Christopher Morrow writes:
> On Wed, Sep 20, 2023 at 1:22 PM Jim wrote:
>>
>> Router operating systems still typically use only passwords with
>> SSH, then those devices send the passwords over that insecure channel. I
>> have yet to
>> see much in terms of routers capable to Tacacs+ Authorize
Job Snijders via NANOG writes:
> *RIGHT NOW* (at the moment of writing), there are a number of zombie
> route visible in the IPv6 Default-Free Zone:
[Reversing the order of your two examples]
> Another one is
> http://lg.ring.nlnog.net/prefix_detail/lg01/ipv6?q=2a0b:6b86:d24::/48
>
Speaking as the maintainer of samplicator, I'm not sure it's what Drew
is looking for.
Samplicator just sends copies of entire UDP packets. It doesn't
understand NetFlow/IPFIX or whatever else those packets might contain.
If I understand correctly, drew wants to forward some of the
Randy Bush writes:
> have folk looked at https://github.com/nttgin/BGPalerter
We use it, and have it configured to send alerts to the NOC team's chat
tool (Mattermost). Seems pretty nice and stable. Kudos to Massimo and
NTT for making it available and for maintaining it!
The one issue we see
m Taichi writes:
> Just my curiosity. May I ask how we can measure the link capacity
> loading? What does it mean by a 50%, 70%, or 90% capacity loading?
> Load sampled and measured instantaneously, or averaging over a certain
> period of time (granularity)?
Very good question!
With tongue in
Mark Tinka writes:
> On 29/Jul/20 15:51, Simon Leinen wrote:
>>
>> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
>> State/PfxRcd
>> sw-o(swp16)465108 953559 938348000 03w5d00h
>> 688
>>
Douglas Fischer writes:
> And today, I reached on https://tools.ietf.org/html/rfc5549
[...]
> But the questions are:
> There is any network that really implements RFC5549?
We've been using it for more than two years in our data center networks.
We use the Cumulus/FRR implementation on switches
Randy Bush writes:
> since we're at this layer, should i worry about going 3m with dacs at
> low speed, i.e. 10g? may need to do runs to neighbor rack.
No, 3m is totally fine for passive DAC, never had any issues with those.
(5m should also be fine, we just have less experience with that because
Paul Nash writes:
> A bit of perspective on bandwidth and feeling old. The first
> non-academic connection from Africa (Usenet and Email, pre-Internet)
> ran at about 9600 bps over a Telebit Trailblazer in my living room.
For your amusement, this latest e-bloodbath, erm -sports update, at 48GB
Matthew Kaufman writes:
> This is a great example (but just one of many) of how server software
> development works:
Small addition/correction to this example
(which I find interesting and also sad):
> Kubernetes initial release June 2014. Developed by Google engineers.
[...]
> Full support
> Did this tool die on the vine?
> https://cyclops.cs.ucla.edu/
Not sure I would express it that way
https://www.cs.ucla.edu/thousandeyes-a-look-inside-two-ucla-alumnis-273-million-startup/
--
Simon.
Todd Underwood writes:
> [interesting and plausible reasoning about why no chip in US]
> anyway, let's talk about networks, no?
This topic is obviously "a little" off-topic, but I find some
contributions (like yours) relevant for understanding adoption dynamics
(or not) of proposed security
> For a horrifying moment, I misread this as Google surfacing
> performance stats via a BGP stream by encoding stat_name:value as
> community:value
> /me goes searching for mass quantities of caffeine
Because you'll be spending the night writing up that Internet-Draft? :-)
--
Simon.
Amazon held their "re:Invent" event two weeks ago. Wasn't there, but
I'm a James Hamilton fan so I started watching the recordings of his
talks. In one, he talks about fiber optic cables under the oceans.
Here's the start of that section:
https://youtu.be/AyOAjFNPAbA?t=672
Even though this is
Yoann THOMAS writes:
> Under a Cloud project I ask myself to use equipment based on the Pica8
> or Cumulus Networks.
Ah, quite different beasts.
Cumulus Networks tries to really make the switch look like a Linux
system with hardware-accelerated forwarding, so you can use stock
programs that
Manuel Marín writes:
Dear Nanog community
[...] There are so many options that I don't know if it makes sense to
start with a modular switch (usually expensive because the backplane,
dual dc, dual CPU, etc) or start with a 1RU high density switch that
support new protocols like Trill and that
cidr-report writes:
BGP Update Report
Interval: 20-Nov-14 -to- 27-Nov-14 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
[...]
11 - AS5 38861 0.6% 7.0 -- SYMBOLICS - Symbolics,
Glen Kent writes:
One of the earlier posts seems to suggest that if iOS updates were
cached on the ISPs CDN server then the traffic would have been
manageable since everybody would only contact the local sever to get
the image. Is this assumption correct?
Not necessarily. I think most of the
James Braunegg writes:
In the end I did real life testing comparing each platform
Great, thanks for sharing your results!
(It would be nice if you could tell us a little bit about the
configuration, i.e. what kind of sampling you used.)
[...]
That being said both netflow and sflow both under
Andrew Thrift writes:
If you want something from a Tier1 the new Dell R720XD's will take 24x
900GB SAS disks
or 12x 2TB 3.5 cheap slow SATA disks
or 12x 3TB 3.5 more expensive slightly faster SAS disks
- if you take the (cheaper) 3.5-disk variant of the R720xd chassis.
or 12x 3TB 3.5
Matt Taylor writes:
Would love to see some bandwidth graphs. :)
Here's one from another network.
attachment: akamai-week.pngGuess it was a good idea to upgrade that Akamai cluster's uplink to
10GE, even though 2*GE (or was it 4*GE) looked sufficient at the time.
Remember folks, overprovisioning
Geoff Huston writes:
Does anyone give a s**t about this any more?
I do; I check the weekly increase every week, and check who the top
offenders are. If someone from my vicinity/circles is on the list
(doesn't happen frequently; more often for the BGP updates report than
for CIDR), I may send
Data Center Knowledge posted about 20 minutes of very poorly shot
video of Prineville. They're Open Compute servers in 'triplet' racks.
[...]
Their power supply (also open) runs across 2 legs of a 277/480 3-phase
feed, which is usually what the substation supplies to your PDUs,
which step it
which traceroute? icmp? udp? tcp? Traceroute is not a single protocol.
Router processing is only dependent on noticing that TTL is expiring,
and being able to return an ICMP message (including a quote of part of
the original packet) to the sender.
what is that limit? from a single port?
Deepak Jain writes:
The wrinkle here is that I can't use a normal enterprise 10G switch
because of the need for DWDM optics (ideally 80km style).
80km DWDM optics in SFP+ format should be available now or RSN. Search
engines turn up a few purported vendors. The ones I found conform to
the
Tim Chown writes:
Which of the big boys are doing it?
Google - although there don't call themselves a web hoster, they can be
used for hosting web sites using services such as Sites or App Engine.
Both support IPv6, either using the opt-in mechanism or by using an
alternate CNAME (ghs46 instead
Randy Bush writes:
one difference in north america from the other 'regions' is that there
is a strong and very separate operator community and forum. this does
not really exist in the other regions. ripe ate the eof years ago.
apops is dormant aside from [...]
Right.
observe that the main
Greg Whynott writes:
i found it funny how M$ started giving away virus/security software
for its OS. it can't fix the leaky roof, so it includes a roof patch
kit. (and puts about 10 companies out of business at the same time)
I actually like the new arrangement better, where Microsoft
Jack Bates writes:
1) Your originating host may be breaking PMTU (so the packet you send
is too large and doesn't make it, you never resend a smaller packet,
but it works when tracerouting from the other side due to PMTU working
in that direction and you are responding with the same size
Interesting questions. Here are a few thoughts from the perspective of
an education/research backbone operator that used to be IP only but has
also been offering L2 point-to-point circuits for a few years.
Should business customers expect to be able to connect several LANs
through an Ethernet
Tore Anderson writes:
* Jonathan Lassoff
Are there any applications that absolutely *have* to sit on the same
LAN/broadcast domain and can't be configured to use unicast or multicast
IP?
FCoE comes to mind.
Doesn't FCoE need even more than that, i.e. lossless Ethernet with
end-to-end flow
Thanks guys I got it...
Congratulations. But how/where?
--
Simon.
Sam Stickland writes:
It's looking like running all of our traps and syslog through a couple
of relay devices (and then onwards to the various NMS's) would be
quite a win for us.
You can try the UDP samplicator:
http://www.switch.ch/network/downloads/tf-tant/samplicator/
(The name indicates
Jon Kibler writes:
Also, other than That's what the RFCs call for, why use TCP for
data exchange instead of larger UDP packets?
TCP is more robust for large (Path MTU) data transfers, and less
prone to spoofing.
A few months ago I sent a message to SwiNOG (like NANOG only less
North American
Randy Bush writes:
[in response to John Payne [EMAIL PROTECTED]:]
I've personally been waiting for the data modeling to be
standardized. Yes, it's great and wonderful to have a consistent
method of talking to network devices, but I also want a standard
data model along with it.
does this
35 matches
Mail list logo
