Searching for an alternative for our old Cisco Border Router we are evaluating some software routing suites on “normal” server hardware.
First we tried Vyatta, but the routing software frequently crashed completly. Maybe this is fixed with VC4 Alpha 1, but we didn’t test that.
Next try was the development version (0.99.9) of quagga from Debian testing, but it looks like a peering with one of our cisco router fails after the hold timer expires. Continue reading ‘Routing Suite in an ISP environment?’
Tag Archive for 'Networking'
Since some time, Deutsche Bahn rolled public wireless lan called “WLAN am Bahnhof” out at 25 railroad stations, you can choose between 4 providers. Sounds really nice, but beside the economical conditions, there is also at least one security issue.
Connecting to the network and opening your favorite browser redirects you to a encrypted portal. So far, so good … the really bad news is, that the certificate expired over 6 years ago.
This seems to be a normal behavior, since it happens often, that invalid certificates are used. This leeds to blunted users, which aren’t verifying such certificates anymore, even when it’s important.
Does anybody know a reasonable way to notify anybody who can solve the problem there beside the normal contact forms?
Today I was reconfiguring a Cisco 7513 with a RSP 16 and a FastEthernet module inside.
So I did a “erase nvram” and a “reload”. After booting I was surprised to see the following in my Terminal:
Would you like to enter the initial configuration dialog? [yes/no]:
Loading pxelinux.0 from 10.42.10.50 (via FastEthernet4/0/0): !!!
[OK - 13156 bytes]
So the box took an IP via DHCP and tried to netboot. (Un)fortunately it only breaks my terminal, so no worries! ;)
Today the RIPE DNS for LIRs Training Course did take place. (some not up to date course material can be found here)
Managing some thousands of zones inclusive nameserver infrastructure behind since several years, I thought it would be neat to provide a secure dns chain to our costumers.
After going deeper into the material within the course, I recognized the following impacts:
- only bind9 (>= 9.3) and NSD privides support (yet)
- bandwidth will be increased 2-3 times with max. key size
- increased memory usage depending on your server software
- operational costs will increasing dramaticaly due significant higher amount of regular work
- more computing power (hardware) needed to generate dnssec ready zones and signing
- unknown influence on resolving nameservers (load/memory/bandwidth)
- chain of trust ends at resolving nameserver and is not provided to enduser
Since the last issue isn’t solved (yet), it doesn’t make any sence for me to invest resources into setting up DNSSec infrastructur, cause the end user would not recognize if the communication with the resolving nameserver or the resolving nameserver itself is taken over.
Any complaints and/or hint? Did I missed something?
