<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Bevan Slattery wrote:
<blockquote
cite="mid:6855B462D756004D9A700E875EF936B904123051@pwkcrkex1.pipe.pwk"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="country-region">
<o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"><!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";
color:black;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
pre
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</o:SmartTagType></o:SmartTagType>
<div class="Section1">
<p class="MsoNormal"><font color="navy" face="Times New Roman"
size="3"><span style="font-size: 12pt; color: navy;">‘nogers,<o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="black" face="Times New Roman"
size="3"><span style="font-size: 12pt;"><br>
So, we'd need to do it ourselves - which would mean a high upfront cost
and
added network complexity. </span></font><font color="navy"><span
style="color: navy;"><o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;">If there is
no vendor lock-in then it
probably won’t be as bad as people make it out. Anyone who has ever
deployed a cache/proxy can run a blacklist. We ported our system
across
to the Cisco Cache Engine and PIX line-up as well as others so it
seamlessly intercepted
traffic without much configuration at all. From memory they actually
ported it directly to the Cisco routers and even certain switches via
IOS after
I left so you can push it from the router (yes the router version
probably runs
like a dog, but that’s Cisco for you). Remote updates yadda yadda
yadda. Same applied to squid (although had some threading issues which
limited bandwidth throughput – which I believe are largely resolved).
If they push out a http/ftp blacklist then there are plenty of devices
that it
can work with without much fuss.</span></font></p>
</div>
</blockquote>
We've just ditched the last proxy because they didn't perform well
enough for the traffic volumes, plus WCCP on a number of platforms
Cisco makes suck - as well as keeping 5-10000 IPs in an ACL burns some
of the hardware space on the line cards quickly. Otherwise we'd have
to buy all these DPI boxes which are expensive and evil. It also
burns space in racks, and STILL adds complexity. Cripes - we'd need
around 25 caches (assuming they could each handle 1Gbps each) given 11
DSL pops, two per POP for redundancy (plus a few extra in Adelaide) and
a lab one. <br>
<br>
Bevan, you're not actually helping by trying to dismiss our problem as
trivial. So, I'm not quite sure who you're trying to impress other
than Conroy (almost said Coonan).<br>
<blockquote
cite="mid:6855B462D756004D9A700E875EF936B904123051@pwkcrkex1.pipe.pwk"
type="cite">
<div class="Section1">
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;">One big
caveat is that this is on the
basis that the government must provide the list of sites directly to
ISP’s
so they can inject them into their own system. There is no vendor
lock-in. If they do a vendor lock-in, then all bets are off. It is
the governments responsibility to provide the list and if there is a
mandated
system then they should also provide the solution *<b><span
style="font-weight: bold;">and</span></b>* pay for it. A real issue
here is that when the
government get’s their list out it will be embarrassing and shot down
in
flames as being grossly inadequate. God knows what will happen then.
It will be a complete joke and the same filtering principles will apply
(filter
on the home PC’s and parent supervision). Of course the another
caveat is that in the instance that they expand it to beyond http.<o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;">As for
filtering peered traffic, if it is peered
in <st1:country-region w:st="on">Australia</st1:country-region> (say
PIPE),
then R rated content is not allowed to be hosted in this country
anyway, so <st1:country-region w:st="on"><st1:place w:st="on">Australia</st1:place></st1:country-region>’s
content should largely be pre-filtered for [hardcore] porn via
take-down
notices. Even if those interfaces had to be filtered it’s still not
a killer.</span></font></p>
</div>
</blockquote>
So, I see no non-Oz prefixes via PIPE? Bzzt. I see a number of
non-Oz prefixes via PIPE and other peering in Oz.<br>
<br>
MMC<br>
<br>
<blockquote
cite="mid:6855B462D756004D9A700E875EF936B904123051@pwkcrkex1.pipe.pwk"
type="cite">
<div class="Section1">
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;">Cheers<o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;">[b]<o:p></o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;"><o:p> </o:p></span></font></p>
<p class="MsoNormal"><font color="navy" face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial; color: navy;">PS: I
understand that the larger
boys may have to deploy these devices in each state.<o:p></o:p></span></font></p>
</div>
</blockquote>
<br>
</body>
</html>