Masergy is already using this multi-vendor VNF system for Carrier Ethernet.
In an amazing turn of events, at least one IETF working group recognized we have serious problems with IPv6 multihoming. According to the email Fred Baker sent to a number of relevant IETF working groups:
PI multihoming demonstrably works, but PA multihoming when the upstreams implement BCP 38 filtering requires the deployment of some form of egress routing - source/destination routing in which the traffic using a stated PA source prefix and directed to a remote destination is routed to the provider that allocated the prefix. The IETF currently has no such recommendation, or consensus that it should have.
Here are a few really old blog posts just in case you don’t know what I’m talking about (and make sure you read the comments as well):
Read more ...I have received some requests for running phpipam on synology, I personally don’t use it, but if you do you will find this useful.
Apparently the problem is in missing GMP php extension, you can find it here, along with instructions:
http://forum.synology.com/enu/viewtopic.php?f=34&t=101226&p=401309#p401309
thanks to Ferdinand for providing extension.
br
Introduction
This post will discuss different design options for deploying firewalls and Intrusion Prevention Systems (IPS) and how firewalls can be used in the data center.
Firewall Designs
Firewalls have traditionally been used to protect inside resources from being accessed from the outside. The firewall is then deployed at the edge of the network. The security zones are then referred to as “outside” and “inside” or “untrusted” and “trusted”.
Anything coming from the outside is by default blocked unless the connection initiated from the inside. Anything from the inside going out is allowed by default. The default behavior can of course be modified with access-lists.
It is also common to use a Demilitarized Zone (DMZ) when publishing external services such as e-mail, web and DNS. The goal of the DMZ is to separate the servers hosting these external services from the inside LAN to lower the risk of having a breach on the inside. From the outside only the ports that the service is using will be allowed in to the DMZ such as port 80, 443, 53 and so on. From the DMZ only a very limited set of traffic will be allowed Continue reading
Posted on Packet Pushers here. This is my last post in the series; next week, back to regular blogging.
The post IETF Yokohama Days 4 & 5 appeared first on 'net work.
Funny enough, much of the food you will find in Yokohama is Chinese, rather than Japanese — another odd fact you probably didn’t need to know. I’m going to cover day 4 and 5 here, as I’m leaving tomorrow morning to head back to the “real world.” Wednesday is a “slow day” in terms of […]
The post IETF Yokohama: Days 4 & 5 appeared first on Packet Pushers.
This week's feature interview is with Troy Hunt of HaveIBeenPwned.com. And he's noticing something pretty weird. It's common for people to deface websites for bragging rights, and yeah, it's not new that data dumps are the new bragging fodder. But it seems like these days attackers are seeing Troy's site as the definitive place to get cred. Now they'll steal a bunch of data and Troy is their first stop.
Life is strange on the internets. That's this week's feature interview.