we, 2001:420:80:1:c:15c0:d06:f00d

“Cisco eats in own dog food” or as you may elite-write-it: c15c0 d06 f00d. we announced participation in ISOC IPv6 day as a first vendor. some parts of our infrastructure serve IPv6 natively, but that’s a great opportunity to test it at scale - including hardware and software for systems that’s used for our internal and Customer services. among other things we’re testing AnyConnect 3.0 with native IPv6 support (public version is going to be available in couple of months), ACE 3....

June 8, 2011 · Łukasz Bromirski

CCDE, or how to design a network... or six of them

today I’ve met CCDE practical exam heads-on in London. it’s a new one at the Expert level, focusing on designing and redesigning of the networks - according to the virtual needs of virtual customers. after the Networkers CCDE presentation delivered by one of the authors of the CCDE program - Russ White - it’s hard to expect anything different than what they say. it’s very focused on “why”, and “how” is touched only in some generic terms....

May 6, 2011 · Łukasz Bromirski

10GE at home

as you can see, 1GE share in overall switching market started to rise only recently (mainly thanks to cheap NICs and onboard integrations done by Realtek, Marvell, Broadcom and Intel). on the other hand, hunger for bandwidth grows as well - full HD movies from NAS need a lot of it, and if you’re planning to do something in addition to that sourced from the same NAS - it’s even worse (it seems everyone streams nowadays video content to different mobile devices around their homes over WLAN)....

April 16, 2011 · Łukasz Bromirski

plnog #6 - completed

i’d like to thank everyone that was part of last PLNOG edition. we introduced education track - that was your idea, voiced in chats and in surveys. it seems that the idea was right, so on september PLNOG edition we’ll continue with MPLS and QoS. also according to announcements, we did joint session with Rafał about architecture of ethernet switches and IP routers. i hope you liked it. we still miss real life use case sessions provided by you - service providers....

March 17, 2011 · Łukasz Bromirski

flexible netflow and CLI - part two

some time ago i’ve written a post about displaying live traffic that is going throught the router. also, i covered how it can be split based on autonomous system (with some sorting capabilities built in), thanks to Flexible NetFlow. recently, Flexible NetFlow was extended to use NBAR capabilities, and with that we have new options to sort traffic by application. with slightly modified flow record snippet, we can collect also the application name:...

February 15, 2011 · Łukasz Bromirski

how quick is world-wide BGP?

good people at RIPE did some testing and it turns out it’s pretty quick!

February 14, 2011 · Łukasz Bromirski

pf, altq and benefits of source code access...

…hit me again (in a positive way). i was experimenting in my lab and wanted to define a lot of queues (and i mean a lot of them) in ALTQ. unfortunately, very quickly during parsing of pf.conf pfctl barked out following information: pfctl: DIOCADDALTQ: Cannot allocate memory to overcome the problem, you only need to modify those three files: /usr/include/altq/altq_hfsc.h /usr/src/sbin/pfctl/missing/altq/altq_hfsc.h /usr/src/sys/contrib/altq/altq/altq_hfsc.h where #define HFSC_MAX_CLASSES 64 is defined - to requested value....

January 23, 2011 · Łukasz Bromirski

opensource & mpls

it seems Google decided to reach out to wider community and use the freely available network stack for it’s own MPLS prototyping. the effect is complete MPLS LSR prototype described during recent NANOG 50 talk that’s also available as video. of course it’s quite interesting to see Google experimenting with that kind of solutions - maybe it will be connected to OpenFlow as non-academic exercise? will it become mainstay of new service provider networks?...

January 19, 2011 · Łukasz Bromirski

this is not the vulnerability you are looking for...

IPsec code in OpenBSD is source of constant discussions. it seems there’s no reason to panic (and OpenBSD penetration is anyway minimal), but there’s a lot of interesting discussions and rumours around code itself and it’s origin. in particular i’d recommend to read this short piece (and this tweet) with code references. they demonstrate for the n-th time, that OpenBSD team, and in particular Theo is really building creative marketing and at the same time patch bugs silently without disclosing them....

January 16, 2011 · Łukasz Bromirski

to queue or buffer? or not?

for some time Jim Gettys on his blog is writing a lot about problems caused by buffers, queues and other congestion avoidance mechanisms. you should really read about them. especially, if you’re in this group that believes big buffers solve all of the problems, and dropping traffic is absolute evil. nowadays it should be treated as absolutely normal thing - in most of the real life cases. on the upcoming, sixth PLNOG we may be able to tackle this problem (if there will be space in agenda), and have a shot at myths and legends related to network QoS....

January 16, 2011 · Łukasz Bromirski

OEMing SSD drives

it started in a innocent way - my company W510 started to work slower and slower. as it is very busy usually and i need full performance and every bit of power for daily work, obviously i decided to investigate. Windows 7 x64 installed in a clean and very controller manner, 8GB of RAM available and usually not used in more than 50%. so what’s going on? Lenovo is using SSD drives of a different size....

January 14, 2011 · Łukasz Bromirski

IPv6 for WOŚP - summary

while the experiment was a success, effects were rather modest :) during the entire 9th, if we dismiss connections from bots connecting from University of Pennsylvania (greetings!) and China (really interesting URL mangling techniques), we’ve had 20 unique users and 1145 sessions. late evening, after grand finale additional 80 users visited us, and session counter increased to over 4500. i definitely didn’t do good job of marketing IPv6 availability for WOŚP, or IPv6 geeks were far away from IPv6-enabled internet that day....

January 11, 2011 · Łukasz Bromirski

OpenSSH under windows 7

working remotely on Windows via Remote Desktop if you’re hanging off GRPS or 3G connectivity somewhere in the mountains (for example) isn’t optimal. as I had to access some such servers remotely. you can find cygwin useful (there’s also VanDyke V-Shell, a bit pricey and for non-commercial use). cygwin package installs UNIX environment, and that - yes - may include OpenSSH plus some tools (like scp for example) you just need to download, and then run installation, selecting cygrunsrv and openssh....

January 8, 2011 · Łukasz Bromirski

ipv6 will play with Big Orchestra

traditionally for last couple of years engineering team at Cisco Poland is taking care of securing infrastructure for Wielkia Orkiestra Świątecznej Pomocy. this year i decided to launch experimental support for IPv6 - while we were not allowed to move all infrastructure to IPv6, it should be possible next year. everyone that has IPv6 access can point browser to ipv6.wosp.org.pl. everything works based on reverse-proxy provided by Apache, FreeBSD and Cisco MCS server :)...

January 7, 2011 · Łukasz Bromirski

freebsd foundation

we’re nearing end of calendar year. i’d highly recommend to consider donating to FreeBSD project with your own money, if you (like me) are using FreeBSD everywhere, where stability, availability, performance, security and scalability is critical.

December 30, 2010 · Łukasz Bromirski

bgp in the lab

long, long time ago, playing with BGP was reserved for secret group of people, that somewhat alike Lems Trurl and Klapaucjusz were laughing from mere mortals but didn’t share the knowledge. then, a lot of things changed, trainings, certifications appeared, and then bootcamps and finally massive, open-for-all intro courses. and now, BGP is everywhere and is configured by anyone - you’ll find typical home wives running it as well, as without it they couldn’t upload new contact via bluetooth it seems....

November 21, 2010 · Łukasz Bromirski

lisp@plnog#5

i was stubborn - and while from the very first moment we’ve had a lot of challenges with the hotel infrastructure, i was able to run xTR routers during last PLNOG for LISP. no, it’s not about programming Cisco routers with LISP, but about new concept of Location/ID Split, that is new concept enabling you to treat traffic engineering in internet differently. in short - we still serve traffic like we always did (backward compatibility), but by assigning users and companies IPv4 and IPv6 addressing from special pools, we can treat this traffic in a different manner....

October 24, 2010 · Łukasz Bromirski

plnog 5 - sidr i lisp

during upcoming PLNOG i’ll cover two relatively new features available in Cisco gear. LISP which stands for Locator/ID SPlit is first, deployed and available both commercially and as open source code) solution that can enable internet to scale out without further growth of routing table size. it also brings advanced traffic engineering capabilities to pure IP networks. LISP was invented and is being actively developed by Cisco employees, working in different teams across research and development departaments....

October 4, 2010 · Łukasz Bromirski

flexible netflow in service of statistics

if you’re peering with somebody else using one of available IXPs, prediction of traffic flow changes and optimization of paid services is crucial for proper traffic engineering. one of the more popular and easier tools, that is able to visualize traffic exchanged between ASes is AS-Stats. to properly doing its work, AS-Stats needs proper link definition in knownlinks file. NetFlow probes exported to collector will contain only the id and AS-Stats needs to match it....

September 19, 2010 · Łukasz Bromirski

pf_ring, 32 thousands of rules and Intel X520

it seems that more and more things are landing in our homes. couple of people that created nTop project with cooperation with Intel, built a device driver for Linux that can forward traffic using Intel X520 directly with 32 thousands of rules applied. 32 thousands is quite a number to serve real-life aggregation or core router, but at the same time it’s more than needed to serve as home firewall. similar things were done in the past in NVidia nForce chipset....

September 4, 2010 · Łukasz Bromirski

plnog 5

fifth PLNOG edition is coming in on 21st and 22nd of october this year. this time we’ll have Merike Kaeo delivering keynote session. her topic of choice? security - suprising, isn’t it? :P as you can imagine we’re buttoning up agenda and it will be published soon. in the meantime, we already have over 200 attendees registered, which is great result given you still don’t know what you’ll be able to see :)...

August 28, 2010 · Łukasz Bromirski

gigabits per second thanks to GPU

I wrote about such ideas over two years ago. it seems the concept of offloading packet forwarding from CPU to GPU may have some merits, and if you’re interested in that - take a look at packetshader. still however, hardware config needed to achieve that kind of performance feat is quite expensive. it demonstrates however that GPU, next to FPGA experiments, can also be viable way of forwarding in high-performance packet forwarding/routing based on PCs....

August 23, 2010 · Łukasz Bromirski

ipv6 - baby steps

everybody talks about IPv6 and still too few of us take it seriously. on polish mailing list dedicated to implementing IPv6 we get steady series of IPv6 prefix announcements, but real services available over this protocol is low. as a proof of concept for upcoming PLNOG, I just launched full network stack (Cisco 7200VXR with NPE-G1, ASA 5500-X, Catalyst 3750) and service (FreeBSD) for dual stack operation. IPv6 should be preferred, and while there’s still some things to tune down (like for example, DNS resolver in Windows XP), it should work....

August 21, 2010 · Łukasz Bromirski

"sendmail over emacs"

…it’s already past (it’s quote from famous polish comedy - Boys don’t cry). you can get much better than that. you simply ‘restart whole internet using secret team of key bearers’: Cards you see are keys to global internetwork. There are seven of them and may be used to restart internet in the event of Earth-shattering cataclysm. Yes, we have to be prepared for anything. In the event of global outage, DNSSEC system would be damaged....

July 29, 2010 · Łukasz Bromirski

summer reading

it was a rule some time ago, right now its rare luxury - to have time to sit down with book that’s not about networking and spend time reading it from start to finish. i got back to most of Stanislaw Lem books, Anthony Beevor monography of both Berlin and Stalingrad battles. i’m still in front of Norman Davies ‘Uprising ‘44’ (i’m ashamed to admit, but no, I haven’t read it yet)....

July 24, 2010 · Łukasz Bromirski

1941w and its configuration...

…doesn’t have to be totally banal. it’s much more performant (300kpps, around the NPE300 performance from 7200!), so i upgraded my home 1803w to 1941w. as there are no readily available examples for complete config of the router (wired + WLAN), I decided to take the case in my hands and produce some examples. you may find them here.

June 29, 2010 · Łukasz Bromirski

short RAID story

those of you frequently visiting my home site noticed that it wasn’t available for some time. unfortunately, that’s because of interesting RAID 5 failure in my server that hosts also my web page. FreeBSD relentlessly tried to serve web traffic from filesystem that was failing apart because of hardware problems, but then, 30 minutes after first failure, second hard disk failed in the same array! temperature was finely tuned, but it seems that after 5 years of continous work they had to fail....

June 12, 2010 · Łukasz Bromirski

after plnog #4

plnog, plnog and… gone. it looks like we have actually grown into the most serious and largest independent conference dedicated to people working on service provider networks in Poland - though I’m not going to fight anyone on the number of participants, this additional 100 people on each subsequent edition of PLNOG (we counted 395 participants this time!) speaks for itself. to the point that I’ve met many people for the first time in my life :)...

March 6, 2010 · Łukasz Bromirski

interesting...

…tool for documenting and mapping networks. also, short piece on deconfliction. Google to enlist NSA to help in the cyberdefence, and short brief on efficient meetings from great blog (read it!) winter break… aaand it’s gone.

February 6, 2010 · Łukasz Bromirski

ipv6 for christmas

there’s really almost nothing much simpler than starting to use IPv6. first of all, all major OS support IPv6 today. most of them are running it out of the box. second of all, tunnel brokers are available everywhere, so while i haven’t had luck with sixxs (they didn’t respond after weeks of waiting), using Hurricane Electric was easy and took like seconds. friendly “wizard” will walk you through and then even show example of configuration for your device....

December 24, 2009 · Łukasz Bromirski