Richard J. Sears wrote:
I am looking at upgrading my current 7507 backbone routers.
Each of my routers has dual RSP4s
Keep in mind that dual RSP does _not_ mean load sharing; it's for
redundancy, if you can get RPR+ to work the way you want that is.
and I was thinking of upgrading them to
On Thu, Jan 29, 2004 at 10:44:42PM -0800,
bill [EMAIL PROTECTED] wrote
a message of 54 lines which said:
http://www.root-servers.org/ seems to only have news on I's ASN change, no
mention of B or J or the anycast F/K/I's ... methinks this info should have a
home on this site..
Michel Py wrote:
My limited experience with the 7206
says that it might eventually be able to push _one_ gig from one PA to
another, but not aggregate: say you have 4 or 5 OC3s aggregating into a
GigE with some ACLs (which would run distributed on a 7500) I don't
think that even the NPE-G1
http://www.theregister.co.uk/content/6/34919.html
On 30-jan-04, at 7:20, Alexei Roudnev wrote:
Second problem is directory structure. In Unix, when I configure IDS
(osiris
or Tripwire or Intact), I can just be sure, that 'bin' and 'etc' and
'sbin'
and 'libexec' directories does not have any variable files - all
non-static
files are in /var
Sorry,
I don't see the funny in 1200 people losing their homes.
Is there something else to the story that I am missing?
Aaron
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Michael Painter
Sent: January 30, 2004 1:03 AM
To: [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Colleagues,
This is to inform you about an IPv4 address change in
b.root-servers.net.
The old address is: 128.9.0.107
The new address is: 192.228.79.201
New Hints files can be found at:
ftp://rs.internic.net/domain/db.cache
- Original Message -
From: Aaron Thomas [EMAIL PROTECTED]
To: 'Michael Painter' [EMAIL PROTECTED]
Sent: Thursday, January 29, 2004 11:13 PM
Subject: RE: Kinda' funny...
Sorry,
I don't see the funny in 1200 people losing their homes.
Is there something else to the story that I am
This report has been generated at Fri Jan 30 21:48:00 2004 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
Which one of you guys took down the world?
We have separate carriers for internet, ATM, and Phone
Whenever you get simultaneous outages for multiple
telecom services at the same time it's almost always due
to a local issue like a major cable cut or a central
office fire. Sounds like a SONET
hello there,
i just want to remind you, that IANA has allocated an new
block in november 2003 (83/8).
the reason why i remind again here is, we (as8514) have received
a block within that range (83.64/15 -- RIPE-NCC) in the end of
2003 and customers complains still sites in the state they
On Fri, 30 Jan 2004, Iljitsch van Beijnum wrote:
Actually IMO putting all their crap in their own dir is a feature
rather than a bug. I really hate the way unix apps just put their stuff
all over the place so it's an incredible pain to get rid of it again.
Putting all crap in the working
On Wed, Jan 28, 2004 at 09:19:43PM -0500,
Coppola, Brian [EMAIL PROTECTED] wrote
a message of 22 lines which said:
In preparation for tomorrow morning's B-root IP change from 128.9.0.107 to
192.228.79.201
I notice trouble to reach the new server from many places.
Here a machine connected
On Thu, 29 Jan 2004, bill wrote:
Well the answer is yes it changed a little while ago, having searched for a link
to post I cant find one, thats bad..
http://www.root-servers.org/ seems to only have news on I's ASN change, no
mention of B or J or the anycast F/K/I's ... methinks
One more interesting feature - if you need a 4th GigE port, you can add the
GigE I/O card which still uses none of the bus bandwidth points. The buses
are fine for OC3 and below...
Simon
On Thu, Jan 29, 2004 at 10:44:42PM -0800,
bill [EMAIL PROTECTED] wrote
a message of 54 lines which said:
http://www.root-servers.org/ seems to only have news on I's ASN change, no
mention of B or J or the anycast F/K/I's ... methinks this info should have a
home on this
Does anyone have definitive speed results on the 3 built-in Gig ports
on the NPE-G1? I know that they aren't attached to the PCI Buses, and
don't consume bandwidth points, but all of that is mute. Can all three
of the ports do line rate Gig? The Gig PA is limited to 400Mbps. I
have seen posts
Keep in mind, 72xx is still flow-based, so you need to count *both* shared
fabric capacity (aka PCI buses) and capacity of NPE to establish flows
(aka pps rate).
NPE-G1 might probably route 3*GE, without any services and if all 3GE are
in a single flow, but will melt down at a face of
Date: Fri, 30 Jan 2004 11:39:40 -0500
To: bill [EMAIL PROTECTED]
Subject: Re: updated root hints file
I thought the RSSAC site was www.root-servers.org.
root-servers.org is -NOT- the rssac site.
--bill
Do you get commission from Juniper?
Matt.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 30 January 2004 16:51
Cc: [EMAIL PROTECTED]
Subject: RE: CIsco 7206VXR w/NPE-G1 Question
Keep in mind, 72xx is still flow-based, so you need to count *both* shared
Keep in mind, 72xx is still flow-based, so you need to count *both* shared
fabric capacity (aka PCI buses) and capacity of NPE to establish flows
(aka pps rate).
Why do you say it is flow-based? You *do* use CEF, don't you? In which
case 7200 with NPE-G1 is a prefix-based architecture, with
Wow, that's quite an accusation.
No, I don't use neither Cisco nor Juniper hardware in my network.
For what its worth, 6500 with sup2 and better is also line-rate, at any
mix of traffic, with any services.
Happy now?
Alex Pilosov| DSL, Colocation, Hosting Services
President |
Keep in mind, 72xx is still flow-based, so you need to count *both*
shared fabric capacity (aka PCI buses) and capacity of NPE to
establish flows (aka pps rate).
Why do you say it is flow-based? You *do* use CEF, don't you? In which
case 7200 with NPE-G1 is a prefix-based architecture,
* The 7206VXR prior to the NPE-G1 could only do around 560Mbps
per bus typically, due to PCI limitations.
Which usually was not a problem with i-mix traffic or ddos-traffic, because
pps limitation would hit sooner.
* Compiled ACLs on 12.2S perform very well on NPE-G1s.
I saw no
Matt Ryan wrote:
Do you get commission from Juniper?
Where do I get my comission then? I´ve described inferior product as
such many times
and so far I haven´t seen deposits from vendors in my bank account?
!!OT warning!!
Pete
Matt.
-Original Message-
From: [EMAIL PROTECTED]
On Wed, Jan 28, 2004 at 07:37:09PM -0800, [EMAIL PROTECTED] said:
Scott Francis [EMAIL PROTECTED] wrote:
I've been wondering lately, after about 10 years of email worms spreading in
exactly the same manner with every incarnation ... why do you think people
haven't learned not to open
It's not the Cisco bashing I was referring to, but the all singing all
dancing Juniper performance claim.
Matt.
-Original Message-
From: Petri Helenius [mailto:[EMAIL PROTECTED]
Sent: 30 January 2004 17:43
To: Matt Ryan
Cc: [EMAIL PROTECTED]
Subject: Re: CIsco 7206VXR w/NPE-G1 Question
On Jan 30, 2004, at 4:26 AM, John L Crain wrote:
snip
New Hints files can be found at:
ftp://rs.internic.net/domain/db.cache
ftp://rs.internic.net/domain/named.cache
ftp://rs.ineternic.net/domain/named.root
[EMAIL PROTECTED]:~$ whois ineternic.net
Whois Server Version 1.3
Domain names in
It's not the Cisco bashing I was referring to, but the all singing all
dancing Juniper performance claim.
That would not have anything to do with Juniper sucking the least?
Alex
Matt Ryan wrote:
It's not the Cisco bashing I was referring to, but the all singing all
dancing Juniper performance claim.
If you feel differently, (and this might be a different list) you might
want to back up your
referring with some data.
Pete
At 09:43 PM 1/29/2004, Brian Bruns [EMAIL PROTECTED] wrote:
Properly implemented watermarking won't be affected by the recompression. It
may not be as clear to the program as it would be if it was in its old format,
but its still legible.
That's *visible* watermarking, not invisible *digital*
Yes, AOL has always been know for less than original image quality. But we are
often having users getting no image. WIth the images show up as broken images
(red x) in their browsers about 30% of the time.
Optimized is one thing but optimzed to oblivion is very painful.
Tracerouting to
The Juniper software is great, very stable under testing (for 2 weeks in the
lab). But as with all routers there are pro's and con's and it also has some
issues. What is unfortunate is that the poster runs (by their own admission)
neither Cisco or Juniper in their network and yet make unfounded
Is anyone taking any special precautions given the
potential for a sudden increase in aggregate packets per second across your
networks come Sunday afternoon when the original Mydoom virus enters into
itsDOS phase?
Does anyone know if the virus' assault will be
slowed if it is unable to
[EMAIL PROTECTED] wrote:
flow-based means router's performance is based on number
of flows established, and first packet of each 'flow' is
processed differently [slower] from all other within the
flow, and things like nachi will kill it.
That would be where the NPE-G1 would be better than
what you do is, install postfix 2.0 or later, set header_checks to some
filename (in your main.cf), and in that file, you put the following:
/^Subject: Anti-Virus Notification/ REJECT av01
/^Subject: BANNED FILENAME/ REJECT av02
/^Subject: File blocked - ScanMail
I believe the only route to SCO comes via us, XO, to a customer of ours who
provides bandwidth to SCO. We've been in contact with our customer and they
have been in contact with SCO, discussing precautions we can take. I think
we're relaying the results of those discussions to our major peers.
Having looked for some information to educate myself and my employer,
I will say a weakness right now is that there is limited info about
this worm. I have yet to see any good information on how effective
the attack might be, or what some basic prevention steps (eg
filtering) might do to the
In a message written on Fri, Jan 30, 2004 at 04:18:05PM -0800, Donovan Hill wrote:
I think we should help out SCO by creating new wildcard entries into our DNS
servers that point *.sco.com to 127.0.0.1 as well as blackholing all SCO
SWIPd IP Address Space.
I'm going to be one of the last
On Fri, 30 Jan 2004, Michel Py wrote:
That would be where the NPE-G1 would be better than an RSP8; however
Isn't it somewhat wrong to compare the NPE-G1 to any RSP since most of the
packets, most of the time, are handled by the processors on the VIPs and
never bother the RSP other than
On Fri, 30 Jan 2004, Leo Bicknell wrote:
If anyone has any good analysis on the current worm (other than it
attacks www.sco.com), that would be welcome.
Yep, the information gap is pretty big on this one. Neither the
anti-virus vendors nor the ex-Symantec guy at Homeland Security
seems to be
Leo Bicknell wrote:
Bruce Perens has said it far better than I ever could at
http://perens.com/SCO/DOS/. Please read what he has to say.
We (Open Source, ISPs, etc) must, MUST, come to SCO's defense on
this one. I am doing what I can with my employer to do just that.
I agree both with
Once upon a time, [EMAIL PROTECTED] [EMAIL PROTECTED] said:
Cisco plainly admits that the GEIP tops out at around 400mbit/s, but it's
based on the rather old VIP2-50. Anyone know if they plan to put out a
more capable GEIP, perhaps based on the VIP6-80, which theoretically would
double
OK, enough ppl are asking so I will post this public, instead
of just sending this to those who asked.
Since I do not understand assembly or FORTH I cannot
verify what this guy on the full disclosure list said so far
no one on the list is commenting on this persons post.
So I make NO claims
Are there any reliable estimates as to the amount of infected hosts out
there? Looking at my stats for email sent this week, I am seeing a 70:1
ratio for mydoom.a as compared to Swen.a (the next most prevalent virus).
Perhaps if we had some rough #s to work with we could start to approximate
On Fri, 30 Jan 2004, Mike Tancsa wrote:
Are there any reliable estimates as to the amount of infected hosts out
there? Looking at my stats for email sent this week, I am seeing a 70:1
ratio for mydoom.a as compared to Swen.a (the next most prevalent virus).
Perhaps if we had some rough #s to
...
That is of course, as opposed to Juniper, which is truly line-rate at any
interface, with any services, at any composition of traffic.
No. While I was at my former employer, we took our edge
ACL into the Juniper POC lab, and verified that an M40
stuffed full of OC48 linecards could
On Friday 30 January 2004 04:39 pm, Leo Bicknell wrote:
In a message written on Fri, Jan 30, 2004 at 04:18:05PM -0800, Donovan Hill
wrote:
I think we should help out SCO by creating new wildcard entries into our
DNS servers that point *.sco.com to 127.0.0.1 as well as blackholing all
SCO
No. While I was at my former employer, we took our edge
ACL into the Juniper POC lab, and verified that an M40
stuffed full of OC48 linecards could sustain just over
85% of line rate with our edge ACL applied before sustaining
packet loss; the POC lab engineers double checked and
verified
On Fri, Jan 30, 2004 at 03:29:41PM -0200, Rubens Kuhl Jr. wrote:
* The 7206VXR prior to the NPE-G1 could only do around 560Mbps
per bus typically, due to PCI limitations.
Which usually was not a problem with i-mix traffic or ddos-traffic, because
pps limitation would hit sooner.
JC, I would encourage you to get more familiar with the HTTP 1.1 spec with
regard to your claim of copyright infringement. I will summarize my
interpretation of a part of it here.
When someone provides HTTP content, they are agreeing to the protocols
governing the transmission of that content,
At 03:51 AM 31/01/2004, [EMAIL PROTECTED] wrote:
Keep in mind, 72xx is still flow-based
72xx NPE-xxx is NOT flow-based -- unless you explicitly configure it to be.
(i.e. disable CEF, enable flow switching).
CEF is prefix-based switching - where all possible prefixes (routes/RIB)
are already
Michel Py wrote:
That would be where the NPE-G1 would be better than an RSP8;
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Isn't it somewhat wrong to compare the NPE-G1 to any RSP
since most of the packets, most of the time, are handled
by the processors on the VIPs and never bother the
I've implemented a means of distributing the www.sco.com/32 or any other
DDoS destination network block around my own
AS and blocking it by routing to null on the edge routers. no need to
update heaps of routers at the edge and when the attack its over simple to
restore connectivity to DDoS
54 matches
Mail list logo
