It

…and inside, you’ll find a lot of completely new features overall (MediaTrace 2.0, IPv6 for GETVPN data plane, new IPv6 IP SLA extensions, LISP extensions), or for the first time available on software routing platforms like ISR G2s (BGP PIC Edge and Core, BGP route-server, Multicast Live-Live). everything can be found here. simultaneously, IOS_XE 3.6S came out, along with bunch of features that are catching up with traditional IOS releases - things like CGNAT or hardware support for BFD....

i highly recommend reading this good article about moving network stacks forward. it’s great addendum to network hardware bible. and yes, let’s stop ACTA - we’re not deploying IPv6 just to make our governments to force upon us adoption of poor technical standards. instead of deploying IPv6, fly to stars - we’re drowning in proposals like SOPA, PIPA, ACTA and - generally speaking - attacking each other.

if you visit Western portals or if you look into English-language wikipedia from time to time, you have noticed a significant protest happening today against the two legal acts US advocates want to introduce. the way it unfolds, leads to strong belief controlling everything and everything (due to - of course - money) is true goal. it presents interesting point of view in a discussion on cloud technologies and their real application - take a look here to get some feeling about scale of the games happening at an international level....

after experiencing massive hardware problems with MacBook Pro, i immediately fell into series of mysterious SSD failures. i’m baffled with the state of the (pro) electronics market. first, there was OCZ Vertex 2. my MacBook Pro couldn’t properly work in SATA3 mode despite the fact that Intel controller could. so i moved then to OCZ 2 working on slower SATA bus. it died after week, silently and ultimately. well, RMA submitted, disk will travel to Netherlands and then they’ll send me back working one....

as i was visiting US for extended period of time, i decided to pull the trigger and in Apple Store bought myself new, shiny 17" MacBook Pro 2011. what’s ridiculous is that when you compare prices in Poland vs US, i’ve paid around 4,5k PLN (around 1000$) less than I’d pay in Poland - even though, Apple doesn’t import such high end configs to Poland. unbelievable, 1/3 of the cost of the whole machine!...

“Cisco eats in own dog food” or as you may elite-write-it: c15c0 d06 f00d. we announced participation in ISOC IPv6 day as a first vendor. some parts of our infrastructure serve IPv6 natively, but that’s a great opportunity to test it at scale - including hardware and software for systems that’s used for our internal and Customer services. among other things we’re testing AnyConnect 3.0 with native IPv6 support (public version is going to be available in couple of months), ACE 3....

as you can see, 1GE share in overall switching market started to rise only recently (mainly thanks to cheap NICs and onboard integrations done by Realtek, Marvell, Broadcom and Intel). on the other hand, hunger for bandwidth grows as well - full HD movies from NAS need a lot of it, and if you’re planning to do something in addition to that sourced from the same NAS - it’s even worse (it seems everyone streams nowadays video content to different mobile devices around their homes over WLAN)....

…hit me again (in a positive way). i was experimenting in my lab and wanted to define a lot of queues (and i mean a lot of them) in ALTQ. unfortunately, very quickly during parsing of pf.conf pfctl barked out following information: pfctl: DIOCADDALTQ: Cannot allocate memory to overcome the problem, you only need to modify those three files: /usr/include/altq/altq_hfsc.h /usr/src/sbin/pfctl/missing/altq/altq_hfsc.h /usr/src/sys/contrib/altq/altq/altq_hfsc.h where #define HFSC_MAX_CLASSES 64 is defined - to requested value....

it seems Google decided to reach out to wider community and use the freely available network stack for it’s own MPLS prototyping. the effect is complete MPLS LSR prototype described during recent NANOG 50 talk that’s also available as video. of course it’s quite interesting to see Google experimenting with that kind of solutions - maybe it will be connected to OpenFlow as non-academic exercise? will it become mainstay of new service provider networks?...

IPsec code in OpenBSD is source of constant discussions. it seems there’s no reason to panic (and OpenBSD penetration is anyway minimal), but there’s a lot of interesting discussions and rumours around code itself and it’s origin. in particular i’d recommend to read this short piece (and this tweet) with code references. they demonstrate for the n-th time, that OpenBSD team, and in particular Theo is really building creative marketing and at the same time patch bugs silently without disclosing them....

for some time Jim Gettys on his blog is writing a lot about problems caused by buffers, queues and other congestion avoidance mechanisms. you should really read about them. especially, if you’re in this group that believes big buffers solve all of the problems, and dropping traffic is absolute evil. nowadays it should be treated as absolutely normal thing - in most of the real life cases. on the upcoming, sixth PLNOG we may be able to tackle this problem (if there will be space in agenda), and have a shot at myths and legends related to network QoS....

working remotely on Windows via Remote Desktop if you’re hanging off GRPS or 3G connectivity somewhere in the mountains (for example) isn’t optimal. as I had to access some such servers remotely. you can find cygwin useful (there’s also VanDyke V-Shell, a bit pricey and for non-commercial use). cygwin package installs UNIX environment, and that - yes - may include OpenSSH plus some tools (like scp for example) you just need to download, and then run installation, selecting cygrunsrv and openssh....

traditionally for last couple of years engineering team at Cisco Poland is taking care of securing infrastructure for Wielkia Orkiestra Świątecznej Pomocy. this year i decided to launch experimental support for IPv6 - while we were not allowed to move all infrastructure to IPv6, it should be possible next year. everyone that has IPv6 access can point browser to ipv6.wosp.org.pl. everything works based on reverse-proxy provided by Apache, FreeBSD and Cisco MCS server :)...

i was stubborn - and while from the very first moment we’ve had a lot of challenges with the hotel infrastructure, i was able to run xTR routers during last PLNOG for LISP. no, it’s not about programming Cisco routers with LISP, but about new concept of Location/ID Split, that is new concept enabling you to treat traffic engineering in internet differently. in short - we still serve traffic like we always did (backward compatibility), but by assigning users and companies IPv4 and IPv6 addressing from special pools, we can treat this traffic in a different manner....

everybody talks about IPv6 and still too few of us take it seriously. on polish mailing list dedicated to implementing IPv6 we get steady series of IPv6 prefix announcements, but real services available over this protocol is low. as a proof of concept for upcoming PLNOG, I just launched full network stack (Cisco 7200VXR with NPE-G1, ASA 5500-X, Catalyst 3750) and service (FreeBSD) for dual stack operation. IPv6 should be preferred, and while there’s still some things to tune down (like for example, DNS resolver in Windows XP), it should work....

…doesn’t have to be totally banal. it’s much more performant (300kpps, around the NPE300 performance from 7200!), so i upgraded my home 1803w to 1941w. as there are no readily available examples for complete config of the router (wired + WLAN), I decided to take the case in my hands and produce some examples. you may find them here.

…tool for documenting and mapping networks. also, short piece on deconfliction. Google to enlist NSA to help in the cyberdefence, and short brief on efficient meetings from great blog (read it!) winter break… aaand it’s gone.

there’s really almost nothing much simpler than starting to use IPv6. first of all, all major OS support IPv6 today. most of them are running it out of the box. second of all, tunnel brokers are available everywhere, so while i haven’t had luck with sixxs (they didn’t respond after weeks of waiting), using Hurricane Electric was easy and took like seconds. friendly “wizard” will walk you through and then even show example of configuration for your device....

…as described by Claudio Jeker during last AsiaBSDCon can be found here and here for whitepaper. Henning Brauer, on the other hand, gave a very good packet filtering session and OpenBSD network stack in general during DC BSDCon 2009. video can be found here and slides here.

if you haven’t seen my practical demonstration at SecureCON 2007, you can see extended version on this thursday - i’ll be visiting AGH in Cracow at 7:45pm to do “show & tell” session as part of netWork sessions. session will be extended as we’ll have more time. photos can be found here and more information about the session itself can be found here.

on the network throughput front, we’re fighting (albeit in distributed manner) for getting throughput from commodity PC hardware on par with dedicated, hardware routing platforms. with OSes like Linux and BSD. to that end, recent document published after last Linux Congress in Hamburg shows that while it’s important to select proper multi-core CPU and motherboard to do fast traffic forwarding, we’re still hitting bottleneck at around 1Mpps. curiously enough, on one of the slides you can spot information, that large FIB in Linux doesn’t impact performance too much....

thanks to Mirosław Kwaśniak, who in his very own time managed to find a way to generate PDF with polish letters - i was able to publish PDF that renders properly. thank you!

my article on defending networks from DDoS attacks was just published in online version of NetWorld magazine.

6 people responded to my call for a Cisco FAQ PL conversion idea up until today… but unfortunately there are no results so far. well, maybe it’s time to roll up your sleeves and do it yourself … in unrelated, but more optimistic news - a week ago i finished delivering SMB Bootcamp for Cisco partners. there was a lot of work (3 days, 12-14 hours each). you can read a bit about it in the link above on the CCIE....

for all of those that are starting to make first steps with VoIP, or believe know everything - i’d like to highly recommend my fathers book that was just published via BTC publishing house. it covers both H.323 and SIP protocols, along with all auxiliary topics - like integration, and signaling over middleboxes like packet filters and stateful firewalls: Telefonia VoIP. Multimedialne sieci IP, Marek Bromirski, ISBN: 83-60233-07-1

for the next two-three weeks there will be no new posts. i’m preparing move of my server from Białystok to Warsaw. old, tired IBM PII-233 will be replaced by new IBM x306. if everything goes well, you’ll see no change. in the meantime i should be able to push new revision of Cisco FAQ PL plus some other stuff.

i dedicate this short article to all pc maniacs.

let me quote NetCraft with regards to most stable hosting companies: Seven of the top nine sites run on FreeBSD. The exceptions are Datapipe, which is doing a fine job of promoting the reliability of Windows 2003, and German hosting company komplex.net which runs on Linux. i wouldn’t like to argue which OS is best to hosting… it’s quite obvious ;)

i never thought that i’ll be bothered by SCO argument with Open Source community, and with Linux in particular. it seems SCO tried desperately to build credibility by claiming Linux broke copyrights, where there such things took place. reading Linus post how SCO was sending demanding emails to those targeted as easy prey, in pathetic attempt to get some money before rolling up and dying. SCO supposedly is going to take BSD in crosshairs as well “soon”, but i wish them all the worst, including bankrupcy with all my heart (in line with christmas spirit)....