swinog

swinog@lists.swinog.ch

1 participants
2934 discussions

Looking for a DSL access lines analysis tool
by Stanislav Sinyagin 24 Sep '09

24 Sep '09

hi all, I'm looking for an existing software tool for DSL access lines analysis. For hundreds or thousands of DSLAMs, it would periodically collect the copper line performance data and store it in a database. Then it would generate various reports for marketing, management and engineering teams. If you know such a product, please contact me off-list. thanks, stan

1 0

Re: [swinog] Security appliance advice
by Simon Leins 24 Sep '09

24 Sep '09

Hi all, Thank you for your kind advice and replies. To take in order things, I don't need to filter my spam any further. The front Exim server with some good RBLs and SA behing is very accurate for me and yes, costs time to maintain but works fine (by the way thanks to ImproWare if you follow the list for their great addons you freely offer). As for other, I was thinking about ASA, SSG and Fortigate appliance, however as mentioned all have their pros and cons and I just dislike the license model of these vendors (I have no clue about Juniper license model, but I can guess it is no different, but Cisco and Fortinet makes the appliance for a fair price and when you add features you pay your appliance thrice it's price. Both are a bit pricey, but I keep them as option. For other advices, I already run some security measures. I run PHP thru suPHP, have PHP compiled with some patches and have a very restrictive php.ini file filed to forbid a maximum of actions. Fortunately, we do not run ugly code (I am thinking of Joomla stuffs), have noexec partitions, right file permissions and limited people to upload stuffs. I have as well some mods to Apache (mod_cband, mod_security2, mod_evasive) and signature and tokens of Apache/PHP all set to off. I have also done some basic tuning of sysctl to make sure it is suitable to my needs. The boxes are pretty clean. and we have even take the luxurious measure to run an anti-virus scan once a week (using AVG). I've received an offline email for appliances based on BSD and running some x86 hardware and that is actually the way I was thinking to go. Tim was speaking about pfSense and I was pretty much looking in that direction, only it is not easy to benchmark these systems vs asa vs ssg vs fortigate. I was also thinking of a stripped-down BSD/Linux box and using fwbuilder which runs on Linux, Windows and Mac, so about all most spread OSes. Point is that I am very undecided what direction to adapt. I would feel 'safer' using an appliance built on purpose for that, but when you think ahead that, they probably rely in some ways on BSD/Linux and some ASIC hardware, so at the end they are not that better (maybe when you push a lot of traffic to them, but the vendors figures are likely just sales figures, they mention throughput, but not the packet size and type used for the benchmark, also no vendor mentioned in their nice PDF files the PPS they are able to handle). Feeling lost I am probably going to benchmark them myself, probably and ASA vs an Intel BSD. Just wondering how you guys did your benchmark? Anybody got a tiny benchmark hints? I guess you most went with nmap, iperf and hping tools. However, I am still interested to get your trial and evaluation methods if you can advice or your thoughts on BSD vs Cisco. Thanks again all for your spontanous help and tips, very much appreciate. Cheers. Simon 2009/9/16 Tim Jansen <Tim.Jansen(a)macd.com> > > Hi Simon, > maybe you are interested in a very good open source firewall system if so > you should > hold an eye to pfsense. > > It has a lot of features and the management is quite easy if you know what > you want. > It includes snort and many other features and the documentation is also > very well > with many howtos - for example for the clustering or any other examples how > to > set up pfsense. > > Maybe this is an alternative against the expensive Cisco and Juniper > models. You only > need a box with enough CPU power and network cards. > > MFG, Tim > > Simon Leins wrote: > > Dear fellows, > > > > I currently look after a security solution for my company. I know that I > > will not get many answers from the list, as security is pretty much the > > secret recipie of all network operators. > > > > However, I better try to send a post here and see what feedbacks I can > > get, so let’s get started. > > > > I run a farm of 15 servers, all running RedHat Linux 5 x64. These > > servers are mainly webhosting orientated, they handle website files, > > database and emails. The network is multihomed and with a capacity of 3 > > x 100 Mbit. We currently don’t have any kind of security, nor a firewall > > appliance (yes, I know shame on me). > > > > At this point, I am looking at a cost-effective solution. I have checked > > around for commercial solutions and have found Cisco and Juniper to be > > my options. > > > > I must admit that I am not convinced at all by these brands and would > > fell pretty ashamed to have a Cisco ASA toy in my rack. As for Juniper, > > it seems that the boxes are a bit overpriced for my single-featured IT > > department and would kill my yearly poor budget. > > > > I use to see some dirty forged packets hiting the servers. They never > > took a server down, nor made them fill up the memory, but I consider I > > could see some „dos“ or even non-bot size „ddos“ attacks. Another point > > is that I must have a firewall that is transparent. Some servers > > requires to have public IP (for dumb license reasons). > > > > What would you advice? Is BSD/Linux with a multi-gig port a good option > > to consider? What firewall do you advice? How do you clean ddos? > > > > Looking forward to reading all answers. > > > > Regards. > > > > - Simon > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > swinog mailing list > > swinog(a)lists.swinog.ch > > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > -- > Tim-Oliver Jansen > http://www.macd.com Tel.: +49 (0)241 44597-16 > Macdonald Associates GmbH Geschäftsführer: George Macdonald > Oppenhoffallee 103, D-52066 Aachen Amtsgericht Aachen, HRB 8151, Ust.-Id > DE813021663 >

2 2

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 23 Sep '09

23 Sep '09

Hallo Andreas Wenn ich Dich richtig verstehe, dann plant Ihr ein Darkfiber zwischen EBM und ColoBâle. Von dort würde es dann weiter zur IWB gehen, richtig? Wie wären den die Preise für eine 100 Mbit/s Verbindung von EBM zum SwissIX IWB? Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** Von: Andreas Fink [mailto:afink@list.fink.org] Gesendet: Montag, 21. September 2009 13:37 An: Patrick Studer Betreff: Re: [swinog] Full BGP Routing Router Requirements Hallo Patrick, Wir könnten eventuell Transit zu SwissIX von EBM bieten da wir ne Darkfiber zu ColoBâle planen. Unsere derzeitige SwissIX Anbindung geht allerdings noch via IWB. On 21.09.2009, at 10:54, Patrick Studer wrote: Hallo Daniel Naja, zur Zeit stehen EBM, IWB und ColoBâle zur Auswahl. Wobei es bei EBM noch ein Link zur IWB benötigt, um sich an SwissIX anzuhängen. Habt Ihr schon Preise für den Link nach Zürich? Von wo aus wäre der Link von IWB oder von Colobâle? Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Daniel Aubry [mailto:obri@chaostreff.ch] Gesendet: Samstag, 19. September 2009 15:07 An: Patrick Studer Betreff: Re: [swinog] Full BGP Routing Router Requirements On Fri, 18 Sep 2009 09:47:00 +0200 Patrick Studer <p.studer(a)x-netconsulting.ch> wrote: Hallo Patrick, Habe mir aufgrund Deines Hinweises mal die Website und die Preise angesehen. Wenn ich das zusammenrechne und den Umstand dazu nehme, dass ich noch extra für den Strom zahlen muss und an ISP keine grosse Auswahl besteht, dann ist die Colo nicht so interessant, wie die Angebote von anderen Anbietern. Wo willst Du denn sonst hin in Basel? Ich möchte dich einfach warnen, die SwissIX Anbindung von der IWB in Basel ist nicht optimal. Wir haben sämtliche Peerings mit SwissIX Teilnehmern die nicht direkt in Basel sind abgeschaltet. Die Probleme gibts seit dem die Switch im Equinix-1 durch eine 10gbit Switch ersetzt wurde. Scheinbar gehen da öfters mal Pakete verloren bei der Umsetzung zwischen 10G und 100mbit. Warscheinlich werden wir von der IWB aus selber eine Leitung ins Interxion mieten damit wir wieder ohne 3-25% Packetloss peeren können. Grüsse Daniel _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf --------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas(a)fink.org www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1(a)gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333 http://a-fink.blogspot.com/

1 0

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 23 Sep '09

23 Sep '09

Hi Reza Please note, that we will currently use less (around 5 Mbit/s) for Upstream, which will growing in the next month/year to 10-20 Mbit/s. So currently, we are "far" away from 100 Mbit/s and for that reason, we think, that a 38xx or 7xxx system will be good enogh for the moment. But thank you anyway for you input. Kind Regards Patrick Studer ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Reza Kordi [mailto:Reza.Kordi@clue.ch] Gesendet: Dienstag, 22. September 2009 12:48 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements Hi Patrick If you are planning full tables and want to grow to +100Mbps don't take 28xx platform. What is neat is ASR1002 I tested it and recommend it. They have a 2.5G box now that is also well prices. Cheers, Reza -----Original Message----- From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer Sent: Donnerstag, 17. September 2009 11:17 To: 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: Re: [swinog] Full BGP Routing Router Requirements Hi Pascale That's an answer I was looking for. Some more questions. Why you suggest the SP Service IOS? What's about the 3825/45 Series? Would that be the "golden middle way"? Will this box give us a little more capacity, so there is little bit of air for the router, or is the only way to go for a 2851 or a 7xxx System? Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Pascal Gloor [mailto:pascal.gloor@spale.com] Gesendet: Donnerstag, 17. September 2009 10:41 An: studer.patrick(a)gmx.ch Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements Hi Patrick, > The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s > burstable service with an additional link to SwissIX where we want to > do some privat peerings. > > In a second step, we will add a second or a third upstream with about > the same speeds as the first connection. All connection should be done > by normal Ethernet connection. As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps). If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh. This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps. If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited. For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy). But this might be just a little bit too expensive... Cheers, Pascal _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

1 0

SMTP blocked by Swisscom
by Mike Kellenberger 22 Sep '09

22 Sep '09

Anybody from swisscom mail support reading this? We are sending quite a few daily reminder-mails from a few of our web applications on behalf of our customers and regularly get temporarily blocked by the swisscom mail server with a simple "421 4.7.0 mail.swisscom.com closing connection". Is there a way to get whitelisted (at least for the recipient domains where we need to send these amount of mails)? Cheers, Mike -- Mike Kellenberger mike.kellenberger(a)escapenet.ch Escapenet - the Web Company Tel +41 52 235 0700 http://www.escapenet.ch Skype mikek70atwork

3 2

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 21 Sep '09

21 Sep '09

Hallo Daniel Naja, zur Zeit stehen EBM, IWB und ColoBâle zur Auswahl. Wobei es bei EBM noch ein Link zur IWB benötigt, um sich an SwissIX anzuhängen. Habt Ihr schon Preise für den Link nach Zürich? Von wo aus wäre der Link von IWB oder von Colobâle? Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Daniel Aubry [mailto:obri@chaostreff.ch] Gesendet: Samstag, 19. September 2009 15:07 An: Patrick Studer Betreff: Re: [swinog] Full BGP Routing Router Requirements On Fri, 18 Sep 2009 09:47:00 +0200 Patrick Studer <p.studer(a)x-netconsulting.ch> wrote: Hallo Patrick, > Habe mir aufgrund Deines Hinweises mal die Website und die Preise > angesehen. Wenn ich das zusammenrechne und den Umstand dazu nehme, > dass ich noch extra für den Strom zahlen muss und an ISP keine grosse > Auswahl besteht, dann ist die Colo nicht so interessant, wie die > Angebote von anderen Anbietern. Wo willst Du denn sonst hin in Basel? Ich möchte dich einfach warnen, die SwissIX Anbindung von der IWB in Basel ist nicht optimal. Wir haben sämtliche Peerings mit SwissIX Teilnehmern die nicht direkt in Basel sind abgeschaltet. Die Probleme gibts seit dem die Switch im Equinix-1 durch eine 10gbit Switch ersetzt wurde. Scheinbar gehen da öfters mal Pakete verloren bei der Umsetzung zwischen 10G und 100mbit. Warscheinlich werden wir von der IWB aus selber eine Leitung ins Interxion mieten damit wir wieder ohne 3-25% Packetloss peeren können. Grüsse Daniel

1 0

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 18 Sep '09

18 Sep '09

Hi Bernd Thanks for your thoughts. Since the Rackspace is already limited, the 7201 or the 3825 will be a good solutions for us, since the only take 1 or 2 RU. I hope, that we don't will have to match ddos attacks (we wasn't attacked within the last 5 years), so hopefully, that isn't the point for us in the moment. So we can start with one of this two boxes. And if we are growing and perhaps will have multiple racks, we can invest then in a ddos proved solutions. Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at] Gesendet: Donnerstag, 17. September 2009 20:15 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements yes - its a good box - but think that a new one will cost about 8000 euro for this money you get a lot of used boxes who do routing in hardware the 7201 and 3825 plattform are cpu driven - both will not survive a ddos - if you have luck the 7201 will - but if you have too much services this box is also dead compare the mbps of the 7201 g2 with the sup32 or sup720 bernd -----Original Message----- From: Patrick Studer [mailto:p.studer@x-netconsulting.ch] Sent: Thursday, September 17, 2009 6:15 PM To: Bernd SPIESS Cc: 'swinog(a)lists.swinog.ch' Subject: AW: [swinog] Full BGP Routing Router Requirements Thanks Bernd. As you perhaps has seen, we are now thinking about a 3825 or 7201. We think both will do the job, but the 7201 will have more power. Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at] Gesendet: Donnerstag, 17. September 2009 14:02 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements ipv6 is running fine also on 28 plattform asn32 - no practical info from our side - we ignored this until now :-) maybe you start here: http://www.swissix.ch/asn32/doku.php -----Original Message----- From: Patrick Studer [mailto:p.studer@x-netconsulting.ch] Sent: Thursday, September 17, 2009 1:39 PM To: Bernd SPIESS; 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: AW: [swinog] Full BGP Routing Router Requirements Thanks for the link to the Router performance sheet. Do you see perhaps also some impacts about the new as-numbers or ipv6 for any of the smaller solutions (28xx, 38xx)? Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Bernd SPIESS Gesendet: Donnerstag, 17. September 2009 11:43 An: 'Patrick Studer'; 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements see here: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/router… 3725 = 179 mbit 3745 = 256 mbit (best case calculated with 64 byte paket size) you have to basicaly decide if you want a cpu driven box (28*, 38*, NPE-G1/G2) or a hardware driven box (sup32, sup720, c-120**) in the first case you have to primary look for the cpu performance - in the second case you have to look primary for hardware prefix puffer (256.000 prefixes versus 1 mio) lg bernd -----Original Message----- From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer Sent: Thursday, September 17, 2009 11:17 AM To: 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: Re: [swinog] Full BGP Routing Router Requirements Hi Pascale That's an answer I was looking for. Some more questions. Why you suggest the SP Service IOS? What's about the 3825/45 Series? Would that be the "golden middle way"? Will this box give us a little more capacity, so there is little bit of air for the router, or is the only way to go for a 2851 or a 7xxx System? Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Pascal Gloor [mailto:pascal.gloor@spale.com] Gesendet: Donnerstag, 17. September 2009 10:41 An: studer.patrick(a)gmx.ch Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements Hi Patrick, > The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s > burstable service with an additional link to SwissIX where we want to > do some privat peerings. > > In a second step, we will add a second or a third upstream with about > the same speeds as the first connection. All connection should be done > by normal Ethernet connection. As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps). If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh. This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps. If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited. For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy). But this might be just a little bit too expensive... Cheers, Pascal _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

3 6

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 18 Sep '09

18 Sep '09

Ciao Reto Habe mir aufgrund Deines Hinweises mal die Website und die Preise angesehen. Wenn ich das zusammenrechne und den Umstand dazu nehme, dass ich noch extra für den Strom zahlen muss und an ISP keine grosse Auswahl besteht, dann ist die Colo nicht so interessant, wie die Angebote von anderen Anbietern. Dennoch danke für den Hinweis. Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Reto Burkhalter [mailto:reto.burkhalter@basis06.com] Gesendet: Donnerstag, 17. September 2009 23:08 An: Patrick Studer Betreff: AW: [swinog] Full BGP Routing Router Requirements Hoi Dann würde mir so spontan ColoBâle in den Sinn kommen :) Gruss Reto > -----Ursprüngliche Nachricht----- > Von: Patrick Studer [mailto:p.studer@x-netconsulting.ch] > Gesendet: Donnerstag, 17. September 2009 16:19 > An: Reto Burkhalter > Cc: 'swinog(a)lists.swinog.ch' > Betreff: AW: [swinog] Full BGP Routing Router Requirements > > > Ciao Reto > > Wir werden vermutlich in einem Datacenter in Basel starten. Aber > danke für den Hinweis. > > Grüsse > > Patrick > > ************************************************************** > **************** > X-NetConsulting GmbH Internet > http://www.x-netconsulting.ch > Grosspeterstrasse 21 E-Mail > p.studer(a)x-netconsulting.ch > CH-4052 Basel Telefon +41 61 315 85 55 > Schweiz Fax +41 61 315 85 59 > ************************************************************** > **************** > > > -----Ursprüngliche Nachricht----- > Von: Reto Burkhalter [mailto:reto.burkhalter@basis06.com] > Gesendet: Donnerstag, 17. September 2009 14:26 > An: Patrick Studer > Betreff: AW: [swinog] Full BGP Routing Router Requirements > > Hoi Patrick > > Dann empfehle ich an dieser Stelle doch mal die colozüri.ch - genügend > Carriers und ISPs vorhanden, welche easy über Kupfer/Glas > Fast/GigE liefern > können, SwissIX im Hause und auch sonst ne nette Colo :-) > > -> http://www.colozueri.ch/ > > Gruss > Reto > > > -----Ursprüngliche Nachricht----- > > Von: Patrick Studer [mailto:p.studer@x-netconsulting.ch] > > Gesendet: Donnerstag, 17. September 2009 10:33 > > An: 'Matthias Hertzog' > > Cc: 'swinog(a)lists.swinog.ch' > > Betreff: Re: [swinog] Full BGP Routing Router Requirements > > > > > > Hallo Matthias > > > > Das steht noch nicht fest. Wir planen aber unsere RZ in ein externes > > Datacenter auszulagern, welches die benötigten Anbindungen zu > > anderen ISPs > > für Upstream und den Zugang zu SwissIX bietet. > > > > Grüsse > > > > Patrick > > > > ************************************************************** > > **************** > > X-NetConsulting GmbH Internet > > http://www.x-netconsulting.ch > > Grosspeterstrasse 21 E-Mail > > p.studer(a)x-netconsulting.ch > > CH-4052 Basel Telefon +41 61 315 85 55 > > Schweiz Fax +41 61 315 85 59 > > ************************************************************** > > **************** > > > > > > -----Ursprüngliche Nachricht----- > > Von: Matthias Hertzog [mailto:m.hertzog@mhs.ch] > > Gesendet: Donnerstag, 17. September 2009 10:10 > > An: p.studer(a)x-netconsulting.ch > > Betreff: Re: [swinog] Full BGP Routing Router Requirements > > > > Sali Patrick > > > > Wo steht euer RZ? > > > > Viele Grüsse > > Matthias > > > > _________________________________________ > > > > mhs @ internet AG > > Zürcherstrasse 204, CH - 9014 St. Gallen > > Phone +41 71 274 93 93, Fax +41 71 274 93 94 > > http://www.mhs.ch > > _________________________________________ > > > > ----- Original Message ----- > > From: <studer.patrick(a)gmx.ch> > > To: <swinog(a)lists.swinog.ch> > > Sent: Thursday, September 17, 2009 9:49 AM > > Subject: [swinog] Full BGP Routing Router Requirements > > > > > > > Hi > > > > > > We are planning to go multihomed with our infrastructure. > > > > > > The first step will be, to have 10 Mbit/s fixed or 100 > > Mbit/s burstable > > > service > > > with an additional link to SwissIX where we want to do > some privat > > > peerings. > > > > > > In a second step, we will add a second or a third upstream > > with about the > > > same speeds as the first connection. All connection should > > be done by > > > normal Ethernet connection. > > > > > > Currently we have a Cisco 2811 with 256 MB Ram. Would it be > > enough for the > > > first > > > step to upgrade the ram to 768 MB or will it be necessary > to buy a > > > better/bigger > > > router (2851, 3825 or 720x system). > > > > > > We tried to find some recommendations on the internet, but > > we wasn't > > > successful. > > > > > > What is your recommendation for this scenario? > > > > > > Regards > > > > > > Patrick Studer > > > > > > > > ************************************************************** > > **************** > > > X-NetConsulting GmbH Internet > > > http://www.x-netconsulting.ch > > > Grosspeterstrasse 21 E-Mail > > > p.studer(a)x-netconsulting.ch > > > CH-4052 Basel Telefon +41 61 315 85 55 > > > Schweiz Fax +41 61 315 85 59 > > > > > ************************************************************** > > **************** > > > > > > > > > > > > > > > _______________________________________________ > > > swinog mailing list > > > swinog(a)lists.swinog.ch > > > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > > > > > > > > > > _______________________________________________ > > swinog mailing list > > swinog(a)lists.swinog.ch > > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > > >

1 0

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 17 Sep '09

17 Sep '09

Thanks Bernd. As you perhaps has seen, we are now thinking about a 3825 or 7201. We think both will do the job, but the 7201 will have more power. Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Bernd SPIESS [mailto:bernd.spiess@ascus.at] Gesendet: Donnerstag, 17. September 2009 14:02 An: 'Patrick Studer' Betreff: RE: [swinog] Full BGP Routing Router Requirements ipv6 is running fine also on 28 plattform asn32 - no practical info from our side - we ignored this until now :-) maybe you start here: http://www.swissix.ch/asn32/doku.php -----Original Message----- From: Patrick Studer [mailto:p.studer@x-netconsulting.ch] Sent: Thursday, September 17, 2009 1:39 PM To: Bernd SPIESS; 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: AW: [swinog] Full BGP Routing Router Requirements Thanks for the link to the Router performance sheet. Do you see perhaps also some impacts about the new as-numbers or ipv6 for any of the smaller solutions (28xx, 38xx)? Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Bernd SPIESS Gesendet: Donnerstag, 17. September 2009 11:43 An: 'Patrick Studer'; 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements see here: http://www.cisco.com/web/partners/downloads/765/tools/quickreference/router… 3725 = 179 mbit 3745 = 256 mbit (best case calculated with 64 byte paket size) you have to basicaly decide if you want a cpu driven box (28*, 38*, NPE-G1/G2) or a hardware driven box (sup32, sup720, c-120**) in the first case you have to primary look for the cpu performance - in the second case you have to look primary for hardware prefix puffer (256.000 prefixes versus 1 mio) lg bernd -----Original Message----- From: swinog-bounces(a)lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Patrick Studer Sent: Thursday, September 17, 2009 11:17 AM To: 'Pascal Gloor' Cc: 'swinog(a)lists.swinog.ch' Subject: Re: [swinog] Full BGP Routing Router Requirements Hi Pascale That's an answer I was looking for. Some more questions. Why you suggest the SP Service IOS? What's about the 3825/45 Series? Would that be the "golden middle way"? Will this box give us a little more capacity, so there is little bit of air for the router, or is the only way to go for a 2851 or a 7xxx System? Kind Regards Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Pascal Gloor [mailto:pascal.gloor@spale.com] Gesendet: Donnerstag, 17. September 2009 10:41 An: studer.patrick(a)gmx.ch Cc: 'swinog(a)lists.swinog.ch' Betreff: Re: [swinog] Full BGP Routing Router Requirements Hi Patrick, > The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s > burstable service with an additional link to SwissIX where we want to > do some privat peerings. > > In a second step, we will add a second or a third upstream with about > the same speeds as the first connection. All connection should be done > by normal Ethernet connection. As a minimal BGP setup I usually suggest to have one 2851 per upstream. It needs some upgrades, 1Gb DRAM and SP SERVICES IOS. This router has two GigabitEthernet interface so you can use one for wan and one for lan. You can also add a 4 ports 10/100 switch module if you need multiple lan connexions (limited to 100mbps). If you have multiple upstream providers and therefor multiple routers, I suggest to have a separate lan (maybe vlan) with all the routers in it for the iBGP full mesh. This is, indeed, a minimal setup, I wont protect you from attacks of any kind and the router capacity is limited. However you should be able to route at least 100-200mbps. If you really need protection, you will need a 7200-NPE-G1/2 (which will be able to hold 700-1000mbps traffic), but still, its capacity to hold directed attacks is limited. For best protection a suggest a 7600-RSP720-3CXL which is full hardware platform, protection of the router can be done in hardware (CPP, control-plane policy). But this might be just a little bit too expensive... Cheers, Pascal _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

1 0

Re: [swinog] Full BGP Routing Router Requirements
by Patrick Studer 17 Sep '09

17 Sep '09

Ciao Thomas Besten Dank für den Input. Im Moment haben wir den 7201 oder den 3825 in die nähere Auswahl einbezogen. So wie wir das sehen ist der 7201 ja ein 720x mit NPE-G2 (einfach halt nur mit 1 Slot statt mit 4 oder 6), was ja dann vermutlich für die nächsten Zeit reichen sollte. Oder sehen wir das falsch. Grüsse Patrick ****************************************************************************** X-NetConsulting GmbH Internet http://www.x-netconsulting.ch Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch CH-4052 Basel Telefon +41 61 315 85 55 Schweiz Fax +41 61 315 85 59 ****************************************************************************** -----Ursprüngliche Nachricht----- Von: Thomas Koeppe [KGT new media] [mailto:info@k-dsl.de] Gesendet: Donnerstag, 17. September 2009 16:10 An: p.studer(a)x-netconsulting.ch Betreff: Re: [swinog] Full BGP Routing Router Requirements Hoi Patrick, ich perso"nlich wu"rde nicht mit einer kleinen Cisco 2811 oder dergleichen anfangen. Mit vollem RAM-Ausbau bekommst Du dort hoechstwahrscheinlich nur 1x Full Table rein und hast kaum Platz fu"r notwendige zuku"nftige Erweiterungen. Ich kann Dir die 7206VXR inkl. NPE-G1 oder NPE-G2 empfehlen. Die G1 hat 1 GB RAM, die G2 max. 2 GB RAM. Dort bist Du auf alle Fa"lle auf der sicheren Seite. Die G1 gibt es so ab 7-8k und die G2 so round about 10k Euro wenn Du geschickt verhandelst. Hier hast Du auch noch Reserven fu"r zuku"nftige Features. (IPv6, MPLS, etc.) Wenn Du weniger Geld ausgeben willst, stell Dir einen "dicken" Server auf PC-Basis hin und installiere einfach ein Quagga drauf. Der kann auch alle neuen Features die man so braucht (ASN 32-bit, IPv6, etc...) und kostet _deutlich_ weniger Geld als Vendor C. Je nach Hardware bist Du mit 1-2k Euro dabei. Wir haben am SwissIX auch einen Linux-Quagga based Router am laufen. Sehr stabil, sehr wartungsarm. Allerdings machen wir auch nur bis max. 100mbps am SwissIX. Die zwei Xeon-CPUs langweilen sich vor sich hin und von den installaierten 8GB RAM ist noch Platz fu"r 100x Full-Table ;) Vom Look&Feel her ist das Quagga-CLI fast identisch mit dem Cisco-CLI, sogar teilweise die gleichen Befehle. HTH, Thomas On 17.09.2009 09:49, studer.patrick(a)gmx.ch wrote: > Hi > > We are planning to go multihomed with our infrastructure. > > The first step will be, to have 10 Mbit/s fixed or 100 Mbit/s burstable service > with an additional link to SwissIX where we want to do some privat peerings. > > In a second step, we will add a second or a third upstream with about the > same speeds as the first connection. All connection should be done by > normal Ethernet connection. > > Currently we have a Cisco 2811 with 256 MB Ram. Would it be enough for the first > step to upgrade the ram to 768 MB or will it be necessary to buy a better/bigger > router (2851, 3825 or 720x system). > > We tried to find some recommendations on the internet, but we wasn't successful. > > What is your recommendation for this scenario? > > Regards > > Patrick Studer > > ****************************************************************************** > X-NetConsulting GmbH Internet http://www.x-netconsulting.ch > Grosspeterstrasse 21 E-Mail p.studer(a)x-netconsulting.ch > CH-4052 Basel Telefon +41 61 315 85 55 > Schweiz Fax +41 61 315 85 59 > ****************************************************************************** > > > > > _______________________________________________ > swinog mailing list > swinog(a)lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > -- Thomas Koeppe <thomas.koeppe(a)k-dsl.de> Network Engineering Team Tel: +49 (0)30 / 80 93 201 - 25 Fax: +49 (0)30 / 80 93 201 - 20 E-Mail: support(a)k-dsl.de KGT new media Mo"llendorffstrasse 108/109 D-10367 Berlin, Germany Tel: +49 (0)30 / 80 93 201 - 0 Fax: +49 (0)30 / 80 93 201 - 20 E-Mail: info(a)k-dsl.de Internet: http://www.k-dsl.de Inh.: Dorle Ko"ppe VAT: DE217875774 X-NCC-RegID: de.kgtnewmedia

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

swinog