On Wed, 19 Sep 2007 14:48 , Christos Ricudis sent: > >Kai? Ayto kanei ena PIX ligotero "software firewall" kai perissotero >"hardware firewall" apo ena Linux+IP tables? Sou 8ymizw oti kai ta dyo >trexoun praktika sto idio akribws hardware. Katalabainw to skeptiko me to opoio ta bazeis sto idio tsoubali. Alla ti diaxwrismo 8a mporouses na baleis se ena PIX kai ena linux+iptables? To ena den mporei na xrhsimopoih8ei se kati allo, eno to allo mporei mesw tou software pou exei. 8umizei ligo Apple to skhniko > >Poies anaba8miseis, twn userland tools? To epixeirhma sou einai IRRELEVANT. > >An to PIXos htan open source, 8a mporouse kapoios na tou kshlwsei to packet >filter kai na balei sth 8esh tou ena IPF, leme twra. Ayto 8a to ekane >"extra" kai "mh enswmatwmeno"? Moiazei me to pws eixan paliotera ton call-manager pou etrexe se windows, enw twra dinoun to kouti etoimo me to unixoeides software panw. Kapws etsi 8a to antilambanomoun kalutera. 8a mporouses na ekanes kati sto PIXos an edinan ton kwdika, alla dustuxws den to kanoun :) > >H ta exeis mperdepsei teleiws, h apla prospa8eis na xwseis ena tetragwno >epixeirhma se mia stroggylh trypa. An h diametros ths stroggulhs trupas einai megaluterh 'h ish me th diagwnio tou tetragwnou epixeirhmatos 8a perasei! ;-) > > >Anaferesai sto control plane policing, poy apla sou epitrepei na >diaforopoihseis to Quality of Service tou traffic pou proorizetai gia to >control plane. Mporei na se swsei apo denial of service attacks, alla >eksakolou8ei na mhn se swzei apo overflows ("klatarismata apo kapoio >periergo paketo"). Oxi sto control plane tou QoS. Einai ena kainourgio xarakthristiko kainourgiwn monadwn (sto 3800 an 8umamai kala) pou sou dinei th dunatothta na exeis prosbash se ka8e periptwsh sto mhxanhma, ektos apo hardware failure. > >Kai pali la8os. Mhpws eisai CCNA/CCNP? Tosa apanwta la8h mono apo CCNA/CCNP >certified people akouw synh8ws :P +ccip :P > >Ti paei na pei "dieksodikos elegxos"? Exeis A) ena paketo, B) kapoio state, >C) kapoia filtering rules. Ayta ta tria einai pou ka8orizoun thn apofash tou >an 8a kaneis drop h process to paketo. Den yparxei pio dieksodikos h >ligotero dieksodikos elegxos. Kapoioi syndiasmoi twn triwn aytwn paragontwn >epitrepoun mia efficient ylopoihsh se hardware, kai kapoioi alloi oxi. Einai >*ka8ara kai mono* 8ema performance, kai *oxi* 8ema "riskou tou na kopei h na >perasei la8os paketo". Den eimai dikhgoros ths Cisco gia na apologh8w gia ton tropo pou ta ulopoiei me ton enan 'h ton allon tropo. E3allou ta atoma ekei einai arketa peiragmena an krinw apo osa exw dei kata kairous, opote to 8ewrw askopo na tous krinw 'h na prospa8hsw na katalabw giati to ekanan etsi kai oxi alliws :D > >-- >Christos Ricudis >