Posts

I recently had a chance to finish reading fantastic book covering disinformation war happening between USSR and USA during Cold War - Active Measures. it’s frightening how Soviet Russia, and by extension todays Russia, mastered skill of disinformation and manipulation of public opinion. and at the same time, reading it helps you spot influence over todays anti- and pro- movements, like antivacciners, anti-5G, anti-whatever. i’m not saying they’re all inspired and sponsored by Russia (or by whomever), but after reading this book you can easy see into how those movements start, evolve and get exploited....

I was able to finally reach Aleksander Poniewierski SPEED book in my queue of books to read. if you don’t know Aleksander, you should - and this book will give you a lot of good answers for “why?”. I can finally attest that indeed that’s great, short, and to the point piece providing high level view of what and how drives fourth revolution, and what exactly is that revolution about....

as you may have read recently I was playing with open source routing protocol packages again. from pure CLI familiarity reasons, I kept myself to FRRouting, which is evolution of Quagga, which itself is evolution of Zebra. and Zebra syntax and CLI is based on Cisco IOS. FRRouting thanks to Job Snijders for correcting me on the name - it’s no longer OpenFRR, it’s FRRouting. sorry! :) unfortunately, while it worked very well for my home network (FRRouting that is), when deploying in AS112 I hit some unexpected behaviors quite quickly after starting the project....

ARM announced recently 64-bit Cortex CPU. it’s very interesting, as not only it can run real time operating systems, but 64 bit architecture enables it to address more than 4GB. it also has optional memory protection unit, which means it will be able to run software requiring it - like Linux for example. and by the way - it’s worth to mention polish real-time operating system that’s already on the market for last couple of years with significant success - Phoenix RTOS....

after last blog on sharing full bgp feed for IPv4, I got a number of interesting questions. given many of you were asking to have also IPv6 available, I decided to extend the project to cover that as well. disclaimer you’re doing this ON YOUR OWN. i’m not responsible for anything on your end and service itself. so if it crashes your router, makes all traffic to follow different paths, or essentially anything that you can’t control - you’re completely on your own....

thanks to inspiration from Robert Woźny, i’ve just launched two separate AS112 sites in Poland. that would never be possible without great folks at ATMAN: Sebastian Olejnik and Damian Nowacki …and at EPIX: Krzysztof Czuszek and Paweł Staszewski what is AS112 all about? as112 AS112 is world-wide project that sinkholes requests coming in from misbehaving or misconfigured DNS clients (which may be your home PC but also some enterprise-y workstation). they send queries looking for answers to questions like “what’s the name of 192....

starting from tomorrow, we’re launching another edition of PLNOG conference. as usually, I’d like to invite you to join us. I’ll be delivering session about Segment Routing with Piotr Jabłoński during second day of the conference, at 4:15pm. as Segment Routing was already covered couple of times, we’ll focus on practical deployment guide in existing networks. I’ll be also demoing some of the aspects we’ll cover live during the session....

Daniel Dib asked recently on Twitter about BGP convergence time for world wide operations. two hours he got in response from his friend seemed a bit too long. I did recently help to spin up new ASN with new IPv4 prefix (well, both came from second hand, but you get the point) and as far as I could tell, propagation took around 15 minutes maximum. so in the interest of self-education, I started digging....

i posted quite emotional piece some time ago - on real world warriors that really don’t need to do anything more than they already did. despite that, they want more. publicity, fame and to achieve that - they use lies. it seems even poster hero of US - killed sniper Chris Kyle did a bit of lying himself. and it seems he was even warned specifically against it by his superior - that he can’t make false claims about number of medals he received....

how David defeated Goliath this story started in June of this year. one of Apple AppStore employees made an “error” while reviewing revision of Basecamp authors new app - Hey. David Heinemeier Hansson, one of the Basecamp founders, took it to Twitter David is not only Basecamp CEO, he’s author of series of great books on running teams and companies. he started to relay live on Twitter emails he and his employees exchanged with Apple Application Store team....

WD was recently caught red-handed on trying to sell HDDs to NAS duties that use SMR technology without informing about it (and, actually, by actively trying to misled customers and then silence the whole situation). that ended up in lawsuit. while others were also caught trying to do similar things, they backed up immediately, while WD still tried to say that “white is black, you know, really”. technology is amazing. i already wrote about it some time ago....

one of the interesting and rarely seen configuration options, is ability to have redundant IPv6 tunnel established from source address tracked by HSRP. if you’re limited by other side of communication - in this example Hurricane Electric - to have only one endpoint of tunnel on your side that’s right tool for task. the way this configuration would work, is that router active in HSRP pair will be the one on which tunnel will be active and forwarding....

recently during casual browsing of WLAN controller i spotted that sometimes users are having problems with receiving responses from DHCP server. i was suprised, as family doesn’t complain - and they’d do that immediately. well, so i went troubleshooting element by element. obviously, switches were primary suspect. why? everything was working, and those DHCP problems were very, very rare - that may mean drops on switch interfaces. Cisco QoS configuration on Catalyst and Nexus switches is far from easy....

i had to do a full recovery recently of my sons MacBook and in doing so, i was greeted with rather mysterious message from Apple: the app store download could not start because it has already been downloaded too many times what? after searching (i’m no longer googling) for a while i couldn’t find anything that made sense. after carefully reviewing internet recovery options i finally found a small, but important difference:...

update this project is still on, but at different IP. please refer to this updated description. old post below recent thread on nanog@ list got me back to old project that i was thinking about long time ago. and here it is - i just launched free-of-charge, load-your-router-with-full-live-bgp-feed service :) if you’re interested in joining the free project, disregard the information below and jump directly to latest version here disclaimer you’re doing this ON YOUR OWN....

last post in the series about my home lab resulted in a number of interesting emails in my inbox. i have to admit that i really appreciate words of praise. as well as those with constructive, critical feedback :) so after short description what is connected where and how (see link above), let’s focus now on services. first and foremost - remember it’s “always DNS” ;) so let’s tackle that....

i was ranting some time ago about slowness in which IT industry is moving from silicon to light, to speed up not only transport of information (we already do that by means of GBIC/SFP/SFP+ modules), but also processing of traffic. there are already means to do exactly that, and we as Cisco are working on delivering such features in next years. i just stumbled upon this article, which deals with doing similar thing but with machine learning - this quote is stunning:...

it’s interesting to see proposal submitted by two “freedom stars” of authoritarian China - Huawei and China Telecom to ITU. on the surface the proposal clearly speaks about future societal needs and development of new, improved technologies that - in the process - would make current IP obsolete. it’s easy to see however that first of all the proposal contains a lot of old ideas that are already implemented (LISP, mobile IP and IPv6 itself just to name a few)....

if you, like me, get bored immediately after you execute copy scp x y, you’ll likely be happy to know that we’re introducing changes in the TCP/IP stack responsible for SCP operations. in NX-OS beginning in 9.3(1), while copying using scp you can add use k-stack, like this: nxos-switch#copy scp://192.168.0.1/nxos.bin bootflash: use-kstack in IOS-XE, starting from 17.2(1), it’s possible to achieve similar speed-up effect by enabling globally ip ssh bulk-mode. the same copy operation should speed up 4-5x over....

while I already mentioned couple of times on this blog, that handling dynamic routing on firewall is asking yourself for unexpected problems, sometimes it’s needed. as Cisco, we don’t normally recommend using ASA or FTD boxes as full table BGP routers. not because they can’t be used in this role, but because we don’t believe it’s a good networking and security practice. here’s example from my home lab testing lab cluster of two ASA 5516-X, running 9....

due to COVID-19 outbreak, we’ve been flooded with request to provide assistance with deploying secure connectivity for remote workers. in some organizations number of remote workers grown from 0 to 7000-10000 in week. some others are serving today over 30000, and here at Cisco, we’re working mostly out of home those days (over 100k people!). thanks to help from my fellow engineers and specialists, we were able to publish following guides, related to building and scaling out VPN headends - both hardware and virtual:...

after last 13 years spent at Cisco Systems Poland, working in the “field” I decided it’s prime time for something new. something, that can challenge me and give back that sense of new adventure. having opportunity to spend all that time with great people, learning a lot and experiencing even more was great fun. i went through full country chain - from “simple” Systems Engineer, to Architecture Lead, Systems Engineer Manager, then Regional Sales Manager (driving 2/3rds of country business operations) and finally Country Systems Engineer Manager and CTO....

last couple of weeks were quite hectic. I’m working on rebuilding the BGP blackholing infrastructure (yes, that’s old site, along with old, expired certificate), along with some extras (like AS112 and RPKI services). the job is like 40% done, with scripts completely rewritten in Python, and the ‘only’ part missing being infra (virtualized and not-so-much) and WWW portal. at the same time, I’ve committed long time ago to new project with failure post-mortem analysis on our netdesign....

as it’s easy to notice, I did a site migration. instead of moving to WordPress however (which was original plan), i decided to follow more ambitious path, and deploy Hugo platform, supported by Go… and static page generation (yeah!). Hugo itself supports i18n, so it provides the most important functionality. it doesn’t hurt that this solution frees me also from continuous tinkering in PHP and SQL :)

recently thanks to Robert Pająk i’ve had an opportunity to speak at fall edition of Akamai Affinity. as the request was to cover the networking side of innovation, i did my best. actually, that was not so recently - back in november last year, to be exact. but indeed quite recently we’ve released news about our 400Gbit/s switch and on the Cisco Live! at Barcelona we’ve demonstrated for the first time ACI evolution - ACI Anywhere....

…and in particular, often goes very badly. not only in life in general, but also in the IT world :) you probably have dozens of stories to tell, if not hundreds. someone configured the port badly, everything worked until it stopped … and when it stopped, it dragged the whole network behind. big time. whole data center. why do we make the same mistakes all the time? automation slightly improves the situation, but sometimes it may dramatically speed up things going bad....

ISR 4000s have the capability to “license” throughput. the solution was built this way with clear goal in mind. previously it was hard to estimate how given router will perform under some random set of features. the CPU driven routers by themselves have a lot of challenges to address, so measuring performance and then sticking to it with each and every new software release was simply unrealistic. we published “kpps” numbers, but then got heat from our Customers, when performance was lower with each and every enabled service....

i’m great fan of Jason Fried and David Heinemeier Hansson books. latest one - it doesn’t have to be crazy at work - is a great continuation of the previous pieces. all of them: rework, remote and getting real should be part of ‘must read’ for teams and their managers. the most important in what they write about is that they bring it to life. and they write about all of the important things - including team management and organization, the way they work, the ideas that guide them and the lack of ‘corporate bullshit stories’ typical workplaces and companies try to invent just to justify need to work harder....

Cixin Liu trilogy was excellent. I wrote about it before. the latest collection of stories by the same author… well. not so much anymore. i am sad to say that it’s almost like Abelard Giza said in one of his standups pieces - ‘first there’s this original idea, and then total shit’). from the whole series of stories in the volume ‘wandering earth’ you can find maybe two or three original and interesting ones....

great book. short but perfect. i will not try to praise and underline my deep knowledge and uderstanding of - Nosowska works. i know her almost exclusively from ‘texan’, and by the way she writes about people like me in one of the chapters about psychotherapists. i did not even knew, that she has a feed on instagram, publishes video - and in general - as a private person. not to mention all of her works....