nice peak info in BGP summary view

nice addition to recent IOS-XE images is the info in BGP view when the peak number of prefixes was received: rtr-edge#sh bgp ipv4 unicast summary [...] 6807 received paths for inbound soft reconfiguration BGP activity 1126906/107856 prefixes, 1337822/171863 paths, scan interval 60 secs 878960 networks peaked at 15:02:09 Jan 29 2022 CET (22:53:01.065 ago) [...] rtr-edge#sh bgp ipv6 unicast summary [...] BGP using 102467162 total bytes of memory BGP activity 1126898/107856 prefixes, 1337806/171843 paths, scan interval 60 secs 140720 networks peaked at 05:46:19 Jan 29 2022 CET (1d08h ago) [....

February 3, 2022 · Łukasz Bromirski

ctrl-break the new (old) way

one of the very old tricks, that’s even documented is how to simulate ctrl-break on newer PCs to break into ROMMON during router/switch boot. instead of fighting with SecureCRT on MacOS, I just used it recently. basically, you: disconnect terminal from the device turn device off set terminal to 1200 (yes, you read this right), 8N1 and no flow control turn device on press SPACE for 10-15 seconds (basically, until your terminal drops out some unreadable characters) reconfig terminal to 9600 8N1 and you should be in ROMMON yes, I’m old....

January 20, 2022 · Łukasz Bromirski

two-stage commit config for NX-OS

if you’re not accustomed to reading release notes for your favorite platform (Nexus NX-OS in this case), probably you already overlooked that starting with 10.1(2) there’s 2-stage commit system, known from IOS XR. what does that mean, really? that doing changes over CLI, directly in the parser, you can edit/add/remove whole blocks of configuration before committing them to running/actual configuration. so in case when you edit interface IP addressing (always touchy moment, specially for devices you’re 300km away for example) the session could look like this:...

July 15, 2021 · Łukasz Bromirski

recert in 2021

my journey with expert-level Cisco certification began already quite far long time ago - 15 years. and with Cisco certification overall - even couple years earlier than that. I was finally able to get hands-on practice with Cisco Continuing Education program. apart from the fact, that trying to pass exams right now remotely during pandemic has abstract requirements I do generally believe it makes sense. one way or another - I’m recertified until April 2024....

April 10, 2021 · Łukasz Bromirski

connecting switches

after I decided to save you and myself from spying eyes of Google Analytics, I don’t really look at my blog web statistics. just glancing over logs shows you’re reading - and that’s about all if you ask me. I noticed however, that for some mysterious reason (the doc is almost two decades old!), my very old article about connecting the switches together still gets downloaded like 30-50 times a month (I’m counting only non-bot downloads), and sometimes even more often....

January 22, 2021 · Łukasz Bromirski

load sharing, part one

if you happen to have more than one internet connection and they have different usable bandwidths - which is no longer a rarity today - it becomes interesting element in network design. how would you use these links optimally? i have to admit, that i was provoked to sit down and write down this series of post by Marcin Ślęczek post on ccie.pl forum. Marcin is CEO of networkers.pl but by heart, he’s network engineer and sometimes fights with interesting problems....

January 7, 2021 · Łukasz Bromirski

technology is just a tool

…but tools have to be used responsibly. first of all, short disclaimer - I’d like to make it perfectly clear before we go into this long piece, that I’m a: …big fan of discussing merits of technology and technology overall. I love technology. I believe having opportunity to create networks, solutions that really connect people and give us chance to exchange information is something I could do for the rest of my life, with full focus and commitment....

December 28, 2020 · Łukasz Bromirski

world wide convergence of BGP

Daniel Dib asked recently on Twitter about BGP convergence time for world wide operations. two hours he got in response from his friend seemed a bit too long. I did recently help to spin up new ASN with new IPv4 prefix (well, both came from second hand, but you get the point) and as far as I could tell, propagation took around 15 minutes maximum. so in the interest of self-education, I started digging....

September 24, 2020 · Łukasz Bromirski

redundant IPv6 tunnel from HE with HSRP

one of the interesting and rarely seen configuration options, is ability to have redundant IPv6 tunnel established from source address tracked by HSRP. if you’re limited by other side of communication - in this example Hurricane Electric - to have only one endpoint of tunnel on your side that’s right tool for task. the way this configuration would work, is that router active in HSRP pair will be the one on which tunnel will be active and forwarding....

August 31, 2020 · Łukasz Bromirski

my home network #2

last post in the series about my home lab resulted in a number of interesting emails in my inbox. i have to admit that i really appreciate words of praise. as well as those with constructive, critical feedback :) so after short description what is connected where and how (see link above), let’s focus now on services. first and foremost - remember it’s “always DNS” ;) so let’s tackle that....

July 27, 2020 · Łukasz Bromirski

bored waiting for scp to complete?

if you, like me, get bored immediately after you execute copy scp x y, you’ll likely be happy to know that we’re introducing changes in the TCP/IP stack responsible for SCP operations. in NX-OS beginning in 9.3(1), while copying using scp you can add use k-stack, like this: nxos-switch#copy scp://192.168.0.1/nxos.bin bootflash: use-kstack in IOS-XE, starting from 17.2(1), it’s possible to achieve similar speed-up effect by enabling globally ip ssh bulk-mode. the same copy operation should speed up 4-5x over....

March 26, 2020 · Łukasz Bromirski

changing lanes

after last 13 years spent at Cisco Systems Poland, working in the “field” I decided it’s prime time for something new. something, that can challenge me and give back that sense of new adventure. having opportunity to spend all that time with great people, learning a lot and experiencing even more was great fun. i went through full country chain - from “simple” Systems Engineer, to Architecture Lead, Systems Engineer Manager, then Regional Sales Manager (driving 2/3rds of country business operations) and finally Country Systems Engineer Manager and CTO....

October 6, 2019 · Łukasz Bromirski

doing recert

every two (or three, depending how desperate you are) years, in life of every CCIE and CCDE there is this looming deadline called ‘recertification’. panic is usually short lived and ends with ‘push’ - succesful recertification. in variable styles and techniques, but successful nonetheless. i had opportunity recently to execute this dance. and wise words people say, that if you loose daily connection with networking gear and technologies, you very quickly loose and forget expert level skills....

October 3, 2015 · Łukasz Bromirski

this is how it should work

weekend at countryside kind of suprised me… :) so, Cisco 887VAGW+7-E-K9, a little configuration and here we are. ! chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 15 "OK" ! interface Cellular0 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation slip load-interval 30 dialer in-band dialer idle-timeout 300 dialer string gsm dialer-group 1 async mode interactive ! ip nat translation timeout 60 ip route 0.0.0.0 0.0.0.0 Cellular0 ! dialer-list 1 protocol ip permit !...

May 24, 2015 · Łukasz Bromirski

daily "top" for spam and malware

it’s interesting to take a look. and then a second look - as a lot of well known networks and hosts appear on those maps: SenderBase malware SenderBase spam and for general SenderBase reports, biggest threat intelligence network go here: SenderBase

May 13, 2015 · Łukasz Bromirski

standards...

…or who needs them anyway today? there’s interesting article written down by one of Google employees, that perfectly describes how ineffective today standard bodies are, and how less and less influence they have on the market. cisco decided to spearhead new solutions without waiting for multi-year discussions, true to the ‘good description and working code’ motto. if we wouldn’t be doing that, there would be no PVLANs, FabricPath (TRILL) but also protocols like LDP or HSRP/VRRP/GLBP....

May 22, 2014 · Łukasz Bromirski

ipv6... once again in bad spotlight

all memory and CPU related features in IPv6 world is major challenge even for modern hardware. unfortunately this is emphasized with lack of best practices followed by developers writing code. i just noticed there’s Microsoft Windows problem with IPv6 RA. it seems that actual problem is not limited only to RA, but actually - to the whole networking stack when working with link-local addresses. under Microsoft Windows code is allocating memory pretty recklessly....

April 1, 2014 · Łukasz Bromirski

CCDE bootcamp

it will be unique opportunity in Poland and in this part of Europe. with group of my dear friends and design masters - Piotr Jabłoński, Sebastian Pasternacki and Piotr Matusiak i’ll be delivering bootcamp-type of training for CCDE. we’re starting on 5th of may - and you can find more details here.

February 28, 2014 · Łukasz Bromirski

Aegis at UW

Maciej Broniarz invited us to take part in new security focused conference. Aegis (just like Aegis - American integrated naval weapons system) will take place on 2nd and 3rd July at University of Warsaw. i hope that most of you will decide to take part of it, as judging from agenda. together with Maciej we’d like to also have a panel on DDoS attacks, and then we’ll deliver session together - ‘security by duct tape’....

June 19, 2013 · Łukasz Bromirski

"i don't understant, but will critize anyway"...

i’ve stumbled upon an article of Michael Leonard from Juniper. he decided to take a stab at LISP. i usually call such articles with the title of this post, and the article mentioned is all about it. while we’re discussing in open forums with engineers and architects from Juniper, and in most of them we actually do cooperate - including in LISP, which author doesn’t seem to even know about - it’s sad to look at people who believe attacking competition is everything they should do in life....

January 13, 2013 · Łukasz Bromirski

IOS shell

if you haven’t noticed by now, in the IOS 15M line we introduced IOS shell. firing it up is just as easy as doing: C2#conf t C2(config)#shell processing full now you have new, UNIX-like commands and options to chain them, including nested grep. C2#sh running-config | wc -l 163 C2#sh running-config | grep ip | grep 2001 ipv6 address 2001:DB8:10::10:254/64 ipv6 route ::/0 2001:DB8:10::10:1 if you by now are fun of such capabilities, having been working with IOS XR - it’s a nice touch :)

October 29, 2012 · Łukasz Bromirski

software defined networking or why openflow is not enough

using our new blogging platform, i just published short piece about just announced onePK. i’m watching live discussions for over two years now about network control capabilities. i was one of those distanced guys when it comes to OpenFlow “explosion” in popularity. and as time did show - I was right. today even hardware vendors suddenly slowed down a bit and distance themselves from new standard versions, and development tempo also falls down....

July 2, 2012 · Łukasz Bromirski

switch matrixes and terabits...

i just made a short post describing a bit behavior and characteristics of new Sup720-10GE switching matrix that can be installed in Catalyst 6500 - for cisco-nsp@ folks: In old Sup720 design, the Supervisor itself is connected to the fabric using one channel. This channel is used by Hyperion ASIC to provide for bus interface, and multicast/SPAN features. Because there’s no other way to connect the uplinks on the Sup itself, the Hyperion has it’s interface also terminating the uplinks (2xGE) thus limiting effective throughput/etc....

June 13, 2012 · Łukasz Bromirski

ccde the way it should be :)

i’ve had a opportunity today to take the CCDE exam in London again. accompanied by two fellow SEs and one of the engineers working for Cisco Partner in Poland, we’ve took our chances. and it’s definitely better - feedback works. out of 6 scenarios you work only with 4, split statically by 2 for before and after the lunch. questions are more to the point, and there’s less of text to look for information from....

March 29, 2012 · Łukasz Bromirski

ccde #2

I’ve took a CCDE practical earlier today, and for the second time I’m pretty clueless how it went, however I have a strong feeling that it was similar to my first take: no go. this time I’ve spent 7 hours, not 5, to do the test, however most of the time I was trying to answer questions based on the small set of information provided. again I’m under strong feeling, that the set of information was not enough to judge on some of the questions, not to mention the effect Russ White describes as “you’d be confused for the whole time”....

October 21, 2011 · Łukasz Bromirski

we, 2001:420:80:1:c:15c0:d06:f00d

“Cisco eats in own dog food” or as you may elite-write-it: c15c0 d06 f00d. we announced participation in ISOC IPv6 day as a first vendor. some parts of our infrastructure serve IPv6 natively, but that’s a great opportunity to test it at scale - including hardware and software for systems that’s used for our internal and Customer services. among other things we’re testing AnyConnect 3.0 with native IPv6 support (public version is going to be available in couple of months), ACE 3....

June 8, 2011 · Łukasz Bromirski

CCDE, or how to design a network... or six of them

today I’ve met CCDE practical exam heads-on in London. it’s a new one at the Expert level, focusing on designing and redesigning of the networks - according to the virtual needs of virtual customers. after the Networkers CCDE presentation delivered by one of the authors of the CCDE program - Russ White - it’s hard to expect anything different than what they say. it’s very focused on “why”, and “how” is touched only in some generic terms....

May 6, 2011 · Łukasz Bromirski

IPv6 for WOŚP - summary

while the experiment was a success, effects were rather modest :) during the entire 9th, if we dismiss connections from bots connecting from University of Pennsylvania (greetings!) and China (really interesting URL mangling techniques), we’ve had 20 unique users and 1145 sessions. late evening, after grand finale additional 80 users visited us, and session counter increased to over 4500. i definitely didn’t do good job of marketing IPv6 availability for WOŚP, or IPv6 geeks were far away from IPv6-enabled internet that day....

January 11, 2011 · Łukasz Bromirski

ipv6 will play with Big Orchestra

traditionally for last couple of years engineering team at Cisco Poland is taking care of securing infrastructure for Wielkia Orkiestra Świątecznej Pomocy. this year i decided to launch experimental support for IPv6 - while we were not allowed to move all infrastructure to IPv6, it should be possible next year. everyone that has IPv6 access can point browser to ipv6.wosp.org.pl. everything works based on reverse-proxy provided by Apache, FreeBSD and Cisco MCS server :)...

January 7, 2011 · Łukasz Bromirski

lisp@plnog#5

i was stubborn - and while from the very first moment we’ve had a lot of challenges with the hotel infrastructure, i was able to run xTR routers during last PLNOG for LISP. no, it’s not about programming Cisco routers with LISP, but about new concept of Location/ID Split, that is new concept enabling you to treat traffic engineering in internet differently. in short - we still serve traffic like we always did (backward compatibility), but by assigning users and companies IPv4 and IPv6 addressing from special pools, we can treat this traffic in a different manner....

October 24, 2010 · Łukasz Bromirski