Cogent (AS174) does not have a full ipv6 table yet
As of date Cogent (AS174) still has not entered into a peering agreement with Hurricane Electric (AS6939), resulting in significantly less prefixes than most IPv6 transit providers will give you. I've compiled a list of prefixes that are missing in Cogent's table.Most IPv6 transit providers will give you roughly 3500 prefixes, but Cogent only carries around 2500 prefixes.
If you want to be reachable from all over the world over IPv6, it's best to get a second and third IPv6 transit provider that give you a full IPv6 routing table. In other words, avoid having a Cogent-only network.
txt file: ipv6-prefixes-that-cogent-misses-as-of-27-Oct-2010.txt
Solaris as an Open Source alternative to Linux
When I left Solaris after the Sun/Oracle marger, it was because I wanted to try some new things in life possibly based on OpenSolaris. I had led Solaris in networking and network virtualization space for a long time and wanted to make a bigger mark in that space compared to what Oracle might have wanted. But my hope was that Solaris as a Open Source Operating System would continue to prosper and I could possibly use OpenSolaris as a base for whatever I decided to do next. Well, the exodus from Solaris has continued over the past few months and now Mike has also decided to call it quits. Mike was one of my counterparts, running the storage side of the house (other leaders in storage and filesystem space, like Jeff and Bryan had already bailed out of Solaris few months after I left).
So at this point, I am forced to consider the fact that Solaris and OpenSolaris are on the brink of death unless something serious is done about it. Having spent so much time and energy in last 15 years on Solaris (including bringing it back from life after the last tech bust when Solaris had been Continue reading
Raw IP Traffic Export (RITE) on Cisco IOS
Often, especially in medium to large networks, it’s crucial to monitor the traffic traversing your networks. Those in the networking industry know that tools like tcpdump and wireshark are crucial for deeply investigating network issues. Even developers use these tools to diagnose issues with applications utilizing network resources. Many times, it is helpful to install/use one of these tools to figure out exactly what’s traversing the network, by seeing the frames and packets themselves, in a visual way.Raw IP Traffic Export (RITE) on Cisco IOS
Often, especially in medium to large networks, it’s crucial to monitor the traffic traversing your networks. Those in the networking industry know that tools like tcpdump and wireshark are crucial for deeply investigating network issues. Even developers use these tools to diagnose issues with applications utilizing network resources. Many times, it is helpful to install/use one of these tools to figure out exactly what’s traversing the network, by seeing the frames and packets themselves, in a visual way.IS-IS Single-Topology vs Multi-Topology
Today I’m covering a little topic that seems to trouble some people. Mainly because IS-IS is really only used in provider environments, but I happen to like it. It’s a fairly stable...[[ Summary content only, you can read everything now, just visit the site for full story ]]
compilation of internet exchange memberlists
I'm compiling a list of internet exchange member lists. Please help expand the compilation by contributing urls to public CSV, TSV or files in other formats!You can find it here: Internet Exchange memberlists
DTAG (AS3320) seems to not prefer customer routes by default
I noticed that DTAG's best path selection differs from most transit suppliers I know. Most transit providers will prefer routes received from their customers above routes they receive from peers. This type of policy ensures that traffic will flow over the most profitable links. It seems that DTAG on the other hand, by default, assigns a local preference value of 100 to every route they receive through eBGP.It could mean that DTAG is actively turning down money by not filling up links that are sold on a 'per mbit' basis. Also, it could lead to confusion, which I'll try to explain with the following example:
You are AS65001, you buy transit from AS65555. You have a sister company (AS65002) with which you swap your full routing table. That sister company buys transit from DTAG (AS3320). DTAG and AS65555 peer with each other. AS65002 will announce the routes originated by AS65001 to DTAG.
DTAG now has to choose between two paths: a 'peering' path 65555_65001$ and a 'customer' path 65002_65001$. Both paths by default will have a local preference value of 100. So if for some reason the 'peering' path is chosen (because it's older, or the router-id of that Continue reading
Location / Separation Protocol Checklist
This list can be useful when assessing LISP, ILNP, RANGI, Ivip, hIPv4, NOL, CRM, LMS, GLI-Split, TIDR, EEMDP or IRON-RANGER. :-) Location / Identifier Separation Checklist:Your post advocates a
( ) technical ( ) legislative ( ) market-based ( ) vigilante ( ) political
approach to reducing the growth of the internet routing table (e.g. the DFZ). Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws.)
( ) Requires immediate total cooperation from everybody at once
( ) There is no centralized authority that will force people to carry out your plan
( ) Requires every host to be upgraded to a newer version of their netstack
( ) Nobody wants to rewrite all applications to support your plan
( ) your mapping system consumes more memory then available on planet earth
( ) New complicated IP allocation policies must be set by the RIRs
( ) People won't give up their current allocations
( ) Your plan is incomplete or contains too much "needs to be further discussed." phrases
( ) No one can agree Continue reading
eBGP triggered blackhole for customers
Very many large scale transit providers, if not most of them support eBGP remote triggered blackhole via separate multihop eBGP session. I suspect this is, because they've used for very long time single shared route-map for transit customers, and it is not immediately obvious how you can support blackholing without customer specific route-map. Requiring customer specific route-map would probably be less than minor change in their provisioning systems. However, it is perfectly doable and same idea works just the same in JunOS and IOS, here is pseudoIOShy example how to do it:
router bgp N
neighbor eBGP peer-group
neighbor eBGP route-map eBGP-IN in
neihgbor eBGP disable-connected-check
neighbor CUSTIP peer-group eBGP
neighbor CUSTIP prefix-list C-CUSTID-IN in
!
route-map eBGP-IN permit 100
match community BLACKHOLE
set ip next-hop BLACKHOLE
set community BLACKHOLE additive
route-map eBGP-IN permit 200
match ip address prefix-list eBGP-TRANSIT-FULL
set community full-transit additive
route-map eBGP-IN permit 300
match ip address prefix-list eBGP-TRANSIT-PARTIAL
set comunity partial-transit additive
route-map eBGP-IN permit 400
set ip address prefix-list eBGP-PUNCHOLE
set community no-export additive
!
ip prefix-list C-CUSTID-IN permit 192.0.2.0/24 le 32
ip prefix-list C-CUSTID-IN permit 10.10.42.0/28 le 32
ip prefix-list eBGP-TRANSIT-FULL permit 192.0.2.0/24
ip prefix-list eBGP-PUNCHOLE Continue reading
Re: A High-Level overview of LISP
This is a response to Petr's well articulated discussion of LISP: "A High-Level overview of LISP"
He captured some of the key points that make LISP compelling, including the discussions about hierarchical routing (and associated problems with address allocations and multi-homing), the "level of indirection" enabled by LISP - due to the separation of host addresses (EIDs) and routing locators (RLOCs) - and the "push" vs. "pull" aspects of various mapping and routing systems.
There are a several areas that I think deserve greater explanation, however. The most important is regarding the LISP mapping system. "Core routing table size reduction" was the initial focus (and instigation) of LISP. But core routers are not the only ones taking full routes, some people might want the full routing table to be available on more places to have more granular control over egress traffic. Because BGP is a "push" technology, the FIB must be populated with full routes and be available in the "forwarding path" (data plane) of packets. This leads to the need for expensive silicon and memory on each line card. Where LISP helps is in two main areas. First, the LISP ALT routing table is decoupled from expensive Continue reading
Ticket #15
Ticket #15 is published under the CCIE Flyer. Click here for direct link. Enjoy!Ticket #14 – Repubished
I am reposting here Lab 14, which was published on ccieflyer.com. Next ticket, Ticket 15, which will be about multicast will be published on CCIEFlyer.com, then it will be republished here again. ...For more mini labs, have a look at the mini labs page.Consumer hardware vendors, boxes and versions
Yes, this is actually a rant.<rant>
I have a Apple Time Capsule which I love and cherish. It's about a year old. No, it isn't the latest model anymore. It claims it is able to talk IPv6... but it doesn't. Sadly, it runs something called version 7.4.2 - that works fine but where IPv6 is broken. To have functioning IPv6 I should have 7.5 or later. That would require me to pay more money for protection to Apple as it seems like it is only available on the Very Latest Time Capsules.
Now, someone explain to me:
- what the fuck? over.
- why must I buy a new box to get something to work which is supposedly is there already
- immediate cessation in software updates upon release of incremental hardware update
- if you changed the chipset then how hard can it be to make a conditional instead of drop all future upgrades
- fail to communicate what's going to work and what's not
Feel free to google "time capsule 7.4.2 ipv6" for more info.
</rant>
Feels much better now. :-)
IPv6 and the enterprise of tomorrow(ish)
One of the great promises of IPv6 has been to get rid of NAT, no more will IT do RFC1918 and NAPT to single public IP. But how is IPv6 going to accomplish this, what is the magical toggle for it? Let's get disappointed.
Some devices, like Cisco IOS allow you to configure IPv6 prefix as 'macro', so you could tell that macro 'ME' is 2001:db8::/32 and everywhere where you write IPv6 address, you use macro 'ME'instead. So in theory, when your prefix changes, you simply change the macro. So the great renumbering benefit is ability to always get same size network. But of course this was true for IPv4 too, you got the network size you needed. Why isn't this utilized? Because enterprises don't have one Cisco IOS devices, they have plethora of devices from different vendors, firewalls, slb, ips, ids, servers, OSS systems and so forth, you'd still need to go in all of these to change the 'macro', not all devices even have the concept and quite frankly no enterprise of non-trivial size will even know without months of work _where_ and _what_ will need to be changed for renumbering to be successful. I know industry professionals Continue reading
Ticket #14
Ticket #14 is published under the CCIE Flyer. Click here for direct link. Enjoy!IEEE OUI address (MAC address) allocation
I've recently noticed that it is becoming more and more common to see 'weird' MAC addresses, i.e. MAC addresses which do not start with numbers 00. Previously it was very easy to spot automatically mentally software defects which would cause strange MAC addresses to appear, it has helped me to diagnose several issues in the past. We've now beginning to lose that advantage, as IEEE has started to allocate MAC addresses quite randomly across the address space.
I emailed to IEEE and asked what was the motivation and perceived advantage in doing this change and reply was quite simply 'We changed our allocation methods to prevent vendors using unregistered mac addresses.'. OUI costs 1650USD one time fee, but IEEE appears to be concerned that some vendors choose not to pay it, instead allocate themselves OUI somewhere far in the address space, effectively thinking they are getting free OUI with little to no possibility of overlap. It would be curious to know if this instance who wants to save 1650USD would care about this slightly changed climate, I personally doubt the change while good-willed is completely ineffective and the slight operational benefit serial assignment had is lost. (/me starts Continue reading