Re: CGNAT - Seeking Real World Experience

Don't try detereministic NAT, it's not worth it. You'll waste a lot of port capacity on most users, and it might still be problematic for power users. Just try to match one user to one real IP, many sites/applications don't like when there are several requests from one user with different

Re: strategies to mitigate DNS amplification attacks in ISP network

flowspec. Probably the best method if you have competent engineers and uplinks who can give you bgp flowspec. Makes bandwitdh attacks amusing instead of annoying.

Re: OPM Data Breach - Whitehouse Petition - Help Wanted

18.06.2015 18:00, shawn wilson wrote: I'd actually be interested in a discussion of how much you can possibly improve / degrade on a network that big from a management position. That's quite an interesting topic, isn't it ? Dilbert still has his job so it might as well be immutable. :-)

Re: Enterprise network as an ISP with a single huge customer

13.06.2015 05:35, Randy Bush wrote: i have seen a lot of this done with firewall devices and vlans. with vlans or mpls, you can make spaghetti without wires, one wheat and one semolina. oh absolutely. you can use many tools to lop off your fingers, my point was that things like mpls (or

Enterprise network as an ISP with a single huge customer

Hello, I'm sure lots of you work for big enterprises, and some of you work for biggest of them. How many of you architect your network as an ISP, with that enterprise as the biggest customer ? Office networks in l3vpn, VPLS/EVPN on top of your own network for DCI, etc ? Or is it usually

Re: Recommended L2 switches for a new IXP

Is there any particular reason you prefer EX4600 over QFX5100 ? Not counting obvious differences like ports and upgrade options. It's the same chipset after all, and with all upgrades they have the same 10G density (with breakouts). Is that because you can have more 40G ports with EX4600 ? I'm

Re: Tech Laptop with DB9

I want to reiterate on AirConsole because it IS amazing. I don't even grab a laptop when I go onsite anymore, just an AirConsole, its usb-serial cable and a tablet. Laptop can be a requirement if you need more than a serial, but using serial-over-wifi and a tablet is an incredible quality of life

Re: Cheap LSN/CGN/NAT444 Solution

On 30.06.2014 14:12, Roland Dobbins wrote: I've seen huge problems from compromised machines completely killing NATs from the southbound side. It depends on CGN solution used. Some of them will just block new translations for that user after reaching the limit, and that's it. On 30.06.2014