Slashdot Mirror

As long as you have a new enough version of IOS, they will support Dyndns.
http://www.cisco.com/en/US/docs/ios/12_3/12_3y/12_3ya8/gt_ddns.html

I have a Cisco 3640 at home that takes care of my Dyndns for me with no issues.

Rock solid combo that I use:
Cisco E4200 refurb for $99: http://homestore.cisco.com/en-us/Routers/Linksys-Refurbished-E4200-MaximumPerformance-Wirelessn-router_stcVVproductId133604734VVviewprod.htm

Shibby's Tomato build (use AIO for most complete featureset):
http://tomato.groov.pl/index.php?dir=K26RT-N%2Fbuild5x-079V-EN%2FE4200

Do not use DD-WRT with this router as it's a mess (been there done that.)

And had to license the term iOS from Cisco: http://blogs.cisco.com/news/cisco_and_apple_agreement_on_ios_trademark/

Hello, 6lowpan is the proposed/open ip-standard for microcontrollers (for e.g. domotics, streetlighting, "smart powergrids", ...). Vint Cerf's whine-cellar is already controlled by it - it uses products from Arch Rock, which was bought by Cisco - and google will probably launch a lightbulb based on it by the end of the year, which can then be controlled by an android-phone. It is based on ipv6 so that it can form the internet of things. I've split it up in multiple small questions: * Will it have enough support to take off? (biggest competitor is Zigbee, which also is going towards ip) * When will it probably take off? (next year?) ,* Will the lack of support for ipv6 (in Western countries) not slow down the take up? * Will it be standardized/open enough for an opensource community? There is a mesh-header in the protocol, which isn't used by open implementations like those in Contiki because it there are drawbacks to it. The routing-protocol RPL was developed to work on the ip-layer and which is standardized. However, implementations like those of NXP (the google light-bulb uses their hardware at least) use their own stack (jennet-ip), which uses this mesh-header, which causes routing at layer 2. The stack will be opensourced at the end of this year - the time at which google will "launch" the lightbulb -, but I would rather use an open implementation like that one contiki. It also doesn't use the mesh-header, but that is a personal preference. * Will it be cheaper then current home-automation-systems as it is more open? * Will people/companies be cautious enough regarding the security-aspects of 6lowpan (and similar technologies). What about a virus causing havoc in your home - lights don't go on, temperature goes up and up, ...? I'm quite interested into this myself as I would like to use 6lowpan myself and even develop for it (if it is open enough). References: * Arch Rock - Cisco: http://newsroom.cisco.com/dlls/2010/corp_092010.html * wine cellar/internet of smart objects: http://www.ipforsmartobjects.org/2010/07/video-vint-cerf-smart-grid-talk.html * google light bulb: http://www.sunwavelighting.net/index.php?option=com_content&task=view&id=171&Itemid=9 Michel Brabants Belgium

The ones that have been publicly acknowledged are software based, yes. I see the bug report at http://www.cisco.com/en/US/products/products_security_advisory09186a00805e3234.shtm as a typical example of Cisco vulnerability.

But the IOS comes with the hardware, and that could easily be a modified version. I'm not _assuming_ that the IOS is actually lacks Cisco's unpublished backdoors, but it's another potential motive for Cisco and the US government, to be harsh about counterfeit equipment. And with IOS being closed source, and the backdoors being concealed for so long, it's difficult for a typical network administrator to test.

I have only recently set up SIP so I have not tried FAX yet. To get Google Voice to ring an analog phone, I simply forwarded the number to a Sipgate type number. I'm using a free IPTel SIP account (who is perpetually out of phone numbers) with an IPKall free phone number. If Google Voice won't handle a Fax, I think IPKall and the IPTel SIP numbers will work for incoming as my ATA is set to use the Fax friendly protocol g.723 or g.728.

Below is a list mentioning modem and fax friendly protocols.

http://www.cisco.com/en/US/tech/tk1077/technologies_tech_note09186a00800b6710.shtml

Here

Of course, it doesn't stop them mistreating or firing US employees by the thousands.

May as well get a CRS-3 router. 322Tb/sec maximum throughput should be good for a while :) 100Gbit is a line card on one of those.

May as well get a CRS-3 router. 322Tb/sec maximum throughput should be good for a while :) 100Gbit is a line card on one of those.

Cisco's offers this with their WCS product in conjunction with their Controller-based lightweight APs. http://www.cisco.com/en/US/prod/collateral/wireless/ps5755/ps6301/ps6305/product_data_sheet0900aecd802570d0.html From the configuration guide (http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0mon.html): "Contain rogue access points by sending their clients deauthenticate and disassociate messages from one to four access points. This containment can be done for individual rogue access points by MAC address or can be mandated for all rogue access points connected to the enterprise subnet."

You're running into the big problem with wifi: Everything on the same channel has to take turns. If there's 40 APs all in the same vicinity, they're going to start a round-robin game of who-goes-first, and if there's enough other interference, they're all going to keep yielding, and nobody gets heard. See "myth" #1 here: http://www.cisco.com/en/US/prod/collateral/wireless/ps9391/ps9393/ps9394/prod_white_paper0900aecd807395a9_ns736_Networking_Solutions_White_Paper.html As it mentions, this is more accurately called co-channel cooperation, rather than interference. And it's a huge problem in a convention. You're really kinda screwed in that scenario... unless you can use another spectrum, but it sounds like that's not much of an option given that you're trying to demo on consumer client hardware that's almost invariably 802.11b/g/n, 2.4ghz. Use A band if you can. Another thing you can try, and this would take some serious cooperation with other convention-goers (read:social engineering, perhaps?) is to get everyone to turn down the broadcast power on their APs. That's what the real problem is. If everyone talks quieter in the library, more people can carry on their conversations in their corner of the woods. You can also try to work out a pattern with nearby AP users to switch their APs to channels that don't overlap with yours. Be careful with this one, cause if you've got two APs on channels 1 and 4, they overlap enough it might still cause co-channel cooperation. This is probably pie-in-the-sky thinking that your fellow convention goers (and possible competitors even) might cooperate to that level, but there's no hurt in trying, right?

Some Cisco and other high end access points have beamforming networks that can place antenna nulls in directions of interferes (other AP's, microwaves, etc) and point the peak of the beam directly at a user among all types of other fancy tricks.

They work wonderfully well in noisy, cluttered environments. Give them a shot.

http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10092/white_paper_c11-516389.html

Cisco ASA 5500 firewalls as of 8.4(1) support Android 2.1+ L2TP/IPSEC VPN.

How do you propose to stop an attacker who changes IP and/or MAC addresses with every new password attempt?

Well... first of all: if you only saw failed attempts from one or two IP addresses, then you can be quite confident that's not what's happening. Second: if you see failed attempts to a user in rapid succession from many IP addresses, then you know something is amiss.

You've come up with an unusual theoretical, and quite implausible attack. There aren't enough IP addresses out there to change IPs after every new password attempt.

IP address is not just a free form field a computer can change to whatever it wants -- the IP address you want to use actually has to be routable, otherwise it's useless.

The only way that makes any sense at all is if the attack source is on the LAN; which means either an internal system has already been compromised, or you have an insider attacking through an inefficient method (trying brute force, when there are much simpler and more successful methods).

As for someone playing with MAC addresses.... it's called Port Security or 802.1x authentication, esp. in the case of wireless.

Layer 2 security issues are not something to ignore, for sure; there are ways of addressing all those, and they need to be addressed on their own merits, anyways.

Oh, and a good way to force Cisco to make some kind of statement would be to request them from your Cisco representatives, on Cisco forums like http://forums.cisco.com/ecom/web/sms3/forums/-/message_boards/category/13121 , etc.

Sending printed letters to

Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134 USA

is also probably a good idea.

I mean, if they lay flat, fire the legal team in question and commit to publically planning how to ensure abuses of process of this scale, or even far lower scales will never happen again, that'd probably be a good move.

If they don't respond with a great amount of humility and regret, I know I'll stay as far away from Cisco and their surrounding chain of companies as practical, and make a habit of informing my customers on good reasons to avoid Cisco.

Minor correction :-p

Oh, and a good way to force Cisco to make some kind of statement would be to request them from your Cisco representatives, on Cisco forums like http://forums.cisco.com/ecom/web/sms3/forums/-/message_boards/category/13121 , etc.

Sending printed letters to

Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134 USA

is also probably a good idea.

I mean, if they lay flat, fire the legal team in question and commit to publically planning how to ensure abuses of process of this scale, or even far lower scales will happen again, that'd probably be a good move.

If they don't respond with a great amount of humility and regret, I know I'll stay as far away from Cisco and their surrounding chain of companies as practical, and make a habit of informing my customers on good reasons to avoid Cisco.

http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps9925/data_sheet_c78-501225.html

Home router with dual wan...

The one that my church uses has a 2 WAN option:

http://www.cisco.com/en/US/products/ps9926/index.html

Not a home class one, but only $260.

Yeah about that: "Optional HD media station with USB peripherals, 10/100/1000 wired connectivity, and a handset option"

And from TFA: "A WiFi only version of the tablet will be available worldwide from July 31 at an estimated price of $750." I can't see anything on storage capacity.
Wifi-only iPad2 starts at $499 (16Gb) to a max of $699 (64Gb)

Got to see of these very recently. The execs at my company are always wanting the latest and greatest and we are a Cisco shop with a slew of 79XX IP phones.

We finally went with the Cisco/Tandberg TelePresence EX desktop units. 24 inch monitor that replaces the desktop monitor, integrated video conferencing, and a cool little "mini-me" control pad/handset peripheral.

http://www.cisco.com/en/US/prod/collateral/ps7060/ps11303/ps11308/ps11327/images/data_sheet_c78-627494-1.jpg

Hardly portable, and no computing power, but every one of the big office folks has an iPad2 with WebEx, Facetime, etc. on it, so they're happy.

We got Citrix to work very well for application needs that don't run native on iOS, have centralized management of the iDevices in house, so the Cisco tablet made no sense whatsoever.

Still, I imagine some shops will slurp some Cisco Kool-Aid and snap these puppies up. RTFA, Cisco IS hedging their bets with iOS and Android apps for collaboration.

Even the iPhone name was the subject of litigation with Cisco, and later they settled.

Here's a good start on an explanation: Cisco Visual Networking Index: Forecast and Methodology, 2010-2015. Summary on the web page, pdf with details linked on the page.

Do you mean your microwave oven? Contact the manufacturer and make them send someone out to run a microwave leakage test. The service center is required to have a properly calibrated one. The test may not be free but they should not charge more than a service call but see if the manufacturer will cover this test.

Switching power supplies used in these microwaves can cause trouble regardless of the FCC warning on them. You can get noise from the supply and noise on the power line even though it's not otherwise failing.

An older version of Tripp Lite's surge suppressor could filter this crap off the power line. It sold for around $70 in the '90s. Without the testing I could do back then I won't recommend them now.

From Crisco
http://www.cisco.com/en/US/prod/collateral/wireless/ps9391/ps9393/ps9394/prod_white_paper0900aecd807395a9_ns736_Networking_Solutions_White_Paper.html
"Jupiter Research reports 67 percent of all residential Wi-Fi problems are linked to interfering devices, such as cordless phones, baby monitors, and microwave ovens."

Cisco did nothing illegal so far:

"Cisco solutions and products containing 64-bit or less encryption may be delivered to most end users worldwide, except to entities or end users in the following countries: Cuba, Iran, North Korea, Sudan, and Syria."

http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_compliance.html

I don't see any other trade embargo against China for encryption, so I doubt there is one for tracking and surveillance software and hardware. As well, AFAIK, China is a sovereign entity and it's government can do whatever they want on their soil. I doubt there is a case here, even if Cisco helped China.

Yes, but Cisco also provides these services to businesses.

http://www.cisco.com/en/US/products/ps6712/index.html

The extent at which Cisco helped them is not publicly known. Cisco does not admit to anything other than selling hardware and software services.

"Cisco does not operate networks in China or elsewhere, nor does Cisco customize our products in any way that would facilitate censorship or repression," the representative said in a statement, adding that the company sells the same equipment in China that it sells in other nations in compliance with U.S. government regulations."

Hard to say... but either way private multi-national corporations only operate for one thing: profit.

that depends on the cisco device - if your trying to do routing on a switch block on an nm module in a router yes but you can use PACL's on switch ports without having to treat them as routed ports

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vacl.html#wp1039754

So your desktops are all 100Mbps (which, you're right, is more than adequate for general use).

So the switch they plug into has to have a 1Gb backbone (usually one per 12-16 clients for office-type stuff, or else you hit bottlenecks when everyone is online - but for everyone to have "true" 100Mb, you need a 1Gb line per 8-or-so clients).

Those 1Gb backbones (usually muliple) then have to daisy-chain throughout your site (and thus if your total combined usage is over 1Gb in any one direction, you're stuffed) OR you can give them multiple 1Gb lines or (in the future) a 10Gb line as backbone.

A 24-port 10/100 with 2 port 10Gb will be a killer product when it emerges, is standardised, and cheap enough. Hell, I could use it NOW.

2001 called and wants their post back. There are literally hundreds of 10/100/1000 24 port switches with 2 port 10GE uplinks, the standards needed for these technologies were ratified in the 1990's and gluing them together does not constitute the need for a new standard. Here's an example of your switch, one of the lowest models Cisco sells for campus / LAN applications.

A 24-port 10/100 with 2 port 10Gb will be a killer product when it emerges, is standardised, and cheap enough. Hell, I could use it NOW.

The future is here! 10GBASE-T was standardized over 5 years ago, and fiber variants before that. Every major manufacturer's midrange fixed-config edge switch lineup has a 24/48 port 10/100/1000 switch with dual 10Gb uplinks.

Just a few examples:

http://www.cisco.com/en/US/products/ps6406/index.html
http://www.extremenetworks.com/products/summit-x350.aspx
http://www.brocade.com/products/all/switches/product-details/fastiron-gs-series/index.page
http://h30094.www3.hp.com/product.asp?sku=3981100&mfg_part=J9146A&pagemode=ca

I second this. My local community college had a CCNA course (really 4 courses fit into two semesters) with a pretty awesome, knowledgeable instructor. I understand that not all teachers are good but the online coursework that the Cisco Network Academy is pretty thorough and Packet Tracer ( http://www.cisco.com/web/learning/netacad/course_catalog/PacketTracer.html ) helps tremendously (IOU, GNS3 aside). I would gobble that up if your local CC offers it. As far as equipment goes, Cisco is all I know and from hearing my network admin bitch about our HP switch infrastructure... standardize with Cisco. I can't speak for Juniper products.

The answer is seriously very very simple.

Separate VLANs and don't buy a shitty "home router" that has no options which enable you to keep your connection running smooth while giving people the option of wifi. 99% of the problem is buying a $20-40 router which you end up replacing after 5 years when it falls apart.

I would strongly suggest a Cisco WRVS4400N - you can have up to 5 SSID's, separate VLAN's, encrypt your own with a public one unencrypted, and bandwidth controls so that WIFI can't eat all your bandwidth. It's also pretty much set up out the box with good options. Sure, it's more than the $50 router, but it also has a warranty and works well, and allows complete (and secure) remote management, not the "hey anyone can guess my password and log into my router" garden variety shit.

Pretty much any router supported by DD-WRT (and some other 3rd party firmwares) can do this. There are also some recent models with "guest networks" such as all of Cisco Linksys's E series models.

http://home.cisco.com/en-us/wireless/linksys/specs

If you have a gluttonous lust for ghastly, utterly banal, PR-drivelspeak concerning wiretapping, anybody on Cisco's "Lawful Intercept Mediation Device Suppliers" list is excellent reading.

Full disclosure: I work for Cisco TAC.

> Fixes are only available after Cisco is paid for them and, once again, the fixes come without guarantees as well.

Now this is not what I remembered. So I went and checked.

Go to Cisco PSIRT (http://www.cisco.com/go/psirt) where I click on the H323 problem in IOS, I go to the advisory at http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a300.shtml.

On that page there is a section "Obtaining Fixed Software" with a sub-section "Customers without Service Contracts" where you can read "...Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade...".

Peter

From Cisco's FAQ about the acquisition:

Q. How will Pure Digital’s products be sold and serviced?
A: For the time being, Pure Digital will continue to sell their product as they do today, on the web, via retail stores and through on-line retailers. Together Cisco and Pure Digital will work to expand sales opportunities for these exciting products.

Q. How will Cisco and Pure Digital customers be affected by the acquisition?
A: Cisco often acquires companies that can accelerate the development of a product, technology or platform. With Pure Digital, Cisco acquires consumer-friendly video products and technology, as well as a brand with mass-market appeal. Pure Digital customers will continue to receive the same great products and technology they are accustomed to receiving and will experience no negative impact in terms of features or service.

So much for truth in marketing.

does the camera in this phone look familiar?

The flip camera is used in their unified IP phones. They didn't buy it to keep it going as standalone camera.

You make a good point, but I believe the article is referring more to things like the Cisco CLI, where you get automatic contextual help text by pressing the tab key or a question mark, and it actually does come pretty close to being natural language. See http://www.cisco.com/warp/cpropub/45/tutorial.htm for some examples:

Router# configure ?

    memory Configure from NV memory
    network Configure from a TFTP network host
    overwrite-network Overwrite NV memory from TFTP network host=20
    terminal Configure from the terminal

Annnd ... ta-da! Cisco provides the equipment/software that enables that traffic shaping.

They also offer the equipment to push throughput up to 322 terabits/s.

by Anonymous Coward on 28.02.2011 14:07 (#35340772) -

A trojan horse is "a bug inserted into a program or system designed to be activated after a certain time or a certain number of operations"

Or even:

"A kind of malicious software that arrives at a personal computer embedded in some other software and then introduces routines that can gather personal information or destroy the operationality of the computer"

Wow, Anonymous Coward is totally more credible than Cisco Systems.

Hey look, I just completely ignored your sources like you completely ignored the source that the Wikipedia article cited. This is fun.

BGP dampening already exists, and has for quite some time.

http://www.cisco.com/en/US/docs/ios/iproute_bgp/configuration/guide/irg_int_features_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1054203

nobody should use linksys. however, cisco small business products are excellent for friends and family, support everything under the sun, and are easily managed remotely, without being crazy expensive. WRVS4400 is one easy example and it's $180 and comes with a realistic warranty, supports IPv6, IPS, and all the things that people believe they should get with consumer routers.

meanwhile, buy shit products and you get shit support (aka E4200 for example). It's not a complicated concept. Just like when people buy a consumer grade 2TB hard drive and don't realize the difference between that and an enterprise one.

The do it all the time. Why would they stop now.

Not a great analogy, because businesses all over the world are replacing traditional desk phones with softphones like Cisco's IP Communicator or Skype every day. Just because computers weren't designed to make phone calls doesn't mean they aren't exceptionally good at it. That "clunky Dell workstation" using something like Cisco Unified Personal Communicator will blow an iPhone out of the water as a communications device. Integrating voice, video, presence, messaging all into a single application that let's you switch between them seamlessly. The only limitation is that it's not portable.

Again, the iPad is a big iPhone. Not a big "phone". It's a larger version of an iPhone, the only difference is it doesn't make cellular calls. If you think making phone calls is the primary distinguishing factor of an iPhone I think you've been asleep for the last 4 years. If you think that an iPad is closer to a laptop than it is to an iPhone, you've clearly never used either device. It's not a "big phone" it's "basically a big iPhone". I don't know how else to explain it. And this isn't an intended as an insult. Turns out a big iPhone is an amazing device! I really love using mine.

http://newsroom.cisco.com/dlls/2004/Cisco_Routing_Timeline.pdf

i don't think people give them credit for the 90's they had some interesting things for the time. (and still do)

Linux:
http://lartc.org/wondershaper/
http://lartc.org/howto/

Cisco:
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml#policingvsshaping

D-Link:
http://www.dlink.com/products/?pid=651

There's nothing inherently wrong with big in-transit buffers for TCP streams. The real question is not which packets get dropped; it's which packets get sent next. That's what "fair queuing" and some other quality of service algorithms are about. Unfortunately, most routers are basically FIFO devices with some packet drop algorithm. If the router is FIFO, dumb, and has big buffers, there's trouble.

Back in the 1980s, when I was working on this, I was applying fair queuing at choke points. My basic thinking was that the network should not drop packets for congestion unless a sender is badly behaved and isn't obeying the congestion avoidance rules. This is well-behaved, and will work well when bandwidth is a scarce resource. But for years, the Internet had more bandwidth than was needed, and so people stopped worrying about congestion. Now that everybody is trying to stream high-definition video, it's a big problem again.

The problem used to be that the CPU overhead for fair queuing was too high. Today we can afford enough transistors in ASICs and FPGAs to do queuing right, even in fast routers. That's already happened. The big players have already put the necessary hardware into their newer routers. Cisco supports weighted fair queuing in their current DOCSIS cable routers. So does Motorola. But it has to be set up and configured. Motorola has a very clear management level presentation on the need for fair queuing on their DOCSIS cable routers. That short piece of PowerPoint is a must read for anybody involved in managing a cable Internet system. Read the slides staring with "If RED is not good enough, what is?". A key point for managers: "There are no parameters to set". There are other parts of DOCSIS routers that have way too many tuning knobs. That's not true of fair queuing.

So, if your cable system is showing this problem, they probably have older routers, or misconfigured routers, or routers from some clueless vendor, or need a software upgrade. Cisco only supported this fully in DOCSIS routers starting in 2008. Earlier cable routers tended to be rather dumb. If you're in the industry, pass around that Motorola PowerPoint.

This has nothing to do with "buffer bloat". It's a queuing problem.

Though this is still almost a year old: Under the 'legal' heading.

When the usage levels between users can be more than 100 to 1 it can't be fair.

I do so love a challenge. Here's some examples of the theory:

• Beyond Best Effort: Router Architectures for the Differentiated Services of Tomorrow’s Internet (1998)
• The Impact of Active Queue Management on Multimedia Congestion Control (1998)
• Comparison of Tail Drop and Active Queue Management Performance for bulk-data and Web-like Internet Traffic (2001)
• Bandwidth Allocation for Non-Responsive Flows with Active Queue Management (2002)
• A Comparative Study of Active Queue Management Schemes (2004)
• PURPLE: Predictive Active Queue Management Utilizing Congestion Information (2003)
• The Addition of Explicit Congestion Notification (ECN) to IP (2001)

And here's some examples of the practice with CISCO routers:

• WRED
• DWRED
• ECN within WRED
• Hierarchical Queueing Framework

Other systems:

• Juniper's support for WRED and QoS in general
• QoS in HP ProCurve switches
• QoS in Nortel switches

Now, tell me again that only a Marxist would believe that it's possible to have pipe-based fair-service on the Internet.

When the usage levels between users can be more than 100 to 1 it can't be fair.

I do so love a challenge. Here's some examples of the theory:

• Beyond Best Effort: Router Architectures for the Differentiated Services of Tomorrow’s Internet (1998)
• The Impact of Active Queue Management on Multimedia Congestion Control (1998)
• Comparison of Tail Drop and Active Queue Management Performance for bulk-data and Web-like Internet Traffic (2001)
• Bandwidth Allocation for Non-Responsive Flows with Active Queue Management (2002)
• A Comparative Study of Active Queue Management Schemes (2004)
• PURPLE: Predictive Active Queue Management Utilizing Congestion Information (2003)
• The Addition of Explicit Congestion Notification (ECN) to IP (2001)

And here's some examples of the practice with CISCO routers:

• WRED
• DWRED
• ECN within WRED
• Hierarchical Queueing Framework

Other systems:

• Juniper's support for WRED and QoS in general
• QoS in HP ProCurve switches
• QoS in Nortel switches

Now, tell me again that only a Marxist would believe that it's possible to have pipe-based fair-service on the Internet.

When the usage levels between users can be more than 100 to 1 it can't be fair.

I do so love a challenge. Here's some examples of the theory:

• Beyond Best Effort: Router Architectures for the Differentiated Services of Tomorrow’s Internet (1998)
• The Impact of Active Queue Management on Multimedia Congestion Control (1998)
• Comparison of Tail Drop and Active Queue Management Performance for bulk-data and Web-like Internet Traffic (2001)
• Bandwidth Allocation for Non-Responsive Flows with Active Queue Management (2002)
• A Comparative Study of Active Queue Management Schemes (2004)
• PURPLE: Predictive Active Queue Management Utilizing Congestion Information (2003)
• The Addition of Explicit Congestion Notification (ECN) to IP (2001)

And here's some examples of the practice with CISCO routers:

• WRED
• DWRED
• ECN within WRED
• Hierarchical Queueing Framework

Other systems:

• Juniper's support for WRED and QoS in general
• QoS in HP ProCurve switches
• QoS in Nortel switches

Now, tell me again that only a Marxist would believe that it's possible to have pipe-based fair-service on the Internet.

When the usage levels between users can be more than 100 to 1 it can't be fair.

I do so love a challenge. Here's some examples of the theory:

• Beyond Best Effort: Router Architectures for the Differentiated Services of Tomorrow’s Internet (1998)
• The Impact of Active Queue Management on Multimedia Congestion Control (1998)
• Comparison of Tail Drop and Active Queue Management Performance for bulk-data and Web-like Internet Traffic (2001)
• Bandwidth Allocation for Non-Responsive Flows with Active Queue Management (2002)
• A Comparative Study of Active Queue Management Schemes (2004)
• PURPLE: Predictive Active Queue Management Utilizing Congestion Information (2003)
• The Addition of Explicit Congestion Notification (ECN) to IP (2001)

And here's some examples of the practice with CISCO routers:

• WRED
• DWRED
• ECN within WRED
• Hierarchical Queueing Framework

Other systems:

• Juniper's support for WRED and QoS in general
• QoS in HP ProCurve switches
• QoS in Nortel switches

Now, tell me again that only a Marxist would believe that it's possible to have pipe-based fair-service on the Internet.