quick note for those spending weekends on labbing - if you want to log info (from Syslog for example), and the management interface is in separate VRF (very good idea), you need to configure VRF in two, or even three (if you count VRF definition itself) different places. if you forget one, it won’t work. so, first of all, create management VRF definition: ! vrf definition MGMNT rd 444:444 ! optional, but just to keep the numbering across VRFs !...
since first tuning of FreeBSD TCP/IP stack somewhere in 4.x, I’m typically fiddling with the /etc/sysctl.conf contents from time to time. you know, just to tune stuff. in the meantime, a lot of things has changed in FreeBSD TCP/IP stack, including introduction of modularity. however, MacOS X that is based on FreeBSD is much more conservative and some options are not available. therefore, on my MacOS systems I use following /etc/sysctl....
as I’m installing FreeBSD boxes and VMs left and right, I typically do some initial setup before doing anything else. while some use cases call for additional ports to be installed (like bird or routinator), there’s pretty standard “intro”. first, make sure the packages themselves are up to date: sed -i '' s/quarterly/latest/g /etc/pkg/FreeBSD.conf pkg upgrade this will trigger initial pkg install. then, it’s my personal minimum set of packages:...
if you have to pack a lot of things, using sheer power of modern multi-core/multi-threaded CPUs may come handy. unless… the tools you’re using are not enabling that by default, and you suffer running everything on one core/thread. as I spend most of my time recently with FreeBSD and MacOS the tools I typically use are command line. therefore, for every gzip - consider using pigz. and for bzip2 - consider using pbzip2....
BGP Blackholing is back - with small steps (‘better done than perfect’). go ahead and visit the current project page with “quick howto”. happy blackholing!
nice addition to recent IOS-XE images is the info in BGP view when the peak number of prefixes was received: rtr-edge#sh bgp ipv4 unicast summary [...] 6807 received paths for inbound soft reconfiguration BGP activity 1126906/107856 prefixes, 1337822/171863 paths, scan interval 60 secs 878960 networks peaked at 15:02:09 Jan 29 2022 CET (22:53:01.065 ago) [...] rtr-edge#sh bgp ipv6 unicast summary [...] BGP using 102467162 total bytes of memory BGP activity 1126898/107856 prefixes, 1337806/171843 paths, scan interval 60 secs 140720 networks peaked at 05:46:19 Jan 29 2022 CET (1d08h ago) [....
one of the very old tricks, that’s even documented is how to simulate ctrl-break on newer PCs to break into ROMMON during router/switch boot. instead of fighting with SecureCRT on MacOS, I just used it recently. basically, you: disconnect terminal from the device turn device off set terminal to 1200 (yes, you read this right), 8N1 and no flow control turn device on press SPACE for 10-15 seconds (basically, until your terminal drops out some unreadable characters) reconfig terminal to 9600 8N1 and you should be in ROMMON yes, I’m old....
if you’re not accustomed to reading release notes for your favorite platform (Nexus NX-OS in this case), probably you already overlooked that starting with 10.1(2) there’s 2-stage commit system, known from IOS XR. what does that mean, really? that doing changes over CLI, directly in the parser, you can edit/add/remove whole blocks of configuration before committing them to running/actual configuration. so in case when you edit interface IP addressing (always touchy moment, specially for devices you’re 300km away for example) the session could look like this:...
I was invited by Adam Lange and Adam Haertle to share my story in “rozmowa KONtrolowana” podcast (in Polish). I’d like to thank both of them and of course all of participants for invitation, leading it, questions and nice way to spend time in familiar, geeky environment :) now - just view/listen to it your favorite format :)
if you’re not first-time visitor here, likely you know already I’m reading a lot of books. a lot? after years of considering each and every book, and then hoarding them in stacks (because I couldn’t get enough shelf space) I realized one of my early dreams - to have a full wall of shelves to store my books (picture opening this posts shows it point-blank, with some packages taking some view, sorry for that)....
as I get old, seems I’m missing obvious signals. my logs were screaming about it, friends made touchy comments… and nothing. after moving to hugo, despite the fact it has built-in RSS feed support, I somehow missed that completely. fortunately, it’s enough to add template to your page definition and… it works. and that’s about it. that’s all. RSS works now. hurray.
Eliot Higgins created very powerful organization in his kitchen. organization, that’s trying to tame chaos created by all-present disinformation and lies coming in from people, organizations, companies and countries. the book goes through his journey from the kitchen and internet connected laptop to the place Bellingcat is today (BTW, the name comes from the bell hanging from cats neck to warn out birds from becoming cats prey). Bellingcat is both well organized “core” group of researchers and specialists that are trying to piece up together objective truth about specific events, but at the same time hundreds if not thousands of volunteers helping out in all investigations....
if you, like me, just love corporations that blatantly lie in your eyes about “protecting your privacy”, you’re ready to spend some time to make their lives as hard as possible. one of the new ideas is Google FLoC - Federated Learning of Cohorts. great concept, that apparently was to “increase privacy”, but instead actually decreases it even more. first of all, stop using Chrome. use Brave or Firefox - and make sure that security and privacy settings are properly configured (one of the key is DoH, which may be enabled by default and that actually overrides your configured DNS servers)....
one of the benefits of having (and master) IPv6 is the fact, that it’s completely separate protocol from IPv4. please take a moment to think about it now. take special care about completely separate protocol. in case of doubt, read this again but slower. you can also make smart face or write it down and use next time you’re on some kind of C-level panel. practical effects on practical example this just happened, couple of hours ago....
my journey with expert-level Cisco certification began already quite far long time ago - 15 years. and with Cisco certification overall - even couple years earlier than that. I was finally able to get hands-on practice with Cisco Continuing Education program. apart from the fact, that trying to pass exams right now remotely during pandemic has abstract requirements I do generally believe it makes sense. one way or another - I’m recertified until April 2024....
the book did a lot of noise, being quoted everywhere even before it was published. as part of the marketing before release, they even did limited publishing in parts in partnership with wired. but… the book is bad. simply as that. if you expected Tom Clancy’s level of technical detail, just because one of the authors is retired US Navy admiral - don’t. you won’t find it. if you expected Tom Clancy’s level of characters that have nothing interesting to say and their background story is thin as cheapest printing paper for your printer - you may enjoy the book....
we are all dealing daily with the eponymous “bullsh*t truth” and unfortunately we are inundated with it. we live in an age where opinions are treated as facts, and anyone who has access to the “mass media” suddenly becomes a great philosopher, thinker and scientist all rolled into one. the beginning of the book gives a brilliant summary of the situation we are in: The world is awash with bullshit, and we’re drowning in it....
one of the most common, but at the same time easiest problems to solve, when you’re working with FreeBSD system installed on too small disk is rebuilding the system. in my specific case, it was very old i386 system initially installed around release 6 on a 20GB HDD. at around release 11 I ran out of tricks to pull and still make it, so had to finally add a disk. fortunately, just before that, the machine was moved from physical box to virtual machine....
after I decided to save you and myself from spying eyes of Google Analytics, I don’t really look at my blog web statistics. just glancing over logs shows you’re reading - and that’s about all if you ask me. I noticed however, that for some mysterious reason (the doc is almost two decades old!), my very old article about connecting the switches together still gets downloaded like 30-50 times a month (I’m counting only non-bot downloads), and sometimes even more often....
FreeBSD just migrated to git, and while handbook is being updated, you can do the migration yourself. first of all, move original src directory (if you’re synchronizing over SVN) away, along with customized kernel config file. for my deployments I do: mv /usr/src /usr/src.old then, let’s install git - it’s not (yet) installed by default: pkg install git last, but not least, you need to invoke git to clone the source repository....
if you happen to have more than one internet connection and they have different usable bandwidths - which is no longer a rarity today - it becomes interesting element in network design. how would you use these links optimally? i have to admit, that i was provoked to sit down and write down this series of post by Marcin Ślęczek post on ccie.pl forum. Marcin is CEO of networkers.pl but by heart, he’s network engineer and sometimes fights with interesting problems....
Raspberry Pi 4 that comes originally without any case, or can be bought with original case, can bring you headaches. it’s absolute great and genius computer (never ask me how many I own… ;) ) in version four has really very fast CPU - Broadcom BCM2711. it contains four ARM Cortex A72 cores clocked with up to 1.5GHz and dedicated GPU complex. problems people all around internet report problems however with overheating of this little beast, and what’s more - problems with getting stable 4k 60Hz video output (just remember, there are two video outputs, but 60Hz is only achievable on the socket next to USB-C power supply)....
…but tools have to be used responsibly. first of all, short disclaimer - I’d like to make it perfectly clear before we go into this long piece, that I’m a: …big fan of discussing merits of technology and technology overall. I love technology. I believe having opportunity to create networks, solutions that really connect people and give us chance to exchange information is something I could do for the rest of my life, with full focus and commitment....
I recently had a chance to finish reading fantastic book covering disinformation war happening between USSR and USA during Cold War - Active Measures. it’s frightening how Soviet Russia, and by extension todays Russia, mastered skill of disinformation and manipulation of public opinion. and at the same time, reading it helps you spot influence over todays anti- and pro- movements, like antivacciners, anti-5G, anti-whatever. i’m not saying they’re all inspired and sponsored by Russia (or by whomever), but after reading this book you can easy see into how those movements start, evolve and get exploited....
I was able to finally reach Aleksander Poniewierski SPEED book in my queue of books to read. if you don’t know Aleksander, you should - and this book will give you a lot of good answers for “why?”. I can finally attest that indeed that’s great, short, and to the point piece providing high level view of what and how drives fourth revolution, and what exactly is that revolution about....
as you may have read recently I was playing with open source routing protocol packages again. from pure CLI familiarity reasons, I kept myself to FRRouting, which is evolution of Quagga, which itself is evolution of Zebra. and Zebra syntax and CLI is based on Cisco IOS. FRRouting thanks to Job Snijders for correcting me on the name - it’s no longer OpenFRR, it’s FRRouting. sorry! :) unfortunately, while it worked very well for my home network (FRRouting that is), when deploying in AS112 I hit some unexpected behaviors quite quickly after starting the project....
ARM announced recently 64-bit Cortex CPU. it’s very interesting, as not only it can run real time operating systems, but 64 bit architecture enables it to address more than 4GB. it also has optional memory protection unit, which means it will be able to run software requiring it - like Linux for example. and by the way - it’s worth to mention polish real-time operating system that’s already on the market for last couple of years with significant success - Phoenix RTOS....
after last blog on sharing full bgp feed for IPv4, I got a number of interesting questions. given many of you were asking to have also IPv6 available, I decided to extend the project to cover that as well. disclaimer you’re doing this ON YOUR OWN. i’m not responsible for anything on your end and service itself. so if it crashes your router, makes all traffic to follow different paths, or essentially anything that you can’t control - you’re completely on your own....
thanks to inspiration from Robert Woźny, i’ve just launched two separate AS112 sites in Poland. that would never be possible without great folks at ATMAN: Sebastian Olejnik and Damian Nowacki …and at EPIX: Krzysztof Czuszek and Paweł Staszewski what is AS112 all about? as112 AS112 is world-wide project that sinkholes requests coming in from misbehaving or misconfigured DNS clients (which may be your home PC but also some enterprise-y workstation). they send queries looking for answers to questions like “what’s the name of 192....