aviate, navigate, communicate

ASA and full BGP table(s)

while I already mentioned couple of times on this blog, that handling dynamic routing on firewall is asking yourself for unexpected problems, sometimes it’s needed. as Cisco, we don’t normally recommend using ASA or FTD boxes as full table BGP routers. not because they can’t be used in this role, but because we don’t believe it’s a good networking and security practice. here’s example from my home lab testing lab cluster of two ASA 5516-X, running 9. Read more →

świat się zmienia

…i dobrze. już za dwa tygodnie widzimy się w Krakowie, na kolejnej - siedemnastej - edycji PLNOGa. konferencja, którą zaczęliśmy od dyskusji o BGP, MPLS-TE, RSVP i przydatności interfejsów 10GE dla operatorów (w 2009 roku to nadal była nowość - migracja do 10GE), dzisiaj skupia się na konsekwencjach wdrażania SDNów, wpływie IoT na sieci operatorskie, różnych sposobach realizacji usług chmury publicznej i hybrydowej… w końcu o programowych Centrach Przetwarzania Danych i konsekwencji upowszechnienia się sieci nakładkowych. Read more →

deploy SIDR

google again dropped out of the internet because of failure to filter prefixes. SIDR configuration on Cisco gear is really simple - for IOS-XE, IOS-XR. if you have Juniper it takes like half a second of searching. of course configuring is one thing, visiting RIPE and cerfifying your own resources is another thing. then it’s all done. every prefix signed, and every autonomous system checking for certification data is helping. every single one. Read more →

IOS shell

if you haven’t noticed by now, in the IOS 15M line we introduced IOS shell. firing it up is just as easy as doing: now you have new, UNIX-like commands and options to chain them, including nested grep. if you by now are fun of such capabilities, having been working with IOS XR - it’s a nice touch :) Read more →

10GE at home

as you can see, 1GE share in overall switching market started to rise only recently (mainly thanks to cheap NICs and onboard integrations done by Realtek, Marvell, Broadcom and Intel). on the other hand, hunger for bandwidth grows as well - full HD movies from NAS need a lot of it, and if you’re planning to do something in addition to that sourced from the same NAS - it’s even worse (it seems everyone streams nowadays video content to different mobile devices around their homes over WLAN). Read more →

bgp w labie

dawno dawno temu, zabawa z BGP (samo nieco ironiczne tłumaczenie tego akronimu jako Bardzo Groźny Protokół zdaje się zdradzać w którą stronę podąża ten akapit) była zdecydowanie zarezerwowana dla wtajemniczonych tego świata, którzy nieco jak Lemowski Trurl i Klapaucjusz naśmiewali się z niewiedzy, ale z drugiej strony sami tą wiedzą się nie dzielili. potem zmieniło się wiele, opary w jaskiniach wiedzy nieco się rozrzedziły, pojawiły się kursy, certyfikacje, elitarne a potem masowe kursy - i nagle BGP ma w domu każda gospodyni domowa, gdyż bez niego nie wrzuci sobie via bluetooth nowego kontaktu do komórki. Read more →

ip sla and shell scripting

i had a problem yesterday - i needed to generate at least a dozen packets per second minimum between two connected devices (without ability to insert PC or traffic generator between them - that was Catalyst 3550 and 4900M). traffic needed to be exchanged over a time frame of several hours, so ping from console line wasn’t feasible either. the solution was pretty straightfoward - IP SLA. as Catalyst 4900M was to be under test, on Catalyst 3550 i created two VRFs: Read more →


during previous PLNOG we’ve had a broad discussion about apocalyptic vision of depleting IPv4 and 2-byte space. some time ago Cisco IOS 12.4(24)T was released, and it brings 4-byte ASN feature for ISR (1800/2800/3800) and 7200 routers. so if you’re using Cisco gear, you can request 4 byte ASN using RIPE form, and then advertising it properly (starting from 1st of January, 2009 RIPE will by default hand out 4 byte ASNs). Read more →