it was a rule some time ago, right now its rare luxury - to have time to sit down with book that’s not about networking and spend time reading it from start to finish. i got back to most of Stanislaw Lem books, Anthony Beevor monography of both Berlin and Stalingrad battles. i’m still in front of Norman Davies ‘Uprising ‘44’ (i’m ashamed to admit, but no, I haven’t read it yet)....
…doesn’t have to be totally banal. it’s much more performant (300kpps, around the NPE300 performance from 7200!), so i upgraded my home 1803w to 1941w. as there are no readily available examples for complete config of the router (wired + WLAN), I decided to take the case in my hands and produce some examples. you may find them here.
those of you frequently visiting my home site noticed that it wasn’t available for some time. unfortunately, that’s because of interesting RAID 5 failure in my server that hosts also my web page. FreeBSD relentlessly tried to serve web traffic from filesystem that was failing apart because of hardware problems, but then, 30 minutes after first failure, second hard disk failed in the same array! temperature was finely tuned, but it seems that after 5 years of continous work they had to fail....
plnog, plnog and… gone. it looks like we have actually grown into the most serious and largest independent conference dedicated to people working on service provider networks in Poland - though I’m not going to fight anyone on the number of participants, this additional 100 people on each subsequent edition of PLNOG (we counted 395 participants this time!) speaks for itself. to the point that I’ve met many people for the first time in my life :)...
…tool for documenting and mapping networks. also, short piece on deconfliction. Google to enlist NSA to help in the cyberdefence, and short brief on efficient meetings from great blog (read it!) winter break… aaand it’s gone.
there’s really almost nothing much simpler than starting to use IPv6. first of all, all major OS support IPv6 today. most of them are running it out of the box. second of all, tunnel brokers are available everywhere, so while i haven’t had luck with sixxs (they didn’t respond after weeks of waiting), using Hurricane Electric was easy and took like seconds. friendly “wizard” will walk you through and then even show example of configuration for your device....
not so long ago as a joke I had a sad vision of what will happen when in the end all our data, including DNA, will be stored in a digital form. the company(-ies) that store them just goes bankrupt and sells them as the most valuable resources. we did it standing in the queue at the airport in Washington, where to get to the US we had to get our photo taken (which was compared with the previous ones) and pass their fingerprints closer to the unidentified governmental agenda created as part of the Bush government’s panic and hysterical movements after the attacks of 11th of September....
druga edycja CONFidence 2009 w tym roku, a już siódma ogólnie zakończyła się parę godzin temu. zgodnie z przewidywaniami mieliśmy dużo dobrej zabawy, całą rzeszę prelegentów wraz z ciekawymi sesjami i oczywiście - was. widzów, uczestników i aktywnych współtwórców konferencji (a przecież, jak doskonale wiemy, ostatnio nie każdy ma to szczęście :D). sesje i materiały z sesji, oraz materiały dodatkowe będą pojawiać się z czasem na stronie konferencji. moja prezentacja znajduje się jak zwykle w secji z prezentacjami....
już w najbliższy czwartek zaczyna się druga tegoroczna edycja konferencji poświęconej bezpieczeństwu - CONFidence. tym razem tematyka sesji jest jeszcze bardziej zróżnicowana niż ostatnio, co przypisać należy zapewne podróżom Andrzeja i tym, co widział na konferencjach zagranicznych :) z działki sieciowej pojawi się Felix Lindner, badacz m.in. IOSa. jego sesja niewątpliwie otwiera oczy, szczególnie osobom które uważają że ich producent sprzęt dostarcza rozwiązania lepszej jakości i bezpieczniejsze niż Cisco. będzie niewątpliwie ciekawa dla wszystkich, którzy uważają że Cisco nie robi dobrej roboty zabezpieczając Cisco IOS....
i’ve read two books recently, essentially as you can say ‘on one breath’. our polish books, important ones. first, legendary today is Black crosses over Poland by Stanisław Skalski. every military aviation fan should read this one, because it brilliantly and lively describes how it was in september 1939 to fight loosing war for polish sky. it was relentless, there was no integrated strategy, but pilots shown their best. cruel reality of second world war squeezed and twisted their lifes and they tried to live through it....
very interesting article, that led to writing this even more interesting article, describing how computer viruses compare to human.
probably everyone watching TV and listening to the radio, or with Internet access knows about Belarussian Su-27 crash. two-seater version went down, killing both pilot and weapons operator. the flight itself, before the crash, was beautiful - as usual in the case of russian fighters. the real honor for sacrifice goes however to both pilot and weapons operator. why? despite the fact, that the fighter hit high voltage lines and they were perfectly capable of ejecting, they decided against....
there’s a very interesting page that shows what’s upcoming in FreeBSD 8 release.
i had a problem yesterday - i needed to generate at least a dozen packets per second minimum between two connected devices (without ability to insert PC or traffic generator between them - that was Catalyst 3550 and 4900M). traffic needed to be exchanged over a time frame of several hours, so ping from console line wasn’t feasible either. the solution was pretty straightfoward - ip sla. as Catalyst 4900M was to be under test, on Catalyst 3550 i created two VRFs:...
…as described by Claudio Jeker during last AsiaBSDCon can be found here and here for whitepaper. Henning Brauer, on the other hand, gave a very good packet filtering session and OpenBSD network stack in general during DC BSDCon 2009. video can be found here and slides here.
during previous PLNOG we’ve had a broad discussion about apocalyptic vision of depleting IPv4 and 2-byte space. some time ago Cisco IOS 12.4(24)T was released, and it brings 4-byte ASN feature for ISR (1800/2800/3800) and 7200 routers. so if you’re using Cisco gear, you can request 4 byte ASN using RIPE form, and then advertising it properly (starting from 1st of January, 2009 RIPE will by default hand out 4 byte ASNs)....
if you haven’t seen my practical demonstration at SecureCON 2007, you can see extended version on this thursday - i’ll be visiting AGH in Cracow at 7:45pm to do “show & tell” session as part of netWork sessions. session will be extended as we’ll have more time. photos can be found here and more information about the session itself can be found here.
i came back yesterday from Brussels and today at 5:30am the verdict came in - definitely “PASS” :) so… let me share some advice and tips for those of you preparing to take CCIE SP practical exam (without breaking NDA of course). first of all - if you have that luxury of training on any software version - please try to check with the current Cisco page and align. software is quite “specific”, and you may be hit with interesting behavior that may be a little bit different from mainline versions....
on the network throughput front, we’re fighting (albeit in distributed manner) for getting throughput from commodity PC hardware on par with dedicated, hardware routing platforms. with OSes like Linux and BSD. to that end, recent document published after last Linux Congress in Hamburg shows that while it’s important to select proper multi-core CPU and motherboard to do fast traffic forwarding, we’re still hitting bottleneck at around 1Mpps. curiously enough, on one of the slides you can spot information, that large FIB in Linux doesn’t impact performance too much....
for all those of you concerned with vanishing of BGP blackholing PL project page - please calm down. we’re moving. current page is here. in other news, i’ll host discussion panel on upcoming PLNOG 2009. we’ll touch on blackholingu and other best practices to increase security of internet infrastructure. i’ll be joined by Konrad Plich from TP SA and polish CERT representatives.
delivering good and interesting presentation is usually challenge people talk about a lot. and that doesn’t even account for sessions in your native or foreign language. presentation, or put in other way - communication between you and other people (one, two, thousand) can trigger sleepless nights and fear often balooning to irrational size (USA surveys show that fear of public speaking is put on the first place, before insects and - watch this - death itself!...
thanks to Mirosław Kwaśniak, who in his very own time managed to find a way to generate PDF with polish letters - i was able to publish PDF that renders properly. thank you!
in a month from now, we’ll be launching first edition of PLNOG conference. we’re working to deliver a lot of interesting sessions. apart from many abroad presenters, we’ll host also our own, polish specialists. you’ll have a chance to meet Wojtek Apel (3S), Tomasz Paszkowski (nasza-klasa.pl) and Marcin Mazurek (Allegro.pl). somewhere in the agenda there’s also my session about MPLS Traffic Engineering. before that, on Saturday and Sunday, I’ll deliver hands-on workshops on BGP and MPLS....
summer holidays are in full swing - starting from 26th of July i’ll be running Cisco Academy courses at PROIDEA for CCNP. everyone who’s eager to have a good time learning and discussing technologies (way outside of official curriculum) should immediately contact academy reception. independently of that, we have two large conferences coming. at Cisco Expo 2008 i will deliver sessions on network architecture that minimizes the chances of becoming a victim of a DDoS attack and becoming part of botnet....
my article on defending networks from DDoS attacks was just published in online version of NetWorld magazine.
during upcoming CONFidence 2008 conference, i’ll be delivering hands-on workshop about Cisco router security. of course you’re more than welcome :) video recording from SecureCON 2007 was published here.
we just finished Cisco Expo, and there’s a lot of feedback and comments all around the internet - on ccie.pl or for example at barni.LOG. next week i should be able to present at SecureCON (well, if this time i’ll be able to get there in the first place :) ). i’ll be delivering a session about attacking and defending computer networks.
6 people responded to my call for a Cisco FAQ PL conversion idea up until today… but unfortunately there are no results so far. well, maybe it’s time to roll up your sleeves and do it yourself … in unrelated, but more optimistic news - a week ago i finished delivering SMB Bootcamp for Cisco partners. there was a lot of work (3 days, 12-14 hours each). you can read a bit about it in the link above on the CCIE....
CCIE #15929. nothing more, nothing less :)
i’ll be presenting soon on following events: Noc Linuksozerców, in Kraków, 25-26 February FreeCON 2006 in Wrocław, 22-23 April CONFidence 2006 in Kraków, 13-14 May if you’d like to hear something specific during the sessions with regards to routing or security, please send me an email.