Networks

if you, like me, get bored immediately after you execute copy scp x y, you’ll likely be happy to know that we’re introducing changes in the TCP/IP stack responsible for SCP operations. in NX-OS beginning in 9.3(1), while copying using scp you can add use k-stack, like this: nxos-switch#copy scp://192.168.0.1/nxos.bin bootflash: use-kstack in IOS-XE, starting from 17.2(1), it’s possible to achieve similar speed-up effect by enabling globally ip ssh bulk-mode. the same copy operation should speed up 4-5x over. ...

somewhere around 2013 (and precisely - for ‘small’ Santa Claus, so 6th of December), OpenSSH was extended to provide new way of storing keys. it’s important because the old format - MD5 hash - can be cracked veeeeery quickly. developers decide to use modification of bcrypt, that will slow down GPU-assisted cracking attempts in hashcat from gigahashes per second, to at most kilohashes. what you need to do to upgrade your defenses? first of all, take care of the keys themselves. i’m using 2048 bit long RSA keys, and because some of the older equipment can’t handle more, i have to stay with that. my private key looks like this today: ...

i had a problem yesterday - i needed to generate at least a dozen packets per second minimum between two connected devices (without ability to insert PC or traffic generator between them - that was Catalyst 3550 and 4900M). traffic needed to be exchanged over a time frame of several hours, so ping from console line wasn’t feasible either. the solution was pretty straightfoward - ip sla. as Catalyst 4900M was to be under test, on Catalyst 3550 i created two VRFs: ...

during previous PLNOG we’ve had a broad discussion about apocalyptic vision of depleting IPv4 and 2-byte space. some time ago Cisco IOS 12.4(24)T was released, and it brings 4-byte ASN feature for ISR (1800/2800/3800) and 7200 routers. so if you’re using Cisco gear, you can request 4 byte ASN using RIPE form, and then advertising it properly (starting from 1st of January, 2009 RIPE will by default hand out 4 byte ASNs). i’m taking a peek into the global routing tables from time to time, while preparing for CONFidence presentation. ...