All of the major ISPs are rolling out ADSL2+ "triple play" services. Video, telephone service, and internet. The underlying ATM runs at 20Mbps/4Mbps for copper runs up to 800 metres, and even at 5000 metres you can get 12/1Mbps. Of this bandwidth, phone and television get dedicated timeslots, and what is left over can be used for internet. Typically there is 2Mbps for video, and 64/64kbps for voice.
The fibre ATM backbone has dedicated bandwidth to each of the three services. There are hundreds of VPIs carrying an MPEG4 video stream, the DSLAM (or the BAS) chooses which one to send down the pre-defined video slot to each subscriber. When you change channels on the CPE box, a message is sent to the DSLAM controller to change which VPI is sent to your box. There is a network dedicated to VoIP, so a telephone can be plugged into the box.
The.UK is years behind the rest of europe, because they don't have a regulator who can keep the marketplace honest and fair. Ofcom has been BT's bitch for years now, and with the current government it isn't going to change anything soon. The only way it could get worse would have them adopt FCC style pro-active industry support, where not only does the one big powerful monopoly get everything it asks for, but gives them even more.
I just had a one-time client do this. Called me up one day this summer, asking if I could help them move their data centre that very evening. "Sure," I said, "if you pay me cash up front", and they did, not even negotiating my obvious overcharging.
Legitimate data centres around Europe don't let anyone take out machines until everyone agrees all bills have been paid. It limits the damage from pr0n websites pulling this stunt. The courts had seized all their bank accounts and given the money over to the data centre, the ISPs, and all the rest of their creditors. They actually had quite a large stash of money, but the boss was a big time cheat who just didn't like paying bills. Once their bills had been paid, they were told they had 24 hours to clear out their operation.
It was a disaster, of course. Their DNS $TTL was a week, they had all kinds of affiliate programs who broke for a while. The new data centre was an old office building in a dodgy office park, so it didn't yet have the cooling for 3000 servers or a redundant electricity supply. There was a single fibre connection passing nearby, and I had to find 200 metres of monomode to get fused and in operation in a matter of hours. While I set up their new data centre routers and switches, they hired a bunch of students to load up a couple of moving vans starting at midnight. Piles and piles of cheap, crappy DIY servers, and two huge cardboard boxes of cables. Then they drove 230 Kms, arriving at 7:00 AM, and started setting things back up. By noon, they had only 150 servers back up and running.
I think they had over 50% machine failure and it took them 2 or 3 days just to install the 2500+ machines in the new area. They did lose most of their customers, but wrote it off as normal churn in the pr0n hosting biz.
Although I am not a coder, your post does bring up some interesting ideas. I do think you underestimate the drag of legacy systems and coding techniques, but even if Vista does have a smoothly working XAML/XML message passing and context system it will take a decade or more to become mainstream. VB has been around for more than a decade, and even though there was a small eplosion (hah, I've already used my new word once today) of programs when it first emerged, it is only now becoming common for most development teams. Assuming M$ stays the course on Vista development and doesn't drop the tech before it has a chance in the marketplace (like so many other buzzword/paradigm fads), this bears watching.
I also think you are being downbeat on OpenSource coders, they have always shown the agility to adopt proven methods quite quickly once they start to prove their worth (ha, they'll adopt anything they can get their hands on).
I've had this sig for a while, I can't search back and find the attribution, but its from a fellow/.er
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I find this pretty common in techies who didn't complete a formal education. Because they never had someone explain exactly the relations of capacitance, dielectric properties, EMF, or other scientifically known phenomena, they tend to "reinvent the wheel" with new names.
Tesla was working with electricity at the time when committees were being formed to standardise names and units for all the "new" sciences. So while Tesla forged ahead and was creating his own terms for ideas such as inductance and surface effect, the less talented were sitting around academia publishing notes on inventions, and their terms became the commonly used terms today. When Tesla-heads (zero-point energy or free energy morons) rediscover his early writings, they find all kinds of unfamiliar terms and just assume he was describing something different and magical. When an electrical engineer reads Tesla's early works, there immediately is a connection to what was learned in second and third year EE courses, even if the terms are slightly different.
This article was squeezed out by a poorly educated crackpot, who assumes that just because he's never seen detailed scientific studies of weather phenomena, they must not exist or were suppressed by some mystical cabal (which is true, they are called Universites, and they teach only their students what they know, the public are on their own)
You are right. Re-reading your first line, I can't think of where I got that idea. Yes, NAT will be around forever, its too useful of a technology and well on its way to maturity.
There are enough other posts in this thread from people who think that NAT is the saving technology which means there will never be a need for IPv6, ever. I'll go rant in another thread.
if you try to do both IPv4 and IPv6 on the hardware, you take the load way up.
On what kinds of hardware? Are you talking about old cisco catalyst switches like the 5500? Maybe first generation 6500s? But with newer switching/routing hardware, native IPv6 hardware processing support is there. Not just the stuff on the market this year (although I'm pretty much seeing close to 80% support in the current crop), IPv6 support has been getting included in hardware for at least the last 3 or 4 years on the higher end kit.
Sure, some manufacturers are charging extra for the firmware to enable IPv6, that can't last for much longer. As soon as Cisco makes IPv4/IPv6 a standard feature in all of their IOS offerings (from IPBase upwards), then all the others will include it for free.
You didn't RTFA, obviously. It was full of real numbers reflecting reality which includes NAT, not wishful thinking of an armchair/. pundit.
Even with wide deployment of NAT in both consumer connections and at corporate edges, the IPv4 address space is still running out fast. NAT and HTTP 1.1 bought us 10 years of breathing space, but that is now ending. NAT is not going to go away, but in a few years, when an ISP or a corporation goes asking for some new addresses because they are still expanding, there just will NOT be any more. No amount of NAT is solving this problem, we're already close to 100% NAT on consumer connections, there are just too many new consumers who want an internet connection. On the server end of the connection, you just can't put NAT boxes in front of a big pile of servers, they need to be individually addressable. HTTP 1.1 bought us some time with virtual domains, but even that doesn't scale for much longer.
Once things start to get scarce in a few years, there will be address blocks available from black-market sources. But would you stake your company's connectivity on a block which was allocated to the U.S. military or a spam-friendly Chinese ISP? Sure, the block might not be announced right now, but what happens a month or two down the road after you have paid $$$ for the addresses and the original owner pops up and smacks you down in court for illegally announcing their block?
Its going to get ugly, this article and many like it at NANOG, RIPE, APNIC, IETF and other meetings are all sounding the end of freely available IPv4 space.
What rock are you hiding under? Vendors are all the time releasing new versions of their firmware for their consumer grade DSL router/firewall/NAT boxes. Quite a few of them have a linux project which gives you IPv6 natively, such as OpenWRT for LinkSys.
You also seem to be under the mis-impression that IPv4 and IPv6 are mutually exclusive. This is a common mistake by people with almost no knowledge of networking. There are ISPs all over Europe right now that offer both IPv4 and IPv6 addresses on their DSL and Cable lines. If you have a router which supports IPv6, *BAM*, it's on and working. No real configuration to do, just click the checkbox on the configuration page or whatever. Computers which support IPv6 then just auto-configure their interfaces and start using IPv6 whenever possible, and the user never even notices.
I've got a dual IPv4/IPv6 ISP at home, and it just works. Mac OS X, Solaris, and OpenBSD all just start using IPv6 when they see a local router offering IPv6 Neighbor Discovery packets. Windoze boxes require loading the IPv6 stack from a web site somewhere, but once installed and configured it pretty much works without maintenance.
Both sides have been playing at stealing the other's customers, it has just gotten very bad in the last six months or so.
The Cogent offer to existing Level 3 customers requires them to drop their link with Level 3 (and stop paying Level 3 bills). The free year of transit ends if the customer obtains any other redundant transit from another carrier during the year. Its not a very good deal.
the AC I expect both Level 3 and Cogent to be out of business within six months, and then all the other carriers can get back to earning some narrow margins on new contracts as prices rebound to market levels
Yes, blackholing is exactly what's happening. I have clients on both carriers in this dispute, and its really clear there is blackholing going on from both sides. Level 3 is being really obvious about it, because I doubt they have an experienced network engineer left working for them. Cogent has done this at least three times in recent memory, with AOL, with LambdaNet just before the assfu^Wbuyout, and with OpenSew^H^H^HTransit.
If all the world's BGP sessions carried the whole routing table, and carriers were forbidden from creating blackholes, nobody would have noticed this childish display of stupidity. Routers would have routed around the damage. But with TWO major carriers blackholing routes, it is difficult to fix the problem. This is not a call for legislation (which I fear, now), because full BGP tables are rarely needed, and blackholing has many engineering functions.
There are many small companies in Europe with an AS number, one cheap transit provider, and a few connections on local peering points for regional traffic because usually more than 50% of their traffic is local. When I say cheap, I of course mean Level 3 and Cogent, the two market bottom feeders.
It has been a lucrative week for me, because I have the knowledge to fix this, and have been doing so to the point of exhaustion tonight (its 4:00AM, I've been up since things broke thursday, and my typing this reply was interrupted by a call from another potential client). I'll be buying the Level 3 and Cogent guys drinks when I get a chance, they've really fucked up their markets with this stunt, but I'm cleaning up.
the AC
Ooops, I think I displayed a little bit of editorial opinion in this ra^H^Hpost. how the hell did it get to 4 long paragraphs? Bedtime!
To start, there are no 100Mbit hubs, the very spec for 100BaseTX requires a switching function. The cheapest 10/100 hub/switches are just that, a 10BaseT hub for the ports in 10 mode, and a 100BaseTX switch with one port internally going to the 10BaseT hub.
Don't get a cheap taiwanese 10/100 switch. They don't really have more than 100 Mbps of switching capacity. Once two ports are communicating, all the other ports are being buffered. As soon as you have a higher bandwidth than about 5-10Mbps streaming connection between two ports, you will see drop and loss problems on all the remaining ports. Avoid these cheap switches at all costs, they will only cause you headaches down the road. Certainly avoid the no-name ones that look just like major name brand models, because they are the brand name models which have a problem (or several) and thus are rebadged and sold for cheaper. Even if you can get a warantee replacement when it dies in a few weeks, the replacement will also have a fault.
The best bet for cheap used switches right now is Foundry. There are tons of used Foundry WorkGroupServers on eBay and sitting around used kit warehouses. I've seen people pick them up for under $100. With the latest firmware (i.e. from 2001), they'll do vlans, rate-limiting per port, and can support multiple, simultaneous, 100Mbps streams. Plus they have SNMP support, so you can set up MRTG or cacti and watch how much bandwidth each machine is using.
Don't skimp on the network switch or the cabling, you'll only look bad when it all goes wrong (which Murphy says will be at the worst possible moment, but you know that by now or will learn the hard way soon enough:-)
I had an afternoon free last week while in Paris, so I dropped into the Apple Expo to see what goodies were on offer. When I stopped by the apple area to look at the Nanos, I noticed they were already fairly scratched, as well as covered in fingerprints. So I cleaned one up with my t-shirt, and the Apple employee just about shit a brick. It seems they were replacing the Nanos every night because by the end of the day, they were too scratched to be useful as demo models. I wasn't particularly rough with the t-shirt, but less than a minute of polishing the front surface left it almost completely frosted. The black Nanos showed the damage much worse than the whites, so I know if I ever get one it will be the white. Both that I polished over the screen were unusable within seconds, though.
If they just hadn't made that fourth season, Lexx might have made the list. The first season's four movies were great, showing the result of the four creators fleshing out their story, characters, CGI artwork, and background details for over a decade. Every idea they had went into crafting that universe, and it showed. The movies were good enough to get the series picked up for at least two more seasons, but by then they were out of ideas, and the 2nd and 3rd seasons were abyssimal.
To get the series funded they were forced to bring in an investment group from Germany. There was too much interference by their German investors, who insisted on making the characters more into extreme cariactures, putting lots of T&A into every scene, and attempting to be a german star trek rip-off. The Stanley character became too annoying and lost any depth that was present during the movies.
The fourth season was unwatchable, I've only been able to stomach about three of the episodes, and have relied on friend's opinions to keep me well away from the rest. Its what happens when a series has jumped the shark so far they know they have nothing left to lose and just shamelessly stole every movie cliche but forgot to add anything to the process.
If you just plan on handing someone a default Nessus report
The security industry is filled with people doing this. Its not just a few here and there, it seems like every university computer student is out flogging Nessus reports. Every internet company I know gets at least a few contacts per week from guys flogging their security scanning service. The more socially apt geeks actually call in advance and set up a meeting with someone in the IT or networking group, the hopeless cases just run a Nessus scan, print it out, and then try to meet someone by hanging around IRC channels and selling them the report.
If you were never brought into sales-discussions, you might want to ask yourselves "why not?"
Excellent advice. Geeks aren't sales critters, and sales people should never pretend to be geeks. And neither type are management. The only successful companies have a real business person at the head, hire an accountant to keep the books, a lawyer to review the contracts and answer any judicial questions, and then sales and techies for the grunt work. If the OP is just starting out, the best thing they can do is find a business-savy type to head their company. Just as there are geeks who think they can start their own company with just a couple of years work experience, there are also management trainees who would jump at a chance to play "boss", but they need someone with ideas and skills to do the grunt work.
I had a client (now ex-client, thankfully) who managed to get a very bad name in the web-hosting industry. Unpaid bills, cheated partners, traded stolen equipment, etc. Decided to start all over again, so he changed the name of his company, and pointed the old DNS entries to an ex-partner's company (or the ex-partner kept them).
A year or so later, in comes some snotty young dutch hac^Wwanna-be security team, to pay him a visit. They point out all the holes in his security, have copies of logs from network management machines, figured out the passwords on the routers, etc. Only problem was that the network wasn't his, but another company's. The other company was not thrilled, and had been cleaning up after all the break-ins and the damage done. So the police were called, but they declined to prosecute after throwing a big scare into the pre-pubescent idiots. I hear a few civil cases are still proceeding against them.
Everything Dave says, and a little more clarification.
My studies many moons ago were on electromigration and bi-metallic corrosion. There are three common types of edge connectors, gold alloys, beryllium-copper alloys, and tin-nickel alloys. Gold and Be-Cu have a golden hue, Sn-Ni look silvery. Putting one type of alloy in contact with another and passing a current through it will lead to an eventual failure of the contact.
When you must clean edge connectors, by all means use kimwipes and IPA (Iso-Propyl Alcohol). If you can get your hands on it, 1,1,1-TFE is the best for stripping off gunk, but its been outlawed because its really bad for the environment.
As a last resort for cleaning connectors, don't use a pink eraser, but a white one. The pink erasers are rubber vulcanised with sulfur compounds, and are quite acidic. Pink erasers also contain a high percentage of abrasive compounds, like pumice, which will tear microscopic channels through the plating and expose the base metal underneath. The sulfur which remains on the contacts will cause more problems 3-6 months down the road than if you left things dirty. Even on gold-plated contacts, the sulfur compounds will get underneath the plating and destroy the metal, and it all disappears. If you suspect someone used a pink eraser on contacts, wipe them with a soapy kimwipe (to neutralise the acids) and rinse clean with IPA.
The white drafting erasers are not a rubber compound, but vinyl, and the most radical (i.e. corrosive or reactive) chemicals are chlorine based. These are much less damaging than a pink eraser. Do yourself a favor and remove all pink erasers from your company, replacing them with white PVC erasers. This will give your repairs a chance of lasting more than 6 months. Of course, you may want to be unethical and have many returns down the road.
I'm the guy you'll want to impress the most. I decide which data centres are best for my clients to put their equipment and services. I've built ops centres, so I know what goes in them. If you can't impress the extreme techies who will visit, your company is dead. We will not just avoid you, but will divert as much business away from you as possible. You need to make sure TPTB understand an ops centre is a functional business tool first, and a PR tool second.
An ops centre is first and foremost a place for humans to work, it is not a machine room, a laboratory, nor a visitors centre. It must be climate controlled for humans, not machines. It has to be quiet, neat, clean, and comfortable. It also has to be functional. If it doesn't meet all of these mandatory requirements, there is a problem. If the problem is lack of understanding of human nature by PHBs and bean counters, then this will extend to the rest of the infrastructure, and should be avoided.
Lets start with the non-technical bits. Assuming the ops centre will be staffed 24/24, there needs to be a break area immediately adjacent. A kitchen with a big refrigerator, a sink and a dishwasher, real dishes and cutlery, a good microwave. There must be food and drink vending machines at hand. The must be some tables and chairs so people aren't forced to eat at their work stations, and there needs to be a sofa or two, long enough people can stretch out and take a nap. There must be clean modern bathrooms just for the ops staff. The ops centre itself needs to be heated/air conditioned so that it is always comfortable and people can come in from outside, shed their heavy winter clothing, and work in casual t-shirt style. There should be a minimum of fan noise from equipment, enclosures and silent-PC tech should be used wherever possible. If there are windows, there should be adjustable blinds/shades in case of hot sunny days. The ops centre itself needs to be kept clean and tidy. Surfaces should be cleaned on a daily basis, cables should all be hidden away (and labled for easy maintenance). There should be some greenery, and the work areas should not be sterile of personal touches. I expect to see Dilbert and UserFriendly strips taped up, small figurines on monitors, nerf toys, and anything else within reason for keeping the techies relaxed and happy.
For the technical bits, I expect to see modern monitoring software. Cacti, Nagios, HP OpenView, BMC Patrol, custom built web monitoring tools to expose the current state of every part of your company. I expect to see at least two screens at every work station, one for monitoring/control and one for business functions like email, web, irc/IM, listening to podcasts or online radio stations. Techs need to be connected to do their jobs, and it shouldn't interfere with the monitoring functions. Googling bizarre error messages should be considered a normal business practice.
For a layout, it depends on what what your size is, the number of people working simultaneously, and the type of work people do. Large companies covering many regions or the whole world tend to have a layout like the bridge of the Enterprise, with a director in a big swivel chair in the middle, with about three consoles at hand running the MoMs (Manager of Managers, a consolidation function). There will then be groups of work stations around the central point, each cluster for a main function. In the background, on the walls, will be some big screen monitors with useful information, and usually a large schematic of the whole company's operations with red/yellow/green status indicators. Most large sites have a large screen TV tucked in the corner with CNN on the main, and a picture-in-picture tuned to the local news station.
Smaller centres tend to have just a large office area with low cubicles around the edges with everyone facing the same direction. At the far end of the room will be a few large, flat-screen monitors showing overall stats. Everyone has their own little work area, but can communicate with others easily enoug
Most spammers are making money from criminal activities. Turn off your spam filter for a day, and look at the shit that comes in. Illegally obtained presciption medication, pyramid schemes, loan sharking, tax evasion, hardcore pr0n. These are criminals widely broadcasting their activity to the whole world, and occasionally some police and prosecutors get off their fat asses and do something about it.
Occasionally I see a spam from an almost legitimate source, usually a marketing group behind a website where I left a spamtrap address. Its clear they didn't re-sell the address, just got desperate for new sales leads and discovered they had 10's of thousands of email addresses.
But I could handle a few almost legit spams per week, its the 740 per day of pure criminal activity that chokes my systems and causes me to lose hours per month maintaining anti-spam filters. I don't care that there are no effective spamming laws, if the powers that be take down the criminals in a loud and public way, it will have a deterrent on others who think they can advertise their crime spree on our internet.
I would also like to see prosecutors in the U.S. go after some of the people who obtained their narcotics through this spammer, and make headlines of "hard prison time for responding to spam".
Webhosting is a lot like selling used cars, or amway or other MLM pyramid schemes. There are always new players doing what they can to look like a serious business, and when they get bored or broke they sell what customers they have to the next guy as a starter kit. Those that are slightly successful get other idiots to resell their crap, in the hopes of spreading the responsibility and risk around.
I work around a number of bandwidth resellers. Their most numerous customers are little webhosting companies, quite often dozens in the same data centre. Typically a web hosting or dedicated server company is a teenager, or some young guy starting university, who has heard about how much money is to be made in buying a bunch of cheap servers, renting a rack and some bandwidth. When they go broke, usually towards the end of the school year, they sell the servers and customers on to the next sucker. Often, it is a group of very young guys using many different names for their companies, so as one name gets tarnished, they migrate to the next. When you work in the data centres, you'll see racks stuffed full of mini-PCs, and the name on the rack changes every month or two, but its the same guys and the same equipment. The worst ones have such low margins, their entire network is run from a single linux box which does it all, quagga for routing, web server, DNS (two different IP addresses on the same NIC to pretend they have 2 servers), and when the cheap-o power supply or no-name 10baseT hub fails their whole service is offline until they notice and come out to fix it. They marvel at other companies who can afford a used cisco router or two, but to them its just a luxury they can't afford.
There are a few usenet newsgroups where people discuss that industry, quite a bit of astroturfing goes on, but its usually easy enough to filter out. Some deja-googling can give you an idea if your server hosting company has been around for a while, and how they respond to problems. Other than working in the hosting industry for a while and picking up the trade gossip, there really isn't much honest information out there.
If you are in the region where the hosting company operates, ask to see their setup. If they have 75 machines crammed into a 42U rack with some cheap-ass no-name switches wedged in the sides, you'll have nothing but problems. If they have real networking equipment and a staffed NOC, you'll probably be a lot happier. Check their website, real companies have real no problem showing off the structure of their network, real-time traffic graphs, status reports and notices of planned work, and forums where customers can discuss problems. Companies you want to avoid have just a few static pages with an email address, bonus points if its a hotmail account.
You are a troll, since you obviously don't know what you are typing about. But as I just returned from Sweden, I'll feed the troll in order to enlighten others about your pathetic rant.
The term is symetric, not synchronous. When brodbandsgolet.se offers 100 Mbps symetric, its delivered on fibre to the household. It is not a DSL or cable technology. It is expensive, and only available in bigger cities in Sweden.
10Gig interconnects are quite common in the data centres where the xDSL and cable and fibre headends terminate. A broadband provider may oversubscribe 10:1 or 15:1, but the traffic only starts to get congested in the evenings when you get all the home subscribers firing up their shiny powerful macintoshes and PCs. You really need to have a dozen or more PCs on your home 100Mbps line before you can really start to achieve those levels of constant traffic. There are problems with TCP windows, and round trip delay which keep a PC from using too much bandwidth. Pulling content from the US is always slow, but within the nordic counties and northern Europe, web browsing is fantastically fast./. still takes 4 seconds to start loading, no matter what your bandwidth is.
Then you certainly don't want to look at offerings in the Benelux and France, where EUR30/month will get you 20Mbps down, 2 up. I have clients working on 50Mbps and higher xDSL rollouts over the next year, but those will be targeted at professional use (meaning no restrictions on servers or use, except for spamming clauses) for about 60-100 euros/month.
It means there is one less windoze machine infecting our internet. I consider this a good thing.
The only thing better would be to change the security switch on that machine from [I]nsecure to [O]versecure, which will change your machines threat level from blue (panic) to black(get a life). Typically the security switch is found on the back of the computer. Flip it. Go outside, enjoy the day.
I'd recommend an OpenBSD solution, more for the elegance of pf's route-to command for load balancing incoming and outgoing connections. CARP is good for multiple machines acting as a single gateway, but not for one machine with multiple links. Route-to is what I use for simple multi-provider load balancing installations, where one provider offers a small netblock (typically a/27 or/28), and the other providers are just ADSL/Cable with a single static IP address. BSD also offers OpenOSPF, so you can quickly failover if a link goes down.
You can achieve similar results with Linux and multiple route tables, but your failover will not be as instantaneous as you might hope. The patches will help, but multiply weighted routes, NAT, and IPtables makes troubleshooting and maintenance a nightmare.
If your company really, truly, wanted a reliable internet connection, they would invest in the time and effort to obtain a/24 netblock and an AS number. Then you would have to find two or more providers willing to provide full BGP feeds, but it isn't all that difficult (well, maybe in backwards ARIN countries:-). They should also consider putting their important internet facing servers (web, mail relay) in a dedicated hosting centre, probably much cheaper than keeping the boxes physically on your premises.
I understand the extreme paranoia of a firewall admin, especially if there are large numbers of windoze machines on her network. There may be a touch of tin-foil hat syndrome from rumours that windoze machines report activation codes encoded in SNTP requests to time.windows.com. If you are on a government network, then some security dudes have already demo'd tunneling secret info over NTP UDP packets, resulting in your properly locked down windoze network. There really is no reason a windoze machine needs to get its time from the internet, when a local time server will do.
There probably is an NTP service on the internal network. Start by asking around if there is an alternative you can use on the inside of the firewall. Try pointing your NTP client at the default router on your segment, and see what happens. Do a traceroute towards the internet, and see if NTP is present on any of the hops before the firewall.
If one sets up an internal NTP server (Windows XP or 2000 workstation)
One note about XP or 2K machines as NTP servers. Windows clocks are accurate to only 10 milliSeconds, and no amount of tweaking will improve that. Save yourself the headache and set up a *nix machine, where clock increments are usually between 2 mSec and 500 nanoSec.
If you have no NTP inside the firewall, you can always pick up a cheap GPS unit with a serial NMEA connector, or if you are in the US, a CDMA timebase. Plug it into a *nix based machine, compile the latest NTPv4 code, and read the docs about setting up a generic NMEA driver. Now you've got a machine accurate to about.05 seconds, and after a few weeks of running will probably settle down to.02 seconds with little drift. If you can spend more and get a GPS with a pulse per second output, you can get 1 microsecond accuracy. If your department has $500 extra in the budget, and you don't want the hassle of setting up a *nix box and GPS, there are GPS based NTP servers out there.
Its probably easier and cheaper to ask the network admins to enable an NTP server on a router.
Slashdot Mirror
All of the major ISPs are rolling out ADSL2+ "triple play" services. Video, telephone service, and internet. The underlying ATM runs at 20Mbps/4Mbps for copper runs up to 800 metres, and even at 5000 metres you can get 12/1Mbps. Of this bandwidth, phone and television get dedicated timeslots, and what is left over can be used for internet. Typically there is 2Mbps for video, and 64/64kbps for voice.
.UK is years behind the rest of europe, because they don't have a regulator who can keep the marketplace honest and fair. Ofcom has been BT's bitch for years now, and with the current government it isn't going to change anything soon. The only way it could get worse would have them adopt FCC style pro-active industry support, where not only does the one big powerful monopoly get everything it asks for, but gives them even more.
The fibre ATM backbone has dedicated bandwidth to each of the three services. There are hundreds of VPIs carrying an MPEG4 video stream, the DSLAM (or the BAS) chooses which one to send down the pre-defined video slot to each subscriber. When you change channels on the CPE box, a message is sent to the DSLAM controller to change which VPI is sent to your box. There is a network dedicated to VoIP, so a telephone can be plugged into the box.
The
the AC
I just had a one-time client do this. Called me up one day this summer, asking if I could help them move their data centre that very evening. "Sure," I said, "if you pay me cash up front", and they did, not even negotiating my obvious overcharging.
Legitimate data centres around Europe don't let anyone take out machines until everyone agrees all bills have been paid. It limits the damage from pr0n websites pulling this stunt. The courts had seized all their bank accounts and given the money over to the data centre, the ISPs, and all the rest of their creditors. They actually had quite a large stash of money, but the boss was a big time cheat who just didn't like paying bills. Once their bills had been paid, they were told they had 24 hours to clear out their operation.
It was a disaster, of course. Their DNS $TTL was a week, they had all kinds of affiliate programs who broke for a while. The new data centre was an old office building in a dodgy office park, so it didn't yet have the cooling for 3000 servers or a redundant electricity supply. There was a single fibre connection passing nearby, and I had to find 200 metres of monomode to get fused and in operation in a matter of hours. While I set up their new data centre routers and switches, they hired a bunch of students to load up a couple of moving vans starting at midnight. Piles and piles of cheap, crappy DIY servers, and two huge cardboard boxes of cables. Then they drove 230 Kms, arriving at 7:00 AM, and started setting things back up. By noon, they had only 150 servers back up and running.
I think they had over 50% machine failure and it took them 2 or 3 days just to install the 2500+ machines in the new area. They did lose most of their customers, but wrote it off as normal churn in the pr0n hosting biz.
the AC
eplosion
I have my new word for the day, thank you.
Although I am not a coder, your post does bring up some interesting ideas. I do think you underestimate the drag of legacy systems and coding techniques, but even if Vista does have a smoothly working XAML/XML message passing and context system it will take a decade or more to become mainstream. VB has been around for more than a decade, and even though there was a small eplosion (hah, I've already used my new word once today) of programs when it first emerged, it is only now becoming common for most development teams. Assuming M$ stays the course on Vista development and doesn't drop the tech before it has a chance in the marketplace (like so many other buzzword/paradigm fads), this bears watching.
I also think you are being downbeat on OpenSource coders, they have always shown the agility to adopt proven methods quite quickly once they start to prove their worth (ha, they'll adopt anything they can get their hands on).
the AC
I've had this sig for a while, I can't search back and find the attribution, but its from a fellow /.er
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
I find this pretty common in techies who didn't complete a formal education. Because they never had someone explain exactly the relations of capacitance, dielectric properties, EMF, or other scientifically known phenomena, they tend to "reinvent the wheel" with new names.
Tesla was working with electricity at the time when committees were being formed to standardise names and units for all the "new" sciences. So while Tesla forged ahead and was creating his own terms for ideas such as inductance and surface effect, the less talented were sitting around academia publishing notes on inventions, and their terms became the commonly used terms today. When Tesla-heads (zero-point energy or free energy morons) rediscover his early writings, they find all kinds of unfamiliar terms and just assume he was describing something different and magical. When an electrical engineer reads Tesla's early works, there immediately is a connection to what was learned in second and third year EE courses, even if the terms are slightly different.
This article was squeezed out by a poorly educated crackpot, who assumes that just because he's never seen detailed scientific studies of weather phenomena, they must not exist or were suppressed by some mystical cabal (which is true, they are called Universites, and they teach only their students what they know, the public are on their own)
the AC
You are right. Re-reading your first line, I can't think of where I got that idea. Yes, NAT will be around forever, its too useful of a technology and well on its way to maturity.
There are enough other posts in this thread from people who think that NAT is the saving technology which means there will never be a need for IPv6, ever. I'll go rant in another thread.
Sorry
the AC
if you try to do both IPv4 and IPv6 on the hardware, you take the load way up.
On what kinds of hardware? Are you talking about old cisco catalyst switches like the 5500? Maybe first generation 6500s? But with newer switching/routing hardware, native IPv6 hardware processing support is there. Not just the stuff on the market this year (although I'm pretty much seeing close to 80% support in the current crop), IPv6 support has been getting included in hardware for at least the last 3 or 4 years on the higher end kit.
Sure, some manufacturers are charging extra for the firmware to enable IPv6, that can't last for much longer. As soon as Cisco makes IPv4/IPv6 a standard feature in all of their IOS offerings (from IPBase upwards), then all the others will include it for free.
the AC
You didn't RTFA, obviously. It was full of real numbers reflecting reality which includes NAT, not wishful thinking of an armchair /. pundit.
Even with wide deployment of NAT in both consumer connections and at corporate edges, the IPv4 address space is still running out fast. NAT and HTTP 1.1 bought us 10 years of breathing space, but that is now ending. NAT is not going to go away, but in a few years, when an ISP or a corporation goes asking for some new addresses because they are still expanding, there just will NOT be any more. No amount of NAT is solving this problem, we're already close to 100% NAT on consumer connections, there are just too many new consumers who want an internet connection. On the server end of the connection, you just can't put NAT boxes in front of a big pile of servers, they need to be individually addressable. HTTP 1.1 bought us some time with virtual domains, but even that doesn't scale for much longer.
Once things start to get scarce in a few years, there will be address blocks available from black-market sources. But would you stake your company's connectivity on a block which was allocated to the U.S. military or a spam-friendly Chinese ISP? Sure, the block might not be announced right now, but what happens a month or two down the road after you have paid $$$ for the addresses and the original owner pops up and smacks you down in court for illegally announcing their block?
Its going to get ugly, this article and many like it at NANOG, RIPE, APNIC, IETF and other meetings are all sounding the end of freely available IPv4 space.
the AC
What rock are you hiding under? Vendors are all the time releasing new versions of their firmware for their consumer grade DSL router/firewall/NAT boxes. Quite a few of them have a linux project which gives you IPv6 natively, such as OpenWRT for LinkSys.
You also seem to be under the mis-impression that IPv4 and IPv6 are mutually exclusive. This is a common mistake by people with almost no knowledge of networking. There are ISPs all over Europe right now that offer both IPv4 and IPv6 addresses on their DSL and Cable lines. If you have a router which supports IPv6, *BAM*, it's on and working. No real configuration to do, just click the checkbox on the configuration page or whatever. Computers which support IPv6 then just auto-configure their interfaces and start using IPv6 whenever possible, and the user never even notices.
I've got a dual IPv4/IPv6 ISP at home, and it just works. Mac OS X, Solaris, and OpenBSD all just start using IPv6 when they see a local router offering IPv6 Neighbor Discovery packets. Windoze boxes require loading the IPv6 stack from a web site somewhere, but once installed and configured it pretty much works without maintenance.
the AC
Both sides have been playing at stealing the other's customers, it has just gotten very bad in the last six months or so.
The Cogent offer to existing Level 3 customers requires them to drop their link with Level 3 (and stop paying Level 3 bills). The free year of transit ends if the customer obtains any other redundant transit from another carrier during the year. Its not a very good deal.
the AC
I expect both Level 3 and Cogent to be out of business within six months, and then all the other carriers can get back to earning some narrow margins on new contracts as prices rebound to market levels
Yes, blackholing is exactly what's happening. I have clients on both carriers in this dispute, and its really clear there is blackholing going on from both sides. Level 3 is being really obvious about it, because I doubt they have an experienced network engineer left working for them. Cogent has done this at least three times in recent memory, with AOL, with LambdaNet just before the assfu^Wbuyout, and with OpenSew^H^H^HTransit.
If all the world's BGP sessions carried the whole routing table, and carriers were forbidden from creating blackholes, nobody would have noticed this childish display of stupidity. Routers would have routed around the damage. But with TWO major carriers blackholing routes, it is difficult to fix the problem. This is not a call for legislation (which I fear, now), because full BGP tables are rarely needed, and blackholing has many engineering functions.
There are many small companies in Europe with an AS number, one cheap transit provider, and a few connections on local peering points for regional traffic because usually more than 50% of their traffic is local. When I say cheap, I of course mean Level 3 and Cogent, the two market bottom feeders.
It has been a lucrative week for me, because I have the knowledge to fix this, and have been doing so to the point of exhaustion tonight (its 4:00AM, I've been up since things broke thursday, and my typing this reply was interrupted by a call from another potential client). I'll be buying the Level 3 and Cogent guys drinks when I get a chance, they've really fucked up their markets with this stunt, but I'm cleaning up.
the AC
Ooops, I think I displayed a little bit of editorial opinion in this ra^H^Hpost. how the hell did it get to 4 long paragraphs? Bedtime!
To start, there are no 100Mbit hubs, the very spec for 100BaseTX requires a switching function. The cheapest 10/100 hub/switches are just that, a 10BaseT hub for the ports in 10 mode, and a 100BaseTX switch with one port internally going to the 10BaseT hub.
:-)
Don't get a cheap taiwanese 10/100 switch. They don't really have more than 100 Mbps of switching capacity. Once two ports are communicating, all the other ports are being buffered. As soon as you have a higher bandwidth than about 5-10Mbps streaming connection between two ports, you will see drop and loss problems on all the remaining ports. Avoid these cheap switches at all costs, they will only cause you headaches down the road. Certainly avoid the no-name ones that look just like major name brand models, because they are the brand name models which have a problem (or several) and thus are rebadged and sold for cheaper. Even if you can get a warantee replacement when it dies in a few weeks, the replacement will also have a fault.
The best bet for cheap used switches right now is Foundry. There are tons of used Foundry WorkGroupServers on eBay and sitting around used kit warehouses. I've seen people pick them up for under $100. With the latest firmware (i.e. from 2001), they'll do vlans, rate-limiting per port, and can support multiple, simultaneous, 100Mbps streams. Plus they have SNMP support, so you can set up MRTG or cacti and watch how much bandwidth each machine is using.
Don't skimp on the network switch or the cabling, you'll only look bad when it all goes wrong (which Murphy says will be at the worst possible moment, but you know that by now or will learn the hard way soon enough
the AC
I had an afternoon free last week while in Paris, so I dropped into the Apple Expo to see what goodies were on offer. When I stopped by the apple area to look at the Nanos, I noticed they were already fairly scratched, as well as covered in fingerprints. So I cleaned one up with my t-shirt, and the Apple employee just about shit a brick. It seems they were replacing the Nanos every night because by the end of the day, they were too scratched to be useful as demo models. I wasn't particularly rough with the t-shirt, but less than a minute of polishing the front surface left it almost completely frosted. The black Nanos showed the damage much worse than the whites, so I know if I ever get one it will be the white. Both that I polished over the screen were unusable within seconds, though.
the AC
If they just hadn't made that fourth season, Lexx might have made the list. The first season's four movies were great, showing the result of the four creators fleshing out their story, characters, CGI artwork, and background details for over a decade. Every idea they had went into crafting that universe, and it showed. The movies were good enough to get the series picked up for at least two more seasons, but by then they were out of ideas, and the 2nd and 3rd seasons were abyssimal.
To get the series funded they were forced to bring in an investment group from Germany. There was too much interference by their German investors, who insisted on making the characters more into extreme cariactures, putting lots of T&A into every scene, and attempting to be a german star trek rip-off. The Stanley character became too annoying and lost any depth that was present during the movies.
The fourth season was unwatchable, I've only been able to stomach about three of the episodes, and have relied on friend's opinions to keep me well away from the rest. Its what happens when a series has jumped the shark so far they know they have nothing left to lose and just shamelessly stole every movie cliche but forgot to add anything to the process.
the AC
If you just plan on handing someone a default Nessus report
The security industry is filled with people doing this. Its not just a few here and there, it seems like every university computer student is out flogging Nessus reports. Every internet company I know gets at least a few contacts per week from guys flogging their security scanning service. The more socially apt geeks actually call in advance and set up a meeting with someone in the IT or networking group, the hopeless cases just run a Nessus scan, print it out, and then try to meet someone by hanging around IRC channels and selling them the report.
If you were never brought into sales-discussions, you might want to ask yourselves "why not?"
Excellent advice. Geeks aren't sales critters, and sales people should never pretend to be geeks. And neither type are management. The only successful companies have a real business person at the head, hire an accountant to keep the books, a lawyer to review the contracts and answer any judicial questions, and then sales and techies for the grunt work. If the OP is just starting out, the best thing they can do is find a business-savy type to head their company. Just as there are geeks who think they can start their own company with just a couple of years work experience, there are also management trainees who would jump at a chance to play "boss", but they need someone with ideas and skills to do the grunt work.
the AC
I'll go you one better.
I had a client (now ex-client, thankfully) who managed to get a very bad name in the web-hosting industry. Unpaid bills, cheated partners, traded stolen equipment, etc. Decided to start all over again, so he changed the name of his company, and pointed the old DNS entries to an ex-partner's company (or the ex-partner kept them).
A year or so later, in comes some snotty young dutch hac^Wwanna-be security team, to pay him a visit. They point out all the holes in his security, have copies of logs from network management machines, figured out the passwords on the routers, etc. Only problem was that the network wasn't his, but another company's. The other company was not thrilled, and had been cleaning up after all the break-ins and the damage done. So the police were called, but they declined to prosecute after throwing a big scare into the pre-pubescent idiots. I hear a few civil cases are still proceeding against them.
the AC
Also puts EE hat on.
Everything Dave says, and a little more clarification.
My studies many moons ago were on electromigration and bi-metallic corrosion. There are three common types of edge connectors, gold alloys, beryllium-copper alloys, and tin-nickel alloys. Gold and Be-Cu have a golden hue, Sn-Ni look silvery. Putting one type of alloy in contact with another and passing a current through it will lead to an eventual failure of the contact.
When you must clean edge connectors, by all means use kimwipes and IPA (Iso-Propyl Alcohol). If you can get your hands on it, 1,1,1-TFE is the best for stripping off gunk, but its been outlawed because its really bad for the environment.
As a last resort for cleaning connectors, don't use a pink eraser, but a white one. The pink erasers are rubber vulcanised with sulfur compounds, and are quite acidic. Pink erasers also contain a high percentage of abrasive compounds, like pumice, which will tear microscopic channels through the plating and expose the base metal underneath. The sulfur which remains on the contacts will cause more problems 3-6 months down the road than if you left things dirty. Even on gold-plated contacts, the sulfur compounds will get underneath the plating and destroy the metal, and it all disappears. If you suspect someone used a pink eraser on contacts, wipe them with a soapy kimwipe (to neutralise the acids) and rinse clean with IPA.
The white drafting erasers are not a rubber compound, but vinyl, and the most radical (i.e. corrosive or reactive) chemicals are chlorine based. These are much less damaging than a pink eraser. Do yourself a favor and remove all pink erasers from your company, replacing them with white PVC erasers. This will give your repairs a chance of lasting more than 6 months. Of course, you may want to be unethical and have many returns down the road.
the AC
I'm the guy you'll want to impress the most. I decide which data centres are best for my clients to put their equipment and services. I've built ops centres, so I know what goes in them. If you can't impress the extreme techies who will visit, your company is dead. We will not just avoid you, but will divert as much business away from you as possible. You need to make sure TPTB understand an ops centre is a functional business tool first, and a PR tool second.
An ops centre is first and foremost a place for humans to work, it is not a machine room, a laboratory, nor a visitors centre. It must be climate controlled for humans, not machines. It has to be quiet, neat, clean, and comfortable. It also has to be functional. If it doesn't meet all of these mandatory requirements, there is a problem. If the problem is lack of understanding of human nature by PHBs and bean counters, then this will extend to the rest of the infrastructure, and should be avoided.
Lets start with the non-technical bits. Assuming the ops centre will be staffed 24/24, there needs to be a break area immediately adjacent. A kitchen with a big refrigerator, a sink and a dishwasher, real dishes and cutlery, a good microwave. There must be food and drink vending machines at hand. The must be some tables and chairs so people aren't forced to eat at their work stations, and there needs to be a sofa or two, long enough people can stretch out and take a nap. There must be clean modern bathrooms just for the ops staff. The ops centre itself needs to be heated/air conditioned so that it is always comfortable and people can come in from outside, shed their heavy winter clothing, and work in casual t-shirt style. There should be a minimum of fan noise from equipment, enclosures and silent-PC tech should be used wherever possible. If there are windows, there should be adjustable blinds/shades in case of hot sunny days. The ops centre itself needs to be kept clean and tidy. Surfaces should be cleaned on a daily basis, cables should all be hidden away (and labled for easy maintenance). There should be some greenery, and the work areas should not be sterile of personal touches. I expect to see Dilbert and UserFriendly strips taped up, small figurines on monitors, nerf toys, and anything else within reason for keeping the techies relaxed and happy.
For the technical bits, I expect to see modern monitoring software. Cacti, Nagios, HP OpenView, BMC Patrol, custom built web monitoring tools to expose the current state of every part of your company. I expect to see at least two screens at every work station, one for monitoring/control and one for business functions like email, web, irc/IM, listening to podcasts or online radio stations. Techs need to be connected to do their jobs, and it shouldn't interfere with the monitoring functions. Googling bizarre error messages should be considered a normal business practice.
For a layout, it depends on what what your size is, the number of people working simultaneously, and the type of work people do. Large companies covering many regions or the whole world tend to have a layout like the bridge of the Enterprise, with a director in a big swivel chair in the middle, with about three consoles at hand running the MoMs (Manager of Managers, a consolidation function). There will then be groups of work stations around the central point, each cluster for a main function. In the background, on the walls, will be some big screen monitors with useful information, and usually a large schematic of the whole company's operations with red/yellow/green status indicators. Most large sites have a large screen TV tucked in the corner with CNN on the main, and a picture-in-picture tuned to the local news station.
Smaller centres tend to have just a large office area with low cubicles around the edges with everyone facing the same direction. At the far end of the room will be a few large, flat-screen monitors showing overall stats. Everyone has their own little work area, but can communicate with others easily enoug
Most spammers are making money from criminal activities. Turn off your spam filter for a day, and look at the shit that comes in. Illegally obtained presciption medication, pyramid schemes, loan sharking, tax evasion, hardcore pr0n. These are criminals widely broadcasting their activity to the whole world, and occasionally some police and prosecutors get off their fat asses and do something about it.
Occasionally I see a spam from an almost legitimate source, usually a marketing group behind a website where I left a spamtrap address. Its clear they didn't re-sell the address, just got desperate for new sales leads and discovered they had 10's of thousands of email addresses.
But I could handle a few almost legit spams per week, its the 740 per day of pure criminal activity that chokes my systems and causes me to lose hours per month maintaining anti-spam filters. I don't care that there are no effective spamming laws, if the powers that be take down the criminals in a loud and public way, it will have a deterrent on others who think they can advertise their crime spree on our internet.
I would also like to see prosecutors in the U.S. go after some of the people who obtained their narcotics through this spammer, and make headlines of "hard prison time for responding to spam".
the AC
Webhosting is a lot like selling used cars, or amway or other MLM pyramid schemes. There are always new players doing what they can to look like a serious business, and when they get bored or broke they sell what customers they have to the next guy as a starter kit. Those that are slightly successful get other idiots to resell their crap, in the hopes of spreading the responsibility and risk around.
I work around a number of bandwidth resellers. Their most numerous customers are little webhosting companies, quite often dozens in the same data centre. Typically a web hosting or dedicated server company is a teenager, or some young guy starting university, who has heard about how much money is to be made in buying a bunch of cheap servers, renting a rack and some bandwidth. When they go broke, usually towards the end of the school year, they sell the servers and customers on to the next sucker. Often, it is a group of very young guys using many different names for their companies, so as one name gets tarnished, they migrate to the next. When you work in the data centres, you'll see racks stuffed full of mini-PCs, and the name on the rack changes every month or two, but its the same guys and the same equipment. The worst ones have such low margins, their entire network is run from a single linux box which does it all, quagga for routing, web server, DNS (two different IP addresses on the same NIC to pretend they have 2 servers), and when the cheap-o power supply or no-name 10baseT hub fails their whole service is offline until they notice and come out to fix it. They marvel at other companies who can afford a used cisco router or two, but to them its just a luxury they can't afford.
There are a few usenet newsgroups where people discuss that industry, quite a bit of astroturfing goes on, but its usually easy enough to filter out. Some deja-googling can give you an idea if your server hosting company has been around for a while, and how they respond to problems. Other than working in the hosting industry for a while and picking up the trade gossip, there really isn't much honest information out there.
If you are in the region where the hosting company operates, ask to see their setup. If they have 75 machines crammed into a 42U rack with some cheap-ass no-name switches wedged in the sides, you'll have nothing but problems. If they have real networking equipment and a staffed NOC, you'll probably be a lot happier. Check their website, real companies have real no problem showing off the structure of their network, real-time traffic graphs, status reports and notices of planned work, and forums where customers can discuss problems. Companies you want to avoid have just a few static pages with an email address, bonus points if its a hotmail account.
the AC
You are a troll, since you obviously don't know what you are typing about. But as I just returned from Sweden, I'll feed the troll in order to enlighten others about your pathetic rant.
/. still takes 4 seconds to start loading, no matter what your bandwidth is.
The term is symetric, not synchronous. When brodbandsgolet.se offers 100 Mbps symetric, its delivered on fibre to the household. It is not a DSL or cable technology. It is expensive, and only available in bigger cities in Sweden.
10Gig interconnects are quite common in the data centres where the xDSL and cable and fibre headends terminate. A broadband provider may oversubscribe 10:1 or 15:1, but the traffic only starts to get congested in the evenings when you get all the home subscribers firing up their shiny powerful macintoshes and PCs. You really need to have a dozen or more PCs on your home 100Mbps line before you can really start to achieve those levels of constant traffic. There are problems with TCP windows, and round trip delay which keep a PC from using too much bandwidth. Pulling content from the US is always slow, but within the nordic counties and northern Europe, web browsing is fantastically fast.
the AC
Then you certainly don't want to look at offerings in the Benelux and France, where EUR30/month will get you 20Mbps down, 2 up. I have clients working on 50Mbps and higher xDSL rollouts over the next year, but those will be targeted at professional use (meaning no restrictions on servers or use, except for spamming clauses) for about 60-100 euros/month.
the AC
It means there is one less windoze machine infecting our internet. I consider this a good thing.
The only thing better would be to change the security switch on that machine from [I]nsecure to [O]versecure, which will change your machines threat level from blue (panic) to black(get a life). Typically the security switch is found on the back of the computer. Flip it. Go outside, enjoy the day.
the AC
Going to follow my own advice now
I'd recommend an OpenBSD solution, more for the elegance of pf's route-to command for load balancing incoming and outgoing connections. CARP is good for multiple machines acting as a single gateway, but not for one machine with multiple links. Route-to is what I use for simple multi-provider load balancing installations, where one provider offers a small netblock (typically a /27 or /28), and the other providers are just ADSL/Cable with a single static IP address. BSD also offers OpenOSPF, so you can quickly failover if a link goes down.
/24 netblock and an AS number. Then you would have to find two or more providers willing to provide full BGP feeds, but it isn't all that difficult (well, maybe in backwards ARIN countries :-). They should also consider putting their important internet facing servers (web, mail relay) in a dedicated hosting centre, probably much cheaper than keeping the boxes physically on your premises.
You can achieve similar results with Linux and multiple route tables, but your failover will not be as instantaneous as you might hope. The patches will help, but multiply weighted routes, NAT, and IPtables makes troubleshooting and maintenance a nightmare.
If your company really, truly, wanted a reliable internet connection, they would invest in the time and effort to obtain a
the AC
I understand the extreme paranoia of a firewall admin, especially if there are large numbers of windoze machines on her network. There may be a touch of tin-foil hat syndrome from rumours that windoze machines report activation codes encoded in SNTP requests to time.windows.com. If you are on a government network, then some security dudes have already demo'd tunneling secret info over NTP UDP packets, resulting in your properly locked down windoze network. There really is no reason a windoze machine needs to get its time from the internet, when a local time server will do.
.05 seconds, and after a few weeks of running will probably settle down to .02 seconds with little drift. If you can spend more and get a GPS with a pulse per second output, you can get 1 microsecond accuracy. If your department has $500 extra in the budget, and you don't want the hassle of setting up a *nix box and GPS, there are GPS based NTP servers out there.
There probably is an NTP service on the internal network. Start by asking around if there is an alternative you can use on the inside of the firewall. Try pointing your NTP client at the default router on your segment, and see what happens. Do a traceroute towards the internet, and see if NTP is present on any of the hops before the firewall.
If one sets up an internal NTP server (Windows XP or 2000 workstation)
One note about XP or 2K machines as NTP servers. Windows clocks are accurate to only 10 milliSeconds, and no amount of tweaking will improve that. Save yourself the headache and set up a *nix machine, where clock increments are usually between 2 mSec and 500 nanoSec.
If you have no NTP inside the firewall, you can always pick up a cheap GPS unit with a serial NMEA connector, or if you are in the US, a CDMA timebase. Plug it into a *nix based machine, compile the latest NTPv4 code, and read the docs about setting up a generic NMEA driver. Now you've got a machine accurate to about
Its probably easier and cheaper to ask the network admins to enable an NTP server on a router.
the AC
I hereby table a motion for all slashdotters to put up a few dollars to buy places for some slashdot editors.
/.ers want to see duplicate postings again, we'll buy them the return ticket. Right?
When we have enough money, we buy Zonk and Timothy the outbound ticket.
Later, when
I think this is a great way to say thanks for all the brilliant, careful and thoughtful work they have put into the site lately.
the AC