Don't use Cisco equipment; they put (quite sloppy) backdoors in their products. Absolutely zero trust with them.<p>Snowden: The NSA planted backdoors in Cisco products --- <a href="https://www.infoworld.com/article/2608141/snowden--the-nsa-planted-backdoors-in-cisco-products.html" rel="nofollow noreferrer">https://www.infoworld.com/article/2608141/snowden--the-nsa-p...</a><p>Backdoors Keep Appearing In Cisco's Routers --- <a href="https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software,37480.html" rel="nofollow noreferrer">https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a...</a><p>Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again --- <a href="https://www.theregister.com/2019/05/02/cisco_vulnerabilities/" rel="nofollow noreferrer">https://www.theregister.com/2019/05/02/cisco_vulnerabilities...</a>
Discussed at the time:<p><i>Creating an Autonomous System for Fun and Profit</i> - <a href="https://news.ycombinator.com/item?id=15727115">https://news.ycombinator.com/item?id=15727115</a> - Nov 2017 (16 comments)<p>(p.s. reposts are fine after a year or so; links to past threads are just to satisfy extra-curious readers)
> and its biggest downsides are it's size and power, which are both not that big of issues since I've got a whole 44U rack for just a few servers and I don't get billed for my power usage.<p>I was surprised to read this. I was looking in to colocation services (for less than a rack) and everywhere I spoke to, including Hurricane Electric, included a set number of amps (which I assume is at 120V?).<p>Specially, HE offered me 2 amps with 7U of rack space. That seemed really low to me, just one of my 2U servers with a lot of hard drives idles at around 100W or just under 1A and easily exceeds 2A when it's really working (which admittedly is rare, it mostly idles).<p>I didn't follow up to see how that is actually metered. I'd love to hear about other folks experiences with collocating - is this common?
This article is also essentially available as a podcast. <a href="https://oxide.computer/podcasts/on-the-metal/kenneth-finnegan" rel="nofollow noreferrer">https://oxide.computer/podcasts/on-the-metal/kenneth-finnega...</a>
The article mentions that the Cisco router used is limited to a million addresses, which would be exceeded in “2-3 years.” Looks like the author got at least double the life out of the router, because the internet is just approaching one million BGP entries now!<p><a href="https://bgp.potaroo.net/bgprpts/rva-index.html" rel="nofollow noreferrer">https://bgp.potaroo.net/bgprpts/rva-index.html</a>
Can someone explain why loading a 1MM-route BGP table onto a network switch is a "hard problem" that requires fancy hardware to solve, rather than something that even commodity hardware today is capable of?<p>Presuming you do your IPv4 and IPv6 routing separately...<p>For IPv4, an interval-treemap from uint32-pair intervals to uint8 output ports fits into the default memory config of a PC from 1994; and each lookup into said tree resolves in nanoseconds, even on a machine of the era — esp. for tree-node pages that are hot in CPU cache.<p>And for IPv6, the tree <i>could</i> grow a lot larger, since the intervals are, per se, "uint128"-pairs... but there just aren't that many extant IPv6 routes yet, so the table is actually small in practice.<p>What are the constraints on the problem that I'm missing?
I'd like to assign a unique IPv6 address for each user of my service. Since I'm in Australia I looked to APNIC but their pricing is a bit intimidating for a side project. I'm primarily after stable addresses so that my users never have to reconfigure anything if the underlying infrastructure (Vultr to start with) changes. What options should I be looking at?