Re: Advice/resources for setting up TACACS server
First time poster, long time lurker. Also if you are going RADIUS route. There's a simple web shell boot version available at http://www.zeroshell.net/eng/radiusdetails/ that support RADIUS. -bn On Fri, Nov 7, 2008 at 3:04 PM, Buhrmaster, Gary <[EMAIL PROTECTED]>wrote: > > > Do you have any suggestions for a free tacacs server which > > will run on linux ? I have so far been unable to find any > > and the tacacs+ source code hasn't been updated since > > around 2000 > > Available (and maintained) at: > > http://www.shrubbery.net/tac_plus/ > > (direct download link: ftp://ftp.shrubbery.net/pub/tac_plus) > > The latest was last updated end of year 2007 > >
RE: Advice/resources for setting up TACACS server
> Do you have any suggestions for a free tacacs server which > will run on linux ? I have so far been unable to find any > and the tacacs+ source code hasn't been updated since > around 2000 Available (and maintained) at: http://www.shrubbery.net/tac_plus/ (direct download link: ftp://ftp.shrubbery.net/pub/tac_plus) The latest was last updated end of year 2007
Re: Advice/resources for setting up TACACS server
It's not free, but I want to praise Radiator (http://www.open.com.au/radiator/) as a great radius/tacacs+ server. (I have previously battled both with freeradius and openradius.) - d. On Fri, 7 Nov 2008, Leslie wrote: Do you have any suggestions for a free tacacs server which will run on linux ? I have so far been unable to find any and the tacacs+ source code hasn't been updated since around 2000 Leslie On Nov 7, 2008, at 2:43 PM, Eddy Martinez wrote: I second the TACACS+ Thats what you want. Same effort for the most part, to implement. Eddy On Nov 7, 2008, at 2:39 PM, Steven King wrote: > I disagree with the RADIUS suggestion. TACACS+ is a much more secure > protocol. It encrypts the packet contents and has a more secure > handshake procedure. > > Leslie wrote: > > The best answer actually does seem to be to use freeradius instead of > > tacacs, so I will probably go with that (though if anyone has any good > > tips on freeradius, please, let me know) > > > > Leslie > > > > On Nov 7, 2008, at 1:30 PM, Leslie wrote: > > > > > Hi -- > > > > > > We are currently trying to set up a TACACS server for authentication > > > to our network gear and have it run on suse linux hosts. Does anyone > > > have any advice/good webpages or guides regarding this? > > > > > > Thank you very much in advance! > > > > > > Leslie > > > > > > -- > Steve King > > Network Engineer - Liquid Web, Inc. > Cisco Certified Network Associate > CompTIA Linux+ Certified Professional > CompTIA A+ Certified Professional > > -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli http://www.dominiceidson.com/
Re: Advice/resources for setting up TACACS server
We use tac_plus with good results: http://www.shrubbery.net/tac_plus/ On Nov 7, 2008, at 2:56 PM, Leslie wrote: Do you have any suggestions for a free tacacs server which will run on linux ? I have so far been unable to find any and the tacacs+ source code hasn't been updated since around 2000 Leslie On Nov 7, 2008, at 2:43 PM, Eddy Martinez wrote: I second the TACACS+ Thats what you want. Same effort for the most part, to implement. Eddy On Nov 7, 2008, at 2:39 PM, Steven King wrote: I disagree with the RADIUS suggestion. TACACS+ is a much more secure protocol. It encrypts the packet contents and has a more secure handshake procedure. Leslie wrote: The best answer actually does seem to be to use freeradius instead of tacacs, so I will probably go with that (though if anyone has any good tips on freeradius, please, let me know) Leslie On Nov 7, 2008, at 1:30 PM, Leslie wrote: Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
Re: Advice/resources for setting up TACACS server
Do you have any suggestions for a free tacacs server which will run on linux ? I have so far been unable to find any and the tacacs+ source code hasn't been updated since around 2000 Leslie On Nov 7, 2008, at 2:43 PM, Eddy Martinez wrote: I second the TACACS+ Thats what you want. Same effort for the most part, to implement. Eddy On Nov 7, 2008, at 2:39 PM, Steven King wrote: I disagree with the RADIUS suggestion. TACACS+ is a much more secure protocol. It encrypts the packet contents and has a more secure handshake procedure. Leslie wrote: The best answer actually does seem to be to use freeradius instead of tacacs, so I will probably go with that (though if anyone has any good tips on freeradius, please, let me know) Leslie On Nov 7, 2008, at 1:30 PM, Leslie wrote: Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
Re: Advice/resources for setting up TACACS server
I second the TACACS+ Thats what you want. Same effort for the most part, to implement. Eddy On Nov 7, 2008, at 2:39 PM, Steven King wrote: I disagree with the RADIUS suggestion. TACACS+ is a much more secure protocol. It encrypts the packet contents and has a more secure handshake procedure. Leslie wrote: The best answer actually does seem to be to use freeradius instead of tacacs, so I will probably go with that (though if anyone has any good tips on freeradius, please, let me know) Leslie On Nov 7, 2008, at 1:30 PM, Leslie wrote: Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
Re: Advice/resources for setting up TACACS server
I disagree with the RADIUS suggestion. TACACS+ is a much more secure protocol. It encrypts the packet contents and has a more secure handshake procedure. Leslie wrote: > The best answer actually does seem to be to use freeradius instead of > tacacs, so I will probably go with that (though if anyone has any good > tips on freeradius, please, let me know) > > Leslie > > On Nov 7, 2008, at 1:30 PM, Leslie wrote: > >> Hi -- >> >> We are currently trying to set up a TACACS server for authentication >> to our network gear and have it run on suse linux hosts. Does anyone >> have any advice/good webpages or guides regarding this? >> >> Thank you very much in advance! >> >> Leslie > > -- Steve King Network Engineer - Liquid Web, Inc. Cisco Certified Network Associate CompTIA Linux+ Certified Professional CompTIA A+ Certified Professional
Re: Advice/resources for setting up TACACS server
Hi, You can extract information from this doc : Installation of Tacacs+, Rancid, Cvsweb http://www.debian-administration.org/articles/429 Freeradius will need more time to implement, but easier to manage after. -- Raphaël Maunier NEO TELECOMS Engineering Manager 2 rue du Chemin Vert 92110 Clichy - France [EMAIL PROTECTED] Leslie a écrit : The best answer actually does seem to be to use freeradius instead of tacacs, so I will probably go with that (though if anyone has any good tips on freeradius, please, let me know) Leslie On Nov 7, 2008, at 1:30 PM, Leslie wrote: Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie
Re: Advice/resources for setting up TACACS server
The best answer actually does seem to be to use freeradius instead of tacacs, so I will probably go with that (though if anyone has any good tips on freeradius, please, let me know) Leslie On Nov 7, 2008, at 1:30 PM, Leslie wrote: Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie
Re: Advice/resources for setting up TACACS server
Hi, On Fri, 7 Nov 2008 13:30:32 -0800 Leslie <[EMAIL PROTECTED]> wrote: > We are currently trying to set up a TACACS server for authentication > to our network gear and have it run on suse linux hosts. Does anyone > have any advice/good webpages or guides regarding this? I really don't mean to troll, but I think you probably should authenticate against RADIUS instead. Simon
Advice/resources for setting up TACACS server
Hi -- We are currently trying to set up a TACACS server for authentication to our network gear and have it run on suse linux hosts. Does anyone have any advice/good webpages or guides regarding this? Thank you very much in advance! Leslie
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith <[EMAIL PROTECTED]>. Routing Table Report 04:00 +10GMT Sat 08 Nov, 2008 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 272998 Prefixes after maximum aggregation: 131801 Deaggregation factor: 2.07 Unique aggregates announced to Internet: 133598 Total ASes present in the Internet Routing Table: 29730 Prefixes per ASN: 9.18 Origin-only ASes present in the Internet Routing Table: 25883 Origin ASes announcing only one prefix: 12609 Transit ASes present in the Internet Routing Table:3847 Transit-only ASes present in the Internet Routing Table: 84 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 18 Max AS path prepend of ASN ( 3816) 15 Prefixes from unregistered ASNs in the Routing Table: 574 Unregistered ASNs in the Routing Table: 202 Number of 32-bit ASNs allocated by the RIRs: 62 Prefixes from 32-bit ASNs in the Routing Table: 9 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:202 Number of addresses announced to Internet: 1920631360 Equivalent to 114 /8s, 122 /16s and 130 /24s Percentage of available address space announced: 51.8 Percentage of allocated address space announced: 62.6 Percentage of available address space allocated: 82.8 Percentage of address space in use by end-sites: 74.2 Total number of prefixes smaller than registry allocations: 134144 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:62514 Total APNIC prefixes after maximum aggregation: 23424 APNIC Deaggregation factor:2.67 Prefixes being announced from the APNIC address blocks: 59420 Unique aggregates announced from the APNIC address blocks:26950 APNIC Region origin ASes present in the Internet Routing Table:3452 APNIC Prefixes per ASN: 17.21 APNIC Region origin ASes announcing only one prefix:932 APNIC Region transit ASes present in the Internet Routing Table:535 Average APNIC Region AS path length visible:3.5 Max APNIC Region AS path length visible: 17 Number of APNIC addresses announced to Internet: 380616864 Equivalent to 22 /8s, 175 /16s and 192 /24s Percentage of available APNIC address space announced: 81.0 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 APNIC Address Blocks58/8, 59/8, 60/8, 61/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:123687 Total ARIN prefixes after maximum aggregation:64998 ARIN Deaggregation factor: 1.90 Prefixes being announced from the ARIN address blocks:93211 Unique aggregates announced from the ARIN address blocks: 35626 ARIN Region origin ASes present in the Internet Routing Table:12572 ARIN Prefixes per ASN: 7.41 ARIN Region origin ASes announcing only one prefix:4862 ARIN Region transit ASes present in the Internet Routing Table:1198 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 16 Number of ARIN addresses announced to Internet: 368498336 Equivalent to 21 /8s, 246 /16s and 214 /24s Percentage of available ARIN address space announced: 75.7 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153
Re: ECN
On Fri, 07 Nov 2008 08:27:58 +0100, Mikael Abrahamsson said: > for ECN to actually be useful, we (the ISPs) have to turn this option on > in the routers as well. Is anyone doing this today? What vendors support > it? The only thing that's *required* for it to help is that the routers and firewalls not actually *molest* the bits in the TCP SYN packet. If you pass them and *do nothing else*, it at least has the potential of being useful at some other router along the path. And let's face it - if *your* router is congested enough for ECN to matter, there's a fairly good chance that the router one hop up/downstream is *also* seeing some effects. Even if *you* don't do anything else, your neighbor might - helping you out in the bargain. pgpWRdhiL6ucT.pgp Description: PGP signature
Re: Internet partitioning event regulations (was: RE: Sending vs requesting. Was: Re: Sprint / Cogent)
First, let me say that I think peering regulation is a terrible idea. No matter how cleverly you plan it, the result will be that fewer small companies can participate. That's the character of regulation: compliance creates more barriers to entry than it removes. That having been said, jurisdiction is a red herring. Every transit-free provider does at least some of its business in the United States. Economic reality compels them to continue to do so for the foreseeable future. That's all the hook the Feds need. Have you kept in your mind that this may be changed in future? I know, we are talking in NANOG, but ... Some regions works on Internet development a bit faster than US and in future, this regulation may motivate some overseas players to stop peering in US. For example LINX and AMS-IX are good place to get peering in EU. Regards MK
Re: ECN
On Fri, 7 Nov 2008, David Freedman wrote: Implementing this in an MPLS core is not an easy task, you can really only do this on the edge, when the MPLS labelled packet arrives at an LSR, we don't know if it contains a TCP segment or not (fancy deep h/w implementations excluded), all we know is that , if there is congestion, we can discard it based on the EXP bits in the shim. I did some more checking and neither 12000 (IOS) nor CRS-1 seems to support WRED with ECN (at least the command doesn't show when I create a policy-map), so I'm going to ping my Cisco SE and hear about what's going on. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
The Cidr Report
This report has been generated at Fri Nov 7 21:37:28 2008 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
31-10-08286084 173833
01-11-08285919 173798
02-11-08286141 173214
03-11-08286324 173843
04-11-08286582 175158
05-11-08287251 176072
06-11-08287660 176586
07-11-08287743 177356
AS Summary
29924 Number of ASes in routing system
12670 Number of ASes announcing only one prefix
5055 Largest number of prefixes announced by an AS
AS4538 : ERX-CERNET-BKB China Education and Research Network
Center
88277504 Largest address span announced by an AS (/32s)
AS721 : DISA-ASNBLK - DoD Network Information Center
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 07Nov08 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 287934 177341 11059338.4% All ASes
AS4538 5055 873 418282.7% ERX-CERNET-BKB China Education
and Research Network Center
AS6389 4365 358 400791.8% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS209 3042 1349 169355.7% ASN-QWEST - Qwest
Communications Corporation
AS1785 1693 212 148187.5% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS6298 2080 697 138366.5% ASN-CXA-PH-6298-CBS - Cox
Communications Inc.
AS4755 1518 290 122880.9% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS17488 1410 296 111479.0% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS4323 1572 557 101564.6% TWTC - tw telecom holdings,
inc.
AS6478 1650 721 92956.3% ATT-INTERNET3 - AT&T WorldNet
Services
AS22773 1005 94 91190.6% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS8151 1402 566 83659.6% Uninet S.A. de C.V.
AS11492 1211 468 74361.4% CABLEONE - CABLE ONE, INC.
AS19262 931 244 68773.8% VZGNI-TRANSIT - Verizon
Internet Services Inc.
AS2386 1596 922 67442.2% INS-AS - AT&T Data
Communications Services
AS18566 1059 426 63359.8% COVAD - Covad Communications
Co.
AS9498 696 118 57883.0% BBIL-AP BHARTI Airtel Ltd.
AS18101 784 223 56171.6% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS855596 124 47279.2% CANET-ASN-4 - Bell Aliant
AS7545 613 141 47277.0% TPG-INTERNET-AP TPG Internet
Pty Ltd
AS4808 630 159 47174.8% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS24560 605 158 44773.9% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS17676 522 79 44384.9% GIGAINFRA BB TECHNOLOGY Corp.
AS9443 526 85 44183.8% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS22047 567 128 43977.4% VTR BANDA ANCHA S.A.
AS7018 1439 1003 43630.3% ATT-INTERNET4 - AT&T WorldNet
Services
AS4134 880 464 41647.3% CHINANET-BACKBONE
No.31,Jin-rong Street
AS4668 688 275 41360.0% LGNET-AS-KR LG CNS
AS7011 923 515 40844.2% FRONTIER-AND-CITIZENS -
Frontier Communications of
Re: ECN
Interesting , I hadn't followed this since draft-ietf-mpls-ecn-00, , I eagerly await a vendor implementation :) Dave. Bjørn Mork wrote: > David Freedman <[EMAIL PROTECTED]> writes: > >> Implementing this in an MPLS core is not an easy task, you can really >> only do this on the edge, when the MPLS labelled packet arrives at an >> LSR, we don't know if it contains a TCP segment or not (fancy deep h/w >> implementations excluded), all we know is that , if there is congestion, >> we can discard it based on the EXP bits in the shim. > > Please see RFC 5129 > > > Bjørn > >
BGP Update Report
BGP Update Report Interval: 06-Oct-08 -to- 06-Nov-08 (32 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS9583 190435 1.7% 169.6 -- SIFY-AS-IN Sify Limited 2 - AS10396 163475 1.5%2069.3 -- COQUI-NET - DATACOM CARIBE, INC. 3 - AS4538 149721 1.3% 29.5 -- ERX-CERNET-BKB China Education and Research Network Center 4 - AS6389 111964 1.0% 25.4 -- BELLSOUTH-NET-BLK - BellSouth.net Inc. 5 - AS180387137 0.8% 61.8 -- ICMNET-5 - Sprint 6 - AS662981928 0.7%1260.4 -- NOAA-AS - NOAA 7 - AS20115 67980 0.6% 29.3 -- CHARTER-NET-HKY-NC - Charter Communications 8 - AS23126 65226 0.6% 282.4 -- CENTURYTEL-SOLUTIONS-LLC - CenturyTel Solutions, LLC 9 - AS815159659 0.5% 41.7 -- Uninet S.A. de C.V. 10 - AS905157707 0.5% 358.4 -- IDM Autonomous System 11 - AS629855678 0.5% 26.5 -- ASN-CXA-PH-6298-CBS - Cox Communications Inc. 12 - AS569151713 0.5%3977.9 -- MITRE-AS-5 - The MITRE Corporation 13 - AS238647914 0.4% 29.0 -- INS-AS - AT&T Data Communications Services 14 - AS764346600 0.4% 26.2 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) 15 - AS209 43031 0.4% 13.6 -- ASN-QWEST - Qwest Communications Corporation 16 - AS645842281 0.4% 103.4 -- Telgua 17 - AS10986 41094 0.4% 461.7 -- Intermedia Comunicaciones S.A. 18 - AS704640490 0.4% 68.9 -- UUNET-CUSTOMER - MCI Communications Services, Inc. d/b/a Verizon Business 19 - AS17974 40393 0.4% 49.7 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 20 - AS22492 37053 0.3% 12351.0 -- TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS14593 26113 0.2% 26113.0 -- BRAND-INSTITUTE - Brand Instiute, Inc. 2 - AS43299 20671 0.2% 20671.0 -- TELECONTACT-AS Telecontact Ltd. 3 - AS22492 37053 0.3% 12351.0 -- 4 - AS37026 21597 0.2% 10798.5 -- SALT-ASN 5 - AS14106 19463 0.2%9731.5 -- LEPMED01 - Leprechaun, LLC 6 - AS29282 25136 0.2%8378.7 -- EMENTOR-AS Enfo Oyj 7 - AS302875351 0.1%5351.0 -- ALON-USA - ALON USA, LP 8 - AS401944287 0.0%4287.0 -- INHOUSE-ASSOCIATES-LC - Inhouse Associates, L.C. 9 - AS569151713 0.5%3977.9 -- MITRE-AS-5 - The MITRE Corporation 10 - AS21603 36731 0.3%3673.1 -- Universidad La Salle, AC 11 - AS14220 18225 0.2%3645.0 -- I2A - I 20 Access 12 - AS413016403 0.1%3280.6 -- UPITT-AS - University of Pittsburgh 13 - AS30969 26216 0.2%3277.0 -- TAN-NET TransAfrica Networks 14 - AS41007 15516 0.1%3103.2 -- CTCASTANA CTC ASTANA, KZ 15 - AS257992787 0.0%2787.0 -- HOLMAN - Holman Enterprises 16 - AS23082 13759 0.1%2751.8 -- MPHI - Michigan Public Health Institute 17 - AS299102505 0.0%2505.0 -- IACP - INTL. ASSN OF CHIEF OF POLICEI 18 - AS503321839 0.2%2426.6 -- ISW - Internet Specialties West Inc. 19 - AS239172383 0.0%2383.0 -- BRIBIE-NET-AS-AP Bribie Island Net Multihomed, Brisbane 20 - AS222472115 0.0%2115.0 -- LETOURNEAUUNIVERSITY - LeTourneau University TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 221.134.222.0/24 62667 0.5% AS9583 -- SIFY-AS-IN Sify Limited 2 - 210.214.151.0/24 60146 0.5% AS9583 -- SIFY-AS-IN Sify Limited 3 - 192.12.120.0/24 51378 0.4% AS5691 -- MITRE-AS-5 - The MITRE Corporation 4 - 221.135.80.0/24 44512 0.4% AS9583 -- SIFY-AS-IN Sify Limited 5 - 194.126.143.0/24 44323 0.4% AS9051 -- IDM Autonomous System 6 - 12.2.46.0/24 37016 0.3% AS22492 -- 7 - 200.33.104.0/23 36141 0.3% AS21603 -- Universidad La Salle, AC 8 - 192.102.88.0/24 27029 0.2% AS6629 -- NOAA-AS - NOAA 9 - 198.77.177.0/24 26874 0.2% AS6629 -- NOAA-AS - NOAA 10 - 192.35.129.0/24 26796 0.2% AS6629 -- NOAA-AS - NOAA 11 - 12.8.7.0/24 26113 0.2% AS14593 -- BRAND-INSTITUTE - Brand Instiute, Inc. 12 - 221.128.192.0/18 24436 0.2% AS18231 -- EXATT-AS-AP IOL NETCOM LTD 13 - 64.162.116.0/24 21615 0.2% AS5033 -- ISW - Internet Specialties West Inc. 14 - 78.40.24.0/21 20671 0.2% AS43299 -- TELECONTACT-AS Telecontact Ltd. 15 - 196.42.0.0/20 19289 0.2% AS10396 -- COQUI-NET - DATACOM CARIBE, INC. 16 - 72.50.96.0/20 19216 0.2% AS10396 -- COQUI-NET - DATACOM CARIBE, INC. 17 - 77.95.144.0/2217544 0.1% AS29282 -- EMENTOR-AS Enfo Oyj 18 - 150.212.224.0/19 16299 0.1% AS4130 -- UPITT-AS - University of Pittsburgh 19 - 89.4.131.0/24 1
Re: ECN
David Freedman <[EMAIL PROTECTED]> writes: > Implementing this in an MPLS core is not an easy task, you can really > only do this on the edge, when the MPLS labelled packet arrives at an > LSR, we don't know if it contains a TCP segment or not (fancy deep h/w > implementations excluded), all we know is that , if there is congestion, > we can discard it based on the EXP bits in the shim. Please see RFC 5129 Bjørn
Re: MPLS for IPv6
Well, don't know about anybody else, but I've been asking vendors for LDP6 for a while now, every time we approach them for new projects and they always look embarrassed when they realise that they a. don't have it b. are not involved in the standards process (draft-manral-mpls-ldp-ipv6-02) So please, if you are spending your hard earned cash, please ask for an LDP6 implementation, "no demand" should not be the case. Dave. Daniel Roesen wrote: > On Tue, Nov 04, 2008 at 02:53:46PM -0600, devang patel wrote: >> Does any vendor support the MPLS for native IPv6 network? > > Unfortunately noone of the major vendors have yet implemented MPLS > control plane via IPv6 transport. From my understanding, the protocol > specs are there, just no implementation. > > So for now, you still have to use IPv4 for the MPLS network control > plane and must either forward IPv6 natively dual-stack alongside IPv4, > or transport IPv6 via 6(V)PE. > > "no customer demand", as usual. It's just us weirdos trying to do such > things. :) > > > Best regards, > Daniel >
Re: ECN
> When I thought about it, the IP core (10G links etc) first came to mind, > and there it's fairly easy to roll out (since I guess a lot of us do > WRED already), but what about on slower links? Would it make sense to > have our DSLAMs do this? What about DSL/cable modems (well, vendors > should first realise that FIFO is not great to begin with :P) ? Implementing this in an MPLS core is not an easy task, you can really only do this on the edge, when the MPLS labelled packet arrives at an LSR, we don't know if it contains a TCP segment or not (fancy deep h/w implementations excluded), all we know is that , if there is congestion, we can discard it based on the EXP bits in the shim. Dave.
