bgp blackholing is back

BGP Blackholing is back - with small steps (‘better done than perfect’). go ahead and visit the current project page with “quick howto”. happy blackholing!

February 28, 2022 · Łukasz Bromirski

bgp in the lab #3

after last blog on sharing full bgp feed for IPv4, I got a number of interesting questions. given many of you were asking to have also IPv6 available, I decided to extend the project to cover that as well. disclaimer you’re doing this ON YOUR OWN. i’m not responsible for anything on your end and service itself. so if it crashes your router, makes all traffic to follow different paths, or essentially anything that you can’t control - you’re completely on your own. ...

October 7, 2020 · Łukasz Bromirski

world wide convergence of BGP

Daniel Dib asked recently on Twitter about BGP convergence time for world wide operations. two hours he got in response from his friend seemed a bit too long. I did recently help to spin up new ASN with new IPv4 prefix (well, both came from second hand, but you get the point) and as far as I could tell, propagation took around 15 minutes maximum. so in the interest of self-education, I started digging. ...

September 24, 2020 · Łukasz Bromirski

bgp in the lab #2

update this project is still on, but at different IP. please refer to this updated description. old post below recent thread on nanog@ list got me back to old project that i was thinking about long time ago. and here it is - i just launched free-of-charge, load-your-router-with-full-live-bgp-feed service :) if you’re interested in joining the free project, disregard the information below and jump directly to latest version here disclaimer you’re doing this ON YOUR OWN. i’m not responsible for anything on your end and service itself. so if it crashes your router, makes all traffic to follow different paths, or essentially anything that you can’t control - you’re completely on your own. ...

August 5, 2020 · Łukasz Bromirski

bored waiting for scp to complete?

if you, like me, get bored immediately after you execute copy scp x y, you’ll likely be happy to know that we’re introducing changes in the TCP/IP stack responsible for SCP operations. in NX-OS beginning in 9.3(1), while copying using scp you can add use k-stack, like this: nxos-switch#copy scp://192.168.0.1/nxos.bin bootflash: use-kstack in IOS-XE, starting from 17.2(1), it’s possible to achieve similar speed-up effect by enabling globally ip ssh bulk-mode. the same copy operation should speed up 4-5x over. ...

March 26, 2020 · Łukasz Bromirski

use keys, not passwords

it’s subject old as world (password-protected world, that is). i had to do some of cleanup on my devices and i hit a problem with 4096 bit keys. so, just as a reference that may be helpful somewhere for someone - you import keys to Cisco IOS without any special problems: router#conf t Enter configuration commands, one per line. End with CNTL/Z. router(config)#ip ssh pubkey-chain router(conf-ssh-pubkey)#username TEST router(conf-ssh-pubkey-user)#key-string router(conf-ssh-pubkey-data)#AAAAB3NzaC1yc2EAAAADAQABAAACAQDCiLBaopUwsFb9YJNhGqVYqBajlrH S/zwD6/yR6N8VcRzrpqMMNCFXe1q5GMGM[...]ANWInd9GHBjTzbJWVwavxy1ooQewii8ErofZuv1l/SXSdXLzfL p0zMoZ0L+BNPS0j4XBS0N3t8Vl8oVixqIeG2BNTCNaDDt6hx2Q== lukasz@bromirski.net router(conf-ssh-pubkey-user)#exit router(conf-ssh-pubkey)#exit for Cisco ASA, keys that are longer than 2048 bits need to be prepared using pkf format, as command line has limit of 512 bytes. so, to move key in OpenSSH compliant format like this one: ...

April 1, 2015 · Łukasz Bromirski

15.2(3)T is out, so is IOS-XE 3.6S

…and inside, you’ll find a lot of completely new features overall (MediaTrace 2.0, IPv6 for GETVPN data plane, new IPv6 IP SLA extensions, LISP extensions), or for the first time available on software routing platforms like ISR G2s (BGP PIC Edge and Core, BGP route-server, Multicast Live-Live). everything can be found here. simultaneously, IOS_XE 3.6S came out, along with bunch of features that are catching up with traditional IOS releases - things like CGNAT or hardware support for BFD. ...

April 3, 2012 · Łukasz Bromirski

bgp in the lab

long, long time ago, playing with BGP was reserved for secret group of people, that somewhat alike Lems Trurl and Klapaucjusz were laughing from mere mortals but didn’t share the knowledge. then, a lot of things changed, trainings, certifications appeared, and then bootcamps and finally massive, open-for-all intro courses. and now, BGP is everywhere and is configured by anyone - you’ll find typical home wives running it as well, as without it they couldn’t upload new contact via bluetooth it seems. ...

November 21, 2010 · Łukasz Bromirski