after last blog on sharing full bgp feed for IPv4, I got a number of interesting questions. given many of you were asking to have also IPv6 available, I decided to extend the project to cover that as well. disclaimer you’re doing this ON YOUR OWN. i’m not responsible for anything on your end and service itself. so if it crashes your router, makes all traffic to follow different paths, or essentially anything that you can’t control - you’re completely on your own....
thanks to inspiration from Robert Woźny, i’ve just launched two separate AS112 sites in Poland. that would never be possible without great folks at ATMAN: Sebastian Olejnik and Damian Nowacki …and at EPIX: Krzysztof Czuszek and Paweł Staszewski what is AS112 all about? as112 AS112 is world-wide project that sinkholes requests coming in from misbehaving or misconfigured DNS clients (which may be your home PC but also some enterprise-y workstation). they send queries looking for answers to questions like “what’s the name of 192....
starting from tomorrow, we’re launching another edition of PLNOG conference. as usually, I’d like to invite you to join us. I’ll be delivering session about Segment Routing with Piotr Jabłoński during second day of the conference, at 4:15pm. as Segment Routing was already covered couple of times, we’ll focus on practical deployment guide in existing networks. I’ll be also demoing some of the aspects we’ll cover live during the session....
Daniel Dib asked recently on Twitter about BGP convergence time for world wide operations. two hours he got in response from his friend seemed a bit too long. I did recently help to spin up new ASN with new IPv4 prefix (well, both came from second hand, but you get the point) and as far as I could tell, propagation took around 15 minutes maximum. so in the interest of self-education, I started digging....
i posted quite emotional piece some time ago - on real world warriors that really don’t need to do anything more than they already did. despite that, they want more. publicity, fame and to achieve that - they use lies. it seems even poster hero of US - killed sniper Chris Kyle did a bit of lying himself. and it seems he was even warned specifically against it by his superior - that he can’t make false claims about number of medals he received....
how David defeated Goliath this story started in June of this year. one of Apple AppStore employees made an “error” while reviewing revision of Basecamp authors new app - Hey. David Heinemeier Hansson, one of the Basecamp founders, took it to Twitter David is not only Basecamp CEO, he’s author of series of great books on running teams and companies. he started to relay live on Twitter emails he and his employees exchanged with Apple Application Store team....
WD was recently caught red-handed on trying to sell HDDs to NAS duties that use SMR technology without informing about it (and, actually, by actively trying to misled customers and then silence the whole situation). that ended up in lawsuit. while others were also caught trying to do similar things, they backed up immediately, while WD still tried to say that “white is black, you know, really”. technology is amazing. i already wrote about it some time ago....
one of the interesting and rarely seen configuration options, is ability to have redundant IPv6 tunnel established from source address tracked by HSRP. if you’re limited by other side of communication - in this example Hurricane Electric - to have only one endpoint of tunnel on your side that’s right tool for task. the way this configuration would work, is that router active in HSRP pair will be the one on which tunnel will be active and forwarding....
recently during casual browsing of WLAN controller i spotted that sometimes users are having problems with receiving responses from DHCP server. i was suprised, as family doesn’t complain - and they’d do that immediately. well, so i went troubleshooting element by element. obviously, switches were primary suspect. why? everything was working, and those DHCP problems were very, very rare - that may mean drops on switch interfaces. Cisco QoS configuration on Catalyst and Nexus switches is far from easy....
i had to do a full recovery recently of my sons MacBook and in doing so, i was greeted with rather mysterious message from Apple: the app store download could not start because it has already been downloaded too many times what? after searching (i’m no longer googling) for a while i couldn’t find anything that made sense. after carefully reviewing internet recovery options i finally found a small, but important difference:...
update this project is still on, but at different IP. please refer to this updated description. old post below recent thread on nanog@ list got me back to old project that i was thinking about long time ago. and here it is - i just launched free-of-charge, load-your-router-with-full-live-bgp-feed service :) if you’re interested in joining the free project, disregard the information below and jump directly to latest version here disclaimer you’re doing this ON YOUR OWN....
last post in the series about my home lab resulted in a number of interesting emails in my inbox. i have to admit that i really appreciate words of praise. as well as those with constructive, critical feedback :) so after short description what is connected where and how (see link above), let’s focus now on services. first and foremost - remember it’s “always DNS” ;) so let’s tackle that....
i was ranting some time ago about slowness in which IT industry is moving from silicon to light, to speed up not only transport of information (we already do that by means of GBIC/SFP/SFP+ modules), but also processing of traffic. there are already means to do exactly that, and we as Cisco are working on delivering such features in next years. i just stumbled upon this article, which deals with doing similar thing but with machine learning - this quote is stunning:...
it’s interesting to see proposal submitted by two “freedom stars” of authoritarian China - Huawei and China Telecom to ITU. on the surface the proposal clearly speaks about future societal needs and development of new, improved technologies that - in the process - would make current IP obsolete. it’s easy to see however that first of all the proposal contains a lot of old ideas that are already implemented (LISP, mobile IP and IPv6 itself just to name a few)....
if you, like me, get bored immediately after you execute copy scp x y, you’ll likely be happy to know that we’re introducing changes in the TCP/IP stack responsible for SCP operations. in NX-OS beginning in 9.3(1), while copying using scp you can add use k-stack, like this: nxos-switch#copy scp://192.168.0.1/nxos.bin bootflash: use-kstack in IOS-XE, starting from 17.2(1), it’s possible to achieve similar speed-up effect by enabling globally ip ssh bulk-mode. the same copy operation should speed up 4-5x over....
while I already mentioned couple of times on this blog, that handling dynamic routing on firewall is asking yourself for unexpected problems, sometimes it’s needed. as Cisco, we don’t normally recommend using ASA or FTD boxes as full table BGP routers. not because they can’t be used in this role, but because we don’t believe it’s a good networking and security practice. here’s example from my home lab testing lab cluster of two ASA 5516-X, running 9....
due to COVID-19 outbreak, we’ve been flooded with request to provide assistance with deploying secure connectivity for remote workers. in some organizations number of remote workers grown from 0 to 7000-10000 in week. some others are serving today over 30000, and here at Cisco, we’re working mostly out of home those days (over 100k people!). thanks to help from my fellow engineers and specialists, we were able to publish following guides, related to building and scaling out VPN headends - both hardware and virtual:...
after last 13 years spent at Cisco Systems Poland, working in the “field” I decided it’s prime time for something new. something, that can challenge me and give back that sense of new adventure. having opportunity to spend all that time with great people, learning a lot and experiencing even more was great fun. i went through full country chain - from “simple” Systems Engineer, to Architecture Lead, Systems Engineer Manager, then Regional Sales Manager (driving 2/3rds of country business operations) and finally Country Systems Engineer Manager and CTO....
last couple of weeks were quite hectic. I’m working on rebuilding the BGP blackholing infrastructure (yes, that’s old site, along with old, expired certificate), along with some extras (like AS112 and RPKI services). the job is like 40% done, with scripts completely rewritten in Python, and the ‘only’ part missing being infra (virtualized and not-so-much) and WWW portal. at the same time, I’ve committed long time ago to new project with failure post-mortem analysis on our netdesign....
as it’s easy to notice, I did a site migration. instead of moving to WordPress however (which was original plan), i decided to follow more ambitious path, and deploy Hugo platform, supported by Go… and static page generation (yeah!). Hugo itself supports i18n, so it provides the most important functionality. it doesn’t hurt that this solution frees me also from continuous tinkering in PHP and SQL :)
recently thanks to Robert Pająk i’ve had an opportunity to speak at fall edition of Akamai Affinity. as the request was to cover the networking side of innovation, i did my best. actually, that was not so recently - back in november last year, to be exact. but indeed quite recently we’ve released news about our 400Gbit/s switch and on the Cisco Live! at Barcelona we’ve demonstrated for the first time ACI evolution - ACI Anywhere....
…and in particular, often goes very badly. not only in life in general, but also in the IT world :) you probably have dozens of stories to tell, if not hundreds. someone configured the port badly, everything worked until it stopped … and when it stopped, it dragged the whole network behind. big time. whole data center. why do we make the same mistakes all the time? automation slightly improves the situation, but sometimes it may dramatically speed up things going bad....
ISR 4000s have the capability to “license” throughput. the solution was built this way with clear goal in mind. previously it was hard to estimate how given router will perform under some random set of features. the CPU driven routers by themselves have a lot of challenges to address, so measuring performance and then sticking to it with each and every new software release was simply unrealistic. we published “kpps” numbers, but then got heat from our Customers, when performance was lower with each and every enabled service....
i’m great fan of Jason Fried and David Heinemeier Hansson books. latest one - it doesn’t have to be crazy at work - is a great continuation of the previous pieces. all of them: rework, remote and getting real should be part of ‘must read’ for teams and their managers. the most important in what they write about is that they bring it to life. and they write about all of the important things - including team management and organization, the way they work, the ideas that guide them and the lack of ‘corporate bullshit stories’ typical workplaces and companies try to invent just to justify need to work harder....
image = “/images/2018/11/wandering-earth.png” Cixin Liu trilogy was excellent. I wrote about it before. the latest collection of stories by the same author… well. not so much anymore. i am sad to say that it’s almost like Abelard Giza said in one of his standups pieces - ‘first there’s this original idea, and then total shit’). from the whole series of stories in the volume ‘wandering earth’ you can find maybe two or three original and interesting ones....
great book. short but perfect. i will not try to praise and underline my deep knowledge and uderstanding of - Nosowska works. i know her almost exclusively from ‘texan’, and by the way she writes about people like me in one of the chapters about psychotherapists. i did not even knew, that she has a feed on instagram, publishes video - and in general - as a private person. not to mention all of her works....
it took me a few hours to figure out the new subtleties. new computers from Apple with a built-in T2 chip (i.e. new iMac Pro and Macbook Pro 2018 edition) have a dedicated operating system protection. what’s the problem? first of all, by default, they can not be booted from an external medium. it’s part of the security that Apple introduced to make it more difficult for a potential hacker....
i just realised, that there’s a port! you just need to install xhyve… and that’s it. you don’t need VMware or VirtualBox anymore. have a great virtualization!
great and unfortunately very short book about british geeks. it consists of couple of short chapters covering specific areas - from satellites (Ariel program), Blue Streak missiles, through Concorde (and all history of trying to keep it in service), to geeky pieces like legendary David Brabens Elite game. you won’t find too much about Elite game itself, as author is focusing more on the business side of things. however, there are couple of interesting pieces - like David relentless work on optimizing game code for BBC Micro (20kB of RAM!...
I bought it, so you won’t have to. ‘blood, sweat and pixels’ is book of Jason Schreier - kotaku fame. and to set record straight - it’s very, very bad book. to further add to insult, one of the chapters is focused on our very own ‘witcher 3’. let me shorten your torment, and save 30 PLNs by summarizing the diagram that Jason uses to describe the process of creating each of the games:...