Slashdot Mirror

You need to try IOS XR.

Commit

Based on a brief look at Cisco.com, it looks like the CRS-3 scales from a single 4-slot chassis up to an 1192-slot multiple-rack array, so the amount of backplane capacity you get depends on what size chassis and how many chassis you want to chain together, as well as what flavors of interface cards you put in them. (A lot of the processing capacity is on the cards, which is how you get things to scale to carrier-class.) The small box is going to have supervisor CPUs and probably control-plane, and you'll presumably want redundant power supplies of some sort (though that may be DC if you're in a carrier environment), and probably a couple of GigE interfaces on the supervisor card, but it's not the kind of platform you buy without buying some hefty interface cards, which is where most of your money'd be going.

Model Comparison

Detailed Specs

Model Comparison

Detailed Specs

MSRP starts at $90,000. source

Some gear is starting to provide options like the newer Cisco routers that have both serial and USB consoles. The serial is still key for the terminal servers deployed in today's networks for OOB access. Dial into the terminal server via OOB modem (connected to the AUX port) and session in through the serial ports. However, USB access provides a nice option when you're trying to configure with a modern laptop with no serial port.

Data sheet

The latest series of branch routers from Cisco, the ISR G2, includes both a traditional serial and new-fangled USB console port. Essentially it's just moving the USB-to-Serial chip inside the router, but it does eliminate one potential thing you can lose or forget. They're going to be including both option on several new devices in the future but it's going to take a really really long time for serial to completely go away.

http://www.cisco.com/en/US/prod/collateral/routers/ps10538/data_sheet_c78_556319.html says: " A new, innovative, mini-B USB console port supports management connectivity when traditional serial ports are not available. The traditional console and auxiliary ports are also available. Either the USB-based console or the RJ-45-based console port can be used to configure the router."

1. It costs about $40 about the same as MagicJack.
2. It a real SIP box.
3. It's able to handle two different accounts and serve two different phone lines.
4. It's very popular so there's lots of online help available.
5. Once configured it "just works" for years on end.
6. When combined with a Gizmo5 account and a Google Voice account you get free calls.

When you look at the networking of most smallish cities, there are usually only 3 or 4 real connections out of the city. Usually some OC192 or something to the nearest big city. It's all lined up along the original easements for railroads, power and telephones. A lot of the inter-city traffic is carried on microwave, which means no security at all. Sure, there are a lot more fibers today than in 1990 but after the dotcom burst people stopped pulling in most places. This Google thing may be the start of the next wave.

The smaller your city the further out on the spur you are and the more narrow your options for getting "to the internet" (or to other networks, essentially). The internet isn't ANYTHING, just a way to get from network to network. Right now, the networks themselves for consumers are all in the hands of the telcom companies because they already had the wire. IPv6 will change that because it makes it possible to have mesh networks that actually work. So you could get together with your neighbors at a city council meeting and pay the 10K to pull fiber to a block of houses or even better, neighborhood wireless. IPv4 always needed someone to organize it a little to make it work. It's still highly decentralized and if you look at most university networks, they tend to still follow the original path of lots of publically routable IPs, lots of leased line interconnects to other universities and leased line connections to the closest POPs. But those leased lines are mostly owned by the phone company.

If Google's buying dark fiber, great, but they are still a company. What we need is to look at the internet like a road or highway, something everyone should have access to for free. It's not that expensive to do this in the city, but we will end up heavily subsidizing the country so they can have it also.

CONUS square miles: 2,959,064.44
CONUS square meters: 7.6639417x10^12 m^2

802.11 coverage per AP 802.11g@9mbps: 3.14159 * 76m^2= 18,145 square meters
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_white_paper09186a00801d61a3.shtml

422,154,863 access points, 1 every 152 feet.

At $40/pop that's only $16,886,194,520. ($20 for the AP, $20 for the solar panel)

The government is throwing in $7B, we're halfway there! If everyone spent a weekend deploying we could have the majority of country covered with 9mbps by the end of the year.

If you mesh them and use hexagonal cells you'll have 9mbps from the AP to your laptop even at the middle between cells, and 1mbps to each contigous cell. With IPv6 just use a geographic way to assign the prefix (county, township, section, etc. are already there for the entire country). With a similar setup you can ensure an entirely neutral net. Of course, there are better chunks of bandwidth just coming available. Unfortunately the government charges for the auctions. They need to reserve a nice big chunk for the public, license channels by the square mile using a homestead system where one person can only own 1 AP per mile, with no limit on the total they can own.

Implement micropayment billing to recover the costs and build wires (you need wires to be reliable). Keep greed away with stiff federal pound me in the ass penalties for tampering with APs or trying to price gouge. Problem solved.

Yes, it will be fucking slow at first but you have to start somewhere. The people who need high speed will still have their existing networks, they'll just want to patch into the mesh too to reach those potential customers.

You might want to review the RFCs, particularly the difference between TLA, NLA, and SLA and what bits of the prefix they use. Only the last 16-bits of the network portion of the address are intended for site subnets. Unless you're an ISP or other aggregator, you don't get bigger than a /48. The Top Level ISPs get a /24 which they are expected to route into the NLAs, who assign up to /48s to sites.

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_2-1/ipv6.html - scroll down to the section titled Public Routing Topology Prefixes.

You've nailed it. Projects like the Nexus 1000v and the open source Open vSwitch provide substantial switch functionality in the hypervisor, which makes advanced functionality in the top-of-rack switch unnecessary - not something that hardware vendors are very happy about.

When using virtual machines you loose some control and visibility compared to the tradition pizza box server. A physical server is easy to pinpoint, easy to implement ACLs (ethernet/ip), Quality of Service, traffic monitoring or just to shut down a network port. :) Both VEPA and VN-link are technologies that allow you to better seperate different virtual machines on the same physical box.

For VMware, Cisco developed a virtual switch ( YES, a downloadable switch! :) that integrates with VMware ESX 4 that offers all this network security, monitoring goodness. This virtual switch is called the Nexus 1000v and can be downloaded at http://www.cisco.com/en/US/products/ps9902/index.html ( 60-day trial ).

About a year ago the ethernet specifications for data centers already got an extension called FCoE or Fibre Channel over Ethernet ( http://www.t11.org/fcoe ). Basically this allow you to use one ethernet network for both your lan and your storage san. And thus not needing to build out a seperate Fibre Channel SAN.

http://www.cisco.com/en/US/docs/ios/12_1/12_1xm/feature/guide/ftwrlsmc.html http://www.cisco.com/en/US/products/hw/wireless/ps2360/prod_installation_guide09186a00800d9d79.html AKA known as the Cisco WT2700 Wireless system. Which was end-of-lifed almost 3.5 years ago, so I wouldn't see why anybody would be putting in one of these systems anymore.

http://www.cisco.com/en/US/docs/ios/12_1/12_1xm/feature/guide/ftwrlsmc.html http://www.cisco.com/en/US/products/hw/wireless/ps2360/prod_installation_guide09186a00800d9d79.html AKA known as the Cisco WT2700 Wireless system. Which was end-of-lifed almost 3.5 years ago, so I wouldn't see why anybody would be putting in one of these systems anymore.

A device's MAC address is ostensibly globally unique... until we start running out of 48-bit MAC addresses, anyway. There's a registry for NIC manufacturers and each manufacturer has one or more 24-bit ranges, at least as I understand it.

The way IPv6 addressing works is that usually the last 64 bits of the address are actually a "stretched" version of the MAC address of the device. See here for a good explanation.

The problem with having a permanent global IP for a device is that routing becomes impossible. You need hierarchical organization of IPs based on location, otherwise your routing tables are made up of untold numbers of /128s (or billions of /32s in the case of IPv4 addresses).

In fact, the Cisco Nexus data center switch has been on the market since around January 2008, IIRC. I don't remember hearing any fuss made by the estate when it came to market

Does the estate have to defend their trademark/name against all threats? Or can they just pick and choose what they defend it against? They're suing Google, but why didn't they sue Cisco? Cisco had a Nexus product (actually quite a few of them) for a few years now:

Nexus 7000
Nexus 5000
Nexus 2000
Nexus 1000

Hell, the government even has Nexus Cards which are are WHTI-compliant documents for land and sea travel, as well as air travel when traveling to and from airports using the NEXUS program, and provide expedited travel via land, air or sea to approved members between the U.S. and Canada border.

Does the estate have to defend their trademark/name against all threats? Or can they just pick and choose what they defend it against? They're suing Google, but why didn't they sue Cisco? Cisco had a Nexus product (actually quite a few of them) for a few years now:

Nexus 7000
Nexus 5000
Nexus 2000
Nexus 1000

Hell, the government even has Nexus Cards which are are WHTI-compliant documents for land and sea travel, as well as air travel when traveling to and from airports using the NEXUS program, and provide expedited travel via land, air or sea to approved members between the U.S. and Canada border.

Does the estate have to defend their trademark/name against all threats? Or can they just pick and choose what they defend it against? They're suing Google, but why didn't they sue Cisco? Cisco had a Nexus product (actually quite a few of them) for a few years now:

Nexus 7000
Nexus 5000
Nexus 2000
Nexus 1000

Hell, the government even has Nexus Cards which are are WHTI-compliant documents for land and sea travel, as well as air travel when traveling to and from airports using the NEXUS program, and provide expedited travel via land, air or sea to approved members between the U.S. and Canada border.

Does the estate have to defend their trademark/name against all threats? Or can they just pick and choose what they defend it against? They're suing Google, but why didn't they sue Cisco? Cisco had a Nexus product (actually quite a few of them) for a few years now:

Nexus 7000
Nexus 5000
Nexus 2000
Nexus 1000

Hell, the government even has Nexus Cards which are are WHTI-compliant documents for land and sea travel, as well as air travel when traveling to and from airports using the NEXUS program, and provide expedited travel via land, air or sea to approved members between the U.S. and Canada border.

Good luck getting DNS out through the firewall when outbound udp/tcp is blocked from all hosts except for the DNS servers. I won't even get into packet inspection technology like Cisco's FPM.

This attack would easily be prevented by the use of Private VLANs on your network. With PVLANs Clients connected to the LAN can only send Layer 2 frames to the default gateway and other pre-defined shared services such as printing, ad, mail, internet... Typically Private VLANs are very handy in shared/public environments such as hotels, public desktops.

Howto configure PVLANs on a Cisco Cat 3750 switch:
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml

Many other techniques are available to protect a L2 LAN environemnt:
* DHCP snooping (DHCP trusted/untrusted ports)
* Dynamic ARP inspection
* IP Source Guard
* Port security (stickies) and MAC acls

On the other hand, I've done deployments numbering several hundred cameras using the Linux security-DVR software offered by Cisco: http://www.cisco.com/en/US/products/ps9152/index.html.

It can handle a darn sight more than the 16 cameras per-server you needed. It does not support linking motion sensors or contact alarms to the cameras, but the record-on-motion capability gives similar functionality for most uses.

That's not how wifi works, it doesn't just randomly drop or become unstable unless the hardware itself is fault in which case yes, you would get disconnected.

I guess you don't own a microwave oven. ;)

When a connection becomes weak it doesn't send any less data back and forth to the client, what changes is the proportion of usable data to the proportion of redundant data for error checking and correcting, this has the effect of making the wifi connection speed appear slower, so for example if you have a wifi connection of 54mbps that means you're transmitting/receiving say, 54mbps of usable data along with 6mbps of data for error checking/correcting, when you move away from the access point and your speed drops to 10mbps you're still receiving 60mbps or whatever of data overall, but 50mbps of that is for error checking/correcting.

Er, that's not really how wifi works... it steps down to different transmission schemes when the signal/noise ratio gets too low.

But that's beside the point, because the console and the Live service don't care about the physical details of your connection. What they notice is that when your connection is interrupted (say, you turn on the microwave), packets start getting lost. Packet loss has the effect, at the TCP level, of making the connection slower, but that's because the sender's buffer fills up while it's retransmitting the old packets that were dropped. Xbox Live can't tell whether you've put your router on standby for a few seconds, or whether you're experiencing radio interference that causes all of Live's packets to be dropped for a few seconds, or whether some router anywhere in between is temporarily overloaded.

In fact, I just tried it myself: after pressing the standby button, it took 2-3 minutes before I was signed out of Live.

It's absolutely not possible to read/write the memory of modern consoles unless you get access to an execution environment where you can execute your own code (outside the limited sandbox of say, XNA).

So it's a good thing consoles are never vulnerable to buffer overflows and other expoits that let you run your own code, right? Oh wait, they are. That's how the Xbox, PSP, and Wii softmods work.

Maybe the 360 isn't vulnerable, but all we can really say is that none have been found yet.

This is why despite the console having been out since 2005, no such hack has yet been successful- all hacks have depended on detectable modifications to DVD drive firmwares and similar.

There's no inherent reason why a firmware mod would have to be detectable. The console can only check the drive's firmware by going through the drive. If the drive has been modified to lie about the contents of its own firmware, what's the console going to do about that?

CoD: MW2 certainly doesn't [have auto-aim in multiplayer] and I'm pretty sure MW and CoD5 didn't either.

COD 4 did, and from what I can tell, so do World at War and Modern Warfare 2. Maybe it's subtle enough that you don't notice it, but it's helping you nonetheless.

This is another straw man argument, pretty much everyone had an SDTV before HDTV came along

I'm not sure you know the difference between strawman and analogy.

How did a faulty power supply cause an RROD when the power supply is external and RROD represents an internal hardware fault?

RROD indicates a "general hardware failure". After several weeks,

While you're explaining, can you tell us why DNSSEC makes the size of the DNS zones "unwieldy"?

Probably the agony of setting up precisely one zillion NSEC records makes the whole thing "unwieldy".

To properly return a cryptographically secure answer that there is no domain named silentdot.org, you need a line like:

shitdot.org NSEC slashdot.org

which is a pointer saying there is nothing between shitdot.org and slashdot.org.

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_7-2/dnssec.html

Of course the only thing that is constant about DNSSEC, other than megatons of FUD, is constant change in how it works. Maybe NSEC is now as obsolete as MD and A6 records now are, I really don't know.

Great paper. Cisco is also nice enough to write up about their "Lawful" Intercept products. For example, in Configuring Lawful Intercept Support, they kindly warn the end-user that "To maintain VXSM performance, lawful intercept is limited to no more than 60 active calls." Thanks for the suggestion!

But more Chinese corporate interests have seen profits hit because of counterfeiting -- which may lead to a tougher response from Beijing. Li-Ning Co., China's No. 1 homegrown athletic footwear and apparel company, has gotten the ultimate compliment from counterfeiters: They're faking its shoes. So today, Li-Ning has three full-time employees who track counterfeiters.

As for the "this is a trademark, not a copyright issue" comments, when someone reverse engineers your product and sells an identical looking (but lower quality) knockoff down to the logos, then are violating trademark, patent, and copyright law.

One of the most well know examples of fraud is the Huawei example mentioned above. They didn't steal the Cisco name, but they stole everything else down to the typo's in the user manual. http://newsroom.cisco.com/dlls/corp_012303.html

I use this all the time for equipment that isn't covered under any maintenance contract. You call Cisco, give them the equipment model & serial number, quote the security advisory URL, and voila...they give you download access for the most recent code for your switch/router/firewall... NOTE: You sometimes have to be on hold for an hour or more...but it DOES work...I've done it in the last 3 months for an old 28xx router.

For example: http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8115.shtml

"Customers without Service Contracts

Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows.

+1 800 553 2447 (toll free from within North America)
+1 408 526 7209 (toll call from anywhere in the world)
e-mail: tac@cisco.com
Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC."

You mean something like this? Cisco Building Mediator.

You think $140 is expensive? Take a look at these bad boys from Cisco: http://www.cisco.com/en/US/products/ps10092/index.html

We have been buying them in ten-packs (reduces packaging) which offers a small price break. I think these APs list for around $1100 each.

The cisco TCP bug notice

They are deploying these in public locations like parks and stores. Unfortunately they are only deploying this network in their service areas, and they are not public. You need to be a cablevision subscriber to access them.

Why yes, I am a subscriber - so let me tell you about them.

If you are outside they are great - assuming there is one near you. Once you go into a building - forget it. The signal falls off a cliff, and the service is unusable.

As cool as public Wifi would be, I'm not holding my breath for it. It's the wrong technology for the application.

-ted

Whoops, I guess I was thinking IOS-XE, which is vulnerable.

Linksys is owned by Cisco. Linksys makes devices that do most of what the Cisco boxes do at a fraction of the cost. If they were to switch the Cisco routers to Linux, they would effectively be telling their customers "there is no benefit to buying our high-end boxes over a Linksys router". Actually, the reason they are sticking with IOS is that people have payed and continue to pay thousands of dollars to get Cisco CCNA certification. Switching to Linux would render all that training obsolete, and mean that anybody could now administer a Cisco router, instead of just highly trained professionals like Terry Childs. So, while there would be no downside for their customers if Cisco switched all their products to Linux, there would be a huge downside for Cisco's bottom line. After all, what's more important: the short term profits of your company, or the long term best interests of your customers?

Recertification Renewal Timeframes CCNA, CCDA, CCNP, CCDP, CCSP, CCVP, and CCIP certifications are valid for three years.
All CCIE certifications and Specialist certifications are valid for two years.
...
Individuals with an expired certification(s) must repeat the entire certification exam process in order to regain their certification(s).
(http://www.cisco.com/web/learning/le3/learning_recertification_training.html)

You posted links to the password recovery process, which the GP also posted. I asked for citation showing not saving the config to memory being good security practice. Still waiting...

The issue is what exactly was done where in what situation. I've seen the claim that he removed configurations to only allow the running config to remain active (as you're questioning). And I've seen it stated that he used "no service password-recovery" on other devices. I wouldn't find it at all out of line to use the former if the later wasn't available. They both will provide the same essential level of security - protecting credentials and configuration from physical access.

Perhaps I should have added some explanation for my links. I am specifically interested in the "no service password-recovery" command. From the first link:

Although the ability to perform this type of password recovery often proves useful to administrators, if the router's physical security cannot be guaranteed, this feature opens a vulnerability for attackers. To mitigate this threat, an administrator can disable the password recovery feature by issuing the no service password-recovery command in global configuration mode. After entering this command, the administrator is cautioned not to execute this command without another plan for password recovery, because ROMMON will no longer be accessible.

The Cisco link provides a tad bit more info on what it does. The command is also noted in Cisco's own guide to hardening IOS devices:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

Bottom line: that is NOT good security practice. Show me one citation where this is recommended.

http://searchnetworkingchannel.techtarget.com/generic/0,295582,sid100_gci1334133,00.html

http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a00801d8113.shtml

IIRC, he allegedly changed the Cisco configs but never saved them on NVRAM. You can power-cycle Cisco devices and have a 60-second window to get in without knowing the password That was the big problem.. had he saved the configs to NVRAM, the City could have just power-cycled the devices during a maintenance window, gone in and reset the passwords. But the configs being only in volatile memory meant that if they tried that, the boxes would have lost the config, resulting in the "full system failure"--they City network would have gone down.

I started this post intending to post a lot of links to IPv6 enabled routers. I own a Linksys/cisco RVS4000 that supports IPv4, IPv6, and dualstack. I know other routers besides the Apple and 1 D-Link I could find must suppport it but apparently they don't feel the need to advertise that fact. 15 minutes of googling turned up nothing.

...is Microsoft's lack of comment on video and audio. Who cares about the aside element?

The future of HTML 5 in terms of hardware, software and the law is difficult to predict:

• Mobile devices, gaming consoles, set-top boxes, Blu-ray players and other consumer platforms continue to take internet market share from desktop or laptop computer browsers. (It's worth remembering that Xbox 360 TV and movie downloads consume nearly half as much bandwidth as YouTube.)
• Within the next two years, movie downloads are predicted to amount to around one billion DVDs' worth of traffic per month.
• Under European law, Microsoft may be forced to offer users a choice of browser when they install Windows.
• Firefox, Safari and Chrome have all had significant recent updates. All now support the video and audio elements, along with other HTML 5 technologies. This may boost market share as developers dream up more HTML 5 applications.
• The Adobe Air platform, Microsoft Silverlight and JavaFX and other RIA platforms are competing for dominance and blur the distinction between browser and desktop applications.
• Three increasingly popular smartphone platforms – iPhone, Palm Pre and Android – run WebKit and not Flash or Silverlight. Microsoft has, as yet, been less successful with consumers on mobile platforms.
• If widely implemented, HTTP Live Streaming might reduce the cost of video hosting and enable segmentation and clipping.
• Google Wave could encourage take-up of the Google Chrome browser and the forthcoming web-oriented Google OS could make the HTML media element and other HTML 5 technologies far more ubiquitous.
• The biggest and least predictable change may come from take up (or not) of push technologies such as Comet or Web Sockets.

One problem with sharing WiFi is there doesn't seem to be an _easy_ way to do it so that your guest's traffic is secure from another guest.

There is some protection available if you use a Cisco access point.

Public Secure Packet Forwarding

Smart Grid technology is actually just around the corner. I was just listening to the CEO of Cisco talk about how they're trying to make a big push into this industry, a quick search turned up this; http://www.cisco.com/web/strategy/energy/smart_grid_solutions.html

Flow-based QoS, in the form of Flow-based WRED is not a new concept.

Furthermore, Flow-based routing is not a new concept, it's a very old one.

Perhaps what has happened is general purpose computing hardware, CPUs, and Memory, have gotten a lot cheaper, at much higher speeds and capacities, than in recent years.

It may now be possible to build routers that have the capacity to do it. Flow-based routing is extremely expensive, especially in terms of CPU and memory for bookkeeping all those flows.

Think about it: every single open TCP connection is going to be using memory slots in a flow-based router. If too many distinct flows come in, are started, or continue within recent history, for the available memory to record them all, the device will be in trouble and have to reboot, or utilize some other routing strategy that it wasn't optimized for.

I would fully expect a core router of a sufficient large ISP to have billions if not trillions of flows to have to be in memory under normal loads of a flow-based router.

Keep in mind a 'DNS Request' is a flow, even if it's UDP, oh yeah, and there are some UDP-based protocols that involve data exchange at wider intervals.

A client may transmit a UDP message and expect a response sequence 5 minutes later.

All older cisco equipment worked this way. This was nice, and worked very well for the first router(s) closest to the end customer. However for routers meant to route for large numbers of users this turned out to be a disaster.

Just to give you an idea, this was EOS (end of support) before I turned 10 (look for "netflow routing")

There are a number of very problematic properties :
-> trivial to ddos (just generate too many flows to fit in memory, or generally increase the per-packet lookup time)
-> not p2p compatible (p2p will cause flow based routers to perform at a snail's pace, because they open so much connections)
-> possible triple penalty for every new flow (first a failed flow lookup, followed by a failed route lookup, going to default route)
-> very hard to have a good qos policy this way. A pipe has a fixed bandwidth, and you almost always oversubscribe. Therefore useful policies are very hard to formulate per-flow.
-> if you divide bandwidth per-flow over tcp then a large overload will "synchronize" everything. So let's explain what happens if 3 users are happily surfing about and another user starts bittorrent. Bandwidth gets divided over all the flows, and *every* connection closes, due to timeouts.

There are a number of advantages
-> easy, very extensive QOS is trivial to implement
-> stateful firewalling is almost laughably easy to implement, and very advanced firewalling can be done (e.g. easy to block ssh but not https, just filter on the string "openssh" anywhere in the connection. Added bonus : hilarity ensues if you email someone the text "openssh", and his pop3 connection keeps getting closed)

Here's the deal : a router has to lookup in a table of about 300.000 entries in per-packet switching (excepting MPLS P routers). My PC is, at this moment, opening 331 flows to various destinations, each sending an average of 5 packets (probably a lot of DNS requests are dragging this number down), but you have to keep in mind that a flow-based router has to look up first in the "flow table" AND in the route table (which still has 300.000 entries).

As soon as a flow-based router services more than 1000 machines (in either direction, ie. 100 clients communicating with 900 internet hosts = 1000 machines serviced), it's performance will fail to keep up with a packet-based router. That's not a lot. If a single client torrents or p2p's you will hit this limit easily, resulting in slower performance. 2000 machines and packet-based switching is double as efficient.

So : flow-based routing ... for your wireless access point ... perhaps. For anything more serious than that ? No way in hell.

The 'C' in NIC stands for 'Controller', not 'Card'.

some people, including 3Com and Cisco, disagree with you.

I'm sure any calls between Google VOIP customers will be VOIP on the backend. I'm sure they'll integrate it into Google Talk as well, and then your end could be totally VOIP, and if the other party uses Google Talk it would be VOIP end-to-end. Further, if they're smart, they'll let you use your SIP-based "hard" phones with the service as well.

Second, ENUM is already standard that allows you to use DNS to direct your calls wherever you want (voice or fax - see fax could just go direct from mail server to mail server over SMTP, and if not available use the traditional number). However, guess who has to implement ENUM? The local telco providers who have been assigned numbers have to implement it - and guess what, none of the traditional Bell companies have done that or will do that anytime soon because it allows you to bypass their services and control how your number is called. I could see Google changing all this (at least between VOIP-enabled providers). TPC has tried to make this happen, but really it needs to be done at your service-provider level so you don't have to manage DNS: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-2/enum.html.

Regarding revenue, I'm sure it'll be the same as Google Apps. Free for certain features, pay for other. Perhaps Google will make it free for all at first, get folks hooked, and then pay.

Competing in the corporate world will be hard, however. All of these features I've heard of, you can do with a Cisco CallManager/Unity platform. One-reach number forwarding, listening to calls as the caller leaves the message (plus telling the system to take the call, which prompts the person calling with, "Your party can take your call now, please stand by," and then two-way voice goes through), per-number-filtering (profiles, etc.), initiating calls from your cell's smart-app (this is really SIP, and what occurs is Google would place a call out to your cell and the party you wish to call at the same time, presenting you with the caller's number on your callerid, and presenting them with your Google number on their callerid, thus "masking" the phone you calling from), text to speed (read your email to you), speech to text (convert speech to text), fax to email, email to fax, SIP VOIP to your telco so no need for a PRI or analog trunks. All that, and you don't have to worry about Google turning "evil."

However, I, as a small business owner, I cannot afford the hardware and licensing to do this. I'd love to pay Google for such a feature without a huge capital investment. I'm sure others would too.

Further, if Google's smart-app running on the phones do this right, you'll be able to seamlessly transfer a call that you answered on you cell on your desk (plus all the other features). In the Cisco world, you just hang up the cell call and it's still there for 2 seconds and you can pick it up on your desk. Or, if you were on your desk and needed to step away, you just press "Mobile" and the system dials your cell (but the desk call isn't affected at all) and as soon as you hang up your desk phone the two-way audio cuts through on your cell. While on a traditional phone system you could just transfer your call to your cell, the advantage is you can drop back to your desk phone (or any other office phone that you log into) without having to transfer it from your cell (thus tying up two voice paths and running up your cell minutes).

Anyway, it is cool tech, and I'm glad to see Google bringing it to the masses.

Here's a quick summary of the codecs and the MOS (essentially call quality) http://www.cisco.com/en/US/tech/tk1077/technologies_tech_note09186a00800b6710.shtml#mos. The big thing with the compressed codecs is the latency and increased sensitivity to line problems like jitter and dropped packets.

Done right on a network with proper QOS, VOIP using the G.711 codec works great. The big benefit for me is that it eliminated the need for installing an entire cabling plant just for analog voice.

A good example is Cisco WAAS, a cool video showing how it works is here: http://www.cisco.com/cdc_content_elements/flash/ans/index.html

See here for data sheets and specs: http://www.cisco.com/en/US/products/ps5680/Products_Sub_Category_Home.html

Cisco's solution is inexpensive and you can use your existing router investment to do all the heavy lifting.

Pat

A good example is Cisco WAAS, a cool video showing how it works is here: http://www.cisco.com/cdc_content_elements/flash/ans/index.html

See here for data sheets and specs: http://www.cisco.com/en/US/products/ps5680/Products_Sub_Category_Home.html

Cisco's solution is inexpensive and you can use your existing router investment to do all the heavy lifting.

Pat