Posts

while the experiment was a success, effects were rather modest :) during the entire 9th, if we dismiss connections from bots connecting from University of Pennsylvania (greetings!) and China (really interesting URL mangling techniques), we’ve had 20 unique users and 1145 sessions. late evening, after grand finale additional 80 users visited us, and session counter increased to over 4500. i definitely didn’t do good job of marketing IPv6 availability for WOŚP, or IPv6 geeks were far away from IPv6-enabled internet that day. ...

working remotely on Windows via Remote Desktop if you’re hanging off GRPS or 3G connectivity somewhere in the mountains (for example) isn’t optimal. as I had to access some such servers remotely. you can find cygwin useful (there’s also VanDyke V-Shell, a bit pricey and for non-commercial use). cygwin package installs UNIX environment, and that - yes - may include OpenSSH plus some tools (like scp for example) you just need to download, and then run installation, selecting cygrunsrv and openssh. if you’re done - you just need to bootstrap SSH server and then start service responsible for SSH. ...

traditionally for last couple of years engineering team at Cisco Poland is taking care of securing infrastructure for Wielkia Orkiestra Świątecznej Pomocy. this year i decided to launch experimental support for IPv6 - while we were not allowed to move all infrastructure to IPv6, it should be possible next year. everyone that has IPv6 access can point browser to ipv6.wosp.org.pl. everything works based on reverse-proxy provided by Apache, FreeBSD and Cisco MCS server :) ...

we’re nearing end of calendar year. i’d highly recommend to consider donating to FreeBSD project with your own money, if you (like me) are using FreeBSD everywhere, where stability, availability, performance, security and scalability is critical.

long, long time ago, playing with BGP was reserved for secret group of people, that somewhat alike Lems Trurl and Klapaucjusz were laughing from mere mortals but didn’t share the knowledge. then, a lot of things changed, trainings, certifications appeared, and then bootcamps and finally massive, open-for-all intro courses. and now, BGP is everywhere and is configured by anyone - you’ll find typical home wives running it as well, as without it they couldn’t upload new contact via bluetooth it seems. ...

i was stubborn - and while from the very first moment we’ve had a lot of challenges with the hotel infrastructure, i was able to run xTR routers during last PLNOG for LISP. no, it’s not about programming Cisco routers with LISP, but about new concept of Location/ID Split, that is new concept enabling you to treat traffic engineering in internet differently. in short - we still serve traffic like we always did (backward compatibility), but by assigning users and companies IPv4 and IPv6 addressing from special pools, we can treat this traffic in a different manner. LISP is de facto overlay network concept. this itself is nothing revolutionary, but on the other hand - it’s first such network that got wide adoption in world-wide internet. why would you like to use LISP? apart from ability to conserve IP addresses, LISP gives you ability to do traffic engineering without use of BGP or involving third parties. and in effect, adopting it may mean less FIB space needed on core internet routers. ...

during upcoming PLNOG i’ll cover two relatively new features available in Cisco gear. LISP which stands for Locator/ID SPlit is first, deployed and available both commercially and as open source code) solution that can enable internet to scale out without further growth of routing table size. it also brings advanced traffic engineering capabilities to pure IP networks. LISP was invented and is being actively developed by Cisco employees, working in different teams across research and development departaments. architecture itself is however open and fully documented. it’s very universal, and provides additional ability to merge IPv4 and IPv6 or provide seamless coexistence. it also supports multicast. LISP is not only interesting tool or vendor trick, right now it is being used by Google and Facebook. what’s actually interesting in Facebook case, during last major outage of interatlantic links, some of the internet accessing Facebook was accessing it over LISP proxy http://www.lisp4.facebook.com - in fully transparent, and essentially invisible for typical user way. LISP is also obviously used by Cisco and being integrated into our products. ...

if you’re peering with somebody else using one of available IXPs, prediction of traffic flow changes and optimization of paid services is crucial for proper traffic engineering. one of the more popular and easier tools, that is able to visualize traffic exchanged between ASes is AS-Stats. to properly doing its work, AS-Stats needs proper link definition in knownlinks file. NetFlow probes exported to collector will contain only the id and AS-Stats needs to match it. example file itself for my installation is simple: ...

it seems that more and more things are landing in our homes. couple of people that created nTop project with cooperation with Intel, built a device driver for Linux that can forward traffic using Intel X520 directly with 32 thousands of rules applied. 32 thousands is quite a number to serve real-life aggregation or core router, but at the same time it’s more than needed to serve as home firewall. similar things were done in the past in NVidia nForce chipset. ...

fifth PLNOG edition is coming in on 21st and 22nd of october this year. this time we’ll have Merike Kaeo delivering keynote session. her topic of choice? security - suprising, isn’t it? :P as you can imagine we’re buttoning up agenda and it will be published soon. in the meantime, we already have over 200 attendees registered, which is great result given you still don’t know what you’ll be able to see :) ...