Slashdot Mirror

As one might expect, the press release is a bunch of marketing crap, utterly lacking in tech specs. Still, it leaves me wondering how this software will compare to Cisco's Windows-based Softphone. At my company, we tried it out on our laptops, while also using their hardware 7960G. The hardware phone was consistently superior, as the SoftPhone took huge resources to run (you could barely run other apps with it up and dialing). I still use the hardware phone from home today, in conjunction with a company-managed IP telephony gateway, calling folks over a VPN as well as calling others nationwide. Call quality is pretty solid, although only after a lot of mystery codec installation by our IT admin. I also use Vonage at home, and it's clearly better than both Cisco solutions (although it also uses a Cisco ATA 186 analog-to-VoIP adapter).

As one might expect, the press release is a bunch of marketing crap, utterly lacking in tech specs. Still, it leaves me wondering how this software will compare to Cisco's Windows-based Softphone. At my company, we tried it out on our laptops, while also using their hardware 7960G. The hardware phone was consistently superior, as the SoftPhone took huge resources to run (you could barely run other apps with it up and dialing). I still use the hardware phone from home today, in conjunction with a company-managed IP telephony gateway, calling folks over a VPN as well as calling others nationwide. Call quality is pretty solid, although only after a lot of mystery codec installation by our IT admin. I also use Vonage at home, and it's clearly better than both Cisco solutions (although it also uses a Cisco ATA 186 analog-to-VoIP adapter).

It'll use Banyan vines to communicate too... -B

Depends. How small do you propose this low-def TV clip is?

G729 is defined as generating 8Kb/sec. At 50 pps (what Cisco uses), 2 samples per packet, this comes out to 160 bits (20 bytes) per packet. IP/UDP/RTP overhead is 40 bytes.

So a typical G729 call is going to burn up 60 bytes per packet * 50 pps == 3000 bytes/sec == 24000 bits/sec

That's AFTER IP overhead, as you can see in my math.

Ignoring IP overhead for a moment, I'm unsure how you propose a low-def TV clip is going to be any smaller than 8Kb/sec. The audio alone would probably be encoded higher than this.

Frankly, VoIP is a pretty small burden on IP networks, at least as far as bandwidth needs go. It's need -- and where you typically have issues over enterprise networks -- is consistancy. Jitter is the enemy of VoIP, and right now, most serivce providers offer no SLAs for this particular metric. This will change over time, and people will begin to demand differentiated services for their different types of traffic.

Look in to Cisco's V3PN (Voice and Video-enabled VPN) program for information about how they propose to build and deliver end-to-end QoS to their SP customers:
http://www.cisco.com/go/v3pn/

Perhaps you've heard of a company called Cisco, they make a thing called a Pix, which is probably the most popular hardware firewall product.

According to this Dell website, the PowerEdge 650 (the lowest end rackmount server I could find on their site) is 21.9" deep without the bezel.

Also, I looked up the dimensions of the Sun V1280 that you mentioned. It is 22 inches deep.

I guess I was a bit exaggerated in my statement, but the Cisco equipment is still not as deep. Plus, as other people have pointed out, the brackets on Cisco equipment are not flush with the front of the device, making the mounting closer to the center of gravity. The two servers I've linked to, plus every other server I've worked with at three jobs, do have the brackets flush with the front, increasing the torq on the brackets and rack by quite a bit.

The digital equivalent of building a shopping mall.

No, they are trying to force Trusted Computing into every new computer and electronic device. They want to seize control of everything. Before you accuse me of being a paranoid loon, look at this:

Richard Clarke
Special Advisor to the President for Cyberspace Security
March 16, 2002:
"I think we need to decide that from now on IT security functionality will be built in to what we do, to the products that we bring to market."
"That in effect we are saying together, and you are saying as an IT industry, that from now on the default settings on all of our products as they come to market is for high security."
"TCPA, the Trusted Computing Platform Alliance, is an example of bringing hardware and software manufacturers together. But TCPA is not enough."
"I think we need to have operating systems and applications that incorporate security functionality into them."
"It is not beyond the wit of this industry to figure out a way of forcing down patches"
"ISPs and carriers can insist that when cable modems and DSL hookups are made, firewalls are installed. It is not enough for an ISP or carrier to say, oh, and by the way, you might want to think about a firewall."
"So we have to defend our cyberspace. No one else will do it. America built cyberspace, and America must defend its cyberspace"

The president's Internet advisor is calling for Trusted Computing to be built into ALL new computers and devices. Take special note of being able to FORCE down patches and for ISP's to INSISTING that firewalls be installed. Then look at this:

Cisco NAC allows network access to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example), and restricts the access of noncompliant devices.

Yes, Cisco just announced new routers to do exactly that. They can FORCE down patches and they can ENFORCE that you have an approved firewall (they can check for any sort of mandatory software). First the router checks if you are running a Trusted Computing system. Then the router uses Trusted Computing to check that you are running a firewall or any other software. Any non-Trusted Computer is denied internet access.

And of course Intertrust's "Universal DRM System" runs on top of Trusted Computers. Encrypted data is "securely" moved from one Trusetd PC to another, or onto Trusted iPods and the like. Except you now no longer have any control over your own computer, you don't own your computer anymore. I have been reading the technical specifications - it's a %$@#!& evil system! If you don't "voluntarily" comply you will eventually be denied internet access. We are sill a few years away from that final step of univeral enforcment by ISP's - but at that point it's game over, everyone MUST submit.

This isn't some friendly "mall" they are setting up. It's an attempt to ram-rod a DRM system into every electronic device and seize control of everything. It's a "Universal" system, remember?

-

• Symbol
  
• Spectralink
  

Today, when you call a number that's a dial-up of a a major ISP, what usually happens is that the telco finds out via SS7 that the destination is a modem. The call is then routed to a local point of presence, converted to IP, and shipped over the Internet to the destination. The point of presence need not be owned by the ISP; it's often a shared facility owned by a telco. This is called a virtual point of presence. This is a service ISPs can buy from telcos if they want "local dial up numbers" all over the country.

The logical next step would be to push this technology were pushed out to end offices, which would allow have customer line terminations that allowed higher bandwidths than 56K if the analog local loop supported it.

DSL already does that job better, so there's no reason to do this. Telcos would prefer that DSL worked like virtual points of presence, so they could have "call charges", but fortunately, that didn't happen. Telcos keep trying to put "dial up" features into DSL, but nobody goes for it.

http://www.cisco.com/warp/public/csc/refurb_equipm ent/swlicense.html

In September 2002, The Swedish Radiation Protection Authority released a report written by two internationally well-known epidemiologists who review published studies on the relationship between the use of cellular telephones and cancer risk. The authors are Dr. John D. Boice, Jr. and Dr. Joseph K. McLaughlin from the International Epiderminology Institute, USA. In their review, no consistent evidence was observed for increased risk of health factors by wireless devices, specifically handheld cellular phones.

rifter wrote:
Cisco firewalls are not your little linksys router...

Hello! McFly!!

Fueling Broadband To The Consumer: Cisco Acquires Linksys

That's from March 20th. Old news.

What Cisco is developing is a Host Integrity System, something it lacks in its current offerings. A good example to use would be Sygate's Secure Enterprise.

Cisco's new offering serves as a checkpoint at the router or L3 switch level. Hosts incoming must pass a certain set of criteria (MD5 hash of approved AV running, sig file at certain level, hotfix X installed) before they are allowed to pass. While previously used to protoct remote users (Aventail and Checkpoint are good examples), Cisco is moving to market the technology as an endpoint solution for all enterprise users.

This is also a consolidation play. The new version of Cisco's Secure Agent will tie into the new gateway system as a required host integrity piece. If you add that to the new WebVPN SSL VPN code that is currently in beta 3 and will be out over the holidays as v4.1 of the 3000 series concentrator software, you get a pretty clear indication of where Cisco's going with this.

All I can say is our Fortune clients dig the whole shebang. Keep in mind that once you start talking about enterprise security, the more authoritarian, the better.

What Cisco is developing is a Host Integrity System, something it lacks in its current offerings. A good example to use would be Sygate's Secure Enterprise.

Cisco's new offering serves as a checkpoint at the router or L3 switch level. Hosts incoming must pass a certain set of criteria (MD5 hash of approved AV running, sig file at certain level, hotfix X installed) before they are allowed to pass. While previously used to protoct remote users (Aventail and Checkpoint are good examples), Cisco is moving to market the technology as an endpoint solution for all enterprise users.

This is also a consolidation play. The new version of Cisco's Secure Agent will tie into the new gateway system as a required host integrity piece. If you add that to the new WebVPN SSL VPN code that is currently in beta 3 and will be out over the holidays as v4.1 of the 3000 series concentrator software, you get a pretty clear indication of where Cisco's going with this.

All I can say is our Fortune clients dig the whole shebang. Keep in mind that once you start talking about enterprise security, the more authoritarian, the better.

According to the white paper on CCO this relies more on port based authentication and policy settings than on stateful inspection of the traffic flows across the router.

This systems used a piece of code called the "Cisco Security Agent", in standalone, or as part of certain AV software, to check the configuration of the pc, prior to authenticating to the switch, for access to the network. Port authentication is already available today, so this is a natural extension of the 802.1X technology.

Once the 802.1X negotiation is started, credentials are exchanged (username/password, certificates, et al) and a AAA server is queried for authentication, and authorization as well as security policies to determine if the client machine has an organization approved config - i.e proper patch levels, current AV asoftware, etc.

Depending on the outcome of this negotiation, the port access can be denied, put into an unsecure vlan, put into a remediation vlan, or put into a 'secure' vlan.

This is more of a technology to allow enterprises to ensure security via better control of desktop system configs than anything else.

Did you read the article? The software doing the intelligent part will reside on the user's computer. The router will determine if the host attempting to make a connection has the relevant software installed. If not, it will be ACL'd. There's little the router is doing except creating the access control lists on the fly. Even if there was intelligence in the router, it would have to be done in a big box like a 6509 with a Content Switch card. FYI, the Content Switch card has a separate processor FOR EACH OSI LAYER. So, it can analyze each separately and do traffic shaping like that.

The organization and the IT assets are owned 51% by Eircom and 49% by the town of Ennis itself. A full 83% of the residents took Eircom up on the offer of low-priced PCs, paying about $300 each. And 4,300 Ennis residents received more than 24,000 hours of training at local schools and libraries.

The other reason was SuSE and Mandrake, both European and not from the United States.

SuSE and Mandrake are produced by European vendors, but the software they ship is truly international.

However you're right: a strong selling point in convincing the public sector in EU-land to switch to Linux is that revenues will flow back into the EU rather than outside.

Another important point is that the US are being currently perceived in large parts of Europe, but also in many third world countries as, how should I put it, acting rather strangely w.r.t. human rights and abidance by [intl.] laws. Please don't get me wrong here: this is not my personal opinion, but it is very widespread out there.

The general scepticism against US policy translates in (most often) irrational fears about "spyware." M$ had presumably a record of cooperating with the NSA, helping them install backdoors in M$'s crypto libraries: CCC press release (sorry, only in german). It may be true or not, the result is that people, especially outside the US, feal uneasy about installing software from companies they don't trust, which obey a government they may not always agree with.

China is a good example of this, with their RedLinux. Then again, their government won't even trust "european" distros, so they forked their own project. Then again, why not?

Last but not least, the most important aspect is simply technical excellence, or at least availability. Consider the use of FreeBSD among ISPs worldwide: there is no noticeable difference by region, and we're not afraid to use this system, even if it originated from Berkeley :). For the job at hand, there is simply no alternative; and it's fun to use too. The same about Cisco: We wouldn't dream of using something else in our backbones, just because we could find a small european router manufacturer. There is no reasonable technical alternative out there, and we're happy with our routers as they are.

What you're asking for is a SAN.

I just installed a Network Appliance FAS250 in my server room. It speaks CIFS, NFS, and iSCSI.

By the way, you're wrong... Oracle will run perfectly using CIFS shares (I'm running it now, and have been for the past few months), and NetApp has plenty of documents in their tech library showing all the different ways to use attached storage with Oracle and many other pieces of software.

With respect to speed, it really depends on the network infrastructure. I've got a Cisco GigE switch attaching 6 machines directly to a GigE port on the NetApp Filer. It is literally twice as fast than the directly attached RAID 5 (caching, etc.) arrays that it replaced.

I think that Microsoft Exchange can be installed to a CIFS share, but if not, you should look at iSCSI. My company uses Lotus Notes 4.6.7 (sweet, merciful Christ, please put me out of my misery), and it works great from a CIFS share on the NetApp.

Microsoft has a free iSCSI Initiator for Windows that will mount an iSCSI device just like any other SCSI drive in Windows. You can find several iSCSI targets for linux here.

I have about 50 Mac's on our network (graphics department) that needed to talk with the new filer. Instead of installing a klugy piece of software to make the OS9 Macs talk to the SAN at $150/seat, I installed a linux box using samba to talk to the SAN through CIFS and netatalk (AppleTalk for linux) to re-share out the samba mounts. Becides some quirks (Mac's don't see the linux gateway in the AFP browse list, but can connect directly through IP), it works rather well.

Look at iSCSI, it does exactly what you're looking for.

Some years ago I tested VoIP and it simply sucked. It needed special hardware, headset, and was just plain annoying. But last week I tested Cisco's ATA 186, that has allows a regular phone to be connected to the network. I was astonished with the voice clarity. I called from Brazil to a branch we have in the US, and the quality was outstanding. No noticeable delay, nor echo. Of course there must be a delay (at least 87 ms, as a ping test averages 175 ms), but it's too low to notice in a regular conversation, and far smaller than in a regular international phone call.

Considering the company I work for spends about $3000/mo in int'l phone calls alone, after I showed it was cheaper and better, I was authorized to research and install it between our offices.

It's easy to connect 2 offices, but I wanted to do a little more... To allow our roaming users, from a cellular or regular phone, to call the local office and be able to reach a dial-out on the remote office, so the only chargeable phone calls would be local area ones.

Problem is: I have no idea of what equipment I should buy for this task. It'd be nice if the caller would be asked a pin#, and we'd be able to print a report of the calls later. The number of lines will be small, about 3 or 4. The equipment must be available in the US. Any tips ?

There is a solution:
Our business unit has two engineering labs with about 400 PCs running Win2k and about 50 running Linux. We have survived the latest virus and worm attacks virtually unscathed by using two Cisco IDS 4250-XL Sensors. These are 1U boxes that run Linux and are not to be confused with the Cisco Catalyst 6500 Series IDS Module (IDSM-2) which is a blade for the 6500.

This is how it works.

There is a solution:
Our business unit has two engineering labs with about 400 PCs running Win2k and about 50 running Linux. We have survived the latest virus and worm attacks virtually unscathed by using two Cisco IDS 4250-XL Sensors. These are 1U boxes that run Linux and are not to be confused with the Cisco Catalyst 6500 Series IDS Module (IDSM-2) which is a blade for the 6500.

This is how it works.

You are a complete fucktard.

• Telecom giants join Linux effort
• Carrier Grade Linux
• Nortel Succession Communication Server 2000
• Cisco SIP Proxy
• Mitel 3050ICP
• Morotola Carrier Grade Chassis
• Motorola HA Linux
• Motorola VoIP
• Zultys Phones
• Zultys PBX
• SNOM Phones
• SNOM Media Server
• Asterisk
• Vovida

The free market is a very successful system. However, it is imperfect: it assumes that everyone acting selfishly will accomplish the common good, which sets up prisoner's dilemma problems.

In this case, nobody likes banner ads, and everyone selfishly wants to block them. If everyone did this, content on the web would be diminished, because fewer people could afford to produce web content full-time, and more content would go to subscriber-pay sites. (Or worse, the advertising will become more embedded and harder to filter out, even visually. For example, this sentence is brought to you by the good people at State Farm. Or every web comic would suddenly have a character named Cisco.) Yet if everyone co-operated by not blocking banner ads, free web content is made available to everyone.

And don't give me a lot of crap about "someone will figure out a better business model", unless you can actually point to a particular website with that model, that is succeeding.

All I'm saying is, think about the unintended consequences before you act selfishly, or praise others for doing so.

Which leads me to another point: there's an appalling lack of ethical behavior on the internet. Just because you can do something, it doesn't mean it's a good idea to do so.

[end rant]

Network god was meaning the god of a particular network. :) I reign god on my networks, but I can do little as far as fixing other people's networks, unless they ask me to. I only do the impossible miracles on my networks and equipment. :)

The classes are still defined, although yes, the concept is mostly dead. But, aparently Cisco at least still prevents using the Class E networks on their routers. Read This. If those networks are opened up in the future, it would mean a whole lot of upgrading to routers around the world. Well, a similiar level of upgrades that would be required for ipv6. I've been hearing about ipv6 since I started seriously working on the Internet. It's really just one of those future-looking dreams that will probably never come about for general use. I know people will argue that til they're blue in the face. People used to argue the fact that computers will never exceed 100Mhz (on FidoNet, when the i486/33 was just released), due to radio interference and hazards due to the high frequency emissions. Hey, I didn't make the arguements, I just listened.

People are aparently not *THAT* concerned about spam. If they were, someone would have already worked out a suitable replacement, that admins would already be gating messages for, and converting their users to. I've been thinking of solutions myself, but don't have time to write, test, or implement them.

The Cisco one (which Vonage uses) can bew had for $120-$130 at various places online. After getting a good cable modem connection, my Vonage service has been perfect-- and I use that at the same time as another IP phone over a VPN connection. I ditched my landline last April, and haven't regretted it. The ATA-186 is around VHS tape size. You can just plug your standard wireless phone basestation into it to easy service your house, or patch into existing wiring, assuming you are sure to disconnect external service first. Cisco ATA 186

You mean this and these?

If anything, the media should be embedding advertising and so on so they can sell commercial time on the traded files. It's an opportunity.

Are you sure you want to live in this world, where every movie has a character named Cisco and all the characters pause every thirty seconds to drink a Pepsi and comment on how refreshing it is? I will have even less reason to follow popular media, which may not be a bad thing.

There are a number of 802.11b VoIP devices currently available on the market.

Cisco makes the 2920 but still requires Cisco call manager as a back end.

and one of the more affordibale and interesting products is the Pulver Innovations WiSIP Phone. (short for WiFi SIP).

As well as other products made by companys like Symblol

Between these and Asterisk, "The Open Source Linux PBX" (which works quite well btw) you can come up with great solutions, and some really neat applications.

With Vonage you can call ANY phone number you want, not just some other VoIP phone.

And you don't get a "handset" you get a Cisco ATA186 that you plug any phone you want into.

It talks to their servers becasue at some point it has to get injected back into the POTS network as an analog call.

As an aside, while searching for this, the sixth hit on my Google list was some poor sap's router, spidered by Google. Oops!

You never heard of Cisco...

VoIP should only be utilized if it can guarantee the same quality of service that a PBX can. Other than the local switch that the (IP) phone is connected to, there should not be any other single point of failure. If you paid a consultant/student to setup a VoIP solution that did not include fully redundant routers, servers and gateways to connect to the PSTN world, then the fault is not with the technology but with the people who installed said solution.

For more reference on the reliability of a VoIP solution:
The Five Nines Story

See these links for more info.

According to the Cisco distance calculator you need a pair of ~169' towers to do a 32.7 mile links using their 21Dbi dishes. So no mountains needed, but you WOULD need a flashing light at the top and certain permits as I believe anything over 150' needs to have an FAA clearance so planes don't crash into it =)

I have until early-to-mid December to pass the test before it changes for the new curriculum

maybe...but you better register before september 30th...see this

Obviously the core LEC business is to prevent the loss of business lines and local service, but what is lost is made up for with high-cap voice circuits like PRIs and channelized T1s and high density long distance calling solutions. The LEC's have over 20 years of experience with these products. They are the data hardware vendor's largest partners for deploying voice over data networks, because they already have the experience set to design, maintain and deploy them.

-Pat

Cisco's products have a curious quality: They die! And you can't even read the death web page unless you pay Cisco money. This has been a VERY high total cost of ownership product. And now Cisco wants users to buy something else.

Why buy a product from a company that kills its products? Why buy a closed-source product? Frankly, I think there will come a time when there are no closed-source products.

I may not be able to defend myself now from aggressive business practices like those of Microsoft and Cisco, but I will remember. If there are enough people like me, the Ciscos and Microsofts will eventually go out of business.

Blaster? This sounds more like Welchia/Nachi to me. Indicative of the ICMP traffic.

Cisco have released an excellent paper on setting up bitbuckets to match the 92 byte payload in the ICMP traffic on routers, switches, MSFC's etc here.

Also, Blaster paper.

Blaster? This sounds more like Welchia/Nachi to me. Indicative of the ICMP traffic.

Cisco have released an excellent paper on setting up bitbuckets to match the 92 byte payload in the ICMP traffic on routers, switches, MSFC's etc here.

Also, Blaster paper.

Just turn off ICMPs at the switch. *POOF*

And then shut the ports on the access switches.

Arbor Networks has a great anomaly-detection system which can be used with NetFlow in order to identify machines on your network behaving oddly, then shut their ports or use VACLs to block the relevant MAC addresses across your network until they call the help-desk and go through the scrubbing/remediation process.

And charge them for thus - nothing's sure to get their attention (and that of their parents) like a $250/incident 'virus remediation charge' which must be paid, like any other student fees, if they expect to get their grades.

And then shut the ports on the access switches.

Arbor Networks has a great anomaly-detection system which can be used with NetFlow in order to identify machines on your network behaving oddly, then shut their ports or use VACLs to block the relevant MAC addresses across your network until they call the help-desk and go through the scrubbing/remediation process.

And charge them for thus - nothing's sure to get their attention (and that of their parents) like a $250/incident 'virus remediation charge' which must be paid, like any other student fees, if they expect to get their grades.

You're seriously trying to tell me that production routers would use slow flash rather than battery backed-up SDRAM?

Flash RAM has quite a limited number of writes. This can cause problems if you're writing large numbers of small files to flash RAM as it can cause a huge number of writes to the FAT area of the device.

Or more likely, stop being productive since all {intelligent} companies {will} use Web-based forms. Cough cough, what better way to get rid of stupid proprietary apps than to put a Web interface on them?

The real problem (for my situation) is higher-ups who simply choose not to deploy those apps, or deploy versions that require the M$ version of JVM instead of SUN's implementation. And let's not forget stupid suppliers who's "web-based applications" require Active-X. I'm using Linux, you insenstive clod! Really, WTF is the point of a Web app that requires you to be able to run native win32 code? Come on! Self-castration sounds more logical!

Ack, my head is spinning from all the holes I've put in my office walls.

>...you can fairly easily cut down on the damage being done by blocking all incoming ICMP traffic at your packet filtering bridge/router.
>Sure, traceroute is nice, but things like this mean it's just not worth the ICMP overhead.

Dropping all ICMP traffic is a bad habit to get into . ICMP is necessary for ip fragmentation and path maximum transmission unit discovery to work properly. You will break things if you drop it.

Patents don't stimulate innovation, they capture and protect innovation. My experience at Cisco is that the ability to get patents is not what inspires new developments. Instead, competition has been the major stimulus of innovation at Cisco. Our engineering teams are motivated by the desire to quickly turn their ideas into products and services that customers want, solutions that will help our customers improve their productivity. They don't ask "can we patent this?" before deciding whether to create new solutions.

In order to "capture and protect" innovation, companies register more and more patents each year, often just to prevent others from suing them. But some companies register patents for the sole purpose of engaging in legal warfare -- a risky gamble with potentially huge prizes.

The biggest danger inherent in software patents is to free software. Megacorporations can easily collect thousands of patents on trivial processes to use against open source programmers who have little means to defend themselves. Wait for Microsoft and others to attack on this front -- that would be nice extra FUD fodder with all the SCO crap going on right now. To ignore software patents as Linus Torvalds does is the wrong approach. They must be eliminated entirely.

Even sexier 802.11b IP Phone from Cisco, although the original poster said he wanted AIM/Yahoo Chat supported, too, which neither Symbol, Cisco, or Spectralink do at this time.

jeremycec writes " Evidently, nothing's been resolved since 2001 , when this happened the first time. In these Memorandum Opinion and Preliminary Injunction documents from Judge Royce C. Lamberth of the U.S. District Court for Washington, D.C., we see how the court stepped in to pull the plug on a system, which, through its abject lack of due care, left someone's important financial information wide open to attackers. According to the former CIO of the Bureau of Indian Affairs: 'For all practical purposes, we have no security, we have no infrastructure, ... Our entire network has no, firewalls on it. I don't like running a network that can be breached by a high school kid.' So, when the BIA could get no relief through Interior's IT Dept., it went to the courts. Source: Government Computer News "