Category Archives: technology

Magic

Magic Smoke!For some reason some people (usually the clueless, but not always) assume that if you just buy and install some $DEVICE the problem at hand will go away without any other issue.

How ? Magic!

That’s why the big vendors make the big money. People thinking that just throwing money at the problem will magically make the problem go away. It’s not always someone there to point out that this is not the case or if it is his, his or her opinions are ignored.

Let’s be clear on one thing: the only magic present in $DEVICE is the magic smoke. When the magic smoke goes out, the $DEVICE stop working.

 

SDN

Software-Defined Network. From Wikipedia: “Software-defined networking (SDN) is an approach to computer networking that allows network administrators to manage network services through abstraction of lower level functionality. This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forward traffic to the selected destination (the data plane). The inventors and vendors of these systems claim that this simplifies networking.”, “Software-Defined Networking (SDN) is an emerging architecture purporting to be dynamic, manageable, cost-effective, and adaptable, seeking to be suitable for the high-bandwidth, dynamic nature of today’s applications. SDN architectures decouple network control and forwarding functions, enabling network control to become directly programmable and the underlying infrastructure to be abstracted from applications and network services.”

Wow, I almost completed my bullshit-bingo card.

Will the network engineer become obsolete ? Decoupling the data plane from the control plane sound like a interesting ideea but right now SDN only exists in the marketing plane.

Don’t get me wrong, I like the ideea, I just don’t think it would be necessarly a “Good Ideea”. SOHO ? Sure, why not. Datacenter ? Could work since you also (mostly) control the traffic source. But ISP/Carrier ? I would not like to see the day the controller decides to reroute some traffic and in the process becomes isolated from the network or even better it isolates some remote node.

But I guess you can always have the excuse “the computer says so”.

 

 

Packetdam

A premiere here, a rant-free post.

Just a bit of free advertising for a nice product. I’ve been using it for a while now and the only gripe I have with it is that the developer does not advertise it more.

In order to be able to respond to DDoS attacks in a timely manner you need to be able to detect them as quick as possible. If you ever need a really, and I mean really fast DDoS detection engine, try Packetdam (www.packetdam.com). No matter how much other vendors who wanted to sell us something tried to compete with it, they always failed at detection speed.

Don’t take my word for it, go grab a evaluation build and test it. If you have questions the supplier is nice and quick to answer.

 

(In)sane defaults

Because SUP720-3BXL and because all who have a full BGP feed with it should have seen this in the last days:
*%MLSCEF-SP-4-FIB_EXCEPTION_THRESHOLD: Hardware CEF entry usage is at
95% capacity for IPv4 unicast protocol*

Because 512k routes should be enough for everyone (although the specs advertise 1024k).

Here you will find a workaround:

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/117712-problemsolution-cat6500-00.html

Ofc, reload is needed 🙁

 

Video killed

“Video killed the radio star” is the name of a song that was popular at the beginning of the ’80s. To put it into perspective MTV started broadcasting with this song.

Well, in my opinion video has yet another victim. The Internet as we knew it. Goodbye net neutrality, it was fun while it lasted.

RIP eigrp

All routers bow to your new overlord, ISIS.

Well, since a certain vendor has not tried hard enough to ensure that its newfangled router software plays nice with its older brothers (“stuck in active!”) I decided that it’s time to migrate all the legacy network that was still using eigrp to isis.

Why isis and not ospf you might ask ? Among others because I decided that running two different instances (ospf2 and ospf3) of an IGP to cater both IPv4 and IPv6 is not worth the hassle.

Oh and to keep on the ranting side, of course that the new and the old software has different defaults for isis when it comes to IPv6 (I must admit that the new one is saner thou). Fun.

All made in a rush

Remember the scene from the movie “Armageddon” when the Russian astronaut stated “American components, Russian components, all made in Taiwan” while whacking at some box with a wrench? I always remember that part when I receive new network equipment.

All of them are full of bugs. From the small consumer ones to the big iron who are supposed to route a gazillion packets per second via a ton of interfaces. If you’re lucky, a year after launch and several firmware patches they might get usable.

The most frustrating part is that the bugs are clearly the kind that should not have passed basic QA. It’s the equivalent of “it compiles? ship it!” from the software world. You get to do beta testing. Actually I would not mind to do that on free samples from the vendors. But when you already paid huge amounts only to get into the “beta program” it’s annoying to say the least.

Anyone cares to lend me a wrench ?