Networks

due to COVID-19 outbreak, we’ve been flooded with request to provide assistance with deploying secure connectivity for remote workers. in some organizations number of remote workers grown from 0 to 7000-10000 in week. some others are serving today over 30000, and here at Cisco, we’re working mostly out of home those days (over 100k people!). thanks to help from my fellow engineers and specialists, we were able to publish following guides, related to building and scaling out VPN headends - both hardware and virtual: ...

recently thanks to Robert Pająk i’ve had an opportunity to speak at fall edition of Akamai Affinity. as the request was to cover the networking side of innovation, i did my best. actually, that was not so recently - back in november last year, to be exact. but indeed quite recently we’ve released news about our 400Gbit/s switch and on the Cisco Live! at Barcelona we’ve demonstrated for the first time ACI evolution - ACI Anywhere. ACI evolves to bridge hardware and software worlds in more flexible ways, and its latest release enables the whole set of functions with pure software solutions (aka ‘cloud’). ...

plnog, plnog and… it’s gone. twentieth edition - how the time flies… from the beginning we knew it may be hard, but we can make it. ’let’s target 60 people!’ was the second decision after we agreed to ‘do this’ and create PLNOG. 124 of you showed up. i don’t really remember all of the things that happened that day. and that was only 10 years ago! i remember only the fact, that we couldn’t fit you in one of the Cracows Wawel room that Andrzejs team was able to secure for this experiment. i remember i was worried that ‘people won’t come back’ after this, and Andrew was calming me down - as he usually does. ...

NASA spent recently a lot of effort (and i suspect - money) to find Fortran proficient developer to rewrite code working still on Voyager. ideal candidate was found finally at NASA. this begs a question - how much you can do in Fortran having 64kB of RAM and less than 3W of power? it’s completely different task than our typical computers, not to mention bad practices they learn to junior developers due to abundance of hardware resources. ...

OpenSSH 7 among other things discontinued older key exchange protocols for Diffie-Hellmans group 1 (diffie-hellman-group1-sha1). we already know that it can be compromised by executing attack known as Logjam. that’s all good and nice, until you try to connect to such device using newly upgraded SSH. if your device doesn’t support DH group 1 key exchange, you need to upgrade software. if you already have software capable of doing so, it needs to be configured on the box. ...

weekend at countryside kind of suprised me… :) so, Cisco 887VAGW+7-E-K9, a little configuration and here we are. ! chat-script gsm "" "AT!SCACT=1,1" TIMEOUT 15 "OK" ! interface Cellular0 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation slip load-interval 30 dialer in-band dialer idle-timeout 300 dialer string gsm dialer-group 1 async mode interactive ! ip nat translation timeout 60 ip route 0.0.0.0 0.0.0.0 Cellular0 ! dialer-list 1 protocol ip permit ! line 3 exec-timeout 0 0 script dialer gsm modem InOut you’d need to configure profile however. as i didn’t have SIM card and i had poor experience with Orange in Poland, i decided to try challenger - Plus. they had a small sales office in nearby city. ...

it’s interesting to take a look. and then a second look - as a lot of well known networks and hosts appear on those maps: SenderBase malware SenderBase spam and for general SenderBase reports, biggest threat intelligence network go here: SenderBase

while looking through recent IETF meeting notes i found interesting idea - splitting OSPF area zero without incurring outage. it’s very interesting idea for flawless, in-service migrations. on the other side, another OSPF concept that I was afraid somebody will bring up is… enabling FlowSpec capabilities. oh my… also, overlay networking effort is gaining grounds, with architectural choices as well as security. it’s interesting how much longer it will take. the I2RS interface is moving forward as well, which is a good sign. problem space is enormous, but progress here means we’re closer to deploying vast number of different SDN architectures. ...

…on the performance of virtualized network stack different cloud providers. plus - couple of slides and some speculations about how AWS is built.

…people using dialup connections. those poor people stay need them to take advantage of restricted Internet services provided by AOL. a year ago at that time, still around 2.6 million of US citizens were connecting to internet that way. …and you think that your 1Mbps upstream link is not enough? ;P