z**r
发帖数: 17771 | 1 as for the current internet backbone in US, the delay brought in by the
backbone should be less 50ms, yes, as long as the one way latency for the voip
is less than 150ms, it should be fine. However, in lots of cases, the other
network components bring too much latency, say the media gateway, session
boarder controller, etc. 2 way 300ms latency is the minimum requirement anyway
. we are on the same page at this point.
I thought the video packets are all small UDP packets, and since normally
there |
|
z**r
发帖数: 17771 | 2 sprint是北美公司里亚洲业务做得最好的,大部分isp都要经过sprintlink到达亚洲,不
过不管怎么样,你这个packet loss也太高了,是不是取样太少?俺试了几个都是0%
packet loss。
虽然FiOS phase 1目前还用的是Juniper ERX,传说非常不稳定,Verizon已经决心淘汰其
了但是也不至于这么差吧。 |
|
f*****n
发帖数: 646 | 3 SONET虽然有带宽分配不灵活的问题,
但不需要packet-by-packet processing,
也不需要很大的high-speed buffer
为啥现在service providers都急急忙忙地migrate everything to IP?
thanks! |
|
z**r
发帖数: 17771 | 4 传统voice放IP上理由不是SONET鬼吧,而是维护两张网的成本高,加上新技术比如
Circuit emulation over packet的成熟,使得用IP网可以提供circuit switching的功
能,便于新老网络混合运营。
俺的理解是,SONET属于layer 1/2层次,你不用SONET就得用其他layer 1的东西,比如
DWDM,反正不管流行什么类型的transportation,肯定会有相应的packet over it出现。 |
|
r*****k
发帖数: 565 | 5 谢谢回复
我现在苦恼的不是crpyto,而是如何去"wrap"其他程序的connection
不知道你用过stunnel没有,我的目的是可以用我的程序加密任意一个tcp连接,比如
ftp, telnet
我也google到一些lib,但是都是poorly maintain得,要么是完全找不到document或者
demo code(比如libdnet),要么是build不了(twisted.pair),要么就是指支持
packet injection,但是不知道支部支持packet filtering (实在是没找到文档),而且
这都是几年前的project..
我挺菜的,linux刚刚接触,c仅限于本科很不扎实的数据结构。
继续求教 |
|
z**r
发帖数: 17771 | 6 WEBINAR: Understanding the New Transport Profile for MPLS (MPLS-TP)
DATE: Tuesday, August 26, 2008
TIME: 8:30 AM San Francisco, 11:30 AM New York, 4:30 PM London
PRESENTERS:
- Michael Howard, Principal Analyst and Co-Founder, Infonetics
Research
- Andrew Malis, Director, Packet Network Architecture, Verizon
Communications
- Sultan Dawood, Sr. Manager, Packet Transport Solutions, Cisco
Systems
TO REGISTER AND ATTEND LIVE - includes audience Q&A time:
www.telecommagazine.com/MPLSweb |
|
m********r
发帖数: 543 | 7 我家LD说他们先天缺陷,做不来大的,小的switch或者ge based的小router,用
software handle packet的,有可能行。
我也觉得,你说google能烧FPGA做出个SONET卡来,10G, 100G?不可能啊。还有packet
forwarding engine,他们怎么可能做得出那些个ASIC。。。也许是我太小看google了
。 |
|
d*****i
发帖数: 44 | 8 作packet forwarding可以外包给marvell/ezchip等等又silicon经验的人作。
我觉得稳定而且可扩展的协议软件其实挺难。
packet |
|
d****i
发帖数: 1038 | 9 在pe3 和ce 之间,
interface Vlan 211
xconnect vfi PE3-VPLS-A
vlan 211 实际和gi6/1是通过trunk port allowed vlan 211 来连接的,
这样,从gi6/1收到的vlan211的packet都会forward给int vlan 211, 然后通过vfi出去。
我的问题是在pe3和upe之间,
interface Vlan 1001
xconnect vfi Internet
这个vlan1001怎么和phisical port连起来?
因为那个physical port还要做pe3 和upe之间的mpls cloud的core facing interface,
必须要配置ip.这样就不能做trunk mode和int vlan连起来了。
你的意思是,在这种情况下,并不需要把svi 和一个physical port 连起来,
只要来自upe的同一个xconnect的packet在pe3的physical port收到后就会forward给vlan 1001,这里svi就相当于在router内部的一个AC? |
|
s*****g
发帖数: 1055 | 10 A better interview question for router/switch is:
How does the router/switch know when to route a packet and when to switch a
packet? |
|
m********d
发帖数: 188 | 11 good question: asking operation, not theory.
from operation stand of point, when a L2/3 device receives a packet ( or
frame ), first thing it looks at is MAC. if it's intra-vlan traffic, it's in
MAC table for that VLAN, if inter-VLAN traffic, MAC is SVI's MAC. so far,
L2 engine is processing the packet. now L3 engine kicks in, of course, for
inter-VLAN traffic. L3 engine will look at IP address, then make forwording
decision, of course again, it's hardware processed, centralized/distributed
, e |
|
s*****g
发帖数: 1055 | 12 来自主题: EmergingNetworking版 - 网络技术问题 Not at all, when the packet is routed, L2 header are stripped, lot of IP
header fields can be changed, router will decrement IP TTL, depends on
configuration, TOS/DSCP bit can be modified, if it is a NAT device, source/
destination IP addresses can be changed, etc, etc, outbound L2 encap can be
PPP, without IP checksum, how does next hop router know the IP packets'
integrity are maintained?
The same argument applies to why we need TCP/UDP checksum, the whole point of layered TCP/IP is that upp |
|
f*******8
发帖数: 3612 | 13 GNS3是比packet tracer强。 原来一直用dynamips,
后来用pt5.3的时候,感觉pt因为是为了培训而编制,
其中一些动画的packet tracer等等,对初入门的还是很好的。
对于理解一些protocol的交互过程还是很直观的。
说到用dynamips准备ccie,谁有试验题目啊,听说有不少人敲版本,
应该是有用的(不单对考试有用)。 |
|
z**r
发帖数: 17771 | 14
then
TE can establish the LSP you want, but you still need MPLS functionality to
switch the labeled packets.
configuring mpls means enable ldp right? if you have full meshed bi-
directonal TE tunnels for each VPN, the P routers don't have to have LDP
tuned on.
I just checked this in "mpls fundamentals", page 321, and I am posting the
content here:
TE Tunnels Between PE Routers
When two TE tunnels (one for each direction) exist between a pair of PE
routers and the Border Gateway Protocol (BGP) n... 阅读全帖 |
|
s*****g
发帖数: 1055 | 15 Why would any body care how a box internally works? and what is the
difference between a switch and routers nowadays?
Difference between 7600 WAN ethernet and LAN ethernet not just buffer and
QoS, internally packet forwarding path is different also. WAN ethernet was designed to have MPLS forwarding capability before
Sup720 came out, while LAN ethernet has to rely on PFC to switch MPLS
packets with PFC3BXL and newer versions of PFC, LAN ethernet can not be used
for VPLS uplink. All other AToM fe... 阅读全帖 |
|
s*******8
发帖数: 12734 | 16 再问一下,有packet send 过去么?如果不send packet,怎么知道呢?
loopback。 |
|
x*********n
发帖数: 28013 | 17 PE-pE里面iBGP,如果iBGP里面有个link变化了,那么对整个MPLS有什么影响?
packet还按照LIB传么?router会drop这个packet么?
欢迎大家指点迷津。 |
|
s****t
发帖数: 698 | 18 TAP:
http://en.wikipedia.org/wiki/TUN/TAP
TAP (as in network tap) simulates an Ethernet device and it operates with
layer 2 packets such as Ethernet frames.
Veth:
http://wiki.openvz.org/Virtual_Ethernet_device
Virtual Ethernet device consist of two Ethernet devices -- the one in CT0
and another one in CT. These devices are connected to each other, so if a
packet goes to one device it will come out from the other device.
两者什么区别?
VETH是两个TAP吗? |
|
m**t
发帖数: 1292 | 19 on the fast retransmission:
its cause can be from lost/triplicated/invalid acks;
the re-transmission may be seen as duplicated/invalid ack on the peer,
depend on where the packet loss was.
in some MITM attacks, people play with this.
anyhow, re-transmission can be an indication of a problem, it is related to
the problematic acks, slow network/misaligned timer or packet loss etc
architect |
|
x*********n
发帖数: 28013 | 20 对于1.cisco说class,police,mark都在input router的时候做的,output只有
queuing啊。
那为什么还要分input,output呢?
2我还是不明白,packet都mark好了,为啥还要再mark一次?意思是同一个packet,不
同的网络情况不一样,所以要remark? |
|
f*******8
发帖数: 3612 | 21 关键你那个GW要支持vpn, 你能到了那个LAN以后,就很容易。
网上有不少socket Programming, 把magic packet发过去就是了。我原来编过。
有些linksys的router支持这个vpn.
否则的话,要要保证外边的packet能被转到内网也行。
They
secondary. |
|
z**r
发帖数: 17771 | 22 不如先考考大家吧。
俺把问题简化一下,两个router back to back连接,同时都连接到一个traffic
generator,比如spirent testcenter,两个router用ipv6 static routes来resolve连
接到spirent testcenter的link subnet。spirent send traffic,但是发现每隔30秒
就会有一些packet drop,如果改变nd的timer,packet drop就跟着这个timer走,改成
50秒,就每50秒drop。
怎么回事儿?如何解决?
STC---2001::/64---R1---2000::/64---R2---2002::/64---STC
on R1:
ipv6 route 2002::/64 2000::2
on R2:
ipv6 route 2001::/64 2000::1 |
|
t*******r
发帖数: 3271 | 23 来自主题: EmergingNetworking版 - 求面试问题 Describe the series of events going on when the 4 Routers connected the
Ethernet power up the same time.
What fields are contained in OSPF’s HELLO Packets ? (10 40 seconds)
Desribe Hello Packets when two routers are in the 2WAY state (neighbor field
) …
Can a router with a higher priority pre-empt a DR or BDR ?
What does Priority 0 mean ?
Describe the various LSA types (1,2,3,4,5) and what they are used for ?
1. Explain the 1st line – what is is (NET)
2. What’s in the second line ? (LSP-ID)
Expl... 阅读全帖 |
|
s**********y
发帖数: 3366 | 24 来自主题: EmergingNetworking版 - 贡献一个实例。 oh, i heard something called capture, is it same as packet-tracer?
looks like packet-tracer is more straightforward.
thx, |
|
p**x
发帖数: 123 | 25 i agree randomly dropping packets can help in tcp environment but it is more
of a queuing strategy. this can cause problem as well, any of dropped
packet will need to reestablish transmission and go through slow start,
sliding window again... |
|
s*****g
发帖数: 1055 | 26 I meant to say GRE/IPsec (GRE packet is encapsulated inside IP/ESP packet) to be exact ... with GRE/IPsec in tunnel mode you need 20 bytes more than in transport mode.
Can you explain how IPsec/GRE (which means ESP is encapsulated inside GRE) is configured in a typical Cisco box? and in this case how can multicast/broadcast traffic can be encrypted by IPsec before encaped by GRE? or how do you define IPsec "interesting" traffic?
ipsec
overhead
over
memory |
|
a***n
发帖数: 262 | 27 crypto map is old fashion, new way in Cisco is Virtual Tunnel Interface.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide
So basically, there are IPSec VPN, SSL VPN, Easy VPN, DMVPN, GET VPN, and
MPLS VPN(L2 or L3) in terms of VPN world.
Almost all of these VPNs could be integrated with VRF to further separate
traffic.
Now days, most firewall features are VRF aware too.
router's mind:
is GRE tunnel, so router encap's original packet with IP-GRE header, which
subsequently triggers... 阅读全帖 |
|
v***v
发帖数: 5504 | 28 10g. 好像应该支持ipv6的吧。
一个size=2000的ipv6 packet从mtu 9000的端口放进来,需要从mtu 1500的端口出去,
结果当然出不去,就应该给src sender发一个icmpv6 packet too big message撒,怎
么没有呢?给安安静静地丢了。 |
|
z**r
发帖数: 17771 | 29 要看code吧,而且根据rfc 4443,
Originating a Packet Too Big Message makes an exception to one of the rules
as to when to originate an ICMPv6 error message. Unlike other messages, it
is sent in response to a packet received with an IPv6 multicast destination
address, or with a link-layer multicast or link-layer broadcast address. |
|
s*******s
发帖数: 132 | 30 不知道这里有没有RR的人,嘿嘿
RR这几天上水木、新浪都特别慢,几乎没法用
Tracing route to newsmth.net [182.50.1.20]
over a maximum of 30 hops:
1 6 ms 4 ms 3 ms 192.168.10.1
2 13 ms 11 ms 28 ms 10.238.128.1
3 14 ms 11 ms 14 ms gig5-1-4.ithcnycy-rtr004.cny.northeast.rr.
com [2
4.24.16.68]
4 14 ms 12 ms 14 ms ae116.esyrnydr-rtr005.cny.northeast.rr.com [
24.5
8.149.52]
5 30 ms 14 ms 16 ms ae2-0.esyrnyaw-rtr001.cny.northeast.rr.com [
24.5
8.149.4]
6 22 ms 26 ms ... 阅读全帖 |
|
J*******i
发帖数: 2162 | 31 Controller lets switches send LLDP packets to its neighbors, then neighbors
report these received packets back to controller to learn the links. |
|
c**t
发帖数: 2744 | 32 After more googling, I found:
Tunnel encrypts the header and payload of each packet.
I had the capatured packets (by wireshark), they are all encrypted, question
now becomes how to decrypt. I have the device (iPad, iPhone). |
|
d*2
发帖数: 2053 | 33 我用iperf测试UDP performance on cisco Nexus 5548, (10Gbit switch and 10Gbit
card)
at around 1Gbit/sec, all packets are fine; at >=2Gbit/sec, >30% packets lost
(consistently)
有人说要用netperf因为iperf may not handle 10Gbit network well,请问是这样的
吗?
另外我用netperf的时候,如果message length大一点(100K),it errors out:
message is too long (even if I used -s 256K,256K -S 256K,256K -m 256K,256K -
M 256K,256K), tcp_stream no problem。
外行问题,见笑了。。。 |
|
x*********n
发帖数: 28013 | 34 这几个问题我也被闻到过好几次,不过每一次着重点不太一样,
有一次华为问我IP packet有多少byte,里面有哪些value,都是干啥的,
这个问题其实很普遍,amazon也喜欢问,
现在流行问packet里面的东西, |
|
y*********n
发帖数: 95 | 35 the card just give you the capability to do 10G capture, not many users need
to dump all packets to hard drive, user probably just need to retrieve some
information they are interested in from the packets. I don't use this card,
but dump all of them to raid is still doable I think. you can buffer them
in memory first then do sequential write to a pice-8 raid card with a few
ssd or sas drives. |
|
l***y
发帖数: 791 | 36 查MTU 从用户端开始use ping with packet-size specification, 如果能大的packet
都能 ping across 就不是 MTU issue. |
|
s*****g
发帖数: 1055 | 37 Assuming we have a bunch of data centers across different geo-locations, the
connection among those data centers are over public Internet, applications
require that data centers can talk to each other with minimum latency,
applications itself will take care of data encryption so no VPN devices are
needed. Since we have no control of the underlying transport, we can have
the following situation: there are packet drops between Tokyo and Seattle
due to some transport providers link congestion, but ... 阅读全帖 |
|
s*****g
发帖数: 1055 | 38 Assuming we have a bunch of data centers across different geo-locations, the
connection among those data centers are over public Internet, applications
require that data centers can talk to each other with minimum latency,
applications itself will take care of data encryption so no VPN devices are
needed. Since we have no control of the underlying transport, we can have
the following situation: there are packet drops between Tokyo and Seattle
due to some transport providers link congestion, but ... 阅读全帖 |
|
x*********n
发帖数: 28013 | 39 1 交换机的根桥优先级是多少
Without System ID, default is 2^16/2=2^15=32768
with System ID。Only 12 bit as system ID, so it has to be the increment of 2
^12=4096
2 HSRP和VRRP的区别
主要区别。
Cisco propriety vs standard
Assign another virtual IP for communicate VS use one of the IP as virtual IP
3 BGP的wellknow参数和transit参数
well-known mandatory
AS_path
ORIGIN
NEXT_HOP
well-known discretionary
LOCAL_PREF
ATOMIC_AGGREGATE
optional-transitive
The Aggregator of the Route ( AGGREGATOR)
Community ... 阅读全帖 |
|
x*********n
发帖数: 28013 | 40 来自主题: EmergingNetworking版 - J家2面 轻松被放倒了。
1小时的面试,45分钟就结束了。
明明1面讲过了彼此的工作,结果人家讲了20分钟。
然后问问题。
1.ospf LSA 3是干什么的?
2.画图,一个ring图形,4个router,一个ABR,ABR进来一个network,问ABR怎么表现
,4个router之间怎么传。
3.BGP 一个CPE面对2个SP,要load balance,要bi-direction,用什么attribute。
我实在是不知道,说了一个MED。。
3.IPSec VPN,site和site之间怎么传,value怎么传,2个phase建立,问如何验证,我
说hash,2者用一个password,他问password是每个packet都有,还是只是第一个
packet有,后面没有.
哎。。就这样被放到了,技术问题时间非常短,大概只有20分钟多一点。他就说,没有
什么问题了。。。。
还是有点难过。 |
|
p*****s
发帖数: 344 | 41 cpu bound is because packet has to be processed (ex. DPI), if just dump disk
content to network, very little cpu involvement (most likely DMA).
that is why it is I/O bound. that is why usually we use packet per sec for
certain type traffic to measure network performance. |
|
k*******r
发帖数: 90 | 42 现在比较高端的 10G 网卡都支持 RDMA over iWarp
其实这些网卡的ibverbs实现不仅支持 RDMA 通信,也可以实现IP packet的RDMA
简单说来就是另外一头还是 TCP/IP,
但这头可以通过 ibverbs 直接访问 IP Packet
硬件可以直接把IP包 DMA到内存,省去了kernel copy和系统调用的开销
其实我不确定这个方案比kernel里面的iptables实现效率会提升多少
但是灵活性肯定会大大提升, 开发难度也不会太高
同样的思路也可以拿来搞 L2 load balancer, ipsec gateway
有兴趣可以继续聊聊 |
|
|
s*****g
发帖数: 1055 | 44 Hmm ... firewalls may drop those packets, routers may punt those packets to
CPU and drop. |
|
t****t
发帖数: 6806 | 45 http://mitbbs.com/article1/Hardware/31240715_3_0.html
basically CPU will be involved to move data around and process the network
packet. so usually with weak CPU (such as cheap NAS box with ARM CPU), jumbo
frame helps a lot. beyond some threshold when CPU is fast enough to handle
a lot of packets, CPU won't help network speed anymore indeed.
said in WHS.net forum, I upgrade it to support two iphone4 720p real time
transcoding simultaneously. |
|
e******o
发帖数: 1160 | 46 Pinging twc.com [165.237.62.28] with 32 bytes of data:
Reply from 165.237.62.28: bytes=32 time=279ms TTL=238
Reply from 165.237.62.28: bytes=32 time=268ms TTL=238
Reply from 165.237.62.28: bytes=32 time=426ms TTL=238
Reply from 165.237.62.28: bytes=32 time=146ms TTL=238
Ping statistics for 165.237.62.28:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 426ms, Average = 279ms
Pinging google.com [74.125.224.100] ... 阅读全帖 |
|
g*******t
发帖数: 7704 | 47 解释也容易, 就是电源滤波不够,引起switch的干扰信号,
而且网络唤醒设置有问题,默认是任意packet都激活, 应该设置成magic packet才激
活, |
|
g***i
发帖数: 4272 | 48 住apartment,不用太大功率的。
之前的Linksys E3200,用了两年多一点,现在5G的每隔几小时就断,只能通过shell重
启服务。感觉是质量有问题。
eth2 Link encap:Ethernet HWaddr 00:16:B6:C4:71:B3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:856199 errors:0 dropped:0 overruns:0 frame:26537
TX packets:1073401 errors:362 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:99768378 (95.1 MiB) TX bytes:1398942878 (1.3 GiB
TX的error是不是有点多?
Log里总会出现这个错误:
apcupsd FATAL ... 阅读全帖 |
|
m**t
发帖数: 1292 | 49
I am just giving perspective from the spec point of view, HUgh actually may
have a lot in the practical world how the products implement the
features
IKE is a peer to peer protocol, taht means with proper policy imposed on
both peers, whenever a peer needs to talk to the other, it needs to
set up the SA first, so for the responder(the one who receives the packets),
the SA should have been in place since the initiator was supposed to
do the IKE whenever the initiator sees the outbound packets |
|
v**n
发帖数: 951 | 50 when your VPN is up, you are part of the corporate network.
In short, you PC's IP protocol stack is intercepted.
Everything IP(local) will be encap'd in VPN packet(ipsec, l2tp, pptp whatever)
and tunnelled to the corporate network and then deencap'd at the remote
endpoint(most likely within your corporate network), the real IP packet has to
find it way from there.
So it is obviously that the other PC on your local LAN can't ping you and you
can't ping it either.
Some VPN clients can handle this |
|
