Re: IP Address Management IPAM software for small ISP
On Thursday 20 December 2012 09:11:43 Saku Ytti wrote: On (2012-12-20 03:24 +), Blake Pfankuch wrote: I actually was doing research on this today as well. Anyone have any experience with the solutions that implement VLAN management as well like Gestioip? I'm not remotely interested in externally developed software for this problem. what do you mean. i'd be fine with an opensource project providing this. But it's fair question. Generally this tool should not be IP or VLAN based but generic resource reservation tool, IP, VLAN, RD, RT, VPLS-ID, site-id, pseudowireID what have you. For me, humans would not do much directly with the tool. They'd give it large chunk of resource. Then maybe mine it to pools like 'coreLink', 'coreLoop', 'custLink', 'custLAN' etc. Then in your provisioning tools, you'd request resource from specific pool via restful API. Humand would never manually write RD/RT/IP/VLAN in the tool or in the configs. And this type of system is vastly simpler than the IPAMs I see listed, once you get rid of all the UI candy, it gets rather easy problem to solve. this is a pretty accurate description of our requirements, as well. off the top of my head we'd also manage phone numbers, key ids, and key box ids, with it, but that would almost be a minor detail. ;-)
Contact person for doh.state.fl.us
Hi, Does anyone know a contact for doh.state.fl.us? I tried to contact them after we received this interesting line of logfile: 554 5.7.1 46.31.52.10 (in 46.0.0.0/8) is blacklisted. received from mx5201.doh.state.fl.us (74.174.235.12) Thanks in advance, David Hofstee MailPlus B.V. Netherlands
Re: IP Address Management IPAM software for small ISP
Thilo Bangert (thilo.bangert) writes: Then in your provisioning tools, you'd request resource from specific pool via restful API. Humand would never manually write RD/RT/IP/VLAN in the tool or in the configs. And this type of system is vastly simpler than the IPAMs I see listed, once you get rid of all the UI candy, it gets rather easy problem to solve. this is a pretty accurate description of our requirements, as well. off the top of my head we'd also manage phone numbers, key ids, and key box ids, with it, but that would almost be a minor detail. ;-) I think many of these requirements would be met by Netdot... Cheers, Phil
Re: IP Address Management IPAM software for small ISP
On 20/12/2012 09:48, Phil Regnauld wrote: I think many of these requirements would be met by Netdot... netdot doesn't handle vrfs. This is one of its major drawbacks. Nick
Re: IP Address Management IPAM software for small ISP
On (2012-12-20 10:30 +0100), Thilo Bangert wrote: I'm not remotely interested in externally developed software for this problem. what do you mean. i'd be fine with an opensource project providing this. If exactly what I want exist, of course I'd love to have it. But evaluating options, working with them until you realise it does not work for you might take more time to just build it in-house to fit your needs and integrate to your existing systems. I have same opinion for NMS also. Everything I see offered is terrible and do not even solve easy-to-solve problems correctly. -- ++ytti
Re: IP Address Management IPAM software for small ISP
Saku Ytti (saku) writes: If exactly what I want exist, of course I'd love to have it. But evaluating options, working with them until you realise it does not work for you might take more time to just build it in-house to fit your needs and integrate to your existing systems. http://xkcd.com/927/ I have same opinion for NMS also. Everything I see offered is terrible and do not even solve easy-to-solve problems correctly. Right, that's what's great about Open Source :D Phil
Re: IP Address Management IPAM software for small ISP
On (2012-12-20 11:02 +0100), Phil Regnauld wrote: I have same opinion for NMS also. Everything I see offered is terrible and do not even solve easy-to-solve problems correctly. Right, that's what's great about Open Source :D The comment fully applies to system like HP OV or NNM or what is it called today. It does nothing worth while to you without putting hours and hours of work into it. While it's easy to define what every SP wants out of NMS which can be turn-key, without spamming people with so many alarms that they stop caring about them. You can literally start from 0 and in 2h have software to send traps to IRC/XMPP and get alarms from link up/down, isis up/down, bgp up/down, ldp up/down, hardware inserted/removed, PSU offline/online etc. Which already to my demands is superior I can get out of any system in 2h I've looked into. -- ++ytti
Re: Need a Yahoo network contact
On Wed, Dec 19, 2012 at 10:46 AM, Joe Freeman joe.free...@terenine.com wrote: I need a Yahoo contact if anyone is available. I'm having issues with customers on 186.65.92.0/22 (ASN52379) out of Costa Rica being able to reach Yahoo sites (www.yahoo.com/www.flickr.com) with their web browsers, but they can ping them just fine. Thanks- joe when you telnet to port 80, do you get a response from the webserver? If so, it sounds like the network layer is likely doing what it's supposed to, and the issue might lie higher up the stack. can you characterize the nature of the issue a bit more closely? Thanks! Matt This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission.
ATLBL Contact
Good morning all, Is there a contact for the ATLBL DNSBL or Network Solutions e-mail that could contact me off-list? The ATLBL blacklist is causing mail delivery issues from 199.58.208.0/21 to all mail servers utilizing the ATLBL blacklist (most notably Network Solutions). I have done some research into the ATLBL blacklist and their website just shows a bunch of advertisements with no relevant content regarding the DNSBL (awesome)... perhaps someone at Network Solutions could address this. Any assistance in getting this rectified would be greatly appreciated. I know NANOG probably isn't the best list for this type of inquiry, but there may be someone that could point me in the right direction. Any recommendations for a related mailing list would also be useful. :-) Thanks! Alex signature.asc Description: OpenPGP digital signature
Re: ATLBL Contact
On Thu, 20 Dec 2012, Alexander McMillen wrote: Good morning all, Is there a contact for the ATLBL DNSBL or Network Solutions e-mail that could contact me off-list? The ATLBL blacklist is causing mail delivery issues from 199.58.208.0/21 to all mail servers utilizing the ATLBL blacklist (most notably Network Solutions). I have done some research into the ATLBL blacklist and their website just shows a bunch of advertisements with no relevant content regarding the DNSBL (awesome)... perhaps someone at Network Solutions could address this. atlbl.com doesn't appear to be a DNSBL [anymore]. If you look at the whois, it looks more like domain tasters have taken it over after its registration lapsed. Anyone using it for blocking is resolving all IPs (via a wildcard A record) to 141.8.225.13. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Contact person for doh.state.fl.us
On Thu, 2012-12-20 at 10:46 +0100, MailPlus| David Hofstee wrote: Hi, Does anyone know a contact for doh.state.fl.us? I tried to contact them after we received this interesting line of logfile: Replied off-list -- Bruce H. McIntoshb...@ufl.edu Senior Network Engineer http://net-services.ufl.edu University of Florida CNS/Network Services 352-273-1066
Re: IP Address Management IPAM software for small ISP
This tool handle most of what you are asking for: http://www.nocproject.org/ -Josh On Thu, Dec 20, 2012 at 2:30 AM, Thilo Bangert thilo.bang...@gmail.comwrote: On Thursday 20 December 2012 09:11:43 Saku Ytti wrote: On (2012-12-20 03:24 +), Blake Pfankuch wrote: I actually was doing research on this today as well. Anyone have any experience with the solutions that implement VLAN management as well like Gestioip? I'm not remotely interested in externally developed software for this problem. what do you mean. i'd be fine with an opensource project providing this. But it's fair question. Generally this tool should not be IP or VLAN based but generic resource reservation tool, IP, VLAN, RD, RT, VPLS-ID, site-id, pseudowireID what have you. For me, humans would not do much directly with the tool. They'd give it large chunk of resource. Then maybe mine it to pools like 'coreLink', 'coreLoop', 'custLink', 'custLAN' etc. Then in your provisioning tools, you'd request resource from specific pool via restful API. Humand would never manually write RD/RT/IP/VLAN in the tool or in the configs. And this type of system is vastly simpler than the IPAMs I see listed, once you get rid of all the UI candy, it gets rather easy problem to solve. this is a pretty accurate description of our requirements, as well. off the top of my head we'd also manage phone numbers, key ids, and key box ids, with it, but that would almost be a minor detail. ;-)
why haven't ethernet connectors changed?
I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike
Re: why haven't ethernet connectors changed?
It's not all about density. You *Must* have positive retention and alignment. None of the USB nor firewire standards provide for positive retention. eSATA does sort of in some variants but the connectors for USB are especially delicate and easy to break off and destroy. There's the size of the Cat5/5e/6 cable to be considered too. Then you must consider that the standard must allow for local termination, the RJ45 (And it's relatives) are pretty good at this. Fast, reliable, repeatable termination with a single simple tool that requires only a little bit of mechanical input from the user of the tool. On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler
Re: why haven't ethernet connectors changed?
On 2012-12-20 12:20, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike The primary reason that pops to mind is backwards compatibility... Ubiquitous availablity of the parts for RJ45 connectors (end connectors, wall plates, panels, etc.) also means that it is more economical to continue using the well established connector. A new connector would drive up costs initially, whereas continuing to use RJ45 is cheap and already works. Jay
Re: why haven't ethernet connectors changed?
On Dec 20, 2012, at 10:20 AM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Actually, I was just throwing some away yesterday, and it struck me how much things _had_ changed. http://www.cisco.com/en/US/products/hw/routers/ps214/products_tech_note09186a00801f5d86.shtml -Bill
RE: why haven't ethernet connectors changed?
MRJ21 also helps density in some scenarios (like line card and patch panel density), although ultimately you need to go back to RJ45 at some point. -Vinny -Original Message- From: Michael Loftis [mailto:mlof...@wgops.com] Sent: Thursday, December 20, 2012 1:29 PM To: Michael Thomas Cc: NANOG list Subject: Re: why haven't ethernet connectors changed? It's not all about density. You *Must* have positive retention and alignment. None of the USB nor firewire standards provide for positive retention. eSATA does sort of in some variants but the connectors for USB are especially delicate and easy to break off and destroy. There's the size of the Cat5/5e/6 cable to be considered too. Then you must consider that the standard must allow for local termination, the RJ45 (And it's relatives) are pretty good at this. Fast, reliable, repeatable termination with a single simple tool that requires only a little bit of mechanical input from the user of the tool. On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler
Re: why haven't ethernet connectors changed?
I'm going to go by the Necessity is the mother of invention theory here and say that it's basically because the need for a subcompact ethernet connector hasn't shown up in masse yet. It was probably just adopted because it's inexpensive, easy to install using tools already out there in the telecom world, and it works well enough at the required feedline impedance of 100 ohms. That being said, any connector that works for balanced line signalling with a feedline impedance of 100 ohms and a favorable frequency response up to 100mc (100base-T / cat5) or 250mc (1000baseT / cat6) should work just fine. For obvious reasons, standardization of the submini ethernet connector should be present industrywide, so you don't have to start carrying around adapters. Boy would I ever love an ethernet connector that works like Apple's MagSafe... or at least just kinda friction fits like USB... THOSE TABS... On Thu, Dec 20, 2012 at 1:20 PM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- -- Tom Morris, KG4CYX Mad Scientist For Hire Chairman, South Florida Tropical Hamboree / Miami Hamfest Engineer, WRGP Radiate FM, Florida International University 786-228-7087 151.820 Megacycles
RE: why haven't ethernet connectors changed?
If you've ever dealt with connections like micro-usb on a day-in-day out plugging and unplugging at not quite head on connections, you know how bad this can be on a hardwired connection. With very few exceptions, its very difficult to have an rj45 go in any way but the way its designed to (well you can, but you have to try reeeally hard). Add onto it that any replacement would be caught in enough intellectual property rights junk to price it into oblivion and would either require tons of adapters to make it work with legacy hardware (defeat the purpose), or would require replacing all of that legacy hardware entirely. -Original Message- From: Michael Loftis [mailto:mlof...@wgops.com] Sent: Thursday, December 20, 2012 1:29 PM To: Michael Thomas Cc: NANOG list Subject: Re: why haven't ethernet connectors changed? It's not all about density. You *Must* have positive retention and alignment. None of the USB nor firewire standards provide for positive retention. eSATA does sort of in some variants but the connectors for USB are especially delicate and easy to break off and destroy. There's the size of the Cat5/5e/6 cable to be considered too. Then you must consider that the standard must allow for local termination, the RJ45 (And it's relatives) are pretty good at this. Fast, reliable, repeatable termination with a single simple tool that requires only a little bit of mechanical input from the user of the tool. On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler
Re: why haven't ethernet connectors changed?
On 20 December 2012 18:20, Michael Thomas m...@mtcc.com wrote ethernet connectors haven't changed that I'm aware in pretty much 25 years. 15-pin D-type AUI connectors with slide latches? BNC for thinwire? I do agree though, something more like mini-USB would be more appropriate for home Ethernet use. Aled
Re: why haven't ethernet connectors changed?
They haven't changed for you: http://t3.gstatic.com/images?q=tbn:ANd9GcTzJPvwOhWoL2afxBdl7a-LmYYWwzgQNpiHSXr4ppIMgsZuWP6Oy1NVnrpN Cheers, Joshua On Dec 20, 2012, at 10:29 AM, tech-li...@packet-labs.netmailto:tech-li...@packet-labs.net wrote: On 2012-12-20 12:20, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike The primary reason that pops to mind is backwards compatibility... Ubiquitous availablity of the parts for RJ45 connectors (end connectors, wall plates, panels, etc.) also means that it is more economical to continue using the well established connector. A new connector would drive up costs initially, whereas continuing to use RJ45 is cheap and already works. Jay
Re: why haven't ethernet connectors changed?
On 12/20/2012 1:20 PM, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike Seen an AUI or vampire tap recently? Vampires made a certain amount of sense, but the AUI connector seemed to have little purpose other than recycling weak metal from Coors beer cans. IIRC, the inventor apologized.
Re: why haven't ethernet connectors changed?
There is also the factor that cat5 is the principle desktop to network connection. That being the case, there's very strong motivation for ensuring that construction of that cable can be done very easily by barely trained folks. Otherwise, laying out an office or cube farm becomes considerably more difficult and expensive. RJ45 is and always has been a very easy termination as long as you can tell one color from another. How many people here have gotten good enough that they can cut a cable and pop connectors on each end in under 3 minutes? How many have gotten good enough that the failure rate for *hand made* cables is sub 1:1000? Show me another connector type where that will be true. Really, it will remain that way until the bandwidth needs from the desktop begin to push the GE threshold. Until then, why bother changing anything? When that does happen, it'll pretty well deal with itself. -Wayne On Thu, Dec 20, 2012 at 10:28:52AM -0800, Michael Loftis wrote: It's not all about density. You *Must* have positive retention and alignment. None of the USB nor firewire standards provide for positive retention. eSATA does sort of in some variants but the connectors for USB are especially delicate and easy to break off and destroy. There's the size of the Cat5/5e/6 cable to be considered too. Then you must consider that the standard must allow for local termination, the RJ45 (And it's relatives) are pretty good at this. Fast, reliable, repeatable termination with a single simple tool that requires only a little bit of mechanical input from the user of the tool. On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds. -- Samuel Butler --- Wayne Bouchard w...@typo.org Network Dude http://www.typo.org/~web/
Re: why haven't ethernet connectors changed?
On 12/20/2012 10:28 AM, Michael Loftis wrote: It's not all about density. You *Must* have positive retention and alignment. None of the USB nor firewire standards provide for positive retention. eSATA does sort of in some variants but the connectors for USB are especially delicate and easy to break off and destroy. There's the size of the Cat5/5e/6 cable to be considered too. Then you must consider that the standard must allow for local termination, the RJ45 (And it's relatives) are pretty good at this. Fast, reliable, repeatable termination with a single simple tool that requires only a little bit of mechanical input from the user of the tool. If you look at the Raspberry Pi though, it takes a substantial piece of real estate though. Not everything needs to be industrial strength connectors as witnessed by USB and HDMI -- if they fail I'm just as unhappy as if ethernet fails. Surely we want keep shrinking these cute little purpose built controller-like things and not *have* to rely on wireless as the only other space-saving means? Mike
Re: why haven't ethernet connectors changed?
Once upon a time, Tom Morris bluen...@gmail.com said: Boy would I ever love an ethernet connector that works like Apple's MagSafe... or at least just kinda friction fits like USB... THOSE TABS... Please, NO! Connectors without a positive locking mechanism should just die (and that includes IEC power connectors). -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
RE: why haven't ethernet connectors changed?
Because MA Bell is still alive and well and they still use them. They have divine right to provide phone service, didn't you know? Ralph Brandt -Original Message- From: Michael Thomas [mailto:m...@mtcc.com] Sent: Thursday, December 20, 2012 1:20 PM To: NANOG list Subject: why haven't ethernet connectors changed? I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike
Re: why haven't ethernet connectors changed?
Is that the infamous Google Pluto switch? On Fri, Dec 21, 2012 at 5:38 AM, Joshua Goldbard j...@2600hz.com wrote: They haven't changed for you: http://t3.gstatic.com/images?q=tbn:ANd9GcTzJPvwOhWoL2afxBdl7a-LmYYWwzgQNpiHSXr4ppIMgsZuWP6Oy1NVnrpN Cheers, Joshua -- ~Em
RE: why haven't ethernet connectors changed?
Love those friction fit connectors till they loosen and fall out Ralph Brandt -Original Message- From: Tom Morris [mailto:bluen...@gmail.com] Sent: Thursday, December 20, 2012 1:34 PM To: Michael Thomas Cc: NANOG list Subject: Re: why haven't ethernet connectors changed? I'm going to go by the Necessity is the mother of invention theory here and say that it's basically because the need for a subcompact ethernet connector hasn't shown up in masse yet. It was probably just adopted because it's inexpensive, easy to install using tools already out there in the telecom world, and it works well enough at the required feedline impedance of 100 ohms. That being said, any connector that works for balanced line signalling with a feedline impedance of 100 ohms and a favorable frequency response up to 100mc (100base-T / cat5) or 250mc (1000baseT / cat6) should work just fine. For obvious reasons, standardization of the submini ethernet connector should be present industrywide, so you don't have to start carrying around adapters. Boy would I ever love an ethernet connector that works like Apple's MagSafe... or at least just kinda friction fits like USB... THOSE TABS... On Thu, Dec 20, 2012 at 1:20 PM, Michael Thomas m...@mtcc.com wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike -- -- Tom Morris, KG4CYX Mad Scientist For Hire Chairman, South Florida Tropical Hamboree / Miami Hamfest Engineer, WRGP Radiate FM, Florida International University 786-228-7087 151.820 Megacycles
Re: why haven't ethernet connectors changed?
Do note that the 8P8C on the Raspberry Pi has integrated magnetics that you can't see without an x-ray imager. The space is not as wasted as some might think. Nothing stops a mfr from using whatever they want and providing a dongle, but now they need board space for the transformers.
Re: why haven't ethernet connectors changed?
Sort of like saying why haven't we changed from RJ-48's for phones...old habits die hard I guess! For the most part the RJ-45 connector is pretty sturdy...remember those silly dongle cables that were used for pc-card Ethernet adapters in laptops...those things would last about a month before dying! As for the Raspiberry PI (I own one) it was silly to even put Ethernet on that instead of wi-fi, especially for the educational market that the PI was initially developed for; what classroom has Ethernet running to every desk especially in poor nations where copper theft is rampart! On 12/20/2012 01:40 PM, Howard C. Berkowitz wrote: On 12/20/2012 1:20 PM, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike Seen an AUI or vampire tap recently? Vampires made a certain amount of sense, but the AUI connector seemed to have little purpose other than recycling weak metal from Coors beer cans. IIRC, the inventor apologized.
Re: why haven't ethernet connectors changed?
On Thu, Dec 20, 2012 at 10:20 AM, Michael Thomas m...@mtcc.com wrote: So why, oh why, nanog the omniscient do we still use rj45's? Because 8P8C connectors are well understood (both physically, and electrically)? And inertia matters. On some newer kit, Apple has removed the Ethernet port and uses a Thunderbolt - Ethernet dongle. Apple seems to link Ethernet ports are too big.
NOVEC contact?
Looking for a contact at NOVEC clueful about their DWDM infrastructure, specifically about delivering TDM circuits from another MPLS provider. Other providers' sales teams need not apply. -cjp
Re: why haven't ethernet connectors changed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/20/2012 1:20 PM, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike The connector is to ubiquitous to change. Other vendors have addressed the space issue by not supporting Ethernet, but forcing the use of a USB dongle (Macbook Air comes to mind). -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJQ02leAAoJEBxhAh+LWUKihLsIAJFiUmoaKxHt0Cz0aDmtZGuT sPh1ET0FcNcblshSnt/Ii0kVbgnFJSxfr4s6FSvwWHJaoNZRpIFLQB5XBMHLX4VZ I61rc44XeQUABFoM+5dKFKUDLGcCTOttlFr9ndNDCJDiE3DYSe8yfel6t+Aq/mVf FXxbBbrPceeXXokugbdoPTdW0dBf7xSn3+xY4l+N56wSgJVpe7UHnXh5+TwWpgsN vQlP/RfVIeTuTLgcDqOUqiv/kj3g3cTQwpnuLSGshrJrepZbrgho/GX8yyf+ub45 KDo/k/uikvX5MTPnfbYGzsU4hloYTia8dSO/pQqz5DYx8kuJPr/dUCC62xUXXx8= =d80Z -END PGP SIGNATURE-
Re: why haven't ethernet connectors changed?
On Thu, Dec 20, 2012 at 1:20 PM, Michael Thomas m...@mtcc.com wrote: So why, oh why, nanog the omniscient do we still use rj45's? Because they *work*. How much trouble do we have with USB or HDMI connectors coming loose? Also, RJ45 is around the minimum size where you can hand-terminate a cable. How would you go about quickly making a 36.5 foot 8 conductor cable with, say, micro USB ends? Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: why haven't ethernet connectors changed?
On 12/20/2012 11:43 AM, William Herrin wrote: Also, RJ45 is around the minimum size where you can hand-terminate a cable. How would you go about quickly making a 36.5 foot 8 conductor cable with, say, micro USB ends? You're assuming that that's a universal requirement. Most people in retail situations just buy the cables, or they are shipped with the widget. They're also pretty used to being screwed over by greedy manufacturers for whom cable churn is a profit center (I'm looking at you, Apple). Mike
Re: why haven't ethernet connectors changed?
On Thu, Dec 20, 2012 at 2:39 PM, Andrew Gallo akg1...@gmail.com wrote: The connector is to ubiquitous to change. Other vendors have addressed the space issue by not supporting Ethernet, but forcing the use of a USB dongle (Macbook Air comes to mind). Thin net (50 ohm coax w/ BNC connectors) was ubiquitous once too. RJ45 with twisted pair had little trouble displacing it because it was much better. Every alternative I've seen to the RJ45 connector has been deficient in some major way. Hard to field terminate. Pulls loose too easily. Breaks if you look at it wrong. Etc. On the other hand, I wonder if it would be worth asking the 802.3 committee look at defining a single-pair ethernet standard that would interoperate with a normal 4-pair switch. So, you'd have two conductors into some kind of 2P2C micro-RJ connector on one end of the cable but into a full RJ45 connector on the other. A single-pair pair cable would run at best at a quarter of the speed of a four pair cable but for something like the Raspberry Pi that's really not a problem. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: why haven't ethernet connectors changed?
On 12/20/2012 12:01 PM, William Herrin wrote: On the other hand, I wonder if it would be worth asking the 802.3 committee look at defining a single-pair ethernet standard that would interoperate with a normal 4-pair switch. So, you'd have two conductors into some kind of 2P2C micro-RJ connector on one end of the cable but into a full RJ45 connector on the other. A single-pair pair cable would run at best at a quarter of the speed of a four pair cable but for something like the Raspberry Pi that's really not a problem. Regards, Bill Herrin Yeah, that's kind of along the lines I'm thinking too. In the home of the future, say, I probably would like to have power/network for little sensors, etc, where you already have a gratuitous digital controller now, and then some. Do these things need to have gig-e speeds? Probably not... for a lot even Bluetooth speeds are probably fine. But they do want to be really small and really inexpensive. (Yes, I know about zigbee, but there's room for a variety of solutions depending on the situation.) Mike
Re: why haven't ethernet connectors changed?
On 12/20/2012 10:41 AM, Wayne E Bouchard wrote: How many people here have gotten good enough that they can cut a cable and pop connectors on each end in under 3 minutes? How many have gotten good enough that the failure rate for *hand made* cables is sub 1:1000? Show me another connector type where that will be true. Really, it will remain that way until the bandwidth needs from the desktop begin to push the GE threshold. Until then, why bother changing anything? When that does happen, it'll pretty well deal with itself. I fully agree. I think the ethernet connector is pretty much the best and most useful one out there. Anything can be improved, however both from an admin and a user's perspective I can't find anything that works better, easier and is as sturdy. Regards, Jeroen -- Earthquake Magnitude: 4.8 Date: Thursday, December 20, 2012 13:38:05 UTC Location: Kepulauan Babar, Indonesia Latitude: -7.1032; Longitude: 129.2383 Depth: 162.10 km
Re: why haven't ethernet connectors changed?
I think that you might be describing the DIX connector retaining clamp. Dave Edelman On Dec 20, 2012, at 13:40, Howard C. Berkowitz h...@netcases.net wrote: On 12/20/2012 1:20 PM, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike Seen an AUI or vampire tap recently? Vampires made a certain amount of sense, but the AUI connector seemed to have little purpose other than recycling weak metal from Coors beer cans. IIRC, the inventor apologized.
Re: why haven't ethernet connectors changed?
Having (once) tapped thicknet, done a lot of thinnet termination and cable cut debugging, and then used hubs and switches in 10BT and onwards... Having had one main standard (RJ45) has been a huge benefit to advancing the state of networking to where we are today. But it is probably worth questioning if that's true going forwards. Laptops and Rasberry PI devices and some other device types define a light category, where positive retention and self-cable-termination are probably not net positives. Device side space and interconnect insert/remove cycles (along with sufficiently stiff connection retention, but not necessarily mechanical) would be prime drivers for this class. For some users, even more positive than RJ45 is warranted. I at times work in and have a number of friends working in various aerospace and rocketry areas, and RJ45's have been widely known to come loose under acceleration. Those people use more positive connctors (M12, other IP67, etc) for the most part. Those other standards exist already, though it's not unified down to one right answer yet. For datacenters, servers, most desktops, etc., I don't know that there's a good case for change. RJ45 is not broke for those users. The comment upthread a bit about a 2-wire / 1 pair spec, interoperable with 4-wire / 2 pair switches, with a RJ45 at one end and a device connector at the other, makes sense to me. Most of the light connector users would not need the full bandwidth. Even if this turns out to not be easy enough to do, a 4-wire mini connector of some sort is not that big of a deal. Whether that's a micro-insert, a magnetic-attached, what details... I see good arguments for magnetic attach, but it's harder to make them small. I see good arguments for small, but those will be mechanical and less positively retained. I don't know that the discussion is a NANOG-centric one from here on in, but it's good to have raised the idea. -- -george william herbert george.herb...@gmail.com
Re: why haven't ethernet connectors changed?
On 2012-12-20, at 12:13 PM, Michael Thomas wrote: Do these things need to have gig-e speeds? Probably not... for a lot even Bluetooth speeds are probably fine. But they do want to be really small and really inexpensive. Then run RS-422 or RS-485 over a single twisted pair. You don't even need a connector – you can solder directly to the PCB. --lyndon
Re: why haven't ethernet connectors changed?
On 12/20/2012 01:13 PM, George Herbert wrote: For some users, even more positive than RJ45 is warranted. I at times work in and have a number of friends working in various aerospace and rocketry areas, and RJ45's have been widely known to come loose under acceleration. I found that a spliced toothpick does wonders to prevent that. ;-) -- Earthquake Magnitude: 5.6 Date: Thursday, December 20, 2012 21:47:30 UTC Location: Molucca Sea Latitude: 0.5465; Longitude: 126.2327 Depth: 31.20 km
Re: IP Address Management IPAM software for small ISP
On 20/12/2012 16:58, Josh Galvez wrote: This tool handle most of what you are asking for: http://www.nocproject.org/ hard to configure though. When it gets to the stage that it's relatively easy to configure and has good quality documentation, it will be awesome. Nick -Josh On Thu, Dec 20, 2012 at 2:30 AM, Thilo Bangert thilo.bang...@gmail.comwrote: On Thursday 20 December 2012 09:11:43 Saku Ytti wrote: On (2012-12-20 03:24 +), Blake Pfankuch wrote: I actually was doing research on this today as well. Anyone have any experience with the solutions that implement VLAN management as well like Gestioip? I'm not remotely interested in externally developed software for this problem. what do you mean. i'd be fine with an opensource project providing this. But it's fair question. Generally this tool should not be IP or VLAN based but generic resource reservation tool, IP, VLAN, RD, RT, VPLS-ID, site-id, pseudowireID what have you. For me, humans would not do much directly with the tool. They'd give it large chunk of resource. Then maybe mine it to pools like 'coreLink', 'coreLoop', 'custLink', 'custLAN' etc. Then in your provisioning tools, you'd request resource from specific pool via restful API. Humand would never manually write RD/RT/IP/VLAN in the tool or in the configs. And this type of system is vastly simpler than the IPAMs I see listed, once you get rid of all the UI candy, it gets rather easy problem to solve. this is a pretty accurate description of our requirements, as well. off the top of my head we'd also manage phone numbers, key ids, and key box ids, with it, but that would almost be a minor detail. ;-)
Re: why haven't ethernet connectors changed?
I'm shocked there hasn't been a whisper of amphenol. As an rf guy, I vote all connectors move to sma or bnc. I can then justify the cost of a Walmart 10 foot cable for 25 dollars.. And if we gold plate them, we can charge a premium. ;) From my Galaxy Note II, please excuse any mistakes. Original message From: George Herbert george.herb...@gmail.com Date: 12/20/2012 1:15 PM (GMT-08:00) To: nanog@nanog.org Subject: Re: why haven't ethernet connectors changed? Having (once) tapped thicknet, done a lot of thinnet termination and cable cut debugging, and then used hubs and switches in 10BT and onwards... Having had one main standard (RJ45) has been a huge benefit to advancing the state of networking to where we are today. But it is probably worth questioning if that's true going forwards. Laptops and Rasberry PI devices and some other device types define a light category, where positive retention and self-cable-termination are probably not net positives. Device side space and interconnect insert/remove cycles (along with sufficiently stiff connection retention, but not necessarily mechanical) would be prime drivers for this class. For some users, even more positive than RJ45 is warranted. I at times work in and have a number of friends working in various aerospace and rocketry areas, and RJ45's have been widely known to come loose under acceleration. Those people use more positive connctors (M12, other IP67, etc) for the most part. Those other standards exist already, though it's not unified down to one right answer yet. For datacenters, servers, most desktops, etc., I don't know that there's a good case for change. RJ45 is not broke for those users. The comment upthread a bit about a 2-wire / 1 pair spec, interoperable with 4-wire / 2 pair switches, with a RJ45 at one end and a device connector at the other, makes sense to me. Most of the light connector users would not need the full bandwidth. Even if this turns out to not be easy enough to do, a 4-wire mini connector of some sort is not that big of a deal. Whether that's a micro-insert, a magnetic-attached, what details... I see good arguments for magnetic attach, but it's harder to make them small. I see good arguments for small, but those will be mechanical and less positively retained. I don't know that the discussion is a NANOG-centric one from here on in, but it's good to have raised the idea. -- -george william herbert george.herb...@gmail.com
Re: why haven't ethernet connectors changed?
On Thu, 20 Dec 2012, Michael Thomas wrote: I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. I've you've ever seen a truly 'dense' wiring closet, they are plenty dense already - dense enough that unplugging a single patch cable in a rack jammed full of switches is already a bit of a chore. So why, oh why, nanog the omniscient do we still use rj45's? Inertia, for one thing. By that, I mean: 1. There hasn't been any real incentive to make the connectors smaller. 2. The installed base of copper Ethernet ports dwarfs pretty much anything except maybe POTS lines, and even there, different countries sometimes adopted their own standards. The costs of having to make physical changes to even a small portion of the installed cable plant would be unjustifiably prohibitive. There could also be some valid technical reasons: 1. The conductors really can't get any thinner. In fact, with Cat6A, they're somewhat thicker than Cat5E. 2. I would also think that the conductors/pins really can't get much closer together inside the connector shell, without cross-talk becoming more of a problem. I don't have any technical data to back this up at the moment, but it seems reasonable. 3. If assertions 1 and 2 are true, then the cable really can't get any thinner either. Again, if you look at Cat6A cable (especially shielded Cat6A), it is significantly thicker than Cat5E. jms
RE: why haven't ethernet connectors changed?
There have been some smaller connectors but nothing with widespread adoption. Tyco has something called RJ point 5 which uses standard UTP cable but looks like a squashed RJ 45 and has double the density. Wouldn't save much space on a Pi thigh its meant more for bulk applications. From: Michael Thomas Sent: 12/20/2012 13:21 To: NANOG list Subject: why haven't ethernet connectors changed? I was looking at a Raspberry Pi board and was struck with how large the ethernet connector is in comparison to the board as a whole. It strikes me: ethernet connectors haven't changed that I'm aware in pretty much 25 years. Every other cable has changed several times in that time frame. I imaging that if anybody cared, ethernet cables could be many times smaller. Looking at wiring closets, etc, it seems like it might be a big win for density too. So why, oh why, nanog the omniscient do we still use rj45's? Mike
Re: why haven't ethernet connectors changed?
There could also be some valid technical reasons: 1. The conductors really can't get any thinner. In fact, with Cat6A, they're somewhat thicker than Cat5E. 2. I would also think that the conductors/pins really can't get much closer together inside the connector shell, without cross-talk becoming more of a problem. I don't have any technical data to back this up at the moment, but it seems reasonable. 3. If assertions 1 and 2 are true, then the cable really can't get any thinner either. Again, if you look at Cat6A cable (especially shielded Cat6A), it is significantly thicker than Cat5E. I'll chime in here. With POTS, where essentially each circuit is identical in capacity and usage type, the only way to improve density is via the physical media -- and even then, you are still limited by conductor sizes. With Ethernet, you've seen an evolution from 10MB/s to 10Gb/s. This begs the question of what density you need, and against uh, say, 1000x improvement in capacity, what meaningful change could you make in terms of connector density? Even 10:1 is meaningless noise against a speed improvement at the circuit layer. Lots of Ethernet is still run identically to the way POTS lines are run. Large cable pulls back to central wiring closets. This is part of the problem. If one chose to adopt a model where connections are multiplexed/aggregated closer to their source and the aggregation brings with it higher signalling speeds --- [Think top-of-rack switching vs end-of-row switching]. I'm not saying its useful for everyone, but the idea is that if density were your issue, there are much better physical ways to manage the data requirements than the POTS model. In our office spaces (albeit in data center buildings) we have individual rooms with 24/48 port ethernet switches dedicated to the room. These uplink via a redundant pair of fiber. This represents lots of copper not making it out to the end-of-hall wiring closet which is now just a passive WDM fiber aggregation point. [Consummate savings in copper, weight, complexity, and labor -- at no significantly higher hardware failure risk]. Fiber has solved the density problem in a way that copper hasn't and this may be in part to reduced concerns about cross-talk and thinner media. So with so many options to reduce the amount of copper you need, and the use of fiber to move large amounts of connectivity much longer distances and at higher speeds, why would you still want to implement a wiring closet with 2000 RJ-45s anymore -- and if you have the justification, what's another 5 square feet to make it happen against the costs you're already incurring? DJ
Reminder: NANOG 57 is the first Monday-Wednesday program
NANOG Community, Just a reminder that the upcoming NANOG in Orlando, FL will be our first Monday to Wednesday program, beginning with tutorials on Monday morning at 9AM and concluding at approximately 6PM on Wednesday. There will be no program on Sunday. Best Regards, -Dave Temkin For the NANOG Program Committee
Re: IP Address Management IPAM software for small ISP
On 12/20/12, Saku Ytti s...@ytti.fi wrote: On (2012-12-20 03:24 +), Blake Pfankuch wrote: [snip] For me, humans would not do much directly with the tool. They'd give it large chunk of resource. Then maybe mine it to pools like 'coreLink', 'coreLoop', 'custLink', 'custLAN' etc. Then in your provisioning tools, you'd request resource from specific pool via restful API. Humand would never manually write RD/RT/IP/VLAN in the [snip] A CMDB that tracks configuration items. An IP address is just one kind of CI out of thousands. A good CMDBs should ideally provide efficient management, visualization, and reporting for all kinds of CIs Software that tracks such things should understand the internal structure of every kind of CI it tracks, and be able to easily answer simple questions, (eg. Which VLAN ID is assigned to the subnet that IP address Y belongs to. If IP Address Y is part of a static NAT configuration, on a LAN router, what external IP address and external VLAN Id is this IP associated with?). But is there a decently scalable open source application for building a CMDB, that is visually appealing and efficient for humans to use, without a ton of manual development; other than custom building applications and SQL schema by hand, for each kind of CI? I am not aware of one -- -JH
Re: IP Address Management IPAM software for small ISP
On Thu, Dec 20, 2012 at 7:48 PM, Jimmy Hess mysi...@gmail.com wrote: ... But is there a decently scalable open source application for building a CMDB, that is visually appealing and efficient for humans to use, without a ton of manual development; other than custom building applications and SQL schema by hand, for each kind of CI? I am not aware of one I have not seen one, and I've been at places that have spent man-years building custom apps and SQL schema by hand in the lack of an available open source tool. -- -george william herbert george.herb...@gmail.com
Re: why haven't ethernet connectors changed?
On 12/20/12, Wayne E Bouchard w...@typo.org wrote: Really, it will remain that way until the bandwidth needs from the desktop begin to push the GE threshold. Until then, why bother changing anything? When that does happen, it'll pretty well deal with itself. At which point the 8P8C connectors on desktops and laptops changes from RJ45 to SFP+ cage with LC connector, or direct-attach SFP+ between laptop andactive fabric extender in the nearby wall jack; fed by fiber, with 10G-SR optical... Because the copper spec for 1gig was 10GBase-CX4; much heavier than Cat5. And there won't be much tolerance for the copper 15 meter distance limit in any case. -Wayne -- -JH
Re: IP Address Management IPAM software for small ISP
Zenoss works very well as a cmdb. George Herbert george.herb...@gmail.com wrote: On Thu, Dec 20, 2012 at 7:48 PM, Jimmy Hess mysi...@gmail.com wrote: ... But is there a decently scalable open source application for building a CMDB, that is visually appealing and efficient for humans to use, without a ton of manual development; other than custom building applications and SQL schema by hand, for each kind of CI? I am not aware of one I have not seen one, and I've been at places that have spent man-years building custom apps and SQL schema by hand in the lack of an available open source tool. -- -george william herbert george.herb...@gmail.com -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: IP Address Management IPAM software for small ISP
On 12/20/12, Charles N Wyble charles-li...@knownelement.com wrote: Zenoss works very well as a cmdb. Zenoss is very visually appealing, but a monitoring system for network hosts, not a CMDB. In particular, except through extensive custom programming, I see no mechanism to manage CIs with it or query for facts... Zenoss doesn't seem to have any way you can represent or, query, or model a fact that a certain IP address terminates in Vlan X, on device Y, with default gateway IP G that has NSAP ID H, and device Y lives in building A room 1 aisle 2 rack 4 rack slot number 5, fed by breakers 186 and 237, with upstream Ethernet cable ID #G296R plugged into port 39 on patch panel 2, which lands on Switch K port Gig8/44. Networks have many items of importance that are not hosts, also, and are not readily modelled using SNMP. -- -JH
Re: Check Point Firewall Appliances
Having a love-and-hate relationship with Checkpoint firewalls after working for 6 years daily with them I am probably biased :), but will say they are great firewalls once you know to work with them . If you are completely new to it I'd recommend Checkpoint CCSA/CCSE from accredited APT course as the shortest path , Alternatives: - CBT Nuggets CCSA course , but last time I checked it was for NGX R65 that is substantially different from current versions, only if you can get it really cheap - Documentation from Checkpoint site (freely available to everyone) is the start-all end-all source (I did it this way) takes time but in the end you will have a through understanding of the product - Online is a good place once you know the basics. If, on the other hand, you don't know to do manual port-forwarding , Google will only suck your time. But for problems/inconsistencies/debug : http://cpug.org - Independent forum where you can always find advice from many knowledgeable and helpful folks ; http://www.cpshared.com/forums/ Same goes here - people who can configure route-based VPNs with policy-based routing with closed eyes hang around here https://forums.checkpoint.com/ Official support forums from Checkpoint, less active than 2 above HTH Yuri On Wed, Dec 19, 2012 at 9:35 PM, Blake Pfankuch bl...@pfankuch.me wrote: Howdy, I am just getting into an environment with a large Check Point deployment and I am looking for a little bit of feedback from other real world admins. Looking for what people like, what people don't (why hopefully). Also for those of you who might run Check Point devices in your environments what to dig into first as far as getting more experience on the devices and a better understanding of how not to break them. I am slowly going through all of the official documentation, but would also like to hear a real world opinion. Thanks in advance! Blake -- Taking challenges one by one. http://yurisk.info
Re: Gmail and SSL
On Fri, 14 Dec 2012, Christopher Morrow wrote: On Fri, Dec 14, 2012 at 6:03 PM, Peter Kristolaitis alte...@alter3d.ca wrote: In my experience, free/cheap certs not working on some clients is, in 99.9% of cases, a misconfiguration error where the server isn't presenting the cert chain properly (usually omitting the intermediate cert), which works on some platforms (often because they include the intermediate certs to work around these kinds of problems) but not on others. Fixing the cert chain that's presented to the client has ALWAYS resolved these types of issues in my experience. and in the case of the original topic... if the gmail servers don't accept StartSSL certs, please let me know I'll see about a fix. Tangentially to this: any chance of supporting TLSA/DANE records for _110._tcp.domain and _995._tcp.domain? (and the IMAP equivalents). That would let people carry on using self signed certs who prefer to and let people who have a cert that chains back to a root CA assert which root CA the cert should chain back to, which would be nice in these days of diginotar and comodo hacks... -- [http://pointless.net/] [0x2ECA0975]
