Slashdot Mirror

Google: "isp common carriers" returns...
The Uncommon Carrier

A Quick Wiki returns...
Network neutrality in the United States

A Quick Slashy returns...
Cable Internet Service Not Common Carrier

Find your own sources from there and agree or disagree.

On the off-chance that you're not trolling:

C = Cisco Systems
N = Nortel
J = Juniper Networks

HTH. HAND.

oh come on... how hard would it be to add a gigabitE switch to this?

http://netgear.com/Products/RoutersandGateways/RangeMaxNEXTWirelessRoutersandGateways/DG834NB.aspx

its not exactly fricking rocket science.

so ha ha fucking ha all you people saying "And no monitor included? No printer function either?" but the reality of it all is they just don't want to cannibalize their current switches.

http://www.cisco.com/en/US/prod/collateral/routers/ps5855/product_data_sheet0900aecd8016a8e8.html

yep... like I need one of those.

Truth is, I had a netgear gigabit switch.... and I managed to fry it AFTER a thunderstorm by plugging the power of the adsl router into the switch by accident
http://kbserver.netgear.com/products/DG834Gv1.asp

Its one of the older models that required a higher voltage than the poor switch :(

That was one or two years ago now... and I've been dying to replace it with gigabitE again but I cant help but feel Netgear (and the rest) will shortly replace the crappy 10/100 hub with gigabitE

http://netgear.com/Products/RoutersandGateways/RangeMaxNEXTWirelessRoutersandGateways.aspx

Look at the above products... really? how hard would it be? I'd really rather not have to go back to two devices... and I'm sure if I did right now I'd get burned lol

I spent a bit of time working on this issue when I was at "a freakin large router company". Large customers deal with this by setting themselves up peering agreements ISPs and using BGP to do load balancing. Great stuff, but not so scalable for home users...

Have a look at this: http://www.cisco.com/en/US/products/ps6628/products_ios_protocol_option_home.html It has the ability to probe path characteristics passively or actively and intelligently route traffic based on it. It will run on a Cisco 1800 series router, so pick up an 1801 (with built in DSL interface), use an Ethernet interface to talk to the modem for the other service, and off you go. Kinda spendy, but it's the cheapest solution that has this level of intelligence.

If you want to go the Cisco route, you can also look in to OER, http://www.cisco.com/en/US/tech/tk1335/tsd_technology_support_sub-protocol_home.html.

I've used it for a few locations that have multiple ISP's and it works well.

I recently bought one for my home office after having trouble with inbound port mapping for static IPs couple with outbound GRE packets for VPN - the netgear I was using before just wasn't able to keep up. QoS, both inbound and outbound, and scheduled based on bandwidth or percentage is allowed. DMZ, virtual networks, and other stuff as well are included as well.

Said the parent post:

How do they even define what a double of IP traffic is?

They predicted the amount of traffic in petabytes per month.

Said the original post:

I left the apostrophes around the word 'double' in the title because the linked site has them, but for the life of me I can't figure out why.

TFA contains a link to Cisco's Visual Networking Index (PDF)

Look on page 3 of that PDF, where there is "Table 1. Global IP Traffic 2006-2012".

A quick scan of the values do show a doubling of volume looking 2 years out from any given year... but there are exceptions to that. The comparison of traffic from 2010 to 2012 mostly does not show a doubling, AND, in a couple places, the data comparing 2009 to 2011 does not double, either.

Lastly, the final row of that table predicts "Total IP traffic (PB per month)":

• 2006: 4,234
• 2007: 6,577
• 2008: 10,747
• 2009: 16,296
• 2010: 24,228
• 2011: 32,983
• 2012: 43,518

Twice the volume of 2010, i.e. 24,228 would be 48,456 which is less than 43,518. So, though not quite doubled in one case listed there, to say that it would double every two years would be incorrect. And we'd be all over that if they had claimed it to be. IMHO, to say 'double' is a reasonable way to express this concept.

A Review of TCP Performance

Within any packet-switched network, when demand exceeds available capacity, the packet switch will use a queue to hold the excess packets. When this queue fills, the packet switch must drop packets. Any reliable data protocol that operates across such a network must recognize this possibility and take corrective action. TCP is no exception to this constraint. TCP uses data sequence numbering to identify packets, and explicit acknowledgements (ACKs) to allow the sender and receiver to be aware of reliable packet transfer. This form of reliable protocol design is termed "end-to-end" control, because interior switches do not attempt to correct packet drops. Instead, this function is performed through the TCP protocol exchange between sender and receiver. TCP uses >>>cumulative ACKs rather than per-packet ACKs, where an ACK referencing a particular point within the data stream implicitly acknowledges all data with a sequence value less than the ACKed sequence.

>>> TCP also uses ACKs to clock the data flow. ACKs arriving back at the sender arrive at intervals approximately equal to the intervals at which the data packets arrived at the sender. If TCP uses these ACKs to trigger sending further data packets into the network, then the packets will be entered into the network at the same rate as they are arriving at their destination. This mode of operation is termed "ACK clocking."

>>> TCP recovers from packet loss using two mechanisms. The most basic operation is the use of packet timeouts by the sender. If an ACK for a packet fails to arrive within the timeout value, the sender will retransmit the oldest unacknowledged packet. In such a case, TCP assumes that the loss was caused by a network congestion condition, and the sender will enter "Slow Start" mode. This condition causes significant delays within the data transfer, because the sender will be idle during the timeout interval and upon restarting will recommence with a single packet exchange, gradually recovering the data rate that was active prior to the packet loss. Many networks exhibit transient congestion conditions, where a data stream may experience loss of a single packet within a packet train. To address this, TCP introduced the mechanism of "fast recovery." This mechanism is triggered by a sequence of three duplicate ACKS received by the data sender. These duplicate ACKs are generated by the packets that trail the lost packet, where the sender ACKs each of these packets with the ACK sequence value of the lost packet. In this mode the sender immediately retransmits the lost packet and then halves its sending rate, continuing to send additional data as permitted by the current TCP sending window. In this mode of operation, "congestion-avoidance" TCP increases its sending window at a linear rate of one segment per Round-Trip Time (RTT). This mode of operation is referred to as Additive Increase, Multiplicative Decrease (AIMD), where the protocol reacts sharply to signs of network congestion, and gradually increases its sending rate in order to equilibrate with concurrent TCP sessions.

Now, if you still know you're right, then you're right ... I can be wrong for folks when it is in my benefit. Also, thanks ... it has been about a decade sense last I looked up some TCP/IP info. I sent my first email in 1984 name5678@IPv4.octet.address.ip (yes, before DNS).

clearly, they think clamAV works, and therefore is not a waste of time and/or money

AV is also just a small part of the ways cisco provides security to the network. read up on their best practices.

So following that logic I should cancel my company's global support contract for Cisco CSA { Cisco Security Agent} then? http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html

Like this, which are designed to keep you off a network unless your system is up to date with all major OS patches, and has antivirus software with current definitions? If it's a waste of money to spend effort on keeping up with patches and antivirus software/definitions, I think it'd be hard to argue for spending money on systems which enforce hard-line policies (thus not only "wasting" IT's time, supposedly- but now also wasting employee time as they can't work until things are fixed.)

Much more data is sent with an SMS that just the text of the message. How do you think you get the caller id of who sent the message? To see how much data is actually sent check out the format of a "call detail record". Most data is not compressed, but rather sent as a comma separated list. You would be amazed at how much data is actually tranfered for any type of wireless communication. First the message from the sending device is sent to the nearest cell tower, which contacts a database to see which carrier you subscribe to. (Your phone does this periodically also, so your carrier knows which cell tower service area you are in so they know where to send your calls). The number you are calling is looked up in a database so they know which cell tower to broadcast your message from. Plus your IMEI,ESN, calling number, called number,originating and terminating cell tower information, originating and terminating switch and trunk data are transmitted with each message. Copies of each record are reformatted and sent to the carrier for retention, copies are sent to the billing company and the company that maintains the carrier's customer service web site, etc.
My point is that much more data gets transferred for each sms than the 160 characters of the text. Considering all the data transfers required for the whole process, the text of the message is actually a very low percentage total data processed.

Dont forget Cisco

Nexus -- we'll see, but that doesn't support FC.
Incorrect. The Nexus does indeed support FC.

Interesting you point out a Sun Infiniband switch as the a possible option to "merge it all together". Cisco's idea of a unified datacenter fabric is based on Ethernet, see Nexus. I dunno...Infiniband is certainly cool stuff, but could it ever overtake Ethernet in the datacenter?

By the way, it may sound like I work for Cisco. I don't. I do, however, manage large Cisco MDS Fibre Channel SANs.

if you dont want your community to use your wireless, but you want the ease of unsecured access, use mac address filtering on your wireless router. most all 802.11b/g/n integrated service routers come with that feature in an easy to use package. if you CBA to keep people off your network, it WILL be used.

it makes it a bit harder to add devices to the network, but once again, tis still easy.

i keep mine unsecured simply so that if there is ever a disaster in the area, the cisco NERV (i got to tour it the other day, was awesome) can override it and add it to the disaster mesh. i think of it as community service.

Switch- Handles moving packets between endpoints on a single IP Subnet (layer 2 Device)

Yes, that's the terminology that honest people use. But Cisco's marketheads call "switch" anything that does forwarding in hardware, even if it's actually a router. Hence their somewhat quaint references to "layer 3 switches".

See them advertising their "Layer 3 switches".

see architecture pic: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/images/white_paper_c11_459082-5.jpg

It would seem that Mono could be a runtime for apps also. Anybody know why that might not work?

As to why you'd want this on the router, you already have a footprint in that space. Virtualization and Consolidation = decreased (branch) footprint.

Cisco says it this way: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/white_paper_c11_459082.html

Customer and Partner Value Propositions
      The nature of the Cisco AXP, that of openness and flexible support of application services, is a catalyst for new growth areas within IT and as far reaching as facilitation of new business processes and enhanced business models. The concept of having application services resident on a Cisco router is appealing to various parts of an organization, be it a desire to minimize physical footprint and maximize service consolidation to hosting a distributed component of an application to promote a new business model. In any case, it is the inherent capability of the Cisco AXP module to assume system-level responsibility of hosting/integrating applications into the network that facilitates these things.

Independent software vendor (ISV) value proposition:
- Addresses Cisco large installed base and use Cisco's well-established channel relationships.
- The Cisco ISR has industry-leading market share. It serves as an excellent platform to integrate applications with security, unified communications, and WAN optimization built in.
- Provides ISVs with a faster time to market.
- Uses Cisco brand name and multi-geography reach.

Channel partner and service provider value proposition:
- Provides additional revenue opportunities and facilitates higher margins.
- Helps move from a product centric approach to a solution centric approach.
- Increases customer penetration and stronger bonds across multiple categories of decision makers.
- Is backed by strong worldwide Cisco support, including Cisco Validated Designs (CVD), training material, documentation, and so on.
- For managed service providers, it further reduces management complexity and on-site administration needs.

Customer value proposition:
- Provides server consolidation and decreased branch footprint.
- Lowers TCO with less power consumption.
- Provides enhanced productivity, better management.
- Provides better network and application services integration.
- Is compliant to industry standards such as payment card industry (PCI), Health Insurance Portability and

Accountability Act (HIPAA), and so on.
- Is one vendor to contact.

see architecture pic: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/images/white_paper_c11_459082-5.jpg

It would seem that Mono could be a runtime for apps also. Anybody know why that might not work?

As to why you'd want this on the router, you already have a footprint in that space. Virtualization and Consolidation = decreased (branch) footprint.

Cisco says it this way: http://www.cisco.com/en/US/prod/collateral/routers/ps9701/white_paper_c11_459082.html

Customer and Partner Value Propositions
      The nature of the Cisco AXP, that of openness and flexible support of application services, is a catalyst for new growth areas within IT and as far reaching as facilitation of new business processes and enhanced business models. The concept of having application services resident on a Cisco router is appealing to various parts of an organization, be it a desire to minimize physical footprint and maximize service consolidation to hosting a distributed component of an application to promote a new business model. In any case, it is the inherent capability of the Cisco AXP module to assume system-level responsibility of hosting/integrating applications into the network that facilitates these things.

Independent software vendor (ISV) value proposition:
- Addresses Cisco large installed base and use Cisco's well-established channel relationships.
- The Cisco ISR has industry-leading market share. It serves as an excellent platform to integrate applications with security, unified communications, and WAN optimization built in.
- Provides ISVs with a faster time to market.
- Uses Cisco brand name and multi-geography reach.

Channel partner and service provider value proposition:
- Provides additional revenue opportunities and facilitates higher margins.
- Helps move from a product centric approach to a solution centric approach.
- Increases customer penetration and stronger bonds across multiple categories of decision makers.
- Is backed by strong worldwide Cisco support, including Cisco Validated Designs (CVD), training material, documentation, and so on.
- For managed service providers, it further reduces management complexity and on-site administration needs.

Customer value proposition:
- Provides server consolidation and decreased branch footprint.
- Lowers TCO with less power consumption.
- Provides enhanced productivity, better management.
- Provides better network and application services integration.
- Is compliant to industry standards such as payment card industry (PCI), Health Insurance Portability and

Accountability Act (HIPAA), and so on.
- Is one vendor to contact.

It might be interesting to read the data sheet.

10/100/1000 Gigabit Ethernet connectivity to router backplane

meh.

Oh yeah, I know that one...
http://forums.cisco.com/CertCom/game/binary_game.swf

Good fun.

This actually looks like a form of something a lot of Cisco equipment already does to prevent "synchronization."

Let's say you have 500 hosts sharing a "fat pipe." If During peak times, the combined throughput used by TCP applications cause all available bandwidth on the link to be consumed. The result is, at that instant that all available bandwith is consumed, packets get dropped suddenly and indiscriminately. This means that 500 hosts all lose a slew of packets.

Per TCP specifications, when packets aren't acknowledged, all 500 hosts back off for a moment, and then retransmit at approximately the same time, causing another sudden burst in bandwidth usage, and more dropped packets.

This problem compounds until all hosts are simply busting packets, dropping packets, backing off, and repeating. The solution to this was a technique called "RED (Random Early Detection).

What this does is essentially detect when bandwidth is almost completely utilized, and then starts selectively and "fairly" dropping packets from the TCP streams. This causes the hosts to gradually back off, until bandwidth consumption is back in check. The result is that the whole "synchronization" issue is avoided, and the link is better utilized, as throughput is constant and reliable.

There is a variation called WRED or "Weighted Random Early Detection", in which certain types of packets get cut before others. This would allow the router to avoid dropping VoIP traffic, while implementing RED on non-realtime streams instead.

You can read more about this technique here: http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcconavd.html

Cisco CEF does pretty much what you describe. It avoids the route table lookup by keeping an adjacency table of recent connections, and switches the packet to the correct port. CEF is one of three route caching technologies on Cisco routers, and is default on modern versions of IOS. Route table lookups (i.e. process switching) are only done when there is no cache entry, either because it's the first flow or the entry has aged out of the adjacency table. Cisco CEF

Im not sure how this is different from Flow based WRED
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/flowwred.html

One thing that is important to point out, is that Cisco is treating Rick Frenkel extremely well. They aren't firing him, restricting him from blogging, or taking other knee jerk reactions. What they are doing is requiring that a Cisco employee put boiler plate on their sites.

Cisco itself has been trying to embrace web2.0 collaboration for a couple years now. In some instances like http://blogs.cisco.com/home/ they do really well, providing a conduit for actual engineers to comment on technology and the companies products. In other instances like second life, they have gone completely off target and missed the whole point (my personal rant, second life is NOT web2.0). The important thing to focus on, is that Cisco is consistently trying to encourage open communications of its employees with the general public, and should be apploauded for their attempts.

Disclaimer - I am NOT a Cisco employee, and these are my OPINIONS.

Cisco Systems VPN Client doesn't. That's (one of) the deal-breaker(s) for me.

You deploy these http://cisco.com/en/US/products/ps5763/index.html

Which btw during development was not referred to as the CRS, but the BFR (Big F-ing Router; ala Doom's BFG).

It seems like you are assuming that ethernet is only used in the comsumer world... I just finished helping wire up three cisco routers that we had to upgrade to because they have 10GbE ports on them and our pervious core routers with GbE were not able to handle the traffic any more. If cisco has to make a router with a total capacity of 92 Tbps, im sure TbE could be put to use.
http://www.cisco.com/en/US/products/ps5842/index.html

See here and here for details.

Basically, the Pakistan ISP told the internet world to redirect elsewhere all packets destined for Youtube.

IPv6 barely supports firewalling or QoS. Open corporate networks for all.

What extra support does firewalling need from the IP layer?

IPv6 has no IP level encryption. Its in the standard, but no software or hardware implements it yet.

This looks like a configuration guide to enable IPSec over IPv6 on Cisco routers. And over here it says that Linux does IPSec over IPv6 since 2.4.28 and 2.6.9.

Change ISPs? Guess what. You have to re-IP your whole inside network because your IP range is solely defendant on a subset of your main provider.

That's definitely true for IPv4, but I thought the whole point of site local addresses was to avoid this issue in IPv6.

Then, there is the fact that IPv6 is not battle tested, so you will be experiencing the joys of the late 90s all over again, with similar attacks like pings of death, to teardrop and land attacks. Expect one (if not more) of the major operating systems out there to have a bug in the IP stack allowing anyone to send some currently unknown packet and get kernel level access from anywhere on the Internet.

True, but then again there are far more people involved in the Net today than in 1994 to 1998-ish when IPv4 stacks were getting pounded.

It's basic RF. The higher the frequency, the worse the penetration. 700MHz and 900MHz go through just about everything (except dirt and metal). 2.4GHz (802.11b/g) can go through wood panels, drywall, and some forms of metal (not many). I don't know what the mathematical description is for the ratio of frequency vs rates of absorption/penetration, but it gets pretty bad at about 5.8GHz (802.11a). I can't imagine what it is at 60GHz and only 2W of output power.

Linky
"Indoor wave propagation is also affected by the building material. The density of the materials used in the construction of a building determines the number of walls the RF signal can pass through and still maintain adequate coverage. Paper and vinyl walls have little effect on signal penetration. Solid walls, solid floors and pre-cast concrete walls can limit signal penetration to one or two walls without degrading coverage. This can vary widely based any steel reinforcing within the concrete. Concrete and concrete block walls can limit signal penetration to three or four walls. Wood or drywall typically allows for adequate penetration of five or six walls. A thick metal wall causes signals to reflect off, which results in poor penetration. Steel reinforced concrete flooring restricts coverage between floors to perhaps one or two floors.

The higher the frequency, the shorter the wavelength is. Shorter wavelengths have more probability to get absorbed and distorted by a building material. Therefore, 802.11a, which operates in a higher frequency band, is more prone to the building material effect."

Yeah, we always fall back on the government to help us out when us nerds aren't satisfied with how capitalism is driving the technological trends that need to happen.

But let's not forget those that went before us. Jun-ichiro Hagino, better known as Itojun, was one of the first researchers that was pushing for IPv6 since as long as I can remember (at least 2001). On top of that he was developing specifications for it and working through the BSD code to make it one of the first operating systems fully capable of being IPv6 compliant--starting a trend that needs to happen in more operating systems sooner. He even started documenting draft APIs to get developers thinking about how this would work inside software.

And then he died in a car accident at age 37. It's funny how you don't appreciate their work until they're dead. Almost like a painter or author.

Although many still carry on his work, the saddest part is that all his efforts to bring awareness to everyone about IPv6 may fall into the responsibilities of the government or, worse, capitalism.

First, the net-neutrality folks attacked the policy-map command and the whole idea if Differentiated Services (i.e., IETF DiffServe). policy-map lets you configure prioritization or other special treatment of packets.

Now they're attacking the rate-limit and traffic-shape commands that let me control how many packets I forward of a particular type.

Don't I own my own router? Why should I be forced to forward packets that I don't want to forward? Why should I be forced to prioritize or not prioritize if I don't want to?

Donating money to to political campaigns is considered "free speech". By the same logic, shouldn't it be "freedom of the press" for me to decide which packets I want to forward through a router that I own?

First, the net-neutrality folks attacked the policy-map command and the whole idea if Differentiated Services (i.e., IETF DiffServe). policy-map lets you configure prioritization or other special treatment of packets.

Now they're attacking the rate-limit and traffic-shape commands that let me control how many packets I forward of a particular type.

Don't I own my own router? Why should I be forced to forward packets that I don't want to forward? Why should I be forced to prioritize or not prioritize if I don't want to?

Donating money to to political campaigns is considered "free speech". By the same logic, shouldn't it be "freedom of the press" for me to decide which packets I want to forward through a router that I own?

The rise of virtualization proves the validity of the microkernel concept, whereby the hypervisor now takes the place of the original "kernel" (note the similarity in block diagrams: microkernel vs. hypervisor designs). Virtual machines are now used instead of function-specific modules in the original microkernel designs, with specialized VMs for performing I/O and to host virtual appliances with just enough user-level code needed to support a particular application.

I attended a Cisco bash last year where they were expounding the virtues of their ACE (Cisco Application Control Engine) technologys.

Basically you use a couple of routers in between your server room and your remote office which know
about layer 4-7 of the protocol stacks. This allows the routers to short-cut a lot of the protocol
handshaking that causes the latency in things like HTTP, SMB, SQL etc.

These are meant to be quite effective for remote sites & greatly improve performance. Cisco claim that these engines have been optimized for a wide range of common office protocols.

Have a talk to your Cisco rep, they'd be more than happy to do a presentation & possibly lend you
some loan gear for testing.

read all of this: near the bottom it mentions other associated & relevant technologies such as "Application Velocity System"
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_brochure0900aecd804595e1.html

My company's CEO is a CCIE (Lance Reid, CCIE #14888, verify CCIE status ). He doesn't have an office as he's always meeting with customers bringing in more sales - that and we're so mobile we use any old conference area as a desk. Non-technical management is the problem most places, IHMO - I think Dilbert refers to them as PHBs.

I actually work for one of the major US cable companies (not gonna say which cause it honestly doesn't matter), in the department that controls the overall "brains" of the cable video network in our region. As such, I tend to see some of the issues, and can maybe hopefully contribute to the back-end knowledge of the cable video platform for the /. users.

First off, in direct response to your question. To the best of my knowledge, currently most set top boxes in use are made by 1 of 2 companies. Scientific Atlanta, or Motorola. These are also the companies who pretty much are the 2 "big boys" in the Cable headend game. Our region actually has systems which run on both platforms (they are not interchangeable since both companies do things on the backend differently.

In order to kind of understand the way the cable-cards work, you kind of need to know the way the entire system works...sorta. So let me try and explain the makeup of the cable headend. I deal primarily with the Scientific Atlanta systems in our area, so I'm more familiar with it (and where to find the references online which I can share.). Keep in mind that both systems do the same thing, the way in which they do it is just a little different. http://www.cisco.com/en/US/netsol/ns457/networking_solutions_solution_category.html the figure here is kinda basic, and includes stuff not really needed...but may help as a visual aid.

In the Scientific Atlanta platform, you have your primary controller. This system, running off Solaris, Pretty much "controls" the entire cable video network. It contains the configuration information for all the modulators which send the video over RF to your home. It also contains all the conguration information for your settop box, package information, security information, Channel Map configurations, etc. When the video source is configured on the QAM (Modulator) it can be encrypted. On the SA system, there is a special server connected directly to the DNCS responsible for maintaining the encryption keys and information. This encryption helps to prevent unauthorized access to the digital signal. The most obvious (without getting into conspiracys or opinions on greed and whatnot) reasoning for encrypting a channel is so that little johnny doesn't stumble across hardcore sex in the clear with his QAM tuner TV.

In the Cable-Card enviroment, the cablecard is responsible for the decryption of this signal. The encryption is done via a public/private key system. When a cablecard is loaded on the controller initially, the DNCS at this point knows the Secure Micro of the cablecard. When the card then gets authorized for the encrypted feed, it at that point is sent the information it will need to be able to decrypt the video feed. This process tends to work without many problems. The REAL complication with cable-cards tends to be a bit more involved with the pairing process.

From what I understand.... the pairing tends to be pretty much the DRM of whole mess. no wonder it causes so many problems. But then again, nobody can avoid it these days it seems. Anyways, there are primarily 2 Id's that come into play here. The CableCard's ID, and the Host device ID. This is pretty much where you are pairing up the 2 devices and getting them to play nice to each other and know who the other person is. It's this item that pretty much tends to be the real pain in getting a cablecard working. (personally.. I hate TIVO's.. ). The unfortunately thing about standards, is while they are there to tell you how things are supposed to work, talk, and act together. They don't always go into the nitty-gritty of how to implement those standards, user interfaces, or procedures. For instance, especcially in a dual-turner TIVO, they can be a bastard to set up. Why? First you must make sure that just the primary card is

Because there's a couple of pieces of the spec missing in MS's solution. Read this for a bit of background info on what multi-cast entails.

IIRC, MS fails to register, and works by flooding the network. The first part prevents utilizing multicast at the switch/router levels, thus limiting multicasting only to those machines on a single network segment. The second means you do not have any of the efficiencies of multicasting even on a LAN.

And I may not even have described all or the major flaws in how MS implemented it. 8+ years makes things fuzzy.

Portsentry was made by Psionic. They were bought out by Cisco in 2002. So Cisco pretty much hired the main developer and that eventually killed the project. The code was open source but obviously a community never really formed around it other then people wondering what happened to it. I welcome the alternative, PSAD, and am planning on to give it a test drive...

--Ajay

They're using these, and yes, they DO run Linux.

I bought an old Cisco 2900XL for home use/playing around but had to relegate it to testing only because of the fan noise. At work the new models are just about the same.

A Cisco router creates 43-57 dBA, equivalent to a TV set blaring constantly one meter away. Four full height racks implies quite a few boxes, too. Not a good working environment.

From my understanding, it is inferred. ISPs are by definition a carrier. Cicso has a good overview here . A google search will pull up all sorts of discussions on CC status for ISPs(most of the snips on the google search were about topics like whether Verizon or Comcast has lost its CC status for various actions). There are relatively few discussions on whether they are indeed CCs or not. Likewise, discussions on whether phone companies are CCs or not are also rare.

Additionally I've not heard of comcast nor any other major ISP itself being sued over its users transferring copyrighted or illegal data. This would further argue the point.

Am I missing something? What leads us to believe that ISPs do not fall under CC status other than the fact that they are not traditional phone companies?

do your network jocks configure Cisco equipment thru a GUI?

1. Well, ASDM is not a bad tool to have around when working with the ASA's

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/usrguide.html

2. The Altiga VPN concentrator is 100% GUI - there is no CLI.

3. I manage a wireless network that has close to 400 APs. The WLSE (with its GUI) is much easier to use that telnet'ing to each AP. As soon as we upgrade to LWAPP, GUI administration for our wireless network will be SOP.

From the article: "Flow routing has introduced an important innovation that can help alleviate the capacity crunch: Routers do not need to route every packet, only the first packet in a flow."

He has just described Multi Layer Switching.... something which has been around for years. From Cisco:
"The packet forwarding function is moved onto Layer 3 switches whenever a partial or complete switched path exists between two hosts. Packets that do not have a partial or complete switched path to reach their destinations are still forwarded in software by routers. ...
IP MLS allows you to debug and trace flows in your network. You can identify which switch is handling a particular flow by using MLS explorer packets."

http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/hybrid/mls.html#wp10207

You can also add human readable comments with things like who changed something, when, and why.

These things add no value to the computer program, but to us stupid humans, we actually value these things.

AFAIK, there is no way for 99.999% of the human race to tell much about HKEY_LOCAL_MACHINE\SOFTWARE\foo\bar\MGROPW with type of REG_SZ and a value of 0c0a000a2c means without some other information. The only part I made up in this example is foo and bar, everything else is stolen from a screen capture I found here.

Personally, I think that the trend towards XML based configuration files is not much better, because they seem to me as just another form of the example above.

I disagree. In situations where logfiles are pertinent to the gathering and subsequent presentation of evidens (as in computer forensics, for example), correct timekeeping is essential. You may argue that this still doesn't constitute a security threat, but it remains mission-critical for some applications.

Cisco mentions other issues in a document concerning the 2007 DST changes in the U.S. here:

"For security-related devices, where logs are captured, correlated, and stored for future reference, this time change could render them incorrect for situations where they need to be recalled to rebuild a sequence of events. The incorrect timestamps might not be an issue for events that get immediate action. However, in the future, these events would reference incorrect times.

Any device with time-based controls and activities, such as a AAA servers, Content Devices (CEs), cron jobs, and video streaming servers can be impacted and should be checked with the appropriate vendor.

Other examples include calls being logged at the wrong times that could effect call detail reporting and billing information or inaccurate campaign dialing times that result in dialing customers outside FTC allotted time periods, which is a violation of FTC regulations.

Consequently, any device with time-based controls and activities, such as authentication servers, synchronization activities, and scheduled events (that is, batch jobs, timed backups, or automated dialing capabilities or scripts, etc.) that has been configured to use U.S. DST rules would be impacted during the time period when the new U.S. DST rules go into effect, but the old U.S. DST rules are still applied."

I am reminded of the story about "iPhones kill WLANs" some time ago, featuring Cisco & Apple gear, which ultimately turned out to be more along the lines of "Interference From Devices On Unregulated Bands Interferes!" But you know, tht's not qute as sexy, is it?

That was an interesting story. Actually, the headline would have been "Bug In Cisco's Own Wireless Hardware Brings Down Same". It turned out that it wasn't an iPhone issue at all, and was a bug in Cisco's code. Unfortunately, the story had already made it out to everyone, including AP again which equates to hundreds of hundreds of local news outlets, that iPhones "brought down" a major university's network. When it was discovered that it was really exclusively Cisco's fault and had nothing to do with the iPhone (except perhaps for the iPhone exposing the problem in a way), were there any retractions or corrections? Outside of the very narrow IT and networking press, nope, not at all.