Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

We had situations, that we lost all our bgp sessions, not even only on ports where flood was coming. Just cpu overloaded. I don't care about support too much, there are cheap enough to have spare. Soft is mature with known bugs so i assume that this risk are accepted. Bigger problem for me is

Re: Root Zone DNSSEC Operational Update -- ZSK length change

I'm pleased to announce that this change is now complete. As of 13:34 UTC on October 1, 2016 the root zone has been signed and published with a 2048-bit ZSK. Please contact myself of Verisign customer service (i...@verisign-grs.com) if you observe any problems related to this change. Duane

Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

On 1 October 2016 at 10:03, Pedro wrote: > We had situations, that we lost all our bgp sessions, not even only on ports > where flood was coming. Just cpu overloaded. I don't care about support too > much, there are cheap enough to have spare. What is the device you're

Re: Request for comment -- BCP38

- Original Message - > From: "Hugo Slabbert" > This seems to have split into a few different sub-threads and had some > cross-talk on which network is being described where (thanks in no small > part to my flub on John's figures and target), but this seems to be exactly

Re: BCP38 adoption "incentives"?

- Original Message - > From: "Joe Klein" > What would it take to test for BCP38 for a specific AS? There's a tester tool, which I believe I put a link to on the wiki. One of the Cali tech universities; Berkeley? Cheers, -- jra -- Jay R. Ashworth

Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

That sort of thing has never bothered me much. If the platform is so great, surely it'll last more than a few years. What's the MTBF on these things? Decades? Better power performance, newer features, higher capacities sure are all great reasons to get newer hardware. EOL isn't. Don't too

Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

Again, keep doing that :P Be sure to eBay it for a reasonable price when you are done! On Oct 1, 2016 10:12 AM, "James Jun" wrote: > On Sat, Oct 01, 2016 at 09:22:32AM -0500, Mike Hammett wrote: > > Better power performance, newer features, higher capacities sure are

Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

On Sat, Oct 01, 2016 at 06:17:42PM +0300, Saku Ytti wrote: > On 1 October 2016 at 18:12, James Jun wrote: > > > We also want support contracts from our vendors. EOL boxes get removed > > from support availability within few years of the announcement. > > Support,

Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

I like putting a switch in front so then I can run two routers behind and get a /29 from the upstream. I can then do router maintenance, upgrades, etc. without taking the circuit down. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX

Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

On 1 October 2016 at 18:12, James Jun wrote: > We also want support contracts from our vendors. EOL boxes get removed from > support availability within few years of the announcement. Support, particularly software maintenance is indeed the key deadline, after that

Re: nexus N3K-C3064PQ vs juniper ex4500 in order to protect against ddos

On Sat, Oct 01, 2016 at 09:22:32AM -0500, Mike Hammett wrote: > Better power performance, newer features, higher capacities sure are all > great reasons to get newer hardware. EOL isn't. Don't too many of you adopt > that strategy, though. I still want my source of cheap EOL hardware. :-) We

Re: Root Zone DNSSEC Operational Update -- ZSK length change

On 10/01/2016 06:36 AM, Wessels, Duane wrote: I'm pleased to announce that this change is now complete. As of 13:34 UTC on October 1, 2016 the root zone has been signed and published with a 2048-bit ZSK. Please contact myself of Verisign customer service (i...@verisign-grs.com) if you

Re: Request for comment -- BCP38

- Original Message - > From: "Florian Weimer" > * Jason Iannone: >> Are urpf and bcp38 interchangeable terms in this discussion? It seems >> impractical and operationally risky to implement two unique ways to dos >> customers. What are the lessons learned by

Kudos to Rogers Wireless on IPv6 deployment

So frequently on this list we hear people asking/begging their providers for IPv6 roadmaps or chastising them for the lack of same, that I thought it might be nice to actually give props to a provider actually moving the needle. I was pleasantly surprised today to notice an IPv6 address on my

Re: Kudos to Rogers Wireless on IPv6 deployment

On Sat, 1 Oct 2016, Hugo Slabbert wrote: So, kudos, Rogers Wireless! http://labs.apnic.net/cgi-bin/ccpagev6?c=CA Sort on "samples". Seems Telus and Rogers are the only top10 with any double digit % IPv6 users. Telus is at 65-70%, that's a really good number. -- Mikael Abrahamsson

Re: Request for comment -- BCP38

- Original Message - > From: "Laszlo Hanyecz" >> If you have links from both ISP A and ISP B and decide to send traffic >> out ISP A's link sourced from addresses ISP B allocated to you, ISP A >> *should* drop that traffic on the floor. There is no automated or >>

Re: Request for comment -- BCP38

- Original Message - > From: "John Levine" >>If you have links from both ISP A and ISP B and decide to send traffic out >>ISP A's link sourced from addresses ISP B allocated to you, ISP A *should* >>drop that traffic on the floor. There is no automated or scalable way

Re: Kudos to Rogers Wireless on IPv6 deployment

> On Oct 1, 2016, at 8:37 PM, Hugo Slabbert wrote: > > So, kudos, Rogers Wireless! This has also been live on Roger's Fido sub-brand for a while now, too. 2605:8d80:484:: is live in Vancouver. --lyndon