t really any analysis for worst
case scenarios and how to possibly gracefully recover from those.
(eg, I've done some NAT hacks to detect idle HTTP pconns and toss
those before tossing the others.)
Adrian
On Sun, Apr 18, 2010, joel jaeggli wrote:
> my load balancer needs 16 ips for every million simultaneous
> connections, so does yours.
Only because it hasn't broken the spec further. :)
adrian
James Jones wrote:
I am currently looking at using RouterOS as a way to build a Metro
Ethernet solution. Does anyone have experience with the device and the
OS? How is the performance? Are there any "Gotchas"?
-James
Be carefull not to crash the whole internet:
http://www.renesys.com/blog/2
ged
and controlled like they are today.
Adrian
ms? :)
THat makes "leave backbones unchanged" not happen.
Adrian
out the programming language related ranting.
Adrian
Hi
I have questions about security
I am using mozila to access gmail as https://mail.google.com/mail
Why mozilla prompts me the alert box?
"You have requested an encrypted page that contains some unencrypted
information. Information that you see or enter on this page could easily be
read by a
es in place to limit
then number of routes being injected into the network so one doesn't
overload the tables, but what's the behaviour if/when this limit is
reached? Does mitigation cease being as effective?
Adrian
But as you said, they're willing to sell them to you. Then claim
that the traffic you're receiving is out of profile. :)
(I'm not jaded about this, oh no..)
Adrian
billing without
having subtle duplicate flows everywhere..
Adrian
(Ah, thinking about this stuff brings back memories, and I'm only 30..)
SL link and all
of the headaches they may not be prepared for, and you get control over
your own network.
2c,
Adrian
Take a read of the quagga documentation. There's a BGP neighbor option
for stripping out the local AS when speaking eBGP.
Adrian
On Wed, Oct 28, 2009, Sherwin Ang wrote:
> Hello Nanog,
>
> am not sure if i should have placed this on the cisco-nsp or the
> juniper-nsp but s
t".
I've done the former for a few thousand aliases with no degredation
in performance. The hacks available for freebsd-4.x for the Web Polygraph
software did something similar.
2c,
Adrian
iented people who have
a job to do?
Silly architecture groups..
Adrian
(Glad I'm not involved. I'd lose patience and punch people.)
kely still stick out as being "different". :)
Adrian
f traffic patterns
of your UDP traffic wouldn't identify it as a likely tunnel? :)
Adrian
that, and if so, where's your data? :)
Adrian
Philip Lavine wrote:
More info if this helps:
Switch Platform:
4500 SUPII+
with gig line cards
Data rate is <100Mbps
Server OS: Windows 2003 R2 (please withhold snickering).
Multicast traffic is routed ?
--
Best regards,
Adrian Minta
On Wed, Oct 14, 2009, Adrian Minta wrote:
> >1 sender
> >1 mcast group
> >2+ receivers on same VLAN and physical segment
> >
> >= data loss
> Probably a crappy switch.
specifically, is your switch doing frame replication on ingress
or egress? :)
adrian
Philip Lavine wrote:
Please explain how this would be possible:
1 sender
1 mcast group
1 receiver
= no data loss
1 sender
1 mcast group
2+ receivers on same VLAN and physical segment
= data loss
Probably a crappy switch.
--
Best regards,
Adrian
Nathan Ward, please stand up.
Adrian
On Tue, Oct 13, 2009, TJ wrote:
>
> -Original Message-
> From: Justin
> To go along with Dan's query from above, what are the preferred methods
> that other SPs are using to deploy IPv6 with non-IPv6-capable edge
> hardwa
2 /16s - but we give those users globally routed IPv6 addresses.
I suggest you're not yet doing enough IPv6 traffic to have to care
about IPv6 TE.
2c,
Adrian
alternative and it's
> been how long now? PI, multihoming, multicast, etc. is reality because
> the internet is now Very Serious Business for many, many people.
IPv6 -policy- wasn't initially designed for any workable site multihoming.
The addressing and BGP stuff works fine for it. Its just not "different"
to the issues faced with IPv4.
adrian
available transmission
rate is a function of how many available frequency space slices are
deemed to be "good" at any one time.
This isn't really like SDH (from what I've read of SDH, anyway.)
Adrian
It is a HTTP/1.0 vs HTTP/1.1 thing (Chunked encoding for HTTP/1.1
doesn't require you to calculate and send a Content-Length.)
Adrian
On Fri, Oct 09, 2009, Jared Mauch wrote:
> I've been having the same issue when going through my Linux+Squid+WCCP
> setup, but if the browser
A few people have asked what the specific problem is.
http://www.squid-cache.org/mail-archive/squid-dev/200910/0089.html
Adrian
On Sat, Oct 10, 2009, Adrian Chadd wrote:
> howdy,
>
> I'm chasing a technical contact at Facebook. There's some broken HTTP being
> ser
howdy,
I'm chasing a technical contact at Facebook. There's some broken HTTP being
served which is confusing Squid in a way that isn't easily, cleanly
worked around.
Please feel free to contact me off-list.
Thanks,
Adrian
Please don't forget moisture content. DSL speeds may drop during
wet winters because cable pits fill with water. :)
Those with real statistics, please stand up. I know ISPs who run
large DSL infrastructures have these stats. I've even seen them
at conferences. :)
Adrian
On Wed, Oc
Ideally, one would rather see a large ISP
> get a single delegation, rather than advertising 50 or 500.
.. and what about their customers with portable address space?
What if every single customer decides they now want to multihome, dynamic
endpoint resolution stuff (LISA?) isn't ready, and companies simply join
the RIR and buy their own IP space? :)
Adrian
e IPv6
> address space.
.. address aggregation?
.. convergence time?
I'm sorry, but seeing a good fraction of my local IX simply containing
a few ISP's deaggregated view of their "local" internal networks versus
a sensible allocation policy makes me cry. IPv6 may just make this
worse. IPv6 certainly won't make it "better".
adrian
then hire to
do the work is actually doing their job.
No, I'm not (mostly) being facetious. It is mostly easy to get it "right" when
it works, but it is -not- right to get it "right enough" when it doesn't work.
Adrian
.. or, which is more likely given my brief exposure to this crap, the
search engines cottoned on and changed the metrics again.
adrian
In Europe RIPE has a nice database. Hijacking is not possible since most
ISP's use filters based on RIPE Database.
Why ARIN don't use a similar tool ?
worth the trouble IMHO.
--
Best regards,
Adrian Minta
I will sugest to test the throughput when a BGP peer is flapping.
-Original Message-
From: Michael J McCafferty
Sent: 23 iulie 2009 03:05
To: nanog
Subject: What else shall we test?
All,
We are putting together a test plan to test a pair of Cisco 7206 VXR's,
each with with NPE-G
trying to pony up at least with support of many major
> vendors.
The main current funding source for work being committed back to FreeBSD's
10GE performance has a very big focus on server performance, not forwarding
performance. Hence the flow cache, which benefits TCP stream performance.
Adrian
to see it happen.
The clue is out there. They're just looking for a way to pay the
rent.
Adrian
(Not looking to do this, I have enough going on atm..)
On Thu, Jul 09, 2009, Charles Wyble wrote:
> I did. Still getting pounded.
And its not covered by your SLA?
Adrian
essage dissemination services to companies for a fee,
but AFAIK they aren't doing this at the moment.)
Adrian
On Thu, Jun 25, 2009, Suresh Ramasubramanian wrote:
> On Thu, Jun 25, 2009 at 9:44 AM, Adrian Chadd wrote:
> > On Thu, Jun 25, 2009, Suresh Ramasubramanian wrote:
> >> Rod - you wouldnt qualify as an ISP - or even a "provider of an
> >> interactive computer service&
hatever the current definition
of "common carrier" is these days, running a TOR node, still be covered by
said provisions?
Adrian
firm) blasted me for being
"too efficient" at solving a problem.
Adrian
hared medium?
Because you don't want to listen to what others have to say to you.
Adrian
(The above statement has network operational relevance at an IP
level.)
full of vendors.
Methinks its time a large cabal of network operators should represent
at IETF and make their opinions heard as a collective group.
That would be how change is brought about in a participative organisation,
no? :)
Adrian
y unscalable (I think the BUS ran on an ASX1000 cpu),
> this scheme turned the single stream concept of multicast on its head,
> creating essentially a unicast stream for each multicast PVC client.
IIRC, plenty of popular ethernet switches do this across their backplane
for multicast ..
Adrian
we do from their obvious dynamics.
Have you tried just contacting internode in Australia about this?
Adrian
ure you read all the posts in the thread, the figures Rodney gives
need some further explanation.
Adrian
t; loads that are advertised by the hardware vendors you mentioned.
Don't forget Squid and its various project forks.
Adrian
27;m looking to go to the
> next step.
Check the cisco-nsp archive, specifically from Rodney; he has talked about what
the CPU load versus throughput implications are on the G1 and G2. It might
surprise you a little.
Adrian
On Wed, Mar 11, 2009, Bill Blackford wrote:
> Can the 32 handle a full table?
Start here:
http://www.mail-archive.com/cisco-...@puck.nether.net/msg12492.html
adrian
big firewall rulesets, because they followed
blog posts and didn't bother reading the documentation..)
2c,
Adrian
uot;good" these things
are? Just saying "Yup, supports IPv6" with no idea of how well, which bits
work/don't, stuff like lacking firewalling (as above) would be good to know.
Thanks!
Adrian
(Using a Cisco 827, speaks IPv6 real good..)
g forward with higher PPS improvements.
If this is inline with what you want, then I suggest talking to them and
seeing how they can help.
Migrating to a superior platform (where "superior" here is "does what
I want better" isn't a -bad- idea. :)
Adrian
d solve them in IPv6 (assuming you can make all the
> changes you want, and get instant industry-wide support) any better
> than you solve them in IPv4.
Who says the IPv6 solutions need to be better than IPv4?
Adrian
s but the last time I checked this out (say, 2-3 years ago)
it was pretty lacking.
> The things you are talking about are about protecting against
> misconfiguration, not about protecting against malicious people.
See above.
Adrian
/APNIC/etc are busy talking to end-users
rather than just ISPs about the issues facing IPv6 adoption. Am I
mistaken or not?
Adrian
. Seriously. Someone needs to draw up some parallels
between IPv6 adoption/advocacy and ATM/FR/ISDN "stuff" versus IP(v4)
"adoption" back in the mid to late 1990's. I'd certainly have a laugh.
my 2c, or 1.24c AUD;
Adrian
ch somewhat-wierdly subtly break existing
functionality for a small-but-statistically-annoying portion of your userbase.
Gotcha!
:)
Adrian
(Yeah I know, Apple have shipped busted updates too..)
t; that you update, before someone less pleasant and friendly than myself
> finds you. Please.
What, and the other, "make sure you hard limit the max AS path length from
customers and peers, in case of ${LINK_TO_THIS_NANOG_THREAD} ?"
Adrian
backup default routes then...
violet:~ adrian$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=246 time=584.909 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=246 time=478.598 ms
...
6 mumble.gblx.net (69.x.y.z) 11.907 ms 14.086 ms 16.931 ms
7 ge-2-0-0-
y
go over quota.
Lots of cute stuff. :)
Adrian
>
> MMC
>
> On 30/01/2009, at 4:03 PM, Bruce Grobler wrote:
>
> >Hi,
> >
> >Does anyone know of any Shaping appliances to shape customers based
> >on IP, allow for a quota per IP and qos mechanisms like
Hi
What is max mtu in jumbo frame?
ls it 9000?
Do I need to reboot the switch to take effect after
setting up it?
if it doesn't need to reboot, How can I know the
switch is running fine in this mtu 9000? eg: cisco
any tools to check?
Thank you for your help
Send instant messages to your onl
ftware so it can shuffle more bits.
Adrian
ube, of course I don't know that they do this, but I'd be surprised if
> they didn't.
If they'd like that included as a side-channel for certain response types,
then they could ask. Its not like caches don't store per-connection information
like that already.. :)
Adrian
er make it "OK" to install
> a proxy which will intentionally re-write the content?
This really boils down to "who is more important? The content or the
contents' eyeballs?"
(Or the people having to deliver said content to said eyeballs, and
aren't being paid by the content deliverer on their behalf.)
Adrian
nd
get them fixed in a public manner in Squid so it -can- be deployed
by people to save on bandwidth in places where it still matters.
Adrian
at is significant, no matter how big your network
> is.
If, for example, Google's current generation of YouTube content serving
wasn't 100% uncachable by design, Squid caches would probably be
saving a stupid amount of bandwidth for those of you who are using it.
People rolling Squid
On Fri, Jan 16, 2009, Florian Weimer wrote:
> There's no PKI for Internet Mail routing, so I don't see what you get
> by checking certificates at all.
Function, non-broken Outlook integration.
Adrian
(Who is -fed up- with outlook just randomly spewing crap at you from time
to
id "uhm wtf?" followed by
"evil but clever." Much like other BGP tricks. :)
(Ah, how the internet seems to have grown up. Sniff.)
Adrian
in Australia, and the massively stupid repercussions seen throughout
chunks of IT (incl. network auditing setups I had to poke at the time.)
I'll add "handling second == 60" to the list of things I should check
for in my code. Thanks. :)
Adrian
This begs the question - how the heck do timekeepers and politicians get
away with last minute time changes?
Surely there's -some- pushback from technology related interest groups to
try and get more than four weeks warning? :)
Adrian
On Mon, Jan 05, 2009, Frank Bulk wrote:
> A repor
On Tue, Dec 23, 2008, sth...@nethelp.no wrote:
> Axtel is announcing 100.10.10.0/24, which is within the 100.0.0.0/8 block,
> which is unallocated according to
I'd love to see what that prefix is doing.. :)
Anyone have anything they can share?
adrian
them up.
So if you'd like to see FreeBSD support it, either code it up, or
pay soemone to code it up. Then everyone benefits. :)
Adrian
OpenBSD SMP support is quite limited. NetBSD SMP is quite limited. FreeBSD and
Linux
seem to be running better. :)
Adrian
On Wed, Dec 17, 2008, Marc Runkel wrote:
> Greetings all,
>
> We are a software development firm that currently delivers our install ISOs
> via Sourceforge.
trick is whether they can pull it off in a way that scales the FIB
and RIB lookups and updates across 4 core (and more) boxes.
But 40kpps is absolutely doable on one CPU. Some of the FreeBSD guys working
on it are looking at supporting 1mil pps + on 10GE cards (in the public source
tree), so .. :)
Adrian
Try openl2tp or l2tpns. They can both be LNSes.
Adrian
On Mon, Nov 03, 2008, adrian kok wrote:
> Hi
>
> Do you know any free open source L2tp for NAS?
>
> I know this software was developed so many years
> before but stopped
>
> any information
>
> Thank you
Hi
Do you know any free open source L2tp for NAS?
I know this software was developed so many years
before but stopped
any information
Thank you
Send instant messages to your online friends http://uk.messenger.yahoo.com
outers go all software-path on the
packets but I haven't given it a run on a Cat6500. Hm, I wonder if this here
3750 in the lab will do..)
Adrian
.
Please find an alternative method of tidying up the trash and don't
stir that nest of hornets.
Adrian
between 2 peered networks is typically not
> looked as proper. Modify your taffic good. Do it to anyone other
> traffic = bad.
The question shouldn't really be "would people do this to others' traffic";
the question should be "has it already happened and noone noticed."
Adrian
ted.
No, traceroute shows the hops which returned "time to live exceeded."
This only maps to "the hops the packet has transited" if the TTL is setup
and decremented correctly.
Adrian
support IP based networks (both local and wide area)
and Cisco/Nortel equipment would be excellent.
Many thanks in advance
Adrian
__
Not happy with your email address?.
Get the one you really want - millions of new email addresses
oking for some multicore MIPS + fruit for some Squid
related hackery but I've been busy with other things (like, you know,
making Squid-2 be able to be run on multi-core hardware in the first
place..) so it'll have to wait.. :)
Adrian
mized for few and rather long flows.
Yup.
And I always ask that question when people claim really high(!) throughput on
software forwarding. It turns out their throughput was single source/single
dest, and/or large packets (so high throughput, but low pps.)
Adrian
uting" argument
is pretty much over for at least 1 mil pps, perhaps more.
2c,
Adrian
ures would be rather useful, no?
(Then, add say, l2tp/ppp into that mix, just as a crazy on-topic example..)
Adrian
7;m just going off the papers I've read on the
subject. :)
Adrian
w02031827.pdf for
fun.
Adrian
asy
as it does TCP/80(*1). No MX rejiggery required.
Adrian
*1: unless you're the lucky owner of specially crafted gems like the Catalyst
3550 - WCCPv2 is limited to port 80 only ..
.
Of course, this could already be being done; I haven't any idea. :)
Adrian
only there was a way for a SP to run a BitTorrent type service for
their clients, subscribing the BT server(s) to known-good (ie, not warez-y)
torrents pre-seeded from trusted sources and then leaving it the hell
alone and not having to continuously dump specific torrent files into
it.
Hm!
Adrian
> I expect this means that DNS has been compromised somewhere.
Ehr.. no:
http://www.google.ch/search?q=AMAZON.COM.IS.N0T.AS.1337.AS.WWW.GULLI.COM
--
RFC 1925:
(11) Every old idea will be proposed again with a different name and
a different presentation, regardless of whether it w
provided md5 hash?
And if you can exploit the management box itself, you can load your own
MD5 hash in.
This is all the sort of stuff that public key crypto and chains of trust
were meant to solve, IIRC..
Adrian
ut the bar -was- dropped a little,
and somehow you need to make sure that the IOS thats sitting on your
network management site is indeed the IOS that you put there in the
first place..
Adrian
the subway system!)
I'm sure there are places which are labelled "Don't go at night if you're
an unarmed middle-class white guy by yourself" but frankly, this place
isn't anywhere near as bad as historically portrayed.
I'm pleasantly surprised. :) (And annoyed that I'm leaving..)
adrian
it working out with
> marketing people, etc. unless someone has been doing it for years
> already. It'd be good if the world were all engineers though, huh?
NPE-XXX, anyone?
Adrian
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
s_keepalive_ipv6/
>
> http://www.niksula.hut.fi/~peronen/publications/haverinen_siren_eronen_vtc2007.pdf
I'd seriously be looking at making current -software- run more efficiently
before counting ipv6-related power savings.
Adrian
___
N
ip6 / greenip6 ;) aswell ?
Some people make more money shipping more bits. They may not have
any motivation or desire to decrease traffic.
Adrian
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
toyed with
IP over satellite to feed ${STUFF}.. :)
Adrian
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog
On Tue, Aug 14, 2007, Leo Bicknell wrote:
> Of course, I think if the RE were an external 2RU PC that they sold
> for $5,000 (which is still highway robbery) ISP's might upgrade
> more than once every 10 years
Sounds like an experiment. Anyone have a spare J M40?
(*duck*)
Adrian
201 - 300 of 311 matches
Mail list logo