, Nanakuma, Jyonan-ku, Fukuoka, 8140180, Japan
fujim...@fukuoka-u.ac.jp
2016-12-20 5:33 GMT+09:00
On 2018-07-14 15:13, Baldur Norddahl wrote:
Hello
I am investigating Linux as a BNG. The BNG (Broadband Network Gateway)
being the thing that acts as default gateway for our customers.
The setup is one VLAN per customer. Because 4095 VLANs is not enough,
we have QinQ with double VLAN tagging on
On 2018-07-15 06:09, Jérôme Nicolle wrote:
Hi Baldur,
Le 14/07/2018 à 14:13, Baldur Norddahl a écrit :
I am investigating Linux as a BNG
As we say in France, it's like your trying to buttfuck flies (a local
saying standing for "reinventing the wheel for no practical reason").
You can say tha
On 2018-07-14 22:05, Baldur Norddahl wrote:
I have considered OpenFlow and might do that. We have OpenFlow capable
switches and I may be able to offload the work to the switch hardware.
But I also consider this solution harder to get right than the idea of
using Linux with tap devices. Also it ap
On 2018-07-15 19:00, Raymond Burkholder wrote:
On 07/15/2018 09:03 AM, Denys Fedoryshchenko wrote:
On 2018-07-14 22:05, Baldur Norddahl wrote:
I have considered OpenFlow and might do that. We have OpenFlow
capable
switches and I may be able to offload the work to the switch
hardware.
But I
On 2018-09-12 19:40, Lee Howard wrote:
On 09/11/2018 09:31 AM, Matt Hoppes wrote:
So don't CGNat? Buy IPv4 addresses at auction?
Buy IPv4 addresses until CGN is cheaper. If a customer has to call,
and you have to assign an IPv4 address, you have to recover the cost
of that call and address.
On 2018-10-04 21:52, Scott Weeks wrote:
--- matlock...@gmail.com wrote:
From: Ken Matlock
Would be remiss in our duties if we didn't also link
AWS' blog, in response to the Bloomberg article.
--
Every company and the Chinese gov't is saying "no,
On 2018-10-04 23:37, Naslund, Steve wrote:
I was wondering about where this chip tapped into all of the data and
timing lines it would need to have access to. It would seem that
being really small creates even more problems making those
connections. I am a little doubtful about the article. It
On 2017-03-17 18:04, Aaron Gould wrote:
Thanks, but James, you would not believe how rapidly the traffic to my
local
caches drop off, *and* on the same day I brought up my new Telia
internet
connection. ...and furthermore, my internet inbound traffic went
*through
the roof*
-Aaron
Most proba
On 2017-06-02 05:42, Ben McGinnes wrote:
On Thu, Jun 01, 2017 at 07:15:12PM -0700, Joe Hamelin wrote:
The Seattle Russian Embassy is in the Westin Building just 4 floors
above the fiber meet-me-room and five floors above the NRO tap room.
They use to come ask us (an ISP) for IT help back in '96
On 2017-06-02 12:19, Ben McGinnes wrote:
On Fri, Jun 02, 2017 at 10:28:38AM +0300, Denys Fedoryshchenko wrote:
American diplomats are doing also all sort of nasty stuff in
Russia(and not only),
Yes they have and for a very long time.
but that's a concern of the equivalent of FBI/NS
I guess it depends on NIC, there is many spinoffs of Intel X520 with
much weaker power supply circuitry.
It might work with good NIC, but you can't rely on it on long term,
IMHO. Even 40km Finisar SFP+ has Pdiss 1.5W. Also they mention: "The
typical power consumption of the FTLX1672D3BTL may exc
On 2017-06-20 18:59, Hunter Fuller wrote:
On Tue, Jun 20, 2017 at 10:29 AM Chris Adams wrote:
For Linux at least, the standard driver includes a load-time option to
disable vendor check. Just add "options ixgbe
allow_unsupported_sfp=1"
to your module config and it works just fine.
For an
expect it might work, but noone knows how long, and how reliable, if
it is not cooled very well.
And 82599 sensitive to cooling(it is very old card after all), as soon
as it is not enough, it starts to glitch.
Den 20. jun. 2017 18.09 skrev "Denys Fedoryshchenko"
:
I guess it depen
hat's just guessing, i never seen circuit diagrams of good
switches, or at least reference design,
as it is all NDA material.
Den 20. jun. 2017 22.24 skrev "Denys Fedoryshchenko"
:
On 2017-06-20 22:07, Baldur Norddahl wrote:
I would expect anything mounted in a computer to have
What are those limitations?
I started to be afraid from those, because just hit recently nasty hash
collision issue with EX4550,
with declared 32k mac's it badly choked on 28k macs, and even magic
"mac-lookup-length" didn't helped.
I'm considering EX4600, but afraid from it and that possibly
National operator here ask customers to distribute bandwidth between all
ip's equally, e.g. if i have /22, and i have in it CDN from one of the
big content providers, this CDN use only 3 ips for ingress bandwidth, so
bandwidth distribution is not equal between ips and i am not able to use
all m
On 2017-12-20 17:52, Saku Ytti wrote:
On 20 December 2017 at 16:55, Denys Fedoryshchenko
wrote:
And for me, it sounds like faulty aggregation + shaping setup, for
example,
i heard once if i do policing on some models of Cisco switch, on an
aggregated interface, if it has 4 interfaces it
On 2017-12-20 19:16, Blake Hudson wrote:
Denys Fedoryshchenko wrote on 12/20/2017 8:55 AM:
National operator here ask customers to distribute bandwidth between
all ip's equally, e.g. if i have /22, and i have in it CDN from one of
the big content providers, this CDN use only 3 ips for in
On 2017-12-20 19:12, Saku Ytti wrote:
On 20 December 2017 at 19:04, Denys Fedoryshchenko
wrote:
As person who is in love with embedded systems development, i just
watched
today beautiful 10s of meters long 199x machine, where multi kW VFDs
manage
huge motors(not steppers), dragging
<>
Are you claiming that your bandwidth is being equally divided 1024
ways (you mentioned a /22) or just that each host (IP) is not
receiving the full bandwidth? What is the bandwidth ordered and what
is the bandwidth you're seeing per host(IP)?
Some facts from today.
Ordered capacity 3.3Gbit
R
AFAIK, Meltdown/Spectre require access to some proper programming
language and ability to run attacker own code.
If underprivileged user can't spawn shell on device or run some python
code - i guess you are safe.
I guess people need to push support of vendors, for equipment who has
programming
On 2018-01-08 08:59, Peter Kristolaitis wrote:
On 2018-01-08 12:52 AM, William Herrin wrote:
I'm having trouble envisioning a scenario where blockchain does that
any
better than plain old PKI.
Blockchain is great at proving chain of custody, but when do you need
to do
that in computer networ
Each offsite copy of git repository will give alert then, as all
hashes in chain changed at some moment.
Same principle as blockchain.
On 2018-01-08 09:54, tglas...@earthlink.net wrote:
Uh since MITM Bill perk of custody is key.
//tsg
Sent from my HTC
- Reply message -
From: "
I want to add one software vendor, who is major contributor to ddos
attacks.
Mikrotik till now shipping their quite popular routers, with wide open
DNS recursor,
that don't have even mechanism for ACL in it. Significant part of DNS
amplification attacks
are such Mikrotik recursors.
They don't c
u are "Mikrotik only".
At least it doesn't have fragmentation issues, as IPIP/GRE/PPTP has, and
also it will run smoothly over NAT/SPI. Cons, that it is a bit more
laggy, because it runs over TCP.
---
System administrator
Denys Fedoryshchenko
Virtual ISP S.A.L.
On Wed, 27 Jul 2011 19:23:33 +1000, Matthew Palmer wrote:
On Wed, Jul 27, 2011 at 12:17:16PM +0300, Denys Fedoryshchenko wrote:
I can recommend you to try to use openvpn, if you are "Mikrotik
only". At least it doesn't have fragmentation issues, as
IPIP/GRE/PPTP has, and a
bugs, that can cause packetloss, sessions
stalling, improper UDP NAT handling, lack of proper interoperability.
Maybe discussed issue lays not in comcast, but in some Mikrotik bug.
---
System administrator
Denys Fedoryshchenko
Virtual ISP S.A.L.
y had some
funny circuit with Xilinx FPGA to run NOR flash over SPI.
Note: DD-WRT on RT305x suck. Their wireless support are incomplete, and
no NAT offload.
---
System administrator
Denys Fedoryshchenko
Virtual ISP S.A.L.
n
how to manage your needs.
- Jared
I guess VRF more close to Linux containers.
---
System administrator
Denys Fedoryshchenko
Virtual ISP S.A.L.
216.239.46.117 (216.239.46.117) 64.171 ms * *
15 google-public-dns-a.google.com (8.8.8.8) 63.749 ms 63.729 ms
63.680 ms
---
System administrator
Denys Fedoryshchenko
Virtual ISP S.A.L.
5.1 8.1 89.6 15.2
7.|-- hos-bb2.juniper2.rz13.hetzner.de 6060 0.0%
6.1 7.7 10.4 74.9 14.8
8.|-- static.33.203.4.46.clients.your-server.de6060 0.0%
6.5 7.7 7.8 13.1 1.4
---
Denys Fedoryshchenko, Network Engineer, Virtual ISP S.A.L.
uge and persistent packet loss.
Indeed, i noticed that transfers from EC2 are terrible last days to
Hetzner.
Maybe worth to open topic at www.webhostingtalk.com ?
Best regards,
Constantine.
---
Denys Fedoryshchenko, Network Engineer, Virtual ISP S.A.L.
ested:
Lebanon, Greece, Saudi Arabia, Netherlands, Germany - all is fine
---
System administrator
Denys Fedoryshchenko
Virtual ISP S.A.L.
hardware would also support WAN bonding
even
better because I also have a scenario to connect 2 times 2
satellites to
have more capacity for my L3 VPN
Regards,
Rens
---
Network engineer
Denys Fedoryshchenko
Dora Highway - Center Cebaco - 2nd Floor
Beirut, Lebanon
Tel:+961 1 24
ses into a firewall reject table? I have done
that and do see a certain amount of repeat hits.
-=[L]=-
You can use fail2ban to block bruteforcing hosts automatically and even
report to your mail their whois info
http://www.fail2ban.org/
---
Denys Fedoryshchenko, Network Engineer, Virtual ISP S.A.L.
On 2014-11-20 23:59, Roland Dobbins wrote:
On 21 Nov 2014, at 4:36, Pavel Odintsov wrote:
I tried to use netflow many years ago but it's not accurate enough and
not so fast enough and produce big overhead on middle class network
routers.
These statements are not supported by the facts. NetFl
On 2014-11-21 03:12, Roland Dobbins wrote:
On 21 Nov 2014, at 6:22, Denys Fedoryshchenko wrote:
Netflow is stateful stuff,
This is factually incorrect; NetFlow flows are unidirectional in
nature, and in any event have no effect on processing of data-plane
traffic.
Word stateful has nothing
On 2014-11-21 06:45, freed...@freedman.net wrote:
Netflow is stateful stuff, and just to run it on wirespeed, on
hardware,
you need to utilise significant part of TCAM,
Cisco ASRs and MXs with inline jflow can do hundreds of K flows/second
without affecting packet forwarding.
Yes, i agree,thos
On 2014-11-21 14:50, Roland Dobbins wrote:
On 21 Nov 2014, at 15:17, Denys Fedoryshchenko wrote:
Word stateful has nothing common with stateful firewall.Stateful
protocol. "a protocol which requires keeping of the internal state on
the server is known as a stateful protocol."
Cor
On 2014-11-21 18:41, Peter Phaal wrote:
Actually, sFlow from many vendors is pretty good (per your points
about
flow
burstiness and delays), and is good enough for dDoS detection. Not
for
security forensics, or billing at 99.99% accuracy, but good enough
for
traffic visibility, peering analy
1 - 100 of 112 matches
Mail list logo
