swinog September 2009

swinog@lists.swinog.ch

31 participants
34 discussions

Switzerlandwide Internet problem
by Michele Capobianco 16 Jul '23

16 Jul '23

Hey all A friend just told me that Cybernet told him there is a Switzerlandwide Internet Problem. Does anybody know something? Cheers Michele -------- Online Consulting AG, Michele Capobianco, System Administrator, Weststrasse 38, CH-9500 Wil Phone +41 (0)71 913 31 31, Fax +41 (0)71 913 31 32 http://www.online.ch, michele.capobianco(a)online.ch<mailto:michele.capobianco@online.ch> --------

8 7

Junior networks engineer
by lists＠rebert.name 25 Sep '09

25 Sep '09

Hi, I am looking for a job as a Networks & Systems engineer or as Networks engineer. I have done several work placements in Switzerland, Germany, France and in the UK. Please find my english C.V. on http://www.luc.rebert.name . I am available for an interview in order to speak about my skills and experience. Yours faithfully, Luc Rebert http://www.luc.rebert.name

1 0

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 24 Sep '09

24 Sep '09

Hallo Andreas Besten Dank für die Infos. Wir sind gerade selber mit EBM wegen einer Lösung am schauen. Mal schauen was dabei rauskommt. Grüsse Parick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** Von: Andreas Fink [mailto:afink@list.fink.org] Gesendet: Mittwoch, 23. September 2009 15:04 An: Patrick Studer Betreff: Re: [swinog] Full BGP Routing Router Requirements off the list. On 23.09.2009, at 13:41, Patrick Studer wrote: Hallo Andreas Wenn ich Dich richtig verstehe, dann plant Ihr ein Darkfiber zwischen EBM und ColoBâle. Von dort würde es dann weiter zur IWB gehen, richtig? Nicht wirklich. Wir haben heut EBM-IWB in Betrieb da unsere Internet Verbindung noch im IWB dran ist. Wie wären den die Preise für eine 100 Mbit/s Verbindung von EBM zum SwissIX IWB? EBM zu SwissIX können wir günstig abgeben weil wir selber schon 1Gbps EBM->SwissIX haben. Ich muss mal die Preise raussuchen was uns EBM verrechnet für die Verbindung und dann umrechnen. Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf --------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas(a)fink.org www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1(a)gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333 http://a-fink.blogspot.com/

1 0

Looking for a DSL access lines analysis tool
by Stanislav Sinyagin 24 Sep '09

24 Sep '09

hi all, I'm looking for an existing software tool for DSL access lines analysis. For hundreds or thousands of DSLAMs, it would periodically collect the copper line performance data and store it in a database. Then it would generate various reports for marketing, management and engineering teams. If you know such a product, please contact me off-list. thanks, stan

1 0

Re: [swinog] Security appliance advice
by Simon Leins 24 Sep '09

24 Sep '09

Hi all, Thank you for your kind advice and replies. To take in order things, I don't need to filter my spam any further. The front Exim server with some good RBLs and SA behing is very accurate for me and yes, costs time to maintain but works fine (by the way thanks to ImproWare if you follow the list for their great addons you freely offer). As for other, I was thinking about ASA, SSG and Fortigate appliance, however as mentioned all have their pros and cons and I just dislike the license model of these vendors (I have no clue about Juniper license model, but I can guess it is no different, but Cisco and Fortinet makes the appliance for a fair price and when you add features you pay your appliance thrice it's price. Both are a bit pricey, but I keep them as option. For other advices, I already run some security measures. I run PHP thru suPHP, have PHP compiled with some patches and have a very restrictive php.ini file filed to forbid a maximum of actions. Fortunately, we do not run ugly code (I am thinking of Joomla stuffs), have noexec partitions, right file permissions and limited people to upload stuffs. I have as well some mods to Apache (mod_cband, mod_security2, mod_evasive) and signature and tokens of Apache/PHP all set to off. I have also done some basic tuning of sysctl to make sure it is suitable to my needs. The boxes are pretty clean. and we have even take the luxurious measure to run an anti-virus scan once a week (using AVG). I've received an offline email for appliances based on BSD and running some x86 hardware and that is actually the way I was thinking to go. Tim was speaking about pfSense and I was pretty much looking in that direction, only it is not easy to benchmark these systems vs asa vs ssg vs fortigate. I was also thinking of a stripped-down BSD/Linux box and using fwbuilder which runs on Linux, Windows and Mac, so about all most spread OSes. Point is that I am very undecided what direction to adapt. I would feel 'safer' using an appliance built on purpose for that, but when you think ahead that, they probably rely in some ways on BSD/Linux and some ASIC hardware, so at the end they are not that better (maybe when you push a lot of traffic to them, but the vendors figures are likely just sales figures, they mention throughput, but not the packet size and type used for the benchmark, also no vendor mentioned in their nice PDF files the PPS they are able to handle). Feeling lost I am probably going to benchmark them myself, probably and ASA vs an Intel BSD. Just wondering how you guys did your benchmark? Anybody got a tiny benchmark hints? I guess you most went with nmap, iperf and hping tools. However, I am still interested to get your trial and evaluation methods if you can advice or your thoughts on BSD vs Cisco. Thanks again all for your spontanous help and tips, very much appreciate. Cheers. Simon 2009/9/16 Tim Jansen <Tim.Jansen(a)macd.com> > > Hi Simon, > maybe you are interested in a very good open source firewall system if so > you should > hold an eye to pfsense. > > It has a lot of features and the management is quite easy if you know what > you want. > It includes snort and many other features and the documentation is also > very well > with many howtos - for example for the clustering or any other examples how > to > set up pfsense. > > Maybe this is an alternative against the expensive Cisco and Juniper > models. You only > need a box with enough CPU power and network cards. > > MFG, Tim > > Simon Leins wrote: > > Dear fellows, > > > > I currently look after a security solution for my company. I know that I > > will not get many answers from the list, as security is pretty much the > > secret recipie of all network operators. > > > > However, I better try to send a post here and see what feedbacks I can > > get, so let’s get started. > > > > I run a farm of 15 servers, all running RedHat Linux 5 x64. These > > servers are mainly webhosting orientated, they handle website files, > > database and emails. The network is multihomed and with a capacity of 3 > > x 100 Mbit. We currently don’t have any kind of security, nor a firewall > > appliance (yes, I know shame on me). > > > > At this point, I am looking at a cost-effective solution. I have checked > > around for commercial solutions and have found Cisco and Juniper to be > > my options. > > > > I must admit that I am not convinced at all by these brands and would > > fell pretty ashamed to have a Cisco ASA toy in my rack. As for Juniper, > > it seems that the boxes are a bit overpriced for my single-featured IT > > department and would kill my yearly poor budget. > > > > I use to see some dirty forged packets hiting the servers. They never > > took a server down, nor made them fill up the memory, but I consider I > > could see some „dos“ or even non-bot size „ddos“ attacks. Another point > > is that I must have a firewall that is transparent. Some servers > > requires to have public IP (for dumb license reasons). > > > > What would you advice? Is BSD/Linux with a multi-gig port a good option > > to consider? What firewall do you advice? How do you clean ddos? > > > > Looking forward to reading all answers. > > > > Regards. > > > > - Simon > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > swinog mailing list > > swinog(a)lists.swinog.ch > > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > -- > Tim-Oliver Jansen > http://www.macd.com Tel.: +49 (0)241 44597-16 > Macdonald Associates GmbH Geschäftsführer: George Macdonald > Oppenhoffallee 103, D-52066 Aachen Amtsgericht Aachen, HRB 8151, Ust.-Id > DE813021663 >

2 2

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 23 Sep '09

23 Sep '09

Hallo Andreas Wenn ich Dich richtig verstehe, dann plant Ihr ein Darkfiber zwischen EBM und ColoBâle. Von dort würde es dann weiter zur IWB gehen, richtig? Wie wären den die Preise für eine 100 Mbit/s Verbindung von EBM zum SwissIX IWB? Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** Von: Andreas Fink [mailto:afink@list.fink.org] Gesendet: Montag, 21. September 2009 13:37 An: Patrick Studer Betreff: Re: [swinog] Full BGP Routing Router Requirements Hallo Patrick, Wir könnten eventuell Transit zu SwissIX von EBM bieten da wir ne Darkfiber zu ColoBâle planen. Unsere derzeitige SwissIX Anbindung geht allerdings noch via IWB. On 21.09.2009, at 10:54, Patrick Studer wrote: Hallo Daniel Naja, zur Zeit stehen EBM, IWB und ColoBâle zur Auswahl. Wobei es bei EBM noch ein Link zur IWB benötigt, um sich an SwissIX anzuhängen. Habt Ihr schon Preise für den Link nach Zürich? Von wo aus wäre der Link von IWB oder von Colobâle? Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Daniel Aubry [mailto:obri@chaostreff.ch] Gesendet: Samstag, 19. September 2009 15:07 An: Patrick Studer Betreff: Re: [swinog] Full BGP Routing Router Requirements On Fri, 18 Sep 2009 09:47:00 +0200 Patrick Studer <p.studer(a)x-netconsulting.ch> wrote: Hallo Patrick, Habe mir aufgrund Deines Hinweises mal die Website und die Preise angesehen. Wenn ich das zusammenrechne und den Umstand dazu nehme, dass ich noch extra für den Strom zahlen muss und an ISP keine grosse Auswahl besteht, dann ist die Colo nicht so interessant, wie die Angebote von anderen Anbietern. Wo willst Du denn sonst hin in Basel? Ich möchte dich einfach warnen, die SwissIX Anbindung von der IWB in Basel ist nicht optimal. Wir haben sämtliche Peerings mit SwissIX Teilnehmern die nicht direkt in Basel sind abgeschaltet. Die Probleme gibts seit dem die Switch im Equinix-1 durch eine 10gbit Switch ersetzt wurde. Scheinbar gehen da öfters mal Pakete verloren bei der Umsetzung zwischen 10G und 100mbit. Warscheinlich werden wir von der IWB aus selber eine Leitung ins Interxion mieten damit wir wieder ohne 3-25% Packetloss peeren können. Grüsse Daniel _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf --------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas(a)fink.org www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1(a)gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333 http://a-fink.blogspot.com/

1 0

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 23 Sep '09

23 Sep '09

Hi Reza Please note, that we will currently use less (around 5 Mbit/s) for Upstream, which will growing in the next month/year to 10-20 Mbit/s. So currently, we are "far" away from 100 Mbit/s and for that reason, we think, that a 38xx or 7xxx system will be good enogh for the moment. But thank you anyway for you input. Kind Regards Patrick Studer ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Reza Kordi [mailto:Reza.Kordi@clue.ch] Gesendet: Dienstag, 22. September 2009 12:48 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements Hi Patrick If you are planning full tables and want to grow to +100Mbps don't take 28xx platform. What is neat is ASR1002 I tested it and recommend it. They have a 2.5G box now that is also well prices. Cheers, Reza -----Original Message----- From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer Sent: Donnerstag, 17. September 2009 11:17 To: 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: Re: [swinog] Full BGP Routing Router Requirements Hi Pascale That's an answer I was looking for. Some more questions. Why you suggest the SP Service IOS? What's about the 3825/45 Series? Would that be the "golden middle way"? Will this box give us a little more capacity, so there is little bit of air for the router, or is the only way to go for a 2851 or a 7xxx System? Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Pascal Gloor [mailto:pascal.gloor@spale.com] Gesendet: Donnerstag, 17. September 2009 10:41 An: studer.patrick(a)gmx.ch Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements Hi Patrick, > The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s > burstable service with an additional link to SwissIX where we want to > do some privat peerings. > > In a second step, we will add a second or a third upstream with about > the same speeds as the first connection. All connection should be done > by normal Ethernet connection. As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps). If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh. This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps. If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited. For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy). But this might be just a little bit too expensive... Cheers, Pascal _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

1 0

SMTP blocked by Swisscom
by Mike Kellenberger 22 Sep '09

22 Sep '09

Anybody from swisscom mail support reading this? We are sending quite a few daily reminder-mails from a few of our web applications on behalf of our customers and regularly get temporarily blocked by the swisscom mail server with a simple "421 4.7.0 mail.swisscom.com closing connection". Is there a way to get whitelisted (at least for the recipient domains where we need to send these amount of mails)? Cheers, Mike -- Mike Kellenberger mike.kellenberger(a)escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork

3 2

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 21 Sep '09

21 Sep '09

Hallo Daniel Naja, zur Zeit stehen EBM, IWB und ColoBâle zur Auswahl. Wobei es bei EBM noch ein Link zur IWB benötigt, um sich an SwissIX anzuhängen. Habt Ihr schon Preise für den Link nach Zürich? Von wo aus wäre der Link von IWB oder von Colobâle? Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Daniel Aubry [mailto:obri@chaostreff.ch] Gesendet: Samstag, 19. September 2009 15:07 An: Patrick Studer Betreff: Re: [swinog] Full BGP Routing Router Requirements On Fri, 18 Sep 2009 09:47:00 +0200 Patrick Studer <p.studer(a)x-netconsulting.ch> wrote: Hallo Patrick, > Habe mir aufgrund Deines Hinweises mal die Website und die Preise > angesehen. Wenn ich das zusammenrechne und den Umstand dazu nehme, > dass ich noch extra für den Strom zahlen muss und an ISP keine grosse > Auswahl besteht, dann ist die Colo nicht so interessant, wie die > Angebote von anderen Anbietern. Wo willst Du denn sonst hin in Basel? Ich möchte dich einfach warnen, die SwissIX Anbindung von der IWB in Basel ist nicht optimal. Wir haben sämtliche Peerings mit SwissIX Teilnehmern die nicht direkt in Basel sind abgeschaltet. Die Probleme gibts seit dem die Switch im Equinix-1 durch eine 10gbit Switch ersetzt wurde. Scheinbar gehen da öfters mal Pakete verloren bei der Umsetzung zwischen 10G und 100mbit. Warscheinlich werden wir von der IWB aus selber eine Leitung ins Interxion mieten damit wir wieder ohne 3-25% Packetloss peeren können. Grüsse Daniel

1 0

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 18 Sep '09

18 Sep '09

Hi Bernd Thanks for your thoughts. Since the Rackspace is already limited, the 7201 or the 3825 will be a good solutions for us, since the only take 1 or 2 RU. I hope, that we don't will have to match ddos attacks (we wasn't attacked within the last 5 years), so hopefully, that isn't the point for us in the moment. So we can start with one of this two boxes. And if we are growing and perhaps will have multiple racks, we can invest then in a ddos proved solutions. Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at] Gesendet: Donnerstag, 17. September 2009 20:15 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements yes - its a good box - but think that a new one will cost about 8000 euro for this money you get a lot of used boxes who do routing in hardware the 7201 and 3825 plattform are cpu driven - both will not survive a ddos - if you have luck the 7201 will - but if you have too much services this box is also dead compare the mbps of the 7201 g2 with the sup32 or sup720 bernd -----Original Message----- From: Patrick Studer [mailto:p.studer@x-netconsulting.ch] Sent: Thursday, September 17, 2009 6:15 PM To: Bernd SPIESS Cc: 'swinog(a)lists.swinog.ch' Subject: AW: [swinog] Full BGP Routing Router Requirements Thanks Bernd. As you perhaps has seen, we are now thinking about a 3825 or 7201. We think both will do the job, but the 7201 will have more power. Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at] Gesendet: Donnerstag, 17. September 2009 14:02 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements ipv6 is running fine also on 28 plattform asn32 - no practical info from our side - we ignored this until now :-) maybe you start here: http://www.swissix.ch/asn32/doku.php -----Original Message----- From: Patrick Studer [mailto:p.studer@x-netconsulting.ch] Sent: Thursday, September 17, 2009 1:39 PM To: Bernd SPIESS; 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: AW: [swinog] Full BGP Routing Router Requirements Thanks for the link to the Router performance sheet. Do you see perhaps also some impacts about the new as-numbers or ipv6 for any of the smaller solutions (28xx, 38xx)? Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Bernd SPIESS Gesendet: Donnerstag, 17. September 2009 11:43 An: 'Patrick Studer'; 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements see here: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/router… 3725 = 179 mbit 3745 = 256 mbit (best case calculated with 64 byte paket size) you have to basicaly decide if you want a cpu driven box (28*, 38*, NPE-G1/G2) or a hardware driven box (sup32, sup720, c-120**) in the first case you have to primary look for the cpu performance - in the second case you have to look primary for hardware prefix puffer (256.000 prefixes versus 1 mio) lg bernd -----Original Message----- From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer Sent: Thursday, September 17, 2009 11:17 AM To: 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: Re: [swinog] Full BGP Routing Router Requirements Hi Pascale That's an answer I was looking for. Some more questions. Why you suggest the SP Service IOS? What's about the 3825/45 Series? Would that be the "golden middle way"? Will this box give us a little more capacity, so there is little bit of air for the router, or is the only way to go for a 2851 or a 7xxx System? Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Pascal Gloor [mailto:pascal.gloor@spale.com] Gesendet: Donnerstag, 17. September 2009 10:41 An: studer.patrick(a)gmx.ch Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements Hi Patrick, > The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s > burstable service with an additional link to SwissIX where we want to > do some privat peerings. > > In a second step, we will add a second or a third upstream with about > the same speeds as the first connection. All connection should be done > by normal Ethernet connection. As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps). If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh. This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps. If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited. For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy). But this might be just a little bit too expensive... Cheers, Pascal _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

3 6

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog September 2009