Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
On 1/21/13, Matt Palmer mpal...@hezmatt.org wrote: Nonce on the server is a scalability hazard (as previously discussed). You It's not really a scalability hazard. Not if its purpose is to protect a data driven operation, or the sending of an e-mail; in reality, that sort of abuse is likely need to be protected against via a captcha challenge as well, requiring scalability hazards such as performing image processing operations on the fly The logistical challenge with a nonce, is ensuring that the server generated and stored a long enough list of nonces for request load; you need to make sure that you never give out the same nonce twice, and you make sure you wipe out old sets of of nonces frequently, and then the only really hard part: when a nonce is used, you persist the fact that it is no longer valid. So you come to consider, the bottleneck: Persisting the fact that nonce X was used versus Sending this e-mail message orPosting entries to the database to complete the operation this form is supposed to do The operation this form is supposed to do will normally be the larger scalability hazard, usually involving more complicated database operations, than some nonce record maintenance. can't put a timestamp in a one-way hash, because then you've got to hash all possible valid timestamps to make sure that the hash the user gave you isn't one you'll accept. No, but you can use codevalue = at_timestamp:SHA1(secret:at_timestamp:submission_id:formaction:client ip) If current_time - at_timestamp X : require_resubmission The problem with this method, though, is that the only thing that stops the attacker from retrieving the entire chunk of data out of your form and Yeah... about that... if they can do that, they can surely steal a cookie, which persists, beyond the time the form is displayed in a browser. The adversary may be able to get the actual site to set the cookie in the unwitting user's browser by using an invisible IFRAME or other techniques, including ones to set a cookie for a different domain, circumventing the use of cookie as abuse prevention methods. The cookie is also susceptible to replay attack if something such as the client IP address is not a factor. Which is decidedly more user-friendly than most people implement, but suffers from the problem that some subset of your userbase is going to be using a connection that doesn't have a stable IP address, and it won't take That would be quite unusual, and would break many applications for that user... Although there is nothing mutually exclusive about cookies and other methods. It is possible to set a cookie to be used as an additional factor, after detecting that the user's IP address might be unstable. I just realised that I may have been insufficiently clear in my original request. I'm not looking for *any* solution to the CSRF problem that doesn't involve cookies; I'm after a solution that has a better cost/benefit than cookies. How about the issue that: cookies don't necessarily address CSRF? Cookies are OK for storing user preferences, but not to authenticate that the user actually authorized that their browser make that HTTP request. The user can have been browsing the form legitimately. The user unwittingly opens a malicious web page in another window, after having accessed the form recently. The required cookie is already set: the user might even have a logged in session, with an authentication cookie set in the browser. The malicious page can abuse an already-logged-in session by sending a POST request to it. Or have persuaded the user to login, while the malicious page is still in memory, and able to make quiet discrete POST requests. Cross-site POST operations are allowed operations; and the cookie was already set. On the other hand... a value in the form presented, should be protected against the malicious site, by the same origin policy. So perhaps if you need to use a value in the form anyways, the cookie is redundant -- -JH
Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
On 21 January 2013 07:19, Matt Palmer mpal...@hezmatt.org wrote: ... If the form is submitted without the correct POST value, if their IP address changed, or after too many seconds since the timestamp, then redisplay the form to the user, with a request for them to visually inspect and confirm the submission. Which is decidedly more user-friendly than most people implement, but suffers from the problem that some subset of your userbase is going to be using a connection that doesn't have a stable IP address, and it won't take too many random please re-confirm the form submission you made requests before the user gives your site the finger and goes to find something better to do. You want to stop the CSRF problem, but you want to support a user making the login in a IP, and submiting a delete account button *the next second* from a different IP. then you want this solution to be better cost effective than cookies. Maybe ask the user his password. form method=post input type=hidden name=id_user value=33 input type=hidden name=action value=delete_user input type=submit value=Delete user pFor this action you must provide the password. /p input type=password name=password value= /from Even if this request come from a IP in china, you can allow it. -- -- ℱin del ℳensaje.
Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
On 21 January 2013 09:26, . oscar.vi...@gmail.com wrote: On 21 January 2013 07:19, Matt Palmer mpal...@hezmatt.org wrote: ... If the form is submitted without the correct POST value, if their IP address changed, or after too many seconds since the timestamp, then redisplay the form to the user, with a request for them to visually inspect and confirm the submission. Which is decidedly more user-friendly than most people implement, but suffers from the problem that some subset of your userbase is going to be using a connection that doesn't have a stable IP address, and it won't take too many random please re-confirm the form submission you made requests before the user gives your site the finger and goes to find something better to do. You want to stop the CSRF problem, but you want to support a user making the login in a IP, and submiting a delete account button *the next second* from a different IP. then you want this solution to be better cost effective than cookies. Maybe ask the user his password. form method=post input type=hidden name=id_user value=33 input type=hidden name=action value=delete_user input type=submit value=Delete user pFor this action you must provide the password. /p input type=password name=password value= /from Even if this request come from a IP in china, you can allow it. So this solution can be read has: - Do nothing to avoid CSRF. - Except for destructive actions, where you ask for the password. -- -- ℱin del ℳensaje.
Re: EQUINIX
I would agree here cross connects. We pay 15x more in cross connects per month then we do in just the space/power. We actually pulled out of a colo once our contract came to terms with one of the large colo providers because of the extortion cross connect fees. It's an issue when a cross connect within the same room cost more then the loop going 100 miles away. I sometimes question if the colo providers even understand our industry. Sadly enough it was cheaper to move all that colo into an ATT CO/Tandem then to stay put in the colo space. Just my 2 cents. Carlos Alcantar Race Communications / Race Team Member 1325 Howard Ave. #604, Burlingame, CA. 94010 Phone: +1 415 376 3314 / car...@race.com / http://www.race.com -Original Message- From: Chris Rogers crog...@inerail.net Date: Thursday, January 17, 2013 5:07 PM To: PC paul4...@gmail.com Cc: nanog@nanog.org nanog@nanog.org Subject: Re: EQUINIX Here's the list pricing we received about a year ago for 60 Hudson/111 8th in NYC: (24 month contract) Single cab: $800/mo + $1000 setup 20A @ 208V: $605/mo + $500 setup XC - Coax: $225/mo + $500 setup XC - Fiber: $325/mo + $500 setup XC - POTS: $25/mo + $100 setup XC - T1/E1: $225/mo + $500 setup PAIX 1gig: $1000/mo + $2000 setup PAIX 10gig: $2500/mo + $4000 setup Obviously, much negotiation was in order. As others have said, the cab, and even power, is somewhat reasonable. But the cross connects kill the whole thing. -Chris On Thu, Jan 17, 2013 at 10:55 AM, PC paul4...@gmail.com wrote: My experience has been that the monthly rack rental fee will be a comparative bargain to basic power and a couple in-building cross connects, which will often more than double the cost. When shopping for any provider, make sure you price out all the options you need in addition to the rack space itself. On Thu, Jan 17, 2013 at 8:04 AM, Rodrick Brown rodrick.br...@gmail.com wrote: On Thu, Jan 17, 2013 at 8:39 AM, ML m...@kenweb.org wrote: On 1/17/2013 4:49 AM, Ryan Finnesey wrote: What's the going rate now a days for a rack within EQUINIX? Cheers Ryan I would imagine this varies greatly by market and maybe even suite within the building And also power/cooling requirements. -- Regards, Chris Rogers CEO, Inerail +1.302.357.3696 x2110 http://inerail.net/ smime.p7s Description: S/MIME cryptographic signature
Re: EQUINIX
On Mon, 21 Jan 2013 09:17:48 +, Carlos Alcantar said: I would agree here cross connects. We pay 15x more in cross connects per month then we do in just the space/power. We actually pulled out of a colo once our contract came to terms with one of the large colo providers because of the extortion cross connect fees. It's an issue when a cross connect within the same room cost more then the loop going 100 miles away. I sometimes question if the colo providers even understand our industry. Oh, they understand full well. Considering that they talked you into signing a contract that included extortion cross connect fees, and they in general get away with it - a case can be made that they understand the industry better than you do. :) pgpiO_iHgkGHH.pgp Description: PGP signature
Re: CALEA options for small/midsize ISPs
- Original Message - From: Jimmy Hess mysi...@gmail.com Forget about FCC civil penalties: the LEA may start arresting managers responsible for refusal, on the charges of obstruction, due to interfering with an investigation. People might talk about refusing to process a CALEA warrant. IF/when they do receive such a lawful order: I am almost positive they will respond in some way other than a refusal to attempt to comply. So that's probably why it's not likely we will hear of a refusal occuring, at least for a long time Yes, constructive refusal is much harder to prove. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
CGN fixed/hashed nat question
Let me start out by saying I'm allergic to CGN, but I got to ask the question: Some of the CGN providers are coming out with fixed nat solutions for their IPv6 transition/IPv4 preservation technologies to reduce logging. This appears to provide for a static mapping of outside ports/IPs to a particular customer such that the service provider doesn't need to log literally every session through the box. At the last nanog, I seem to remember someone stepping up and discussing the problems associated with just taking ports 1025 through 1025+X and giving it to some customer and had brought up the idea of using a hash or salt to map what would appear to be random ports to a customer in such a way that you could reverse the port back to the customer later if need be. For the life of me, I can't find anything on the internets about this concept. I had it in my head it was a lightning talk or something, but reviewing the agenda doesn't ring any bells. Anyone know what I'm talking about and what it's called? -e
Re: CGN fixed/hashed nat question
On 21/01/2013 17:06, Eric Oosting wrote: I had it in my head it was a lightning talk or something, but reviewing the agenda doesn't ring any bells. Anyone know what I'm talking about and what it's called? draft-donley-behave-deterministic-cgn? Nick
Contact at Tucows domains?
RE: Contact at Tucows domains? Anyone know a good high-level contact at Tucows Domains? I have a customer who is having a problem with a Tucows Reseller. (massive problems!)... and Tucow's own domain support line isn't being very helpful. (the guy just wants to pay with a credit card for the renew his domain... he is NOT asking for much!) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: CGN fixed/hashed nat question
On Mon, Jan 21, 2013 at 12:18 PM, Nick Hilliard n...@foobar.org wrote: draft-donley-behave-deterministic-cgn That's it. Or more specifically, the section of that draft that points to https://tools.ietf.org/html/rfc6431#section-2.2 Thanks. -e
Re: Contact at Tucows domains?
Tucows is awesome. Their CEO has his email on the whois entry. Cheers, Joshua Joshua Goldbard VP of Marketing, 2600hz 116 Natoma Street, Floor 2 San Francisco, CA, 94104 415.886.7923 | j...@2600hz.commailto:j...@2600hz.com On Jan 21, 2013, at 9:24 AM, Rob McEwen r...@invaluement.commailto:r...@invaluement.com wrote: RE: Contact at Tucows domains? Anyone know a good high-level contact at Tucows Domains? I have a customer who is having a problem with a Tucows Reseller. (massive problems!)... and Tucow's own domain support line isn't being very helpful. (the guy just wants to pay with a credit card for the renew his domain... he is NOT asking for much!) -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Contact at Tucows domains?
On 1/21/2013 12:24 PM, Rob McEwen wrote: RE: Contact at Tucows domains? I just got a very good contact sent off-list. Assume this is resolved unless/until I can't get a reply/resolution from the e-mail I just sent. In that case, I'll post an update. Thanks! -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Contact at Tucows domains?
On 1/21/2013 12:58 PM, Rob McEwen wrote: I just got a very good contact sent off-list. Assume this is resolved unless/until I can't get a reply/resolution from the e-mail I just sent. In that case, I'll post an update. I keep getting off-list lectures about how accepting payment via credit card (verses another payment method) is NOT a requirement of a registrar (or registrar reseller). That is/was NOT the issue and is besides the point. The problems are MUCH more fundamental than that. Sorry if my original wording of my original e-mail contributed to that misunderstanding. But, as I mentioned, I think I've just alerted the right people at Tucows who SHOULD be able to resolve this. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Equipment Shuffing Cart Recommendations
Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com
Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
--- jfmezei_na...@vaxination.ca wrote: From: Jean-Francois Mezei jfmezei_na...@vaxination.ca Either way, you still need to have either a cookie or a hidden form [...] But ONLY when needing to do a transaction. As I originally mentioned why force a cookie just to look around: no cookie, no lookie. :-( scott
Re: Equipment Shuffing Cart Recommendations
What's your budget? I got some ad email from ServerLift (serverlift.com) a while back. It wasn't justified for my environment, but the units did look really cool. On Mon, Jan 21, 2013 at 11:27 AM, Michael Vallaly na...@nolatency.comwrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Equipment Shuffing Cart Recommendations
On Mon, Jan 21, 2013 at 2:27 PM, Michael Vallaly na...@nolatency.com wrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike Too many options for this. At first I thought of http://www.pelican.com/cases_detail.php?Case=0550 but the wheels are not inline with what you are asking. I saw some other wheel options, have a look around. -- ~ Andrew lathama Latham lath...@gmail.com http://lathama.net ~
Re: Equipment Shuffing Cart Recommendations
The standard heavy duty plastic rubbermaid carts with casters work great. -mike Sent from my iPhone On Jan 21, 2013, at 11:28, Michael Vallaly na...@nolatency.com wrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com
Re: Equipment Shuffing Cart Recommendations
What's your budget? I got some ad email from ServerLift (serverlift.com) a while back. It wasn't justified for my environment, but the units did look really cool. It was pretty clear that they had scraped NANOG for addresses at one point, and I keep getting these unsolicited messages from one of their pushy salespeople, which is pretty much the gold standard way to be assured not to have any possibility of making a sale. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Equipment Shuffing Cart Recommendations
Get one of these. Lifetime warranty. We need more here because I can never keep up with mine. http://www.norriscorp.com/carts/700.html At 02:27 PM 1/21/2013, you wrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com
RE: Equipment Shuffing Cart Recommendations
I've used various versions of this: http://www.staples.ca/ENG/Catalog/cat_sku.asp?CatIds=webid=454560affix edcode=WW Locally a few stores have sold cheaper versions I've used where the platform bent after loading 500lbs of UPS batteries on them. Thanks, Erik Soosalu -Original Message- From: Michael Vallaly [mailto:na...@nolatency.com] Sent: Monday, January 21, 2013 2:27 PM To: nanog@nanog.org Subject: Equipment Shuffing Cart Recommendations Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com
Re: Equipment Shuffing Cart Recommendations
--- jgr...@ns.sol.net wrote: From: Joe Greco jgr...@ns.sol.net I got some ad email from ServerLift (serverlift.com) a while back. It wasn't justified for my environment, but the units did look really cool. It was pretty clear that they had scraped NANOG for addresses at one point, and I keep getting these unsolicited messages from one of their pushy salespeople, which is pretty much the gold standard way to be assured not to have any possibility of making a sale. - That's good to know they're spammers in case I have a need. I'll be sure to look elsewhere. scott
Re: Equipment Shuffing Cart Recommendations
On Jan 21, 2013, at 1:27 PM, Michael Vallaly wrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike http://www.homedepot.com/h_d1/N-5yc1v/R-202204471/h_d2/ProductDisplay?catalogId=10053langId=-1keyword=folding+hand+cartstoreId=10051 (Milwaulkee 150lb folding 2-wheel hand cart) I've used one of these for the past couple years in datacenters and on city streets and it is very solid, especially given that price. There's also a larger version of it, not sure if HD carries it. Very well made. That said, my first one suffered infant mortality due to a defect in the plastic molding, but the second one has lasted a couple of years and some significant abuse without any signs of damage. The only thing is that the bungee it comes with is worthless for anything beyond a lightly loaded milk crate, so pick up a set of bungees at the same time.
Re: Equipment Shuffing Cart Recommendations
I get mine from the local Grainger store. Sent from my iPhone On Jan 21, 2013, at 11:43, Andrew Latham lath...@gmail.com wrote: On Mon, Jan 21, 2013 at 2:27 PM, Michael Vallaly na...@nolatency.com wrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike Too many options for this. At first I thought of http://www.pelican.com/cases_detail.php?Case=0550 but the wheels are not inline with what you are asking. I saw some other wheel options, have a look around. -- ~ Andrew lathama Latham lath...@gmail.com http://lathama.net ~
Re: Equipment Shuffing Cart Recommendations
Are you talking about a case like these? http://www.skbcases.com/industrial/products/prod-list.php?d=s11 We don't have one ourselves, but we have friends that do, and they love them. Only downside is that they're a little heavy (especially with servers in them) to lift in and out of a car's trunk. But you have the wheels once you're on the ground. -Chris On Mon, Jan 21, 2013 at 2:27 PM, Michael Vallaly na...@nolatency.comwrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com -- Regards, Chris Rogers CEO, Inerail +1.302.357.3696 x2110 http://inerail.net/
Call For Papers: EuroMPI 2013 Madrid, Spain
Dear Sir or Madam, (We apologize if you receive multiple copies of this message) Recent Advances in Message Passing Interface. 20th European MPI Users' Group Meeting (EuroMPI 2013) EuroMPI 2013 is being held in cooperation with SIGHPC Madrid, Spain, September 15-18, 2013 www.eurompi2013.org BACKGROUND AND TOPICS --- EuroMPI is the preeminent meeting for users, developers and researchers to interact and discuss new developments and applications of message-passing parallel computing, in particular in and related to the Message Passing Interface (MPI). The annual meeting has a long, rich tradition, and the 20th European MPI Users' Group Meeting will again be a lively forum for discussion of everything related to usage and implementation of MPI and other parallel programming interfaces. Traditionally, the meeting has focused on the efficient implementation of aspects of MPI, typically on high-performance computing platforms, benchmarking and tools for MPI, short-comings and extensions of MPI, parallel I/O and fault tolerance, as well as parallel applications using MPI. The meeting is open towards other topics, in particular application experience and alternative interfaces for high-performance heterogeneous, hybrid, distributed memory systems. Topics of interest include, but are not limited to: - MPI implementation issues and improvements - Extensions to and shortcomings of MPI - Tools and environments for MPI - Hybrid and heterogeneous programming with MPI and other interfaces - Relation of MPI to alternative interfaces for hybrid/heterogeneous distributed memory systems - Interaction between message-passing software and hardware, in particular new high performance architectures - Fault tolerance in message-passing implementations and systems - Performance evaluation for MPI and MPI based applications- - Automatic performance tuning of MPI applications and implementations - Verification of message passing applications and protocols - Applications using message-passing, in particular in Computational Science and Scientific Computing - Non-standard message-passing applications - Parallel algorithms in the message-passing paradigm - Algorithms using the message-passing paradigm The meeting will feature contributed talks on the selected, peer-reviewed papers, invited expert talks covering upcoming and future issues, a vendor session where selected vendors will present their new developments in hybrid and heterogeneous cluster and high-performance architectures, a poster session, and a tutorial day. The scientific part of the conference is organized in cooperation with ACM SIGHPC. Conference proceedings will be published in the ACM Digital Library, which includes short and long papers, workshop papers, and posters. Selected high quality papers will be published in an international journals. There will also be a reward for the overall best paper from the academic conference. WORKSHOPS --- IMUDI SPECIAL SESSION ON IMPROVING MPI USER AND DEVELOPER INTERACTION The IMUDI special session, to be held as a full-day meeting at the EuroMPI 2013 conference in Madrid, Spain, focuses on bringing together the MPI end-user and MPI implementor communities through discussions on MPI usage experiences, techniques, and optimizations. This meeting will focus on evaluating the MPI standard from the perspective of the MPI end-user (application and library developers) and address concerns and insights of MPI implementors and vendors. Unlike workshops associated with other conferences, the IMUDI session is still considered to be a part of the Euro MPI conference. Submissions will be reviewed separately to facilitate bringing together research publications falling into these special focus areas. More info at: http://press.mcs.anl.gov/imudi/ ENERGY-EFFICIENT HIGH PERFORMANCE COMPUTING COMMUNICATION WORKSHOP (E2HPC2) 2013 The first Energy-Efficient High Performance Computing Communication workshop will be co-located with EuroMPI 2013 in Madrid. Energy-awareness is now a main topic for HPC systems. The goal of this workshop is to discuss latest researches on the impact and possibles leverages of communications for such systems. E2HPC2 solicits original and non-published or under-review articles on the field of energy-aware communication in HPC environment. This workshop is co-located with EuroMPI as MPI is the main communication interface in those environments. More info at: http://www.irit.fr/~Georges.Da-Costa/e2hpc2.html PBIO 2013: INTERNATIONAL WORKSHOP ON PARALLELISM IN BIOINFORMATICS In Bioinformatics, we can find a variety of problems which are affected by huge processing times and memory consumption, due to the large size of biological data sets and the inherent complexity of biological problems. In fact, Bioinformatics is one
L2 redundant VPN
Hi networking guys, I need some help :-). We try to find for our department reliable solution for L2 VPN. The task is to connect two remote data centers, each of them connected two 1Gbps lines (with link aggregation). Only IP connectivity between data centers is available (so there is no possibility to create circuit based on MPLS or something like that). The basic problem is that high reliability is required, so the solution have to be fully redundant. The initial idea was about two OpenVPN servers in each data center + two switches (HP E5800) joined into one logical switch via VRF. The link failure is based on LACP packets between both data centers. The solution works, however performance of OpenVPN is really creepy. The maximum we were able to get from this configuration was about 100Mbps. We expect at least 500Mbps (or more in the future). In our thoughts then we were thinking about l2tp on some cisco/HP(H3C) device, however there is little information about performance of that solution and I am not sure how the failure detection would work in redundant configuration. Have anybody some experience with similar solution or at least any idea ? Thanks a lot for thoughts Tomas
Re: Equipment Shuffing Cart Recommendations
Date: Mon, 21 Jan 2013 13:27:05 -0600 From: Michael Vallaly na...@nolatency.com To: nanog@nanog.org Subject: Equipment Shuffing Cart Recommendations Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Look at medium-/heavy-duty luggage carts for luggage going on airplanes. I've moved incredible loads -- like a half-dozen full-tower desktops _and_ a 20 CRT in one trip -- on a good _medium-duty_ one (similar to a Clipper 200). If I were buying one today, I'd look hard at a Clipper 450, or, if I could justify the money, a Clipper 730, for the folding 'shelf' cum work- surface. Wesco and Kart-A-Bag are good brands too. You probably wont go far wrong with any such in the (circa) $60 and up price range. double-check the wheel- size (5 min, 6 better) though. They all go better over elevator gaps if you pull rathe than push 'em. :) see http://www.handtrucks.com/hand-trucks/folding-hand-trucks/4567+1579+2524.cfm for lot of possibilities Note: I have no experience with that vendor, google images search led me to them.
Re: Equipment Shuffing Cart Recommendations (Mike Hale)
I recently purchased a couple of these collapsible carts @ for the same purpose and they work very well... http://www.frys.com/product/6390451?site=sr:SEARCH:MAIN_RSLT_PG They're a tad difficult to close after use but I expect they'll relax and ease after additional use. Regards, Travis Foschini On Jan 21, 2013, at 11:28, Michael Vallaly na...@nolatency.com wrote: Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com
Re: L2 redundant VPN
Can you enable aes-ni on your openvpn servers? Any newer intel xeon chipset should support it, but it is usually disabled (bios) by default. There are more tuning tips at http://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux - Original Message - From: Tomas Podermanski tpo...@cis.vutbr.cz To: nanog@nanog.org Sent: Monday, January 21, 2013 3:37:55 PM Subject: L2 redundant VPN Hi networking guys, I need some help :-). We try to find for our department reliable solution for L2 VPN. The task is to connect two remote data centers, each of them connected two 1Gbps lines (with link aggregation). Only IP connectivity between data centers is available (so there is no possibility to create circuit based on MPLS or something like that). The basic problem is that high reliability is required, so the solution have to be fully redundant. The initial idea was about two OpenVPN servers in each data center + two switches (HP E5800) joined into one logical switch via VRF. The link failure is based on LACP packets between both data centers. The solution works, however performance of OpenVPN is really creepy. The maximum we were able to get from this configuration was about 100Mbps. We expect at least 500Mbps (or more in the future). In our thoughts then we were thinking about l2tp on some cisco/HP(H3C) device, however there is little information about performance of that solution and I am not sure how the failure detection would work in redundant configuration. Have anybody some experience with similar solution or at least any idea ? Thanks a lot for thoughts Tomas
Re: L2 redundant VPN
Alternatively, just disable encryption by using --cipher none if you only care about the L2 bridging and don't care about the encryption aspect. You should get a huge performance boost through the tunnel and it would be the same thing as dropping a dedicated circuit in there. Of course, encryption is generally a Good Thing(tm), and the AES-NI stuff is phenomenal, but it's not necessarily required in places where you're just trying to get a link set up between 2 sites and you were considering MPLS anyways. - Pete On 01/21/2013 05:37 PM, Dan Olson wrote: Can you enable aes-ni on your openvpn servers? Any newer intel xeon chipset should support it, but it is usually disabled (bios) by default. There are more tuning tips at http://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux - Original Message - From: Tomas Podermanski tpo...@cis.vutbr.cz To: nanog@nanog.org Sent: Monday, January 21, 2013 3:37:55 PM Subject: L2 redundant VPN Hi networking guys, I need some help :-). We try to find for our department reliable solution for L2 VPN. The task is to connect two remote data centers, each of them connected two 1Gbps lines (with link aggregation). Only IP connectivity between data centers is available (so there is no possibility to create circuit based on MPLS or something like that). The basic problem is that high reliability is required, so the solution have to be fully redundant. The initial idea was about two OpenVPN servers in each data center + two switches (HP E5800) joined into one logical switch via VRF. The link failure is based on LACP packets between both data centers. The solution works, however performance of OpenVPN is really creepy. The maximum we were able to get from this configuration was about 100Mbps. We expect at least 500Mbps (or more in the future). In our thoughts then we were thinking about l2tp on some cisco/HP(H3C) device, however there is little information about performance of that solution and I am not sure how the failure detection would work in redundant configuration. Have anybody some experience with similar solution or at least any idea ? Thanks a lot for thoughts Tomas
Re: Equipment Shuffing Cart Recommendations
We have one of t*he **10U Roto Shock Rack *units that Chris Rogers linked to and we like it! It's probably the only transport case we haven't been able to destroy in 4 months (when our busy season happens) and it's nearly 3 years old now and it's still kicking. It's big so you'll need transport to match it and two people to lift it. The rest of the stuff we've managed to destroy had the wheels fall off first but they've been made out of aluminium frames that weren't made to handle the streets and roads of Ireland.
RE: Equipment Shuffing Cart Recommendations
I've got this: http://www.homedepot.ca/product/steel-tough-400-3-in-1-engineered-nylon-hand-truck-platform-cart-trolley/946396 -Coincidentally its length is a perfect fit for several stacked PowerEdge or ProLiant 1U/2U boxes -Collapsible and fits in most trunks -Smooth sailing through ramps / elevators / mantraps / cabinet aisles / whatever $facility will throw at it Erik -Original Message- From: Michael Vallaly na...@nolatency.com Sent: Monday, January 21, 2013 2:27pm To: nanog@nanog.org Subject: Equipment Shuffing Cart Recommendations Anyone have any good recommendations for an equipment cart to shuffle IT/Telco equipment around between an office/colo ? Id like something able to carry ~6 1U Dell servers at once, and maybe make it over an elevator gap without a running start. Collapsible would also be nice, if I can throw it in the back of a car once in a while is a big plus. Thanks -Mike -- Michael Vallaly mvall...@nolatency.com
Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
This article may be of interest: http://arstechnica.com/security/2013/01/canadian-student-expelled-for-playing-security-white-hat/ Basically, a Montreal student, developping mobile software to interface with schools system found a bug. Reported it. And when he tested to see if the bug had been fixed, got caugh and was expelled. I the context of this thread, they found a vulnerability in the web site's archutecture that allowed the to access any student's records. This is the perfect type of incident you can bring to your boss to justify proper architecture/security for your web site. How would you react if it was your company's name in the headline ?
Re: Multicast over GRE between Linux server and Cisco Router
From my experience, it seems most Linux multicast development has stalled significantly in recent years. None the less, look for something called smcroute. You should be able to use this to manually peg up a route and generate the join. Also take a look at the output of netstat -n -g to see the join. igmpproxy is also good if this is a stub network and you're trying to proxy joins. Let me know what ends up working for you. I've fought this one once already. I never did like the results, but I ended up using the igmp proxy method. On Fri, Jan 18, 2013 at 8:07 PM, Tom Ammon thomasam...@gmail.com wrote: IGMP packets are sent with TTL=1. Is the tunnel interface on the router enabled for PIM? Tom On Fri, Jan 11, 2013 at 5:11 AM, Brian Christopher Raaen mailing-li...@brianraaen.com wrote: Just a quick note. I do have multicast enabled on the server gre1 interface. A tshark capture shows the igmp group queries from the router and the igmp join reply from the server. On Wed, Jan 9, 2013 at 10:51 AM, Brian Christopher Raaen mailing-li...@brianraaen.com wrote: I am trying to set up multicast between a Linux server and Router using GRE. The GRE tunnel is up fine and I can see traffic go across it, but the router is not indicating it is receiving the IGMP joins that the server is sending. I have identical setting with another server attached to fastethernet0/1 and it is joined to the group fine, but I am not able to get the server to link to the router via GRE interface. Note that I have another server behind another router where the two routers do GRE and PIM and that on is working fine. Is there some reason that IGMP joins would not work across the GRE link, but another router using PIM would? -- Brian Christopher Raaen Network Architect Zcorum -- Brian Christopher Raaen Network Architect Zcorum -- - Tom Ammon Network Engineer M: (801) 674-9273 t...@tomsbox.net -
