Recently in IP Networking Category
From an engineering point of view, IPv6 is an excellent protocol. It is well suited for our today internet. But it is rarely used.
The story begins. Some people are rambling about hardware upgrade headaches, other about learning curve, and some people about application transition issues.
As a home user, it is highly unlikely that your service provider offers you native IPv6 connectivity. I tell you, it is highly unlikely that your service provider even have native IPv6 connectivity to its upstream, and in most cases, ISPs even do not have their own IPv6 allocation yet. So if you are that type of geek who wants to see how IPv6 works, you should get an IPv6 tunnel from tunnel brokers.
Forget about hardware upgrades and training courses for now. Let's see what an IPv6 connectivity will offer you. I am doing some basic DNS AAAA record lookups here. If you are not familiar with that, it means the DNS query for IPv6 address of a host, to see which web sites are offering you services over IPv6.
I start from major websites you will mostly use on a daily basis:
$ host -tAAAA www.google.com
www.google.com is an alias for www.l.google.com.
$ host -tAAAA www.l.google.com
www.l.google.com has no AAAA record
$ host -tAAAA www.yahoo.com
www.yahoo.com is an alias for www.yahoo-ht3.akadns.net.
$ host -tAAAA www.yahoo-ht3.akadns.net
www.yahoo-ht3.akadns.net has no AAAA record
$ host -tAAAA www.microsoft.com
www.microsoft.com is an alias for toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net is an alias for g.www.ms.akadns.net.
g.www.ms.akadns.net is an alias for lb1.www.ms.akadns.net.
$ host -tAAAA lb1.www.ms.akadns.net
lb1.www.ms.akadns.net has no AAAA record
$ host -tAAAA www.amazon.com
www.amazon.com has no AAAA record
$ host -tAAAA www.paypal.com
www.paypal.com has no AAAA record
So far so good. None of major web sites support IPv6. What about people who sell you pricey IPv6 gear? Lets see:
$ host -tAAAA www.cisco.com
www.cisco.com has no AAAA record
$ host -tAAAA www.juniper.net
www.juniper.net has no AAAA record
Interesting. None of them support IPv6 too. And the people who encourage you to use IPv6:
$ host -tAAAA www.ietf.org
www.ietf.org has IPv6 address 2610:a0:c779:b::d1ad:35b4
$ host -tAAAA www.iana.org
www.iana.org has no AAAA record
$ host -tAAAA www.arin.net
www.arin.net has IPv6 address 2001:500:4:1::80
$ host -tAAAA www.runningipv6.net
www.runningipv6.net has IPv6 address 2001:1af8:2:5::2
$ host -tAAAA playground.sun.com
playground.sun.com has no AAAA record
$ host -tAAAA www.ipv6forum.com
www.ipv6forum.com has IPv6 address 2001:a18:1:20::22
$ host -tAAAA www.ipv6tf.org
www.ipv6tf.org has IPv6 address 2001:7f9:1000:1::103
The result is very interesting. Most services on internet are only available on IPv4. Most service hosting providers have no native IPv6 connectivity. And most ISPs do not offer native IPv6 connectivity to customers.
I am not sure if I am actually helping this transition, but I started using IPv6 at home. My excellent super efficient IPv6 is tunneled over the deficient and weakly designed IPv4. Without IPv4 my IPv6 will not even work. And I am still visiting google.com on IPv4.
This was a rant from an end-user's point of view. The IPv6 is far from the wide adoption. A hard 10 years is ahead of users and service providers, and 10 good years for network hardware vendors.
Filtering bogon routes is a good idea, but not after IANA allocated one of those so-far bogon routes to RIRs.
Filtering of unallocated address space (a.k.a. bogon filtering) is becoming more prolific. This is a good thing. However when those filters are not kept up-to-date they can quickly become too much of a good thing. Recently users of first allocations out of new blocks have experienced problems and aired them on lists like NANOG and in the press. Also, prominent resources like some root name servers were not reachable from a recently assigned address block because of out-of-date bogon packet filters.
RIPE NCC's proposal on De-Bogonising New Address Blocks.
If you are living in *BSD world and you are also doing network stuff for your personal use or at work, chances are high you know dummynet and use ipfw and dummynet for traffic management. Dummynet supports WF2Q+ queuing algorithm.
If you need to do more complex traffic management, ALTQ from Kenjiro Cho is your pal. Unlike Dummynet, ALTQ is not built into FreeBSD distribution by default and its a little bit tricky to make it work in FreeBSD. But if you are using OpenBSD, it will be a piece of cake for you because it is already imported into OpenBSD source tree and works fine with pf.
ALTQ supports WFQ, CBQ, RED, RIO, HSFC and some other queuing algorithms. For more information on different algorithms, I suggest having a look at Sally Floyd's homepage.
Tony Li has left Procket a while ago. He was a former employee of Cisco Systems and Juniper Networks before joining Procket in 1999. Currently he is working at Verio, playing ISP as he says.
In his latest interview with CNet News.com, he gave some insight into new trends he sees in the IP routing market and the Internet in general.
I would much rather be in a start-up than a large company. My style is much more about getting things done, and I prefer the freedom rather than the many layers of process that are usually necessary in a big company.(this is what I and Tony Li have in common ;-) )
Remember rumors about Procket and Cisco? Now its official.
Damn. This is why people should not rely on a single solution: Akamai DNS Issue.
And we are suffering from the same problem here. Yahoo!, Google, Apple, Microsoft, Fedex, all the big sites, you name it. Everyone is off the net now.
Akamai is down, internet is down.
update: Akamai DNS Outage Messes up Net
What Juniper is doing?
After completing the acquisition of NetScreen, Juniper is ready to make the next big moves. First of them is introduction of J Series of low-end routers (codenamed Pepsi). And the next important move (which is not confirmed by juniper yet) is acqusition of Extreme Networks.
This would be very important for Cisco Systems, since Juniper was only a competitor in high-end routers market, but after recent acqusitions and new products, they will enter the low-end router market as well as switching area.
And what about Cisco?
On the other hand, Cisco Systems is not sitting aside. Cisco is also trying to beat Juniper is high-end routing market by releasing the brand new CRS-1 (up to 92 Tbps. enough for your network?) which is a revolution from Cisco. CRS-1 is not based on old school IOS software, but on brand-new shiny Cisco IOS XR operating system. IOS XR itself is based on QNX RTOS.
And at last, "Cisco is acquiring certain assets and intellectual property from router start-up Procket Networks for about $80 million", according to NWFusion article. I was not lucky enough to have a Procket router, but I should admit their products look very good.
NOC Engineers don't like to answer phone calls while they are busy with their daily jobs or especially when they are working on a complicated problem and recovering their network traffic.
In this case they expect customers to contact them via Trouble Ticketing system. So the NOC engineer won't waste any time on phone and will take care of the problem. Another benefit of using TTS is that you can archive your conversation and refer to them later on. It can also be used in SLA uptime and service quality calculation.
Most Trouble Ticketing systems come with a simple web interface as well as an email parser. So the customer can send email or use a web browser to open or update a trouble ticket.
Some good TTS software that I know:
- Crafty Syntax Live Help
- Help Center Live
- osTicket - Open Source Support Ticket System
- PHP Support Tickets Manager Application
- Support-Logic
- Support Services Manager
- PerlDesk - Customer Support Help Desk Software
My choice: PerlDesk (it was free, but commercial now)
There are many simple and complicated Netowrk Management and Performance Monitoring softwares available out there, for free or commercially. From commercial softwares, I have very good experiences with HP OpenView, CiscoWorks, and from free ones, Nagios, Cacti, JFFNMS and NMIS.
But most network engineers prefer their own set of tools which is almost a combination of MRTG, RRDTool, SmokePing and Net-SNMP.
Most of the ready-to-use NMS software packages does not fit our needs. It's always a good idea to make your own set of monitoring scripts in conjunction with existing tools such as rrdtool, net-snmp or fping.
I use Cacti and JFFNMS for different tasks in our NOC, and also have my own set of scripts that adds more capabilities to the system.
JFFNMS has too many features but lacks a user friendly interface. One of its best features is supporting SLAs. So you can measure the uptime and quality of service against predefined SLAs. It also supports syslog and TACACS+ authentication which is a very handy feature in service provider environments.
Cacti is much simpler and easier to use, and is a great tool for NOC operators to have an overall look on their network performance.
An extensive set of tools for network management and monitoring, named COSI-NMS is available at http://cosi-nms.sourceforge.net/.
If you are a NetAdmin, you already knew this:
It is easier to move a problem around (for example, by moving the problem to a different part of the overall network architecture) than it is to solve it.
If you are involved in high-end IP network engineering, I highly recommend reading RFC 3272:
Internet traffic engineering is defined as that aspect of Internet network engineering dealing with the issue of performance evaluation and performance optimization of operational IP networks.
Traffic Engineering encompasses the application of technology and scientific principles to the measurement, characterization, modeling, and control of Internet traffic.
IETF's Internet Traffic Engineering Charter website has a complete set of drafts and proposed standards on the subject.
Steve Friedl has pointed out that how DNS root operators use some tricks to make life easier.
The trick in fact in called "Anycast Addressing" and it is like setting the same IP address on different servers at different places. In DNS root server case for example, K root server (operated by RIPE NCC) has one IP address which is 193.0.14.129. But its not only one server in one location. There is one in London, another in Amsterdam and the last one in Frankfurt. And always the closest one to you (from routing point of view) answers your request.
Why is that? The reason behind this trick is load balancing. Root servers are very busy by serving thousands of requests every second. So its better to balance the load between different servers at different locations for load balancing, fault tolerance and traffic management reasons.
And a little bit more about anycase of you are interested:
Anycast addressing is nothing more than assigning a common IP address to multiple instances of the same service, which are located at strategic points in the overal network topology. By utilizing the underlying routing infrastructure of the Internet, IP packets are forwarded to the nearest instance of an anycast service. Common network services that can most easily take advantage of anycast addressing include DNS, multicast rendezvous points (RPs), syslog, network flow export, IPv6 to IPv4 relay routers and sink hole networks.via Kuro5hin: Anycast Addressing on the Internet
In fact, the IP engineering and network traffic management is always tricky, especially when you are dealing with high traffic services like operating DNS root servers.
NANOG Security Curriculum is a collection of security related talks that have been presented on NANOG meetings. You can download the presentations, and even better, the video for each session is available.
I was checking out "Implementing a Secure Network Infrastructure" by Merike Kaeo (three sessions, each one and half hour) which was great. Another favorite of mine is "Analysis of the DDoS Attack Against SCO".
If you are a networker and haven't been in one of NANOG meetings yet (like me!), and got enough bandwidth, I really recommend those presentations.
