Networks

if you, like me, get bored immediately after you execute copy scp x y, you’ll likely be happy to know that we’re introducing changes in the TCP/IP stack responsible for SCP operations. in NX-OS beginning in 9.3(1), while copying using scp you can add use k-stack, like this: nxos-switch#copy scp://192.168.0.1/nxos.bin bootflash: use-kstack in IOS-XE, starting from 17.2(1), it’s possible to achieve similar speed-up effect by enabling globally ip ssh bulk-mode. the same copy operation should speed up 4-5x over....

somewhere around 2013 (and precisely - for ‘small’ Santa Claus, so 6th of December), OpenSSH was extended to provide new way of storing keys. it’s important because the old format - MD5 hash - can be cracked veeeeery quickly. developers decide to use modification of bcrypt, that will slow down GPU-assisted cracking attempts in hashcat from gigahashes per second, to at most kilohashes. what you need to do to upgrade your defenses?...

i had a problem yesterday - i needed to generate at least a dozen packets per second minimum between two connected devices (without ability to insert PC or traffic generator between them - that was Catalyst 3550 and 4900M). traffic needed to be exchanged over a time frame of several hours, so ping from console line wasn’t feasible either. the solution was pretty straightfoward - ip sla. as Catalyst 4900M was to be under test, on Catalyst 3550 i created two VRFs:...

during previous PLNOG we’ve had a broad discussion about apocalyptic vision of depleting IPv4 and 2-byte space. some time ago Cisco IOS 12.4(24)T was released, and it brings 4-byte ASN feature for ISR (1800/2800/3800) and 7200 routers. so if you’re using Cisco gear, you can request 4 byte ASN using RIPE form, and then advertising it properly (starting from 1st of January, 2009 RIPE will by default hand out 4 byte ASNs)....