Why do GEIP+ cards go for so much money? There can't be *that* many
people left on the 7500 platform...
Peace... Sridhar
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
On 12/10/2009 05:20, Mark Tinka wrote:
increasing bandwidth is probably more practical than
implementing QoS
or as some wags state differently: QoS really means quantity of service,
because quality of service only ever becomes an issue if there is a
shortage of quantity.
On Mon, Oct 12, 2009 at 06:04:35AM -0400, Sridhar Ayengar wrote:
Why do GEIP+ cards go for so much money? There can't be *that* many people
left on the 7500 platform...
Because anyone still in the market for GEIP+ must be very very
desperate? :-)
Best regards,
Daniel
--
CLUE-RIPE --
Gert Doering wrote:
I am currently running (C7200P-SPSERVICESK9-M), Version 12.4(4)XD10
... it might be that this software just doesn't know about this specific
PA (which is very new, and anything based on 12.4(4) is a few years old
now regarding hardware support).
C7200P smells like NPE-G2,
On Mon, 12 Oct 2009, Sridhar Ayengar wrote:
Why do GEIP+ cards go for so much money? There can't be *that* many
people left on the 7500 platform...
They are around 1kUSD on ebay, considering just the PA-GE goes for 800, I
don't think that's expensive? They're actually increasing in price,
On Mon, 12 Oct 2009, Mikael Abrahamsson wrote:
On Mon, 12 Oct 2009, Sridhar Ayengar wrote:
Why do GEIP+ cards go for so much money? There can't be *that* many people
left on the 7500 platform...
They are around 1kUSD on ebay, considering just the PA-GE goes for 800, I
don't think that's
I'm trying to limit traffic to certain ports of a 6500 switch.
By reading manuals and posts to this list I came up with:
Global:
access-list 100 permit ip any any
!
class-map m100
match access-group 100
!
policy-map p100
class m100
shape average 32000
This all looks fine. But when I
On Mon, 12 Oct 2009, Maarten Carels wrote:
Any comments on this? What interfaces have the 'shape average' command
supported?
The expensive ones. The cheap LAN interfaces generally do not support
shaping because they don't have much buffering and are built to be cheap,
thus limited support
-Original Message-
From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
boun...@puck.nether.net] On Behalf Of Mikael Abrahamsson
Sent: 12 October 2009 14:57
To: Maarten Carels
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Shape traffic on 6500
On Mon, 12 Oct 2009,
Ge Moua wrote:
The worst thing you can do is put a stateful firewall in front of a
busy DNS server - every single packet creating new state will bring
most hardware-based firewalls to their knees, because session churn
is usually handled at much lower packet rate as pure packet throughput
for
Well, the point of a well-maintained server is that it is
*open* to
the world - if you want a web server to be visible by the
world, then
there isn't much you can do, besides open HTTP to
it. And other
services should not be running in the first place.
Agree. Focusing server resource on
I have to agree here, good solid server administration and best practices
are far superior to placing hardware in front to do your job for you.
(Microsoft, are you listening?) The services running should be the bare
minimum, should have their own internal ACLs properly configured (think SSH
as
yes, but the whole point of public NTP services is to allow any IPv4 to
do NTP sync.
Regards,
Ge Moua | Email: moua0...@umn.edu
Network Design Engineer
University of Minnesota | Networking Telecommunications Services
Adrian Minta wrote:
Ge Moua wrote:
The worst thing you can do is put a
Joel M Snyder -
If you do the job right, from a security point of view, you can
certainly put a fine firewall in front of a very busy DNS server. (and
when I say very busy I'm talking 10K queries a second, which is to say
about 20Mbit/second sustained round-the-clock load, for less than
The worst thing you can do is put a stateful firewall in
front of a
busy DNS server
Well, as a security guy (rather than as a network guy), I would
respectfully disagree.
First of all, if your firewall is underspecified or underrated, then
yes, you'll have problems. Secondly, if your
An NPE400 should do fine if you're looking used or on a tight budget, but if
you're looking to buy for growth, just get a G2 and be done with it.
Frank
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Antonio Querubin
If you have a lousy firewall (i.e., one that is doing nothing more than
keeping a UDP session open), yes, absolutely. However, good firewalls
are doing a lot more than that.
Some of us have seen too much damage done by firewalls to DNS, SMTP and
a number of other protocols to really believe
And further more, why inject more points of failure for little to no value?
Everything listed in the OP's message that he considers good things about
firewalls in front can be done with a properly administered server and good
patching habbits. Firewalls have their places but generally not in
On Mon, 2009-10-12 at 09:19 -0700, Joel M Snyder wrote:
You may remember last year's the Internet is falling and only Dan
Kaminsky can explain it flap around DNS. Well, a lot of the
discussion around this bug/problem/issue ignored the truth that a good
firewall prevented the attack directly,
I am running SXI code on sup720-CXL and need to filter out certain
IPV6 packets like MDNS on trunked L2 port?
I was going to use an vlan access-map but it appears that it does not
allow me to do a MATCH on an IPV6 acl, I guess I am stuck with a MAC
ACL to filter bridged IPV6 traffic.
However, good firewalls are doing a lot more than that.
You may remember last year's the Internet is falling and only Dan Kaminsky
can
explain it flap around DNS. Well, a lot of the discussion around this
bug/problem/issue ignored the truth that a good firewall prevented the attack
Hi Guys, I'm testing WAAS performance with sharing Word and pdf files, and it
is working as I expected. But when I share an *.exe file or *.bin file the
result is not the same. I can't see any improvement.
Please help me to understand that. Waas works nice with data files (word, power
point,
Peter Rathlev wrote:
On Mon, 2009-10-12 at 09:19 -0700, Joel M Snyder wrote:
You may remember last year's the Internet is falling and only Dan
Kaminsky can explain it flap around DNS. Well, a lot of the
discussion around this bug/problem/issue ignored the truth that a good
firewall
Sorry:
Now, maybe this is NANOG and ISPs operate in a 'we're just a utility
Meant maybe this is cisco NSP ...
Apologies for the obvious stupid error.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
j...@opus1.com
Everyone wants a piece of the Linux action
http://www.h-online.com/security/Cisco-routers-can-do-more-than-just-route--/news/114437
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
25 matches
Mail list logo