I’m not using any wonderful scripts on my website, that would measure your “responsiveness” or encourage you to subscribe to newsletters. I only refer to font files and that’s basically it. what I am checking every month is from where, how and on which device you’re browsing my pages using goaccess package. thanks to this, I am not tempted to profile you in any way or serve you some customized content and similar “things”....
I’m not a fan of such ‘solutions’ because they hardly qualify as genuine fixes. however, if you find yourself working in MacOS-heavy environment that’s plagued by radio frequency interference, you’ve probably experienced the erratic behavior of Bluetooth-connected accessories. on my mega-desk, I have numerous devices scattered about, not to mention the abundance of Macs themselves. as a result, I encounter this issue quite frequently—almost on a daily basis. some might suggest employing various ‘voodoo’ tricks like “quickly disabling and enabling the mouse, which worked for me” or “updating firmware, shutting down awdl0, and then reading a fairy tale to your children....
quick note for those spending weekends on labbing - if you want to log info (from Syslog for example), and the management interface is in separate VRF (very good idea), you need to configure VRF in two, or even three (if you count VRF definition itself) different places. if you forget one, it won’t work. so, first of all, create management VRF definition: ! vrf definition MGMNT rd 444:444 ! optional, but just to keep the numbering across VRFs !...
ever since the initial tuning of the FreeBSD TCP/IP stack around version 4.x, I’ve found myself occasionally tinkering with the contents of /etc/sysctl.conf just to fine-tune things, you know over time, numerous changes have been made to the FreeBSD TCP/IP stack, including the introduction of modularity. however, MacOS X, being based on FreeBSD, is more conservative and lacks certain options. therefore, on my MacOS systems, I make use of the following /etc/sysctl....
as I’m installing FreeBSD boxes and VMs left and right, I typically do some initial setup before doing anything else. while some use cases call for additional ports to be installed (like bird or routinator), there’s pretty standard “intro”. first, make sure the packages themselves are up to date: sed -i '' s/quarterly/latest/g /etc/pkg/FreeBSD.conf pkg upgrade this will trigger initial pkg install. then, it’s my personal minimum set of packages:...
if you have to pack a lot of things, using sheer power of modern multi-core/multi-threaded CPUs may come handy. unless… the tools you’re using are not enabling that by default, and you suffer running everything on one core/thread. as I spend most of my time recently with FreeBSD and MacOS the tools I typically use are command line. therefore, for every gzip - consider using pigz. and for bzip2 - consider using pbzip2....
nice addition to recent IOS-XE images is the info in BGP view when the peak number of prefixes was received: rtr-edge#sh bgp ipv4 unicast summary [...] 6807 received paths for inbound soft reconfiguration BGP activity 1126906/107856 prefixes, 1337822/171863 paths, scan interval 60 secs 878960 networks peaked at 15:02:09 Jan 29 2022 CET (22:53:01.065 ago) [...] rtr-edge#sh bgp ipv6 unicast summary [...] BGP using 102467162 total bytes of memory BGP activity 1126898/107856 prefixes, 1337806/171843 paths, scan interval 60 secs 140720 networks peaked at 05:46:19 Jan 29 2022 CET (1d08h ago) [....
one of the very old tricks, that’s even documented is how to simulate ctrl-break on newer PCs to break into ROMMON during router/switch boot. instead of fighting with SecureCRT on MacOS, I just used it recently. basically, you: disconnect terminal from the device turn device off set terminal to 1200 (yes, you read this right), 8N1 and no flow control turn device on press SPACE for 10-15 seconds (basically, until your terminal drops out some unreadable characters) reconfig terminal to 9600 8N1 and you should be in ROMMON yes, I’m old....
if you’re not accustomed to reading release notes for your favorite platform (Nexus NX-OS in this case), probably you already overlooked that starting with 10.1(2) there’s 2-stage commit system, known from IOS XR. what does that mean, really? that doing changes over CLI, directly in the parser, you can edit/add/remove whole blocks of configuration before committing them to running/actual configuration. so in case when you edit interface IP addressing (always touchy moment, specially for devices you’re 300km away for example) the session could look like this:...
I was invited by Adam Lange and Adam Haertle to share my story in “rozmowa KONtrolowana” podcast (in Polish). I’d like to thank both of them and of course all of participants for invitation, leading it, questions and nice way to spend time in familiar, geeky environment :) now - just view/listen to it your favorite format :)
as I get old, seems I’m missing obvious signals. my logs were screaming about it, friends made touchy comments… and nothing. after moving to hugo, despite the fact it has built-in RSS feed support, I somehow missed that completely. fortunately, it’s enough to add template to your page definition and… it works. and that’s about it. that’s all. RSS works now. hurray.
if you, like me, just love corporations that blatantly lie in your eyes about “protecting your privacy”, you’re ready to spend some time to make their lives as hard as possible. one of the new ideas is Google FLoC - Federated Learning of Cohorts. great concept, that apparently was to “increase privacy”, but instead actually decreases it even more. first of all, stop using Chrome. use Brave or Firefox - and make sure that security and privacy settings are properly configured (one of the key is DoH, which may be enabled by default and that actually overrides your configured DNS servers)....
one notable advantage of possessing expertise in IPv6 is the inherent distinction it maintains from IPv4, as they are entirely separate protocols. take a moment to contemplate this concept. pay close attention to the notion of IPv6 being entirely separate protocol. in case of doubt, read this over again, but slower. alternatively, consider adopting a thoughtful expression or jotting down this information for future reference, particularly for occasions when you find yourself engaged in a C-level panel discussion....
if you happen to have more than one internet connection and they have different usable bandwidths - which is no longer a rarity today - it becomes interesting element in network design. how would you use these links optimally? i have to admit, that i was provoked to sit down and write down this series of post by Marcin Ślęczek post on ccie.pl forum. Marcin is CEO of networkers.pl but by heart, he’s network engineer and sometimes fights with interesting problems....
Raspberry Pi 4 that comes originally without any case, or can be bought with original case, can bring you headaches. it’s absolute great and genius computer (never ask me how many I own… ;) ) in version four has really very fast CPU - Broadcom BCM2711. it contains four ARM Cortex A72 cores clocked with up to 1.5GHz and dedicated GPU complex. problems people all around internet report problems however with overheating of this little beast, and what’s more - problems with getting stable 4k 60Hz video output (just remember, there are two video outputs, but 60Hz is only achievable on the socket next to USB-C power supply)....
…but tools have to be used responsibly. first of all, short disclaimer - I’d like to make it perfectly clear before we go into this long piece, that I’m a: …big fan of discussing merits of technology and technology overall. I love technology. I believe having opportunity to create networks, solutions that really connect people and give us chance to exchange information is something I could do for the rest of my life, with full focus and commitment....
as you may have read recently I was playing with open source routing protocol packages again. from pure CLI familiarity reasons, I kept myself to FRRouting, which is evolution of Quagga, which itself is evolution of Zebra. and Zebra syntax and CLI is based on Cisco IOS. FRRouting thanks to Job Snijders for correcting me on the name - it’s no longer OpenFRR, it’s FRRouting. sorry! :) unfortunately, while it worked very well for my home network (FRRouting that is), when deploying in AS112 I hit some unexpected behaviors quite quickly after starting the project....
ARM announced recently 64-bit Cortex CPU. it’s very interesting, as not only it can run real time operating systems, but 64 bit architecture enables it to address more than 4GB. it also has optional memory protection unit, which means it will be able to run software requiring it - like Linux for example. and by the way - it’s worth to mention polish real-time operating system that’s already on the market for last couple of years with significant success - Phoenix RTOS....
thanks to inspiration from Robert Woźny, i’ve just launched two separate AS112 sites in Poland. that would never be possible without great folks at ATMAN: Sebastian Olejnik and Damian Nowacki …and at EPIX: Krzysztof Czuszek and Paweł Staszewski what is AS112 all about? as112 AS112 is world-wide project that sinkholes requests coming in from misbehaving or misconfigured DNS clients (which may be your home PC but also some enterprise-y workstation). they send queries looking for answers to questions like “what’s the name of 192....
Daniel Dib asked recently on Twitter about BGP convergence time for world wide operations. two hours he got in response from his friend seemed a bit too long. I did recently help to spin up new ASN with new IPv4 prefix (well, both came from second hand, but you get the point) and as far as I could tell, propagation took around 15 minutes maximum. so in the interest of self-education, I started digging....
WD was recently caught red-handed on trying to sell HDDs to NAS duties that use SMR technology without informing about it (and, actually, by actively trying to misled customers and then silence the whole situation). that ended up in lawsuit. while others were also caught trying to do similar things, they backed up immediately, while WD still tried to say that “white is black, you know, really”. technology is amazing. i already wrote about it some time ago....
one of the interesting and rarely seen configuration options, is ability to have redundant IPv6 tunnel established from source address tracked by HSRP. if you’re limited by other side of communication - in this example Hurricane Electric - to have only one endpoint of tunnel on your side that’s right tool for task. the way this configuration would work, is that router active in HSRP pair will be the one on which tunnel will be active and forwarding....
recently during casual browsing of WLAN controller i spotted that sometimes users are having problems with receiving responses from DHCP server. i was suprised, as family doesn’t complain - and they’d do that immediately. well, so i went troubleshooting element by element. obviously, switches were primary suspect. why? everything was working, and those DHCP problems were very, very rare - that may mean drops on switch interfaces. Cisco QoS configuration on Catalyst and Nexus switches is far from easy....
while I already mentioned couple of times on this blog, that handling dynamic routing on firewall is asking yourself for unexpected problems, sometimes it’s needed. as Cisco, we don’t normally recommend using ASA or FTD boxes as full table BGP routers. not because they can’t be used in this role, but because we don’t believe it’s a good networking and security practice. here’s example from my home lab testing lab cluster of two ASA 5516-X, running 9....
due to COVID-19 outbreak, we’ve been flooded with request to provide assistance with deploying secure connectivity for remote workers. in some organizations number of remote workers grown from 0 to 7000-10000 in week. some others are serving today over 30000, and here at Cisco, we’re working mostly out of home those days (over 100k people!). thanks to help from my fellow engineers and specialists, we were able to publish following guides, related to building and scaling out VPN headends - both hardware and virtual:...
recently thanks to Robert Pająk i’ve had an opportunity to speak at fall edition of Akamai Affinity. as the request was to cover the networking side of innovation, i did my best. actually, that was not so recently - back in november last year, to be exact. but indeed quite recently we’ve released news about our 400Gbit/s switch and on the Cisco Live! at Barcelona we’ve demonstrated for the first time ACI evolution - ACI Anywhere....
…if everyone is trying to make your life harder. couple weeks ago I refreshed my private email server on FreeBSD. for some time spam levels were raising and I had to do something about it. old spamassassin was not handling it accurately enough anymore. enter spamd from OpenBSD. current postfix has built in greylisting server that’s working quite well. for my installation I tuned it a bit, by extending period of time that has to pass from last delivery attempt (to 1200 seconds, which is 20 minutes):...
during one of the design discussions with one of our Customers, I had a chance to discuss a bit about using anycast to scale out delivery via CDN. unfortunately, as more ads served even on popular sites is malware or even miners for different cryptocoins it begs a question - how should you protect the site you’re maintaining? using reputable CDN is good first step. the other one, i didn’t know about (and it seems to be quite natural if you think about it) is to verify hash of the attached resources....
have you thought recently how oversubscribed are acronyms you’re using daily if you’re in IT? i just spent the whole day listening about VPC, but not vPC or VPC - but about Virtual Private Cloud in AWS services. not about virtual Private Channel or Virtual Path Connection and neither about Virtual Packet Core. and i have to admit, i liked it. i’ve spent whole day on a Mirek Burnejkos training dedicated to clouds....