Cisco

all memory and CPU related features in IPv6 world is major challenge even for modern hardware. unfortunately this is emphasized with lack of best practices followed by developers writing code. i just noticed there’s Microsoft Windows problem with IPv6 RA. it seems that actual problem is not limited only to RA, but actually - to the whole networking stack when working with link-local addresses. under Microsoft Windows code is allocating memory pretty recklessly. ...

it will be unique opportunity in Poland and in this part of Europe. with group of my dear friends and design masters - Piotr Jabłoński, Sebastian Pasternacki and Piotr Matusiak i’ll be delivering bootcamp-type of training for CCDE. we’re starting on 5th of may - and you can find more details here.

Maciej Broniarz invited us to take part in new security focused conference. Aegis (just like Aegis - American integrated naval weapons system) will take place on 2nd and 3rd July at University of Warsaw. i hope that most of you will decide to take part of it, as judging from agenda. together with Maciej we’d like to also have a panel on DDoS attacks, and then we’ll deliver session together - ‘security by duct tape’. in other words, we’re going to show you best examples of security practices to avoid following. ...

i’ve stumbled upon an article of Michael Leonard from Juniper. he decided to take a stab at LISP. i usually call such articles with the title of this post, and the article mentioned is all about it. while we’re discussing in open forums with engineers and architects from Juniper, and in most of them we actually do cooperate - including in LISP, which author doesn’t seem to even know about - it’s sad to look at people who believe attacking competition is everything they should do in life. his comments are misguided, and willingness to be visible sad. it also doesn’t show juniper as a company in good light. ...

if you haven’t noticed by now, in the IOS 15M line we introduced IOS shell. firing it up is just as easy as doing: C2#conf t C2(config)#shell processing full now you have new, UNIX-like commands and options to chain them, including nested grep. C2#sh running-config | wc -l 163 C2#sh running-config | grep ip | grep 2001 ipv6 address 2001:DB8:10::10:254/64 ipv6 route ::/0 2001:DB8:10::10:1 if you by now are fun of such capabilities, having been working with IOS XR - it’s a nice touch :) ...

using our new blogging platform, i just published short piece about just announced onePK. i’m watching live discussions for over two years now about network control capabilities. i was one of those distanced guys when it comes to OpenFlow “explosion” in popularity. and as time did show - I was right. today even hardware vendors suddenly slowed down a bit and distance themselves from new standard versions, and development tempo also falls down. more and more of these that believed supporting OpenFlow will suddenly change their support model and feature set - start to understand thats hardly true. some of them even decided to abandon this direction altogether. ...

i just made a short post describing a bit behavior and characteristics of new Sup720-10GE switching matrix that can be installed in Catalyst 6500 - for cisco-nsp@ folks: In old Sup720 design, the Supervisor itself is connected to the fabric using one channel. This channel is used by Hyperion ASIC to provide for bus interface, and multicast/SPAN features. Because there’s no other way to connect the uplinks on the Sup itself, the Hyperion has it’s interface also terminating the uplinks (2xGE) thus limiting effective throughput/etc. BTW, both PFC and MSFC are also connected to the rest of the chassis linecards by Hyperion (PFC) and Pinnacle (MSFC). On the Sup720-10GE, the separate, 19th channel is used to connect the uplinks directly into fabric. Hyperion is still there, it still takes the channel “belonging” to the slot which Supervisor itself is in, but thanks to such design doesn’t limit in any way performance you can achieve on the 2x10GE uplinks (or 4xGE). In the new design, Hyperion takes care of providing connectivity to MSFC3 complex, while Metropolis (ASIC terminating the uplinks and connected to fabric) takes care of providing transport to PFC3C/CXL. The 20th channel is used in the same fashion for the redundant Sup if it’s inserted into chassis. Hope that clears it a bit. ...

i’ve had a opportunity today to take the CCDE exam in London again. accompanied by two fellow SEs and one of the engineers working for Cisco Partner in Poland, we’ve took our chances. and it’s definitely better - feedback works. out of 6 scenarios you work only with 4, split statically by 2 for before and after the lunch. questions are more to the point, and there’s less of text to look for information from. there’s less of mistakes as well. finally it’s the exam you can pass, this time however it seems it is more focused on book knowledge not necessarily experience. ...

I’ve took a CCDE practical earlier today, and for the second time I’m pretty clueless how it went, however I have a strong feeling that it was similar to my first take: no go. this time I’ve spent 7 hours, not 5, to do the test, however most of the time I was trying to answer questions based on the small set of information provided. again I’m under strong feeling, that the set of information was not enough to judge on some of the questions, not to mention the effect Russ White describes as “you’d be confused for the whole time”. it basically boils down to the fact that you answer a question from the design that’s clearly up to the explicitly given scenario information, just to notice that couple of questions forward, the design, topology or set of “going forward” information is different. confusing, to say at least :) ...

“Cisco eats in own dog food” or as you may elite-write-it: c15c0 d06 f00d. we announced participation in ISOC IPv6 day as a first vendor. some parts of our infrastructure serve IPv6 natively, but that’s a great opportunity to test it at scale - including hardware and software for systems that’s used for our internal and Customer services. among other things we’re testing AnyConnect 3.0 with native IPv6 support (public version is going to be available in couple of months), ACE 3.0 service cards for load-balancing, and firewall systems (ASA-SM service cards and ASA 5585-X). ...