long, long time ago I wrote a post about how to authenticate with keys via SSH to devices working under the control of IOS XE and ASA/FTD. since the big boys usually work with IOS XR, below is a quick guide on how to import keys to this system in versions 7.0+. OpenSSH and PEM format first step is to convert the format used normally by OpenSSH to PEM. this can be done with ssh-keygen:...
I’m not a fan of such ‘solutions’ because they hardly qualify as genuine fixes. however, if you find yourself working in MacOS-heavy environment that’s plagued by radio frequency interference, you’ve probably experienced the erratic behavior of Bluetooth-connected accessories. on my mega-desk, I have numerous devices scattered about, not to mention the abundance of Macs themselves. as a result, I encounter this issue quite frequently—almost on a daily basis. some might suggest employing various ‘voodoo’ tricks like “quickly disabling and enabling the mouse, which worked for me” or “updating firmware, shutting down awdl0, and then reading a fairy tale to your children....
quick note for those spending weekends on labbing - if you want to log info (from Syslog for example), and the management interface is in separate VRF (very good idea), you need to configure VRF in two, or even three (if you count VRF definition itself) different places. if you forget one, it won’t work. so, first of all, create management VRF definition: ! vrf definition MGMNT rd 444:444 ! optional, but just to keep the numbering across VRFs !...
ever since the initial tuning of the FreeBSD TCP/IP stack around version 4.x, I’ve found myself occasionally tinkering with the contents of /etc/sysctl.conf just to fine-tune things, you know over time, numerous changes have been made to the FreeBSD TCP/IP stack, including the introduction of modularity. however, MacOS X, being based on FreeBSD, is more conservative and lacks certain options. therefore, on my MacOS systems, I make use of the following /etc/sysctl....
as I’m installing FreeBSD boxes and VMs left and right, I typically do some initial setup before doing anything else. while some use cases call for additional ports to be installed (like bird or routinator), there’s pretty standard “intro”. first, make sure the packages themselves are up to date: sed -i '' s/quarterly/latest/g /etc/pkg/FreeBSD.conf pkg upgrade this will trigger initial pkg install. then, it’s my personal minimum set of packages:...
if you have to pack a lot of things, using sheer power of modern multi-core/multi-threaded CPUs may come handy. unless… the tools you’re using are not enabling that by default, and you suffer running everything on one core/thread. as I spend most of my time recently with FreeBSD and MacOS the tools I typically use are command line. therefore, for every gzip - consider using pigz. and for bzip2 - consider using pbzip2....
BGP Blackholing is back - with small steps (‘better done than perfect’). go ahead and visit the current project page with “quick howto”. happy blackholing!
nice addition to recent IOS-XE images is the info in BGP view when the peak number of prefixes was received: rtr-edge#sh bgp ipv4 unicast summary [...] 6807 received paths for inbound soft reconfiguration BGP activity 1126906/107856 prefixes, 1337822/171863 paths, scan interval 60 secs 878960 networks peaked at 15:02:09 Jan 29 2022 CET (22:53:01.065 ago) [...] rtr-edge#sh bgp ipv6 unicast summary [...] BGP using 102467162 total bytes of memory BGP activity 1126898/107856 prefixes, 1337806/171843 paths, scan interval 60 secs 140720 networks peaked at 05:46:19 Jan 29 2022 CET (1d08h ago) [....
one of the very old tricks, that’s even documented is how to simulate ctrl-break on newer PCs to break into ROMMON during router/switch boot. instead of fighting with SecureCRT on MacOS, I just used it recently. basically, you: disconnect terminal from the device turn device off set terminal to 1200 (yes, you read this right), 8N1 and no flow control turn device on press SPACE for 10-15 seconds (basically, until your terminal drops out some unreadable characters) reconfig terminal to 9600 8N1 and you should be in ROMMON yes, I’m old....
if you’re not accustomed to reading release notes for your favorite platform (Nexus NX-OS in this case), probably you already overlooked that starting with 10.1(2) there’s 2-stage commit system, known from IOS XR. what does that mean, really? that doing changes over CLI, directly in the parser, you can edit/add/remove whole blocks of configuration before committing them to running/actual configuration. so in case when you edit interface IP addressing (always touchy moment, specially for devices you’re 300km away for example) the session could look like this:...
I was invited by Adam Lange and Adam Haertle to share my story in “rozmowa KONtrolowana” podcast (in Polish). I’d like to thank both of them and of course all of participants for invitation, leading it, questions and nice way to spend time in familiar, geeky environment :) now - just view/listen to it your favorite format :)
if you’re not first-time visitor here, likely you know already I’m reading a lot of books. a lot? after years of carefully considering and accumulating books, I finally fulfilled one of my early dreams: to have a wall full of shelves dedicated to storing my book collection (as depicted in the opening picture of this post, although some packages obstruct the view - my apologies for that). now, what exactly constitutes “a lot” of books?...
as I get old, seems I’m missing obvious signals. my logs were screaming about it, friends made touchy comments… and nothing. after moving to hugo, despite the fact it has built-in RSS feed support, I somehow missed that completely. fortunately, it’s enough to add template to your page definition and… it works. and that’s about it. that’s all. RSS works now. hurray.
Eliot Higgins has achieved something remarkable by establishing a highly influential organization right from his own kitchen. this organization is dedicated to combatting the chaos caused by rampant disinformation and falsehoods disseminated by individuals, organizations, companies, and even nations. the book takes us on a compelling journey, tracing Higgins’ path from his humble beginnings in his own kitchen, armed only with an internet-connected laptop, to the formidable position that Bellingcat holds today....
if you, like me, just love corporations that blatantly lie in your eyes about “protecting your privacy”, you’re ready to spend some time to make their lives as hard as possible. one of the new ideas is Google FLoC - Federated Learning of Cohorts. great concept, that apparently was to “increase privacy”, but instead actually decreases it even more. first of all, stop using Chrome. use Brave or Firefox - and make sure that security and privacy settings are properly configured (one of the key is DoH, which may be enabled by default and that actually overrides your configured DNS servers)....
one notable advantage of possessing expertise in IPv6 is the inherent distinction it maintains from IPv4, as they are entirely separate protocols. take a moment to contemplate this concept. pay close attention to the notion of IPv6 being entirely separate protocol. in case of doubt, read this over again, but slower. alternatively, consider adopting a thoughtful expression or jotting down this information for future reference, particularly for occasions when you find yourself engaged in a C-level panel discussion....
my journey with expert-level Cisco certification began already quite far long time ago - 15 years. and with Cisco certification overall - even couple years earlier than that. I was finally able to get hands-on practice with Cisco Continuing Education program. apart from the fact, that trying to pass exams right now remotely during pandemic has abstract requirements I do generally believe it makes sense. one way or another - I’m recertified until April 2024....
the book did a lot of noise, being quoted everywhere even before it was published. as part of the marketing before release, they even did limited publishing in parts in partnership with wired. but… the book is bad. simply as that. if you expected Tom Clancy’s level of technical detail, just because one of the authors is retired US Navy admiral - don’t. you won’t find it. if you expected Tom Clancy’s level of characters that have nothing interesting to say and their background story is thin as cheapest printing paper for your printer - you may enjoy the book....
we are all dealing daily with the eponymous “bullsh*t truth” and unfortunately we are inundated with it. we live in an age where opinions are treated as facts, and anyone who has access to the “mass media” suddenly becomes a great philosopher, thinker and scientist all rolled into one. the beginning of the book gives a brilliant summary of the situation we are in: The world is awash with bullshit, and we’re drowning in it....
one of the most common, but at the same time easiest problems to solve, when you’re working with FreeBSD system installed on too small disk is rebuilding the system. in my specific case, it was very old i386 system initially installed around release 6 on a 20GB HDD. at around release 11 I ran out of tricks to pull and still make it, so had to finally add a disk. fortunately, just before that, the machine was moved from physical box to virtual machine....
after I decided to save you and myself from spying eyes of Google Analytics, I don’t really look at my blog web statistics. just glancing over logs shows you’re reading - and that’s about all if you ask me. I noticed however, that for some mysterious reason (the doc is almost two decades old!), my very old article about connecting the switches together still gets downloaded like 30-50 times a month (I’m counting only non-bot downloads), and sometimes even more often....
FreeBSD just migrated to git, and while handbook is being updated, you can do the migration yourself. first of all, move original src directory (if you’re synchronizing over SVN) away, along with customized kernel config file. for my deployments I do: mv /usr/src /usr/src.old then, let’s install git - it’s not (yet) installed by default: pkg install git last, but not least, you need to invoke git to clone the source repository....
if you happen to have more than one internet connection and they have different usable bandwidths - which is no longer a rarity today - it becomes interesting element in network design. how would you use these links optimally? i have to admit, that i was provoked to sit down and write down this series of post by Marcin Ślęczek post on ccie.pl forum. Marcin is CEO of networkers.pl but by heart, he’s network engineer and sometimes fights with interesting problems....
Raspberry Pi 4 that comes originally without any case, or can be bought with original case, can bring you headaches. it’s absolute great and genius computer (never ask me how many I own… ;) ) in version four has really very fast CPU - Broadcom BCM2711. it contains four ARM Cortex A72 cores clocked with up to 1.5GHz and dedicated GPU complex. problems people all around internet report problems however with overheating of this little beast, and what’s more - problems with getting stable 4k 60Hz video output (just remember, there are two video outputs, but 60Hz is only achievable on the socket next to USB-C power supply)....
…but tools have to be used responsibly. first of all, short disclaimer - I’d like to make it perfectly clear before we go into this long piece, that I’m a: …big fan of discussing merits of technology and technology overall. I love technology. I believe having opportunity to create networks, solutions that really connect people and give us chance to exchange information is something I could do for the rest of my life, with full focus and commitment....
I recently had a chance to finish reading fantastic book covering disinformation war happening between USSR and USA during Cold War - Active Measures. it’s frightening how Soviet Russia, and by extension todays Russia, mastered skill of disinformation and manipulation of public opinion. and at the same time, reading it helps you spot influence over todays anti- and pro- movements, like antivacciners, anti-5G, anti-whatever. i’m not saying they’re all inspired and sponsored by Russia (or by whomever), but after reading this book you can easy see into how those movements start, evolve and get exploited....
I was able to finally reach Aleksander Poniewierski SPEED book in my queue of books to read. if you don’t know Aleksander, you should - and this book will give you a lot of good answers for “why?”. I can finally attest that indeed that’s great, short, and to the point piece providing high level view of what and how drives fourth revolution, and what exactly is that revolution about....
as you may have read recently I was playing with open source routing protocol packages again. from pure CLI familiarity reasons, I kept myself to FRRouting, which is evolution of Quagga, which itself is evolution of Zebra. and Zebra syntax and CLI is based on Cisco IOS. FRRouting thanks to Job Snijders for correcting me on the name - it’s no longer OpenFRR, it’s FRRouting. sorry! :) unfortunately, while it worked very well for my home network (FRRouting that is), when deploying in AS112 I hit some unexpected behaviors quite quickly after starting the project....
ARM announced recently 64-bit Cortex CPU. it’s very interesting, as not only it can run real time operating systems, but 64 bit architecture enables it to address more than 4GB. it also has optional memory protection unit, which means it will be able to run software requiring it - like Linux for example. and by the way - it’s worth to mention polish real-time operating system that’s already on the market for last couple of years with significant success - Phoenix RTOS....