force MacOS upgrade

if your usual apple -> system settings -> general -> software update doesn’t want to show that there’s update available, and you absolutely, positively know there is one, you can “push” MacOS to refresh list of available updates. to do so, go to terminal and execute: user@MAC ~ % softwareupdate -l Software Update Tool Finding available software Software Update found the following new or updated software: * Label: macOS Sequoia 15.0.1-24A348 Title: macOS Sequoia 15.0.1, Version: 15.0.1, Size: 1389974KiB, Recommended: YES, Action: restart, as you can see, there’s 15.0.1 update available. at this point, the GUI window should “wake up” and actually show that there’s indeed update that’s available, just like in the window below: ...

October 23, 2024 · Łukasz Bromirski

AS112 and service.arpa

you may have missed that, but IANA decided to properly delegate service.arpa subdomain, just like they did previously to home.arpa - to avoid DNSSEC breakage. if you’re using BIND to serve your own AS112 instance, it’s enough to add following line: zone "service.arpa" { type master; file "m/db.dd-empty"; }; (assuming of course, that the file db.dd-empty is in subdirectory m of directory defined as working via directory on named.conf) if everything went correctly, using dig to check response for this domain should give back something similar to: ...

September 1, 2024 · Łukasz Bromirski

BGP and Multi-Protocol errors

as you work through various configurations (and - inevitably - troubleshooting), you may end up in situation where because of limited visibility (“hey, it’s customer device!”) you can’t really see what’s wrong on the other side. here’s one example - of (allegedly) “Multi-Protocol BGP being enabled” mp-bgp? ain’t no mp-bgp! my friend asked me for help - his Customer can’t make BGP session work and complains about “additional capabilities” we’re sending his way. before looking at friends config, I’m looking at the logs he got from complaining customer: ...

July 19, 2024 · Łukasz Bromirski

IOS XR and routes

those of you working on a daily basis with configuration and reconfiguration of network devices are likely to hit various caveats and surprises. sometimes, we hit problems that take hours to troubleshoot. route? what route? we’re adding new router. it has address of 172.16.0.11 that’s defined on Loopback0. this interface and all other physical interfaces of new router are included in area 0 of OSPF. neighbors see it that way as well: ...

April 12, 2024 · Łukasz Bromirski

Nexus and ECMP for DNS

if you read my previous pieces about my home network, you know well my core switch is Nexus 93180YC-EX. you know… home, core switch. anycasted services at any point in time I have a number of DNS (and DHCP) servers available, all reachable via either 192.168.168.168 or 2001:470:xx:a6::168. no matter what is going on, at least one should be able to respond. currently, in the “cluster” I have two VMs and two physical Raspberry Pi 4B+. all of them run on FreeBSD 14.0-STABLE, with nsd, unbound and bird packages, last one to do the advertisement of IPv4 and IPv6 addresses. ...

January 29, 2024 · Łukasz Bromirski

FreeBSD on Raspberry Pi 5

if, like me, you would like to use RbPi 5 and FreeBSD at the same time, simply copying the 13.2/14.0 image to the SD card is not enough. in addition to the already known one (where rdiskX contains the ID of your SD card/USB key - beware of accidentally overwriting your system drive or another data drive): $ xz -dc FreeBSD-14.0-RELEASE-arm64-aarch64-RPI.img.xz | sudo dd of=/dev/rdiskX status=progress bs=64M 5368709120 bytes (5369 MB, 5120 MiB) transferred 261.187s, 21 MB/s 320+0 records in 320+0 records out 5368709120 bytes transferred in 261.198115 secs (20554165 bytes/sec) …you should also then download the code from the Raspberry Pi 5 UEFI project website to the boot partition and overwrite the files placed there by default. check the repository directly first, as by the time you’re reading this, it may have been updated with new releases. below is an example for a card mounted under MacOS in the /Volumes/EFI/ directory (MacOS does not natively support UFS, so by default it will mount only the first partition on the card, which is a partition with the FAT16 file system): ...

January 16, 2024 · Łukasz Bromirski

IOS XR key authentication

long, long time ago I’ve written a post about how to authenticate with keys via SSH to devices working under the control of IOS XE and ASA/FTD. since the big boys usually work with IOS XR, below is a quick guide on how to import keys to this system in versions 7.0+. OpenSSH and PEM format first step is to convert the format used normally by OpenSSH to PEM. this can be done with ssh-keygen: ...

July 30, 2023 · Łukasz Bromirski

logging in VRF

quick note for those spending weekends on labbing - if you want to log info (from Syslog for example), and the management interface is in separate VRF (very good idea), you need to configure VRF in two, or even three (if you count VRF definition itself) different places. if you forget one, it won’t work. so, first of all, create management VRF definition: ! vrf definition MGMNT rd 444:444 ! optional, but just to keep the numbering across VRFs ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ..then properly assign management interface to VRF: ...

October 9, 2022 · Łukasz Bromirski

casual MacOS TCP tuning

ever since the initial tuning of the FreeBSD TCP/IP stack around version 4.x, I’ve found myself occasionally tinkering with the contents of /etc/sysctl.conf just to fine-tune things, you know over time, numerous changes have been made to the FreeBSD TCP/IP stack, including the introduction of modularity. however, MacOS X, being based on FreeBSD, is more conservative and lacks certain options. therefore, on my MacOS systems, I make use of the following /etc/sysctl.conf configuration: ...

September 3, 2022 · Łukasz Bromirski

bgp blackholing is back

BGP Blackholing is back - with small steps (‘better done than perfect’). go ahead and visit the current project page with “quick howto”. happy blackholing!

February 28, 2022 · Łukasz Bromirski