Posts

after experiencing massive hardware problems with MacBook Pro, i immediately fell into series of mysterious SSD failures. i’m baffled with the state of the (pro) electronics market. first, there was OCZ Vertex 2. my MacBook Pro couldn’t properly work in SATA3 mode despite the fact that Intel controller could. so i moved then to OCZ 2 working on slower SATA bus. it died after week, silently and ultimately. well, RMA submitted, disk will travel to Netherlands and then they’ll send me back working one....

as i was visiting US for extended period of time, i decided to pull the trigger and in Apple Store bought myself new, shiny 17" MacBook Pro 2011. what’s ridiculous is that when you compare prices in Poland vs US, i’ve paid around 4,5k PLN (around 1000$) less than I’d pay in Poland - even though, Apple doesn’t import such high end configs to Poland. unbelievable, 1/3 of the cost of the whole machine!...

“Cisco eats in own dog food” or as you may elite-write-it: c15c0 d06 f00d. we announced participation in ISOC IPv6 day as a first vendor. some parts of our infrastructure serve IPv6 natively, but that’s a great opportunity to test it at scale - including hardware and software for systems that’s used for our internal and Customer services. among other things we’re testing AnyConnect 3.0 with native IPv6 support (public version is going to be available in couple of months), ACE 3....

today I’ve met CCDE practical exam heads-on in London. it’s a new one at the Expert level, focusing on designing and redesigning of the networks - according to the virtual needs of virtual customers. after the Networkers CCDE presentation delivered by one of the authors of the CCDE program - Russ White - it’s hard to expect anything different than what they say. it’s very focused on “why”, and “how” is touched only in some generic terms....

as you can see, 1GE share in overall switching market started to rise only recently (mainly thanks to cheap NICs and onboard integrations done by Realtek, Marvell, Broadcom and Intel). on the other hand, hunger for bandwidth grows as well - full HD movies from NAS need a lot of it, and if you’re planning to do something in addition to that sourced from the same NAS - it’s even worse (it seems everyone streams nowadays video content to different mobile devices around their homes over WLAN)....

i’d like to thank everyone that was part of last PLNOG edition. we introduced education track - that was your idea, voiced in chats and in surveys. it seems that the idea was right, so on september PLNOG edition we’ll continue with MPLS and QoS. also according to announcements, we did joint session with Rafał about architecture of ethernet switches and IP routers. i hope you liked it. we still miss real life use case sessions provided by you - service providers....

some time ago i’ve written a post about displaying live traffic that is going throught the router. also, i covered how it can be split based on autonomous system (with some sorting capabilities built in), thanks to Flexible NetFlow. recently, Flexible NetFlow was extended to use NBAR capabilities, and with that we have new options to sort traffic by application. with slightly modified flow record snippet, we can collect also the application name:...

good people at RIPE did some testing and it turns out it’s pretty quick!

…hit me again (in a positive way). i was experimenting in my lab and wanted to define a lot of queues (and i mean a lot of them) in ALTQ. unfortunately, very quickly during parsing of pf.conf pfctl barked out following information: pfctl: DIOCADDALTQ: Cannot allocate memory to overcome the problem, you only need to modify those three files: /usr/include/altq/altq_hfsc.h /usr/src/sbin/pfctl/missing/altq/altq_hfsc.h /usr/src/sys/contrib/altq/altq/altq_hfsc.h where #define HFSC_MAX_CLASSES 64 is defined - to requested value....

it seems Google decided to reach out to wider community and use the freely available network stack for it’s own MPLS prototyping. the effect is complete MPLS LSR prototype described during recent NANOG 50 talk that’s also available as video. of course it’s quite interesting to see Google experimenting with that kind of solutions - maybe it will be connected to OpenFlow as non-academic exercise? will it become mainstay of new service provider networks?...

IPsec code in OpenBSD is source of constant discussions. it seems there’s no reason to panic (and OpenBSD penetration is anyway minimal), but there’s a lot of interesting discussions and rumours around code itself and it’s origin. in particular i’d recommend to read this short piece (and this tweet) with code references. they demonstrate for the n-th time, that OpenBSD team, and in particular Theo is really building creative marketing and at the same time patch bugs silently without disclosing them....

for some time Jim Gettys on his blog is writing a lot about problems caused by buffers, queues and other congestion avoidance mechanisms. you should really read about them. especially, if you’re in this group that believes big buffers solve all of the problems, and dropping traffic is absolute evil. nowadays it should be treated as absolutely normal thing - in most of the real life cases. on the upcoming, sixth PLNOG we may be able to tackle this problem (if there will be space in agenda), and have a shot at myths and legends related to network QoS....

it started in a innocent way - my company W510 started to work slower and slower. as it is very busy usually and i need full performance and every bit of power for daily work, obviously i decided to investigate. Windows 7 x64 installed in a clean and very controller manner, 8GB of RAM available and usually not used in more than 50%. so what’s going on? Lenovo is using SSD drives of a different size....

while the experiment was a success, effects were rather modest :) during the entire 9th, if we dismiss connections from bots connecting from University of Pennsylvania (greetings!) and China (really interesting URL mangling techniques), we’ve had 20 unique users and 1145 sessions. late evening, after grand finale additional 80 users visited us, and session counter increased to over 4500. i definitely didn’t do good job of marketing IPv6 availability for WOŚP, or IPv6 geeks were far away from IPv6-enabled internet that day....

working remotely on Windows via Remote Desktop if you’re hanging off GRPS or 3G connectivity somewhere in the mountains (for example) isn’t optimal. as I had to access some such servers remotely. you can find cygwin useful (there’s also VanDyke V-Shell, a bit pricey and for non-commercial use). cygwin package installs UNIX environment, and that - yes - may include OpenSSH plus some tools (like scp for example) you just need to download, and then run installation, selecting cygrunsrv and openssh....

traditionally for last couple of years engineering team at Cisco Poland is taking care of securing infrastructure for Wielkia Orkiestra Świątecznej Pomocy. this year i decided to launch experimental support for IPv6 - while we were not allowed to move all infrastructure to IPv6, it should be possible next year. everyone that has IPv6 access can point browser to ipv6.wosp.org.pl. everything works based on reverse-proxy provided by Apache, FreeBSD and Cisco MCS server :)...

we’re nearing end of calendar year. i’d highly recommend to consider donating to FreeBSD project with your own money, if you (like me) are using FreeBSD everywhere, where stability, availability, performance, security and scalability is critical.

long, long time ago, playing with BGP was reserved for secret group of people, that somewhat alike Lems Trurl and Klapaucjusz were laughing from mere mortals but didn’t share the knowledge. then, a lot of things changed, trainings, certifications appeared, and then bootcamps and finally massive, open-for-all intro courses. and now, BGP is everywhere and is configured by anyone - you’ll find typical home wives running it as well, as without it they couldn’t upload new contact via bluetooth it seems....

i was stubborn - and while from the very first moment we’ve had a lot of challenges with the hotel infrastructure, i was able to run xTR routers during last PLNOG for LISP. no, it’s not about programming Cisco routers with LISP, but about new concept of Location/ID Split, that is new concept enabling you to treat traffic engineering in internet differently. in short - we still serve traffic like we always did (backward compatibility), but by assigning users and companies IPv4 and IPv6 addressing from special pools, we can treat this traffic in a different manner....

during upcoming PLNOG i’ll cover two relatively new features available in Cisco gear. LISP which stands for Locator/ID SPlit is first, deployed and available both commercially and as open source code) solution that can enable internet to scale out without further growth of routing table size. it also brings advanced traffic engineering capabilities to pure IP networks. LISP was invented and is being actively developed by Cisco employees, working in different teams across research and development departaments....

if you’re peering with somebody else using one of available IXPs, prediction of traffic flow changes and optimization of paid services is crucial for proper traffic engineering. one of the more popular and easier tools, that is able to visualize traffic exchanged between ASes is AS-Stats. to properly doing its work, AS-Stats needs proper link definition in knownlinks file. NetFlow probes exported to collector will contain only the id and AS-Stats needs to match it....

it seems that more and more things are landing in our homes. couple of people that created nTop project with cooperation with Intel, built a device driver for Linux that can forward traffic using Intel X520 directly with 32 thousands of rules applied. 32 thousands is quite a number to serve real-life aggregation or core router, but at the same time it’s more than needed to serve as home firewall. similar things were done in the past in NVidia nForce chipset....

fifth PLNOG edition is coming in on 21st and 22nd of october this year. this time we’ll have Merike Kaeo delivering keynote session. her topic of choice? security - suprising, isn’t it? :P as you can imagine we’re buttoning up agenda and it will be published soon. in the meantime, we already have over 200 attendees registered, which is great result given you still don’t know what you’ll be able to see :)...

I wrote about such ideas over two years ago. it seems the concept of offloading packet forwarding from CPU to GPU may have some merits, and if you’re interested in that - take a look at packetshader. still however, hardware config needed to achieve that kind of performance feat is quite expensive. it demonstrates however that GPU, next to FPGA experiments, can also be viable way of forwarding in high-performance packet forwarding/routing based on PCs....

everybody talks about IPv6 and still too few of us take it seriously. on polish mailing list dedicated to implementing IPv6 we get steady series of IPv6 prefix announcements, but real services available over this protocol is low. as a proof of concept for upcoming PLNOG, I just launched full network stack (Cisco 7200VXR with NPE-G1, ASA 5500-X, Catalyst 3750) and service (FreeBSD) for dual stack operation. IPv6 should be preferred, and while there’s still some things to tune down (like for example, DNS resolver in Windows XP), it should work....

…it’s already past (it’s quote from famous polish comedy - Boys don’t cry). you can get much better than that. you simply ‘restart whole internet using secret team of key bearers’: Cards you see are keys to global internetwork. There are seven of them and may be used to restart internet in the event of Earth-shattering cataclysm. Yes, we have to be prepared for anything. In the event of global outage, DNSSEC system would be damaged....

it was a rule some time ago, right now its rare luxury - to have time to sit down with book that’s not about networking and spend time reading it from start to finish. i got back to most of Stanislaw Lem books, Anthony Beevor monography of both Berlin and Stalingrad battles. i’m still in front of Norman Davies ‘Uprising ‘44’ (i’m ashamed to admit, but no, I haven’t read it yet)....

…doesn’t have to be totally banal. it’s much more performant (300kpps, around the NPE300 performance from 7200!), so i upgraded my home 1803w to 1941w. as there are no readily available examples for complete config of the router (wired + WLAN), I decided to take the case in my hands and produce some examples. you may find them here.

those of you frequently visiting my home site noticed that it wasn’t available for some time. unfortunately, that’s because of interesting RAID 5 failure in my server that hosts also my web page. FreeBSD relentlessly tried to serve web traffic from filesystem that was failing apart because of hardware problems, but then, 30 minutes after first failure, second hard disk failed in the same array! temperature was finely tuned, but it seems that after 5 years of continous work they had to fail....

plnog, plnog and… gone. it looks like we have actually grown into the most serious and largest independent conference dedicated to people working on service provider networks in Poland - though I’m not going to fight anyone on the number of participants, this additional 100 people on each subsequent edition of PLNOG (we counted 395 participants this time!) speaks for itself. to the point that I’ve met many people for the first time in my life :)...