Networks

…tool for documenting and mapping networks. also, short piece on deconfliction. Google to enlist NSA to help in the cyberdefence, and short brief on efficient meetings from great blog (read it!) winter break… aaand it’s gone.

there’s really almost nothing much simpler than starting to use IPv6. first of all, all major OS support IPv6 today. most of them are running it out of the box. second of all, tunnel brokers are available everywhere, so while i haven’t had luck with sixxs (they didn’t respond after weeks of waiting), using Hurricane Electric was easy and took like seconds. friendly “wizard” will walk you through and then even show example of configuration for your device. you’ll get your own /64 (freebie under Christmas tree!), and option to request additional /48. should be enough even for bigger home labs :) ...

…as described by Claudio Jeker during last AsiaBSDCon can be found here and here for whitepaper. Henning Brauer, on the other hand, gave a very good packet filtering session and OpenBSD network stack in general during DC BSDCon 2009. video can be found here and slides here.

i came back yesterday from Brussels and today at 5:30am the verdict came in - definitely “PASS” :) so… let me share some advice and tips for those of you preparing to take CCIE SP practical exam (without breaking NDA of course). first of all - if you have that luxury of training on any software version - please try to check with the current Cisco page and align. software is quite “specific”, and you may be hit with interesting behavior that may be a little bit different from mainline versions. in the era of simulators and emulators building your own lab replica should be easy. but you may be kicked in the ass by making wrong assumptions about specific software versions. ...

on the network throughput front, we’re fighting (albeit in distributed manner) for getting throughput from commodity PC hardware on par with dedicated, hardware routing platforms. with OSes like Linux and BSD. to that end, recent document published after last Linux Congress in Hamburg shows that while it’s important to select proper multi-core CPU and motherboard to do fast traffic forwarding, we’re still hitting bottleneck at around 1Mpps. curiously enough, on one of the slides you can spot information, that large FIB in Linux doesn’t impact performance too much. you can’t say that about some of the older, legacy solutions using different FIB tricks - like for example compression. you can also find some interesting information about Linux kernel tuning. you may remember than years ago NetFPGA was published, using Xilinx chipset. it’s still 4 GE ports, but quite efficient and with readily available SDK. ...

for all those of you concerned with vanishing of BGP blackholing PL project page - please calm down. we’re moving. current page is here. in other news, i’ll host discussion panel on upcoming PLNOG 2009. we’ll touch on blackholingu and other best practices to increase security of internet infrastructure. i’ll be joined by Konrad Plich from TP SA and polish CERT representatives.

in a month from now, we’ll be launching first edition of PLNOG conference. we’re working to deliver a lot of interesting sessions. apart from many abroad presenters, we’ll host also our own, polish specialists. you’ll have a chance to meet Wojtek Apel (3S), Tomasz Paszkowski (nasza-klasa.pl) and Marcin Mazurek (Allegro.pl). somewhere in the agenda there’s also my session about MPLS Traffic Engineering. before that, on Saturday and Sunday, I’ll deliver hands-on workshops on BGP and MPLS. each willing participant will work on his/her own pod full of virtual Cisco IOS devices. ...

summer holidays are in full swing - starting from 26th of July i’ll be running Cisco Academy courses at PROIDEA for CCNP. everyone who’s eager to have a good time learning and discussing technologies (way outside of official curriculum) should immediately contact academy reception. independently of that, we have two large conferences coming. at Cisco Expo 2008 i will deliver sessions on network architecture that minimizes the chances of becoming a victim of a DDoS attack and becoming part of botnet. i’ll mention attacks over 10Gbps, DDoS “to go”, encrypted p2p and multiple ways to minimize damage - including using our Cisco gear to help. ...

my article on defending networks from DDoS attacks was just published in online version of NetWorld magazine.

during upcoming CONFidence 2008 conference, i’ll be delivering hands-on workshop about Cisco router security. of course you’re more than welcome :) video recording from SecureCON 2007 was published here.