Slashdot Mirror

There are 3 main things you should care about to figure out what is the right circuit:

      Port Speed:
            How fast is the connection regardless of sharing. This determines how fast information gets out of your office and on to the internet. Think of your file as a big string of ones and zeros and you need to take and put each one of those onto the wire at the rate of your port speed (ie. 512K, 1MB, etc). Therefore it will take twice as long to serialize something at 512K vs 1M. Since the Internet pipes between your office and the other end are going to be much larger than you office connection you only care about this for your office and the office on the far end. Note that its not going to help you even having 512K at this end if your other end is slower since everything will need to deserialize there at the slower speed. The lower port speed between the town offices will cap the theoretically fastest time you could transfer a file in.

      Bandwidth:
            Bandwidth is a measure of throughput over time. So using your 1MB 1:4 shared example, my port speed is 1MB but my bandwith is 256K because I will average to this amount of throughput over time. Therefore it matter how this sharing work (I'm not familiar with how they do it in India). If your traffic is measured and shaped to conform to this over time, think of this as the sustained amount of data you can transfer (like FrameRelay). If its just truely shared and if the people you are sharing it with are not using it you can (like cable), think of this as the theoreticaly minimum amount of sustained traffic you can transfer (note overhead from protocols will actually bring this down some).

      Round Trip Time:
            Not all paths through the internet are the same and not all protocols are the same. This is how long it take for you packet to get from one place on the internet to another and will very from carrier to carrier. If you don't have a choice of carrier, then there isn't much you can do about this. If you do, try and understand what their RTT for the two closest points to your offices that they will give you and do they provide any guarentees around maximum RTT. The lower the better, because many protocols were designed to work over high speed local area networks (LANs) and significantly degrade over wide area networks (WANs). Fileshares like NFS and CIFS are great examples of protocols that were never designed to run over a WAN and even with protocols designed for WANs advanced TCP and caching techniques can significantly improve performance of transfers. Because of these protocol issues, a bunch of companies have come out with products that optimize these protocols for travel over the WAN. Depending on exactly what your doing, you may get better performance by deploying one of these products instead of upgrading your circuit. Contact a local reseller and check out the Cisco Wide Area Application Services Software as an example http://www.cisco.com/en/US/products/ps6870/index.h tml

Net-Net:
      Depending on the protocol, look into using a product to optimize the transfers instead of just throwing a bigger circuit at it.
      If you are sending bursts of traffic look for the higher port speed on a shared line.
      If you are sending sustained traffic look for the higher guarenteed bandwidth.

Hope this helps.

As somebody that works with 12ks lets go through your assuptions:

The 12k does a lot more than 10gbps a top end is 1.28tbps ciscos 12k comparison page 20gbps is the slot speed and you can get multiple ports per slot 16 slots per chassie. Now 12k are not the most cost effective method to agrigate traffic ethernet switches do similar traffic levels for one tenth the price and a lot more ports.

Costing for a 12k is about 500k outfitted with some line cards, realy they are the most expensive parts easly 50k per card.

Max density is 2x what your numbers were based upon but since you need that to interconnect with somewhere it's still valid but thats only one slot so multiply by 15 to get a full chassie and a route processor so 3333 users per slot (using round numbers) or 50k users per chassie the chassie fully outfitted will pay for itself in less than a month. Routers of this size your looking at at least 7 years of usefull service.

Now the next big argument is the price of bandwith, it's not cheap but at the same time tier one networks dont pay for transit so only some ISP's are buying bandwith and some are getting paid to provide access to there users.

I've heard this before, and I'm not sure I buy it. Let's say 3 Mb/s costs $60/month. I see that Cisco's 12000 series router go from 2.5 Gbps to 10 Gbps. Assuming that Cisco is being honest about their bandwidth capabilities (e.g. not lying through their teeth like a broadband service provider), that means that a single low-end Cisco 12000 series router can service about 800 customers (assuming that each one actually saturates the pipe 24 hours a day, 7 days a week), each paying $60/month, which equates to $50,000/month in revenue. Now, Cisco doesn't tell you how much these things cost (or even hint at how much), but lets say one router costs a (ridiculous) million dollars. In well under two years, the provider will have recouped the cost of the router itself. Even if the router lasts only a measly year after that, the provider clears an additional $800,000 on their initial investment to cover paying the admin staff (over three years, probably $600,000), power bills, rent, etc. That's pretty close to break even, if the router cost $1,000,000 and only lasted three years (somebody around here has to know what they cost and how long they last - I'll bet it's a rosier picture than I've painted). So I figure $60/month must cover the actual costs they'd incur if we all used the bandwidth we pay for (which would be almost impossible, even for a die-hard torrent user) - I find it impossible to beleive that they'd need to charge $600/month to turn a profit.

Seems this same book was reviewed by someone who actually read it:
http://www.cisco.com/web/about/ac123/ac147/archive d_issues/ipj_8-3/book_review.html

and i copy:

Book Review
Network Algorithmics
Network Algorithmics: An Interdisciplinary Approach to Designing Fast Networked Devices, by George Varghese, ISBN 0120884771, Morgan Kaufmann, 2004.

This is not a generic algorithms book (that is, it does not overlap much at all with Sedgewick or Coleman as an introduction to algorithms), nor is it a typical introduction to TCP/IP networking book (for example, there is no chapter defining the TCP/UDP/IP header fields, thank goodness). It might best be described as an algorithms analysis book set in the context of networking and also in the context of implementations that mix hardware and software solutions. For those familiar with Radia Perlman's book Interconnections, I found aspects of the writing style and approach to be similar. George Varghese--in addition to having been a networking professor for many years--has had a lot of industry experience from licensing algorithms to networking companies, to consulting with Procket Networks in the company's early days of architecting its core router, to starting a security company that was recently acquired by Cisco Systems. I have been doing architecture work at Cisco for several years and can say that George's book has real grounding in how systems are built and analyzed today.

Organization
Chapter 2 presents abstractions for networking protocols, hardware design, routers, memory technology, and Internet end nodes (servers). This is a great introduction into "systems" thinking. In section 2.2.7, "Final Hardware Lessons," one thing I thought George should have mentioned along with metrics of chip size, speed, I/O, and memory is power. Power is becoming a major systems concern in many platforms and deserves mention as an optimization constraint.

Chapters 3 and 4 go through a list of 15 implementation principles to use in approaching algorithmic design in systems and then give examples of these principles in action. What I find interesting about this section is that from working with George in the past, he really does believe and practice "principle"-based architecture thinking. I remember discussing several of the principles with him several years ago, and you can see how his many years of experience working in the networking field have shaped these principles. Many have probably employed some of these, but as George says in the chapter introduction, having them explicitly documented with examples is useful to help clarify our thinking. Some of the principles (and both the short examples in this chapter as well as examples cited in more detail in later chapters) are really fundamental, and I think reading through examples helped clarify in my mind when to use them.

Chapter 5 covers copying data, for example, in a server design. I really like this type of chapter, in which a subject (in this case the effect of packet copying on Web server performance) is explored in detail but with a focus on where algorithms and systems design play an important part.

My biggest question about this chapter is that I was unsure how applicable this is to, say, modern server design using Linux and with latest Gigabit Ethernet network-interface-card (NIC) designs. I know there was a lot of interesting work in the late 1990s, but this chapter without any data is more along the lines of an extended example of how to apply implementation principles.

Chapters 6 through 9 are not what I would consider the meat of the book; they treat the topics of implementation and analysis for servers, timers, parsing/classification of packets, and buffer management (memory allocation).

Chapter 10 covers exact match lookups. There is not a lot of meaty algorithmic discussion, but the history of scaling performance of bridges is used to

I don't think anyone would remember, let alone know about, this company.

AdExact was a small company located in Waterloo, Ontario, and was founded by Stephen Basco (of the PixStream fortune). The company had a product that was similar to what google is starting to talk about: targeted TV advertising.

The company eventually ran out of money and had to close down the shop.

I wonder what would have happened if they had managed to stay afloat for a few years? I also wonder what did happen to all that technology and know-how?

At Miami, we use Cisco Clean Access. We do not support firewalls that do NAT, including routers, because of the unnecessary support burden. CCA allows non-Windows machines to authenticate to the network without going through the policy enforcement hoops that Windows machines go through. Some organizations have Nessus scanning turned on in CCA as a policy option though. CCA verifies AV Software/Updates and Windows Updates by using a client-side agent that reports back the relevant information to the CCA appliance. OS detection can be done based on the web browser's user-agent or OS fingerprinting. Owners of headless devices, e.g. XBox and PS2, can use a web application to exempt their devices, which of course puts the device in a separate network role designed for the device and discourages students from trying to exempt their computers.

http://www.cisco.com/en/US/products/hw/video/ps187 0/index.html (cisco.com) Business travel is a major reason why we have so much air traffic. IMO, it is a huge waste of money/resources/time for all involved. I telecommute and, due to cost saving travel restrictions, haven't been on a plane for over a year - it has not affected my ability to do my job ONE BIT. Of course, the majority of business travel is carting salespeople around and the only way to eliminate that nonsense is to change the way corporations buy stuff, but would it be so bad to eliminate the human salesperson from the process? We have done it effectively for consumer products, why not take it futher?

You're exactly right, Wi-fi is a last-meter solution, and people are trying to use it for last-mile and more. It'd be wonderful to see a solar-powered wireless mesh network, but not running 802.11anything!

What's interesting is that the Ricochet network has already been designed, deployed, proven, mismarketed, and abandoned. Metricom's routing protocol was vastly superior to anything else in this space, and now YDI's got the patents locked up.

Airespace was founded by a bunch of ex-Metricom brains, and it looks like they built many of the same smarts into the same casing. Then Airespace got bought by Cisco and they call it the 1500. I wouldn't mind playing with a few dozen of these.

Anyway, if someone could convince YDI to open the intellectual property, that warehouse full of Ricochet poletops could be deployed anywhere in the world. The modems are cheap, the hardware is bulletproof, and did I mention they go a mile on the stock rubber ducks?

Go pick up one of these and get a few servers.

I think Cisco just bent Foundry networks over its knee and spanked it good:

http://www.cisco.com/en/US/products/ps5763/index.h tml

I'm not sure how much aggregate bandwidth the entire United States of America uses up, but it shouldn't take more than a few of these to satisfy it!

Umm... note that even Netgear calls thes "VPN Firewalls", and not routers. Yes, they are technically routers in that they route between a single LAN and the internet. But the functionality and performance differences between one of those Netgears and even a fairly inexpensive enterprise router like the Cisco 2800 is similar to the difference between an ultralight aircraft and a Boeing 737.

"and you now have a 720 GBps back plane."

Nice how you kinda make up your own bandwidth measurements... WTF is a "GBps"? Is that "GigaBytespersecond"? I *NEED* that... and, when I saw it, my "bullshit meter" pegged, for obvious reasons.

Anyway, not being familiar with a Cisco 6509 with a "slapped in" SUP720B... I decided to look for myself to ascertain the truth of your statements (*GASP* - Yes, some of us actually USE this whole "IntarWeb Thingy" to learn things that we don't know, rather than rely on opinion and supposition).

Here's what I learned:

http://www.cisco.com/en/US/products/hw/modules/ps2 797/products_data_sheet0900aecd8017376e.html

And, I discovered one relevant snippet:

" Scalable and predictable system performance-These modules provide a selection of switch-fabric connections and throughput options:
32-, 256-, and 720-Gbps bandwidth with a system throughput of: 15, 30, 210, and up to 400 Mpps."

Which clearly states that there's no such thing as a "720GBps back plane". So, basically, you don't know the fundamental difference between bits and bytes.

Now, if you're gonna say you made a "simple" mistake - don't. No offense, but, if you're ANYWHERE close to being Cisco certifed, and you're still making such mistakes... I'd be VERY nervous about hiring you for anything that resembles mission critical networking on any large scale: "GBps, Gbps - what's the diff?!?LOLOL!!11One"

Oh, and the grammar mistakes don't go a long way towards building confidence, either :)

Posting AC, 'cause I KNOW that all of the 900K+ UID moderators with mod points would blast me into oblivion for this post, despite the fact that it is correct.

But, my opinion? You're fundamentally clueless, as borne out by your own statements.

context switches

You're doing it wrong. Let's take linux: once the userspace applications configure netfilter (iptables/snort) or the routing table (quagga/zebra) or the rest of the protocol stack (iproute2), everything else is done in kernel. As for speeds, there are linux kernel patches (ok, for one driver so far) that allow the kernel to shovel data to userspace at gigabit speeds already, moving the data from one card to another should be no problem for a limited number of ports.

Now thats where the system breaks down. Or one could say it breaks down, but has anyone looked at the specs for these routers? Take a look at Cisco's 7200 series page: this model has a throughput on the backplane of 1.8Gbps, for a rating of 2 megapackets per second. If it was connected to four GigE networks, and two of them tried to transmit to the other two networks, you'd hit its maximum. And this thing has up to 4 or 6 bays for network connections.

First, I am glad they said in the UK, because 100mbit cyber cafes aren't special everywhere.

Also, I notice they have had to tip toe around what it can be used for:

Adrian Hosford of BT said: "It would be possible to use the cafe's computers to download in less than 15 minutes a file the equivalent size of the DVD version of the Encyclopaedia Britannica, with its 19,000 illustrations, 629 audio and video clips and 100,000 articles.

It seems like they are trying almost too hard to explain how quick it is, afterall, I never rate my downloads in terms of how many "dvd copies of a paper encyclopedia with illustrations and video clips" I just say its shit-hot.
We need it in terms we can understand like how many TPG/s can we view?
will google earth run smoothly without appearing to break up or pixelate no matter where I zoom or rotate to?
can I wipe out my friends in CS:S by having a l33t connection?

Another article I was reading earlier about this mentions why the special people were chosen to open it:


The new internet café will be officially declared open by Helston Community College pupils Chloe Smith and James Evans, both aged 17, who have demonstrated outstanding acumen in the field of information technology.

from here.

(Yes, sisco appear to be hyping this more than the BBC, but then again they supplied some of the high tech equipment.

I'm curious as to whether there are any reliable stats out there about the availability of IPv4 address space and how it has changed over time.

Be careful what you wish for. That is a link to an article on IPv4 Address Utilization from the Internet Protocol Journal.

For a long time, it has been predicted by various studies that we would run out of IPv4 addresses around 2010, based on the comsumption rate after introduction of NAT's and the changes made by CIDR (RFC 1817).

However, a more recent study by Cisco and others argue that we might be running out of addresses as soon as 2008 if the current consumption rate holds up. And with major pushes for 3. world countries to enter into the tech sector, my guess is that it is not a totally invalid assumption. They also argue how long the reclaiming of existing class A (or /8 in CIDR notation) networks would prolong the time where the IPv4 address space is exhausted.

There are also lots of problem by using the D and E class networks for general putpose traffic, since the D class is classified as experimental and E as broadcast, and so it cannot be guaranteed that all equipment can handle these addresses or will even allow these addresses to be used, since previously it would have been a configuration mistake to use these (especially the D class) addresses...

http://www.cisco.com/web/about/ac123/ac147/archive d_issues/ipj_8-3/ipv4.html

try this link. It is a logical analysis of the state of IPv4 address space (it is all /8 based though). It also has a link to another report which has a different view on space exhaustion.

regards

Yes, several analyses of IPv4 address usage over time have been made, although they don't agree with each other:

Geoff Huston (2003)
Tony Hain (2005)

Cisco Security Agent is a close analog to the sort of comprehensive kernel security hooking that something like LIDS does on Linux. If you can do some research to determine how they're doing it, that'll be a start. They hook all sorts of things, from file and network opens to attempts to sniff keystrokes and executing dynamically modified memory.

This document presumes that you already have a security policy in place. Cisco does not recommend deploying security technologies without an associated policy. For further information about security policies and their use, consult the SANS Security Policy Project at:
http://www.cisco.com/go/safe

This document presumes that you already have a security policy in place. Cisco does not recommend deploying security technologies without an associated policy. For further information about security policies and their use, consult the SANS Security Policy Project at:
http://www.cisco.com/go/safe

If you wanted to use a familiar brand, Cisco's Aironet 1300, http://www.cisco.com/en/US/products/ps5861/product s_configuration_guide_chapter09186a008021e5ca.html , looks like another option except it costs ten times as much and I'm not sure what advantages if any it has over the aforementioned device other than perhaps the support you'd get from a larger company like Cisco. When you deploy a network on such a scale, you're going to get people who use it to download movie after movie, so advanced bandwidth throttling (prioritizing certain types of traffic over others) would be key, and you might have to pay up for something like this Cisco device for the traffic shaping. Not sure about that...

For mega long range antennae to scatter around the neighborhood, as with the city of Cleveland which went wireless, have a look at this to learn more about the WISP (wireless internet service provider) deployment and equipment you'd need: http://www.trangobroadband.com/products/atlas_ptp. shtml.
That company sells products that can beam twenty miles (line of sight, of course).

"A variant on this would be for the ISP to provide the user some sort of 'shell' program which would only allow access to the Net according to the ISP's rules."

This already exists: Cisco Clean Access (better explanation here). It can require current anti-virus, critical updates and the like. It only restricts computers running Windows.

Isn't this Lawful Intercept ? What's the hoopla about?

IIRC multicast isn't supported by the current DOCSIS standard for cable modems. That'd cut out a huge chunk of people right there. Looks like folks are working on it though, there's an interesting case study on Cisco's site here: http://www.cisco.com/en/US/tech/tk828/technologies _case_study0900aecd802e2ce2.shtml

Wasn't multicast (http://www.cisco.com/en/US/products/ps6552/produc ts_ios_technology_home.html) supposed to take care of this?

http://en.wikipedia.org/wiki/IOS-XR
http://www.cisco.com/en/US/products/ps5845/
"Cisco IOS XR Software, a new member of the Cisco IOS family, is a unique self-healing and self-defending operating system designed for always on operation while scaling system capacity up to 92Tbps. Cisco IOS XR powers the Cisco Carrier Routing System, enabling the foundation for network and service convergence today while providing investment protection for decades to come."

"IOS XR is not based on their widely deployed IOS operating system, and is instead based on the QNX real-time operating system."
http://en.wikipedia.org/wiki/IOS-XR

"Cisco IOS XR Software, a new member of the Cisco IOS family, is a unique self-healing and self-defending operating system designed for always on operation while scaling system capacity up to 92Tbps. Cisco IOS XR powers the Cisco Carrier Routing System, enabling the foundation for network and service convergence today while providing investment protection for decades to come."
http://www.cisco.com/en/US/products/ps5845/

Not true actually.
Cisco routers still accept and pass spoofed packets happily along.

Umm, just type ip verify unicast reverse-path (in any IOS 12.0 or later).

Just tested it against a VXR, works just fine.

http://www.cisco.com/univercd/cc/td/doc/product/so ftware/ios122/122cgcr/fsecur_c/fothersf/scfrpf.htm

Half-knowledge is always so funny to witness. But there's always some truth to it, even if it's deeply buried inside. E.g.:

It looks like the terrorists are trying to overload the router with IP addresses.

What about disabling IP fast switching by filling the caches with junk? Normal traffic would be cpu-switched for a while, slowing things down.

hey're using a level 4 encryption algorhythm

Perhaps they meant RC4?

use some of the bandwidth from the FBI servers to help break the encryption!

Oh yeah, the bandwidth between CPU and RAM.. ;-)

That said I'd recommend either a Pix 501 or 506 for a SOHO until Cisco finishes their replacement in the ASA product line. If neither of those devices will fit your needs then I'd recommend stepping up to a x800-series Cisco router. All current Cisco ISR routers have builtin hardware encryption from the basic 850 all the way up to the 3845. Gone are the days of the 2600s which required addon modules. Easy VPN(tm) is quite nice as is the basic IPSec offerings. If you need something even better then step up to a low-end ASA. The ASA 5510 is very nice. The 7.x code on the Pix/ASA line is a major improvement (as is the replacement of the PDM with the ASDM).

The VPN 3000 can be configured to leave default routing alone on the client side and only send specific traffic through the VPN. This way you don't need to guess the local network information, and don't load your company internet connection with traffic that does not need to be secured. It's not exactly trivial, but it is documented at http://www.cisco.com/warp/public/471/vpn35-split.h tml . I wouldn't be completely surprised if the Cisco client still broke something, but we have a few hundred users and haven't seen this particular problem outside of the private IP space overlap issue.

I'm sure folks have noticed that Cisco IP Phones also get placed into quite a few shows that have a high-tech slant to them bordering on sci-fi (think Alias). Sure, it's not something that a typical consumer is going to run out and buy, but I can imagine those people working in large corporations that can afford Cisco IP telephony products wondering how they can cool phones like that.

I'm sure folks have noticed that Cisco IP Phones also get placed into quite a few shows that have a high-tech slant to them bordering on sci-fi (think Alias). Sure, it's not something that a typical consumer is going to run out and buy, but I can imagine those people working in large corporations that can afford Cisco IP telephony products wondering how they can cool phones like that.

I guess that if you're asking this question, you don't have any experience with linux-based VPN. I also think that if you are have to do troubleshooting, the last thing you want to debug is your VPN.

For my part, I also started with linux-based VPN (openvpn, ipsec) for private use (3 sites), but then, I come to the conclusion it wasn't worth the effort & time spent. I switched to the Cisco SoHo routers (the 800 series) who are just working. I have automatic tunnels between all sites, and can to VPN connection directly to any of the sites, plus many other funny things (IPv6). All this with just simple configurations, mostly through the wizard (SDM) or by copy, adaptation & paste of sample configs.

Of course, these routers may be a little bit too much (of configuration or price) for you, so you may also want to try consumer-grade solutions (e.g. Linksys BEFSX41, Netgear FR114P, ...).

Disclaimer : I wish I could get a percentage of Cisco sales ;)

PS : oh, and port tunneling with SSH is, from my experience, an awful solution for VPN.

I guess that if you're asking this question, you don't have any experience with linux-based VPN. I also think that if you are have to do troubleshooting, the last thing you want to debug is your VPN.

For my part, I also started with linux-based VPN (openvpn, ipsec) for private use (3 sites), but then, I come to the conclusion it wasn't worth the effort & time spent. I switched to the Cisco SoHo routers (the 800 series) who are just working. I have automatic tunnels between all sites, and can to VPN connection directly to any of the sites, plus many other funny things (IPv6). All this with just simple configurations, mostly through the wizard (SDM) or by copy, adaptation & paste of sample configs.

Of course, these routers may be a little bit too much (of configuration or price) for you, so you may also want to try consumer-grade solutions (e.g. Linksys BEFSX41, Netgear FR114P, ...).

Disclaimer : I wish I could get a percentage of Cisco sales ;)

PS : oh, and port tunneling with SSH is, from my experience, an awful solution for VPN.

http://www.cisco.com/en/US/netsol/ns466/networking _solutions_package.html Or even wired 802.1x..

I take issue with the telecom companies trying to regulate what city government can and cannot do with their donated equipment. However, if the city shuts down their equipment and lets it sit inactive until another emergency the telecom companies do not have a problem with this.

What the city should propose to do is use the current emergency services systems (police, fire, etc.) in parallel with the wireless equipment. This would provide a variety of systems to use if one fails in the event of another hurricane. A majority if not all the equipment came from Cisco, which provides a software solution called LMR Over IP. This would ensure a highly redundant solution, just incase another event like hurricane Katrina happens again. This is a far better solution than having equipment sitting there useless, or removing it entirely.

I take issue with the telecom companies trying to regulate what city government can and cannot do with their donated equipment. However, if the city shuts down their equipment and lets it sit inactive until another emergency the telecom companies do not have a problem with this.

What the city should propose to do is use the current emergency services systems (police, fire, etc.) in parallel with the wireless equipment. This would provide a variety of systems to use if one fails in the event of another hurricane. A majority if not all the equipment came from Cisco, which provides a software solution called LMR Over IP. This would ensure a highly redundant solution, just incase another event like hurricane Katrina happens again. This is a far better solution than having equipment sitting there useless, or removing it entirely.

What about Cisco Callmanager? http://www.cisco.com/en/US/products/ps6164/index.h tml

A bazillion application specific cores isn't a new idea. Cisco's Silicon Packet Processor has 188 cores per chip to help the CRS-1 get to 92 Tbps.

Here's one that does 92 TB/sec. Granted, you have to scale it up but it's a fairly impressive router with some decent software for once:

http://www.cisco.com/en/US/products/ps5763/index.h tml

The routers/switches we use at work say they'll scale to 720GB/sec, but we'll never come close to that. Those sup720 cards are almost universal these days.

Actually network equipment vendors are getting pretty close to 60Gbps backplane speeds for individual line-cards.

Both Cisco, with it's76xx series, and Force10, with it's Exxx series, currently offer line-cards with 40Gbps switching capacity.

Regards.

"I mean 2.5 Gb per port on a 24-port switch would require a 60 Gb backplane - way higher than anything available today."

Really?

http://www.cisco.com/en/US/products/ps6421/prod_bu lletin0900aecd8036889f.html

"Full bisectional bandwidth for all ports, providing 2.8 Tbps (Cisco SFS 7012) and 5.4 Tbps (Cisco SFS 7024) of bandwidth"

Wikipedia, Cisco, and the blogosphere would seem to disagree. Or, in less demure tones: you're wrong. --Naomi

Well, Cisco's CSA (http://www.cisco.com/en/US/products/sw/secursw/ps 5057/index.html) does the exact opposite: you tell it what is allowed to run and it blocks everything else. It also runs a signature analysis so when something that you hadn't configured yet tries to perform an attack it alerts the user. It can become quite a task however to properly configure and you still need user awareness to keep them from clicking "YES" everytime like they do with every other popup they face (the other option is that you manage everything but then you will get flooded with support calls).

OK let me bring some insight as to what potential is avaiable for Cisco to enter the home market.

Time Warner is one of Cisco's biggest customers. Time Warner is also a huge player in the broadband and home cable market.

Cisco's aquisition of Scientific Atlantic brings a Cisco owned product in to the home user cable market.

Cisco's recent agreement to purchase SyPixx Networks Inc (http://newsroom.cisco.com/dlls/2006/corp_030706.h tml?CMP=ILC-001) also brings them in to the home security market.

Now let's put the peices together.

Time Warner and Cisco are partners. Time Warner purchases Cisco equipment to provide VoIP and broadband services. Now lets add in a set top cable box. It is not unfeasable that Cisco will develop a way to utilize its virtual private storage solution in to this equation. What does this mean? Cisco becomes a service like TiVo. In fact take this to the service provider level instead of the home user level. Virtual Private Storage provisioned out to ever customer Time Warner has. Can you imagine 200+ channels of on demand video streams over IP to your TV through the cable box? Every single channel Time Warner provides stored on cisco storage clusters to provide consumers with prerecorded (or live) video 24 hours a day! It is actually a TiVo killer unless you want to record, but I dont think Cisco will leave that capability out of its set top boxes when this solution is offered.

Now add home surveilance in to the equation. Not only will your cable be provided on demand via IP video streams, 24 hour a day surveilance is now available. A home security system for your house provided by Cisco Systems, fully integratable to be accessed by your cable set top boxes so you can be weary of intruders before they know you are aware of them. Not only that, the slightest storage capability of these set top boxes can record the video and archive it on a storage solution offered by Cisco Systems, and remember, all provided through Time Warner Cable service.

For those that say Cisco is incapable of speaking to the home user market on the home user level, I have one word for you. Linksys.

-anonymous cisco employee

ps. Attn Cisco: GIT'R DONE! I love this company!

"Cisco made the acquisition to capitalize on the trend that has been underway..."

It used to be that you had to watch your servers carefully, now the servers will carefully watch you.

http://www.cisco.com/en/US/products/sw/voicesw/ps5 662/index.html I'll be damned! They actually do....

Cisco does not have backdoors for Law Enforcement Purposes, they have official front doors. There are specific images available to implement "Lawful Intercept" for when a service provider is ordered to intercept traffic by a legal order. See: http://www.cisco.com/wwl/regaffairs/lawful_interce pt/