I would like to deeply thank you all for your prompt response as well as
for your generous contribution and the most interesting information that
you shared.
Of course any further insight is still more than welcome.
Best regards,
George
On 03/02/2012 01:22 AM, Jim Cowie wrote:
On Thu, Mar
On Mar 1, 2012, at 9:34 PM, William Herrin wrote:
> On Thu, Mar 1, 2012 at 8:47 PM, Owen DeLong wrote:
>> On Mar 1, 2012, at 5:15 PM, William Herrin wrote:
>>> On Thu, Mar 1, 2012 at 8:02 PM, Owen DeLong wrote:
There's no need to
break the current functionality of the underlying syste
On Thu, Mar 1, 2012 at 8:47 PM, Owen DeLong wrote:
> On Mar 1, 2012, at 5:15 PM, William Herrin wrote:
>> On Thu, Mar 1, 2012 at 8:02 PM, Owen DeLong wrote:
>>> There's no need to
>>> break the current functionality of the underlying system calls and
>>> libc functions which would be needed by an
In message <596196444196086313@unknownmsgid>, Matt Addison writes:
> On Mar 1, 2012, at 17:10, William Herrin wrote:
> > If took you 50 lines of code to do
> > 'socket=connect("www.google.com",80,TCP);' and you still managed to
> > produce a version which, due to the timeout on dead addresses, is
On Mar 1, 2012, at 17:10, William Herrin wrote:
> If took you 50 lines of code to do
> 'socket=connect("www.google.com",80,TCP);' and you still managed to
> produce a version which, due to the timeout on dead addresses, is
> worthless for any kind of interactive program like a web browser. And
> b
On Mar 1, 2012, at 5:15 PM, William Herrin wrote:
> On Thu, Mar 1, 2012 at 8:02 PM, Owen DeLong wrote:
>> There's no need to
>> break the current functionality of the underlying system calls and
>> libc functions which would be needed by any such library anyway.
>
> Owen,
>
> Point to one sent
On Thu, Mar 1, 2012 at 8:02 PM, Owen DeLong wrote:
> There's no need to
> break the current functionality of the underlying system calls and
> libc functions which would be needed by any such library anyway.
Owen,
Point to one sentence written by anybody in this entire thread in
which breaking c
On Mar 1, 2012, at 2:57 PM, William Herrin wrote:
> On Thu, Mar 1, 2012 at 5:37 PM, Owen DeLong wrote:
>> You don't have to reinvent what I've done. Neither does every
>> or any other application programmer.
>> You are welcome to use any of the many connection
>> abstraction libraries that are a
Randy Carpenter wrote:
Does anyone have any recommendation for a reliable cloud host?
Basic requirements:
1. Full redundancy with instant failover to other hypervisor hosts upon
hardware failure (I thought this was a given!)
Assuming a simple set up as you suggest. If what you want to do i
On Thu, Mar 1, 2012 at 4:11 AM, Georgios Theodoridis wrote:
> Has it been known the exact time of the incident?
> I have found an article reporting that the cut occurred in the mid-day of
> Saturday 25th but nothing more precise.
> We would like to use such information for a BGP anomaly detection
On Thu, Mar 01, 2012 at 05:57:11PM -0500, William Herrin wrote:
> Which is what everybody basically does. And when it works during the
> decidedly non-rigorous testing, they move on to the next problem...
> with code that doesn't perform well in the corner cases. Such as when
> a host has just been
On Thu, Mar 1, 2012 at 5:37 PM, Owen DeLong wrote:
> You don't have to reinvent what I've done. Neither does every
> or any other application programmer.
> You are welcome to use any of the many connection
> abstraction libraries that are available in open source.
> I suggest you make a trip throu
On Mon, 27 Feb 2012, William Herrin wrote:
Why would you imagine that a $30/month virtual private server is built
on an enterprise-grade virtualization cluster?
A lot of the time "the cloud" is billed as just that.
The reality is that its more often a federated cluster of machines with
some d
William,
I could have done it in a lot less lines of code, but, it would have been much
less readable.
Not blocking on the connect() call is a little more complex, but, not terribly
so. It does, however, again, make the code quite a bit less readable.
There are libraries available that abstrac
In message
, William Herrin writes:
> On Thu, Mar 1, 2012 at 4:07 PM, Owen DeLong wrote:
> > I think that the modern set of getaddrinfo and connect is actually not th=
> at complicated:
>
> Owen,
>
> If took you 50 lines of code to do
> 'socket=connect("www.google.com",80,TCP);' and you still
On Thu, Mar 1, 2012 at 4:07 PM, Owen DeLong wrote:
> I think that the modern set of getaddrinfo and connect is actually not that
> complicated:
Owen,
If took you 50 lines of code to do
'socket=connect("www.google.com",80,TCP);' and you still managed to
produce a version which, due to the timeou
NetOptics has some very nice gear ; take a look at the Director series with
aggregation, load balancing and filtering based on physical port, ip,
protocol, etc.
Dennis
--
From: "Chris Mills"
Sent: Thursday, March 01, 2012 7:03 AM
To: "Terry Bar
In message , Owen DeLong write
s:
> >=20
> > It's deeper than just that, though. The whole paradigm is messy, from
> > the point of view of someone who just wants to get stuff done. The
> > examples are (almost?) all fatally flawed. The code that actually =
> gets
> > at least some of it right
>
> It's deeper than just that, though. The whole paradigm is messy, from
> the point of view of someone who just wants to get stuff done. The
> examples are (almost?) all fatally flawed. The code that actually gets
> at least some of it right ends up being too complex and too hard for
> people
On Mar 1, 2012, at 6:26 AM, William Herrin wrote:
> On Thu, Mar 1, 2012 at 7:20 AM, Owen DeLong wrote:
>> The simpler approach and perfectly viable without mucking
>> up what is already implemented and working:
>>
>> Don't keep returns from GAI/GNI around longer than it takes
>> to cycle throug
Check out Firehost. Just came back from RSA2012 and talked with them. VPS
provider using VMWare ESX with Dell/Compellent (auto tiered with SSD) for
storage. They offer DDoS mitigation (they use Arbor) out of the box along with
managed firewall and web application firewall.
More expensive tha
Jeroen,
On Mar 1, 2012, at 9:25 AM, Jeroen Massar wrote:
>> I always thought the right way to deal with IPv6 would have been to
>> use a 32-bit number from the class E space as a 'network handle'
>> where the actual address (be it IPv4 or IPv6) was handled by the
>> kernel.
>
> This is the case w
Michael,
On Mar 1, 2012, at 10:00 AM, Michael Thomas wrote:
> My rule of thumb is for this sort of thing "does it *require* kernel level
> access?"
> In this case, the answer is manifestly "no".
This is tilting at windmills since it's wildly unlikely anything will change,
but...
The idea is to
On Thu, Mar 1, 2012 at 1:32 PM, Michael Thomas wrote:
> On 03/01/2012 08:58 AM, William Herrin wrote:
>> libc != kernel. I want to move the action into the standard libraries
>> where [resolve and connect] can be done once and done well.
>> A little kernel action on top
>> to parallelize connectio
On 03/01/2012 08:58 AM, William Herrin wrote:
On Thu, Mar 1, 2012 at 10:01 AM, Michael Thomas wrote:
On 03/01/2012 06:26 AM, William Herrin wrote:
The even simpler approach: create an AF_NAME with a sockaddr struct
that contains a hostname instead of an IPvX address. Then let
connect() figure
On 03/01/2012 08:57 AM, David Conrad wrote:
Moving it across the kernel boundary solves nothing
Actually, it does. Right now, applications effectively cache the address in
their data space, requiring the application developer to go to quite a bit of
work to deal with the address changing (o
On Feb 29, 2012, at 11:17 17AM, Marshall Eubanks wrote:
> On Wed, Feb 29, 2012 at 10:08 AM, Justin M. Streiner
> wrote:
>> On Wed, 29 Feb 2012, Rodrick Brown wrote:
>>
>>> There's about 1/2 a dozen or so known private and government research
>>> facilities on Antarctica and I'm surprised to see
Hi, I'm seeing quite a lot of queries for "a.root-servers.net IN A" in the
logs of my caching servers. They seem to be coming from home normal DSL
customers (IPs who would be expected to be using the name servers) with
each sending one query every 2 seconds.
They all together represents more than d
On 2012-03-01 17:57 , David Conrad wrote:
> Hi,
>
> On Mar 1, 2012, at 7:22 AM, Joe Greco wrote:
>> On Mar 1, 2012, at 7:01 AM, Michael Thomas wrote:
>>> The effect of what you're recommending is to move all of this
>>> into the kernel, and in the process greatly expand its scope.
>>> Also: even
Hi,
On Mar 1, 2012, at 7:22 AM, Joe Greco wrote:
> On Mar 1, 2012, at 7:01 AM, Michael Thomas wrote:
>> The effect of what you're recommending is to move all of this
>> into the kernel, and in the process greatly expand its scope. Also:
>> even if you did this, you'd be saddled with the same probl
Thus spake Jeff Kell (jeff-k...@utc.edu) on Thu, Mar 01, 2012 at 10:22:29AM
-0500:
> How about splitting up a heavy stream (10G) into components (1G) to run
> through an
> inline device and reassemble the pieces back to an aggregate afterward?
Sounds like a perfect job for a commodity switch th
On Thu, Mar 1, 2012 at 10:01 AM, Michael Thomas wrote:
> On 03/01/2012 06:26 AM, William Herrin wrote:
>> The even simpler approach: create an AF_NAME with a sockaddr struct
>> that contains a hostname instead of an IPvX address. Then let
>> connect() figure out the details of caching, TTLs, proto
Found this in one of my RSS feeds this am:
http://www.youtube.com/watch?v=GNOXSmMfcGs
Sort of explains it.
On Thu, Mar 1, 2012 at 10:09 AM, Kristian Kielhofner wrote:
> As long as we're talking about cloud networks, Akamai and Riverbed
> have finally let out details on their partnership for "opt
We're doing something similar - VACLs (using the "redirect" action) with
port-channel destinations on a span aggregation 650x. If you've got a
spare 650x chassis lying around and your configuration requirements
aren't terribly complex/dynamic, you can do monitoring with filtering
and load-balancin
Hi Georgios,
.-- My secret spy satellite informs me that at 12-03-01 1:11 AM
Georgios Theodoridis wrote:
> Has it been known the exact time of the incident?
> I have found an article reporting that the cut occurred in the mid-day
> of Saturday 25th but nothing more precise.
> We would like to use
- Original Message -
> From: "Dale Shaw"
> What about something like this?
>
> http://www.comsol.com.au/SL-PCC-01
While they might not sell to the US, that's roughly equivalent in formfactor
to the Lantronix spider to which I posted a link...
Cheers,
-- jra
--
Jay R. Ashworth
On 03/01/2012 07:22 AM, Joe Greco wrote:
It's deeper than just that, though. The whole paradigm is messy, from
the point of view of someone who just wants to get stuff done. The
examples are (almost?) all fatally flawed. The code that actually gets
at least some of it right ends up being too c
In a message written on Thu, Mar 01, 2012 at 10:09:27AM -0500, Kristian
Kielhofner wrote:
> Does anyone know what they actually "do" and how they do it? As usual
> it's tough to cut through the marketing on the little detail they make
> available (never a good sign).
It's been a while since I lo
On 3/1/2012 5:54 PM, Oliver Garraux wrote:
> On Thu, Mar 1, 2012 at 4:11 AM, Georgios Theodoridis wrote:
>> Has it been known the exact time of the incident?
>> I have found an article reporting that the cut occurred in the mid-day of
>> Saturday 25th but nothing more precise.
>> We would like to
Gigamon has a new product offering that claims to do this (their sales
guys just met with me a few days ago and gave me a update on their
latest offerings).
It's the G-Secure-.
We're using the 2404's so I don't have any experience with it.
Cheers,
Harry
On 03/01/2012 10:22 AM, Jeff Kell wrot
How about splitting up a heavy stream (10G) into components (1G) to run through
an
inline device and reassemble the pieces back to an aggregate afterward?
TippingPoint makes a "core controller" box for this but it's pretty hideously
expensive.
Could do it with two 6500s but that's pretty hideou
> On 03/01/2012 06:26 AM, William Herrin wrote:
> > On Thu, Mar 1, 2012 at 7:20 AM, Owen DeLong wrote:
> >> The simpler approach and perfectly viable without mucking
> >> up what is already implemented and working:
> >>
> >> Don't keep returns from GAI/GNI around longer than it takes
> >> to cycle
As long as we're talking about cloud networks, Akamai and Riverbed
have finally let out details on their partnership for "optimizing"
Cloud applications:
http://www.nojitter.com/post/232601716/rakamai-makes-the-cloud-work-better
While I'm familiar with Akamai (what they do and how they do it) I
d
Be careful when considering the Anue products. When we evaluated both Anue and
Gigamon, we had to rule out Anue due to total lack of IPv6 support, and went
with Gigamon instead. I have not heard whether the situation has changed in
the last year. We liked both products for their functionality
I believe MRV's Media Cross Connects will do this.
http://www.mrv.com/tap/physical-layer/
On Thu, Mar 1, 2012 at 1:12 AM, A. Pishdadi wrote:
> Hello All,
>
> We are looking for a switch or a device that we can use for mirroring tap
> ports. For example , take a mirror port off of a core router
On 03/01/2012 06:26 AM, William Herrin wrote:
On Thu, Mar 1, 2012 at 7:20 AM, Owen DeLong wrote:
The simpler approach and perfectly viable without mucking
up what is already implemented and working:
Don't keep returns from GAI/GNI around longer than it takes
to cycle through your connect() loo
On Thu, Mar 1, 2012 at 4:11 AM, Georgios Theodoridis wrote:
> Has it been known the exact time of the incident?
> I have found an article reporting that the cut occurred in the mid-day of
> Saturday 25th but nothing more precise.
> We would like to use such information for a BGP anomaly detection
> On Thu, Mar 1, 2012 at 8:25 AM, Joe Greco wrote:
> > "If three people died and the building burned down then the sprinkler
> > system didn't work. It may have sprayed water, but it didn't *work*."
> >
> > That's not true. =A0If it sprayed water in the manner it was designed to,
> > then it worke
Yes, the Cat 6500s are limited to a certain number of SPAN/port
monitoring sessions.
Another tool, we've switched to after using the Gigamon for many years
are taps and the Anue 5236 (10Gb) port aggregator. From this we can
split the SPAN feeds into different IDS/monitoring servers or load-share
On Thu, Mar 1, 2012 at 8:25 AM, Joe Greco wrote:
> "If three people died and the building burned down then the sprinkler
> system didn't work. It may have sprayed water, but it didn't *work*."
>
> That's not true. If it sprayed water in the manner it was designed to,
> then it worked.
That's lik
On Thu, Mar 1, 2012 at 7:20 AM, Owen DeLong wrote:
> The simpler approach and perfectly viable without mucking
> up what is already implemented and working:
>
> Don't keep returns from GAI/GNI around longer than it takes
> to cycle through your connect() loop immediately after the GAI/GNI call.
T
>
> On Wed, Feb 29, 2012 at 4:02 PM, Joe Greco wrote:
> > In the specific case of TTL, the problem is made much worse due to the
> > way most client code has hidden this data from developers, so that many
> > developers don't even have any idea that such a thing exists.
> >
> > I'm not sure how t
Hi Ameen,
Wouldn't it work to have a switch aggregating your monitor sessions just
disable MAC learning? Traffic from a single input interface would be
replicated to all other ports on the vlan where learning is disabled.
I've used this with a 3750, and I haven't seen any trouble (other than
"A. Pishdadi" writes:
> We are looking for a switch or a device that we can use for mirroring tap
> ports. For example , take a mirror port off of a core router say a 6509,
> connect it to a port on said device, say port 1. I would like then to be
> able to mirror port 1 on said device to multip
On Feb 29, 2012, at 10:15 PM, Jimmy Hess wrote:
> On Mon, Feb 27, 2012 at 10:57 PM, Matt Addison
> wrote:
>> gai/gni do not return TTL values on any platforms I'm aware of, the
>> only way to get TTL currently is to use a non standard resolver (e.g.
>> lwres). The issue is application developers
Echoing what Terry said... we use gigamon devices for this too.
-Chris
On Mar 1, 2012 5:53 AM, "Terry Baranski"
wrote:
> On Mar 1, 2012, at 02:13 AM, apishd...@gmail.com wrote:
>
> > Hello All,
> >
> > We are looking for a switch or a device that we can use for mirroring
> > tap ports. For examp
Take a look at VACLs on the Cat side. It has a capture feature that is
effectively the same as a local SPAN, but without the 2 session limit. If
you do a lot of RSPAN though, this wouldn't be your complete answer (VACL
captures are local only). VACLs are a bit more granular in defining what's
cap
> GAI/GNI do not return TTL values, but this should not be a problem.
> If they were to return anything, it should not be a TTL, but a time()
> value, after which the result may no longer be used.
>
> One way to achieve that would be for GAI to return an opaque structure
> that contained the IP an
On Mar 1, 2012, at 02:13 AM, apishd...@gmail.com wrote:
> Hello All,
>
> We are looking for a switch or a device that we can use for mirroring
> tap ports. For example , take a mirror port off of a core router say
> a 6509, connect it to a port on said device, say port 1. I would like
> then t
Has it been known the exact time of the incident?
I have found an article reporting that the cut occurred in the mid-day
of Saturday 25th but nothing more precise.
We would like to use such information for a BGP anomaly detection
analysis that we are carrying out in our research centre.
Thanks
No the issue isnt monitoring many ports at once, its having more then 1 set
of monitoring or 2 sets in the 6500 case. So I am monitoring say port
channel 1 to ports 1 2 3 4, and port channel 2 , ports 4 5 6 and 7. After
that I cannot monitor anymore ports.
On Thu, Mar 1, 2012 at 2:34 AM, gwoo...@g
Instead of monitoring the physical interface, monitor the vlan from a Cisco IOS
perspective on a CAT6500. This will capture all physical interfaces associated
with that vlan for mirroring/span.
HTH
Jonathan
#22744
Sent from my HTC on the Now Network from Sprint!
- Reply message -
Fro
Ameen,
We've had very good success using Brocade MLX's for this very thing
(actually, might be older XMRs, but should be same platform at this point).
Check out the transparent-hw-flooding command under a VLAN. It basically
turns off mac learning, and just floods it on the vlan's member ports.
If
64 matches
Mail list logo
