AS112 and service.arpa

you may have missed that, but IANA decided to properly delegate service.arpa subdomain, just like they did previously to home.arpa - to avoid DNSSEC breakage. if you’re using BIND to serve your own AS112 instance, it’s enough to add following line: zone "service.arpa" { type master; file "m/db.dd-empty"; }; (assuming of course, that the file db.dd-empty is in subdirectory m of directory defined as working via directory on named.conf) if everything went correctly, using dig to check response for this domain should give back something similar to: ...

September 1, 2024 · Łukasz Bromirski

BGP and Multi-Protocol errors

as you work through various configurations (and - inevitably - troubleshooting), you may end up in situation where because of limited visibility (“hey, it’s customer device!”) you can’t really see what’s wrong on the other side. here’s one example - of (allegedly) “Multi-Protocol BGP being enabled” mp-bgp? ain’t no mp-bgp! my friend asked me for help - his Customer can’t make BGP session work and complains about “additional capabilities” we’re sending his way. before looking at friends config, I’m looking at the logs he got from complaining customer: ...

July 19, 2024 · Łukasz Bromirski

IOS XR and routes

those of you working on a daily basis with configuration and reconfiguration of network devices are likely to hit various caveats and surprises. sometimes, we hit problems that take hours to troubleshoot. route? what route? we’re adding new router. it has address of 172.16.0.11 that’s defined on Loopback0. this interface and all other physical interfaces of new router are included in area 0 of OSPF. neighbors see it that way as well: ...

April 12, 2024 · Łukasz Bromirski

Nexus and ECMP for DNS

if you read my previous pieces about my home network, you know well my core switch is Nexus 93180YC-EX. you know… home, core switch. anycasted services at any point in time I have a number of DNS (and DHCP) servers available, all reachable via either 192.168.168.168 or 2001:470:xx:a6::168. no matter what is going on, at least one should be able to respond. currently, in the “cluster” I have two VMs and two physical Raspberry Pi 4B+. all of them run on FreeBSD 14.0-STABLE, with nsd, unbound and bird packages, last one to do the advertisement of IPv4 and IPv6 addresses. ...

January 29, 2024 · Łukasz Bromirski

FreeBSD on Raspberry Pi 5

if, like me, you would like to use RbPi 5 and FreeBSD at the same time, simply copying the 13.2/14.0 image to the SD card is not enough. in addition to the already known one (where rdiskX contains the ID of your SD card/USB key - beware of accidentally overwriting your system drive or another data drive): $ xz -dc FreeBSD-14.0-RELEASE-arm64-aarch64-RPI.img.xz | sudo dd of=/dev/rdiskX status=progress bs=64M 5368709120 bytes (5369 MB, 5120 MiB) transferred 261.187s, 21 MB/s 320+0 records in 320+0 records out 5368709120 bytes transferred in 261.198115 secs (20554165 bytes/sec) …you should also then download the code from the Raspberry Pi 5 UEFI project website to the boot partition and overwrite the files placed there by default. check the repository directly first, as by the time you’re reading this, it may have been updated with new releases. below is an example for a card mounted under MacOS in the /Volumes/EFI/ directory (MacOS does not natively support UFS, so by default it will mount only the first partition on the card, which is a partition with the FAT16 file system): ...

January 16, 2024 · Łukasz Bromirski

IOS XR key authentication

long, long time ago I’ve written a post about how to authenticate with keys via SSH to devices working under the control of IOS XE and ASA/FTD. since the big boys usually work with IOS XR, below is a quick guide on how to import keys to this system in versions 7.0+. OpenSSH and PEM format first step is to convert the format used normally by OpenSSH to PEM. this can be done with ssh-keygen: ...

July 30, 2023 · Łukasz Bromirski

logging in VRF

quick note for those spending weekends on labbing - if you want to log info (from Syslog for example), and the management interface is in separate VRF (very good idea), you need to configure VRF in two, or even three (if you count VRF definition itself) different places. if you forget one, it won’t work. so, first of all, create management VRF definition: ! vrf definition MGMNT rd 444:444 ! optional, but just to keep the numbering across VRFs ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ..then properly assign management interface to VRF: ...

October 9, 2022 · Łukasz Bromirski

casual MacOS TCP tuning

ever since the initial tuning of the FreeBSD TCP/IP stack around version 4.x, I’ve found myself occasionally tinkering with the contents of /etc/sysctl.conf just to fine-tune things, you know over time, numerous changes have been made to the FreeBSD TCP/IP stack, including the introduction of modularity. however, MacOS X, being based on FreeBSD, is more conservative and lacks certain options. therefore, on my MacOS systems, I make use of the following /etc/sysctl.conf configuration: ...

September 3, 2022 · Łukasz Bromirski

bgp blackholing is back

BGP Blackholing is back - with small steps (‘better done than perfect’). go ahead and visit the current project page with “quick howto”. happy blackholing!

February 28, 2022 · Łukasz Bromirski

nice peak info in BGP summary view

nice addition to recent IOS-XE images is the info in BGP view when the peak number of prefixes was received: rtr-edge#sh bgp ipv4 unicast summary [...] 6807 received paths for inbound soft reconfiguration BGP activity 1126906/107856 prefixes, 1337822/171863 paths, scan interval 60 secs 878960 networks peaked at 15:02:09 Jan 29 2022 CET (22:53:01.065 ago) [...] rtr-edge#sh bgp ipv6 unicast summary [...] BGP using 102467162 total bytes of memory BGP activity 1126898/107856 prefixes, 1337806/171843 paths, scan interval 60 secs 140720 networks peaked at 05:46:19 Jan 29 2022 CET (1d08h ago) [...] while logged in over CLI you may glance at this info without needing to check your monitoring systems (you have them, right?). ...

February 3, 2022 · Łukasz Bromirski