Juniper PSN-2010-01-626 (AS4 Again!)

         imported      Tech · ISP · Cisco · JunOSe · BGP · IOS · JunOS

I’ve had a couple of mails relating to this PSN, which again references the research that Andy Davidson, Jonathan Oddy and I did last year. It seems that some of the sources of the initial mailing list posts we made are gone (particularly the merit.edu one that is referenced from both Juniper’s site and most other places). For that reason, I’ve included both the mails that we sent to NANOG/C-NSP/J-NSP last year here.

Grupetto Start to the Year

         imported      Cycling

A lovely, albeit slightly chilly, start to 2010 with the Grupetto this morning. About 90km out to Windsor and back to London on one of our normal training routes. Mark also kindly took some photos, a few of which feature me.



Lots more similar rides to come whilst training for Paris-Roubaix and the Tour of Flanders.

Happy New Year!

Visualising MPLS-TE Networks

         imported      Code · Tech · MPLS · MPLS_TE

For all network deployments, there is a requirement to present information relating to both topology, and various utilisation statistics to some human operator. In many cases, this process has become so ingrained in network requirements that there are almost ubiquitous solutions to the visualising data - for example, link utilisation is almost always presented via some framework or tool powered by RRDTool. Other tools, such as network "weathermap" diagrams linking this utilisation information into an overview of a network topology are also seen in many NOCs. In most cases, the problem of visualising data relating to a flat MPLS or IP network is solved for most common deployments.

Network Updates and Opportunities

         imported      Tech · Work · ISP

A quick personal post to break the silence here!

I’m currently very interested in hearing about any UK or EU-based network engineering or architecture opportunities that are out there, especially in SP networks that run MPLS with TE. If anyone has some such opportunity, or knows of something that they think might suit me – please drop me a mail to rjs@rob.sh for a copy of my CV.

An outline of my CV is available on LinkedIn.

I’m hoping to find some time to put some technical articles together that can be posted here in the near future.

LINX 65 Presentation

         imported      Tech · Work · ISP · LINX · Cisco · Code · BGP · IETF · Presentations

Further to my previous post - I presented this issue at LINX65 - video and slides can be found below.

Video
Fixed Slides - LINX’s PowerPoint install seems to have corrupted my slides on the day.




Comments and feedback are most welcome.

32-bit AS numbers introduce a new BGP flaw.

         imported      Tech · Geek · ISP · Cisco · BGP · JunOS

Last Friday, Andy Davidson, Jonathan Oddy, and I pushed out some research that has some quite worrying repercussions. Whilst I’ve heard from a lot of people privately about this matter, there’s a big flaw here, and as Andy posted on his blog (which is much more informative than mine, I think!), this is a big problem.

The reason, I think, that we’re getting limited public discussion of this exploit (I hesitate to call it an exploit, it’s a flaw really, because it’s actually a result of the RFC that the problem exists), is because the implementations of 4-byte AS support that are out there already are generally not standards compliant. Let’s run down the list:

More Di2 Stuff

         imported      Geek · Cycling · rob.sh

Following getting my roadbike back out for the first time in a while (been really busy since moving to Ealing!) I figured I’d look at if there’s anything more about Di2 floating around. It seems the more I see of this system, the more I want it. Perhaps Orca with Di2 is something for 2009?



I've also started tracking my rides (mostly fixed, mostly to and from work at the moment) on this site, if there's any interest, I was pondering publishing the code/a webapp to upload other people's rides. I find that MotionBased is really tedious! Comments/emails welcome on this subject.

Removing BGP from a VRF under 12.2(33)SRC2

         imported      Work · Cisco

I had a bit of a weird problem last night – when trying to remove BGP from a VRF on a 7600 running 12.2(33)SRC2, I tried:

ar01.tn5(config)#router bgp 65302
ar01.tn5(config-router)#no address-family ipv4 vrf SRC2-TEST
ar01.tn5(config-router)#exit
ar01.tn5(config)#exit

One would expect that this would stop BGP redistributing the VRF routes for the VRF SRC2-TEST. In fact, what happens is that the VRF starts reporting ‘debugging-style’ messages:

ar01.tn5#sh run vrf SRC2-TEST
Building configuration...

% Topology SRC2-TEST::VPNv4 Unicast::base is currently being deconfigured.
% Topology SRC2-TEST::VPNv4 Unicast::base is currently being deconfigured.
% Topology SRC2-TEST::VPNv4 Unicast::base is currently being deconfigured.
% BGP context has not been initialized properly.
% Topology SRC2-TEST::VPNv4 Unicast::base is currently being deconfigured.
% BGP context not been initialized properly.
% Topology SRC2-TEST::VPNv4 Unicast::base is currently being deconfigured.
% Topology SRC2-TEST::VPNv4 Unicast::base is currently being deconfigured.
Current configuration : 340 bytes
ip vrf SRC2-TEST
 description :c=CORE:x=rjs test for ar01.tn5 issues:
 rd 5413:1020
 export map EXPORT-MAP-SRC2-TEST
 route-target export 5413:1020
 route-target import 5413:1022
!
!
ip route vrf SRC2-TEST 10.0.0.0 255.255.255.0 Null0
!
router bgp 65302
 !
 address-family ipv4 vrf SRC2-TEST
  redistribute static
 exit-address-family
end

And you then can’t get rid of the BGP from the VRF. It turns out the fix for this is to remove the VRF itself – or, rather than removing the address-family itself, remove the contents of the address family. I’m not entirely sure that this is designed behaviour – and I couldn’t seem to find any further results for it. I guess it needs to be put into TAC as another Cisco weird.

Building the RIPEDB server

         imported      Tech · Work · ISP · RIPE

It took me a few hours over the course of this week to build the RIPE whois server for some internal projects – given that there seems to be a very limited amount of documentation for the build process, and threads on mailing lists, I’m going to post this here. I hope that it gets picked up by Google.

The first problem that is encountered is that the libtool that is included with the whois server does not support ‘modern’ tags, such as –tag=CC. This looks to be because the included libtool is somewhat dated. This can be easily fixed by using the system libtool:

Site Updates

         imported      rob.sh

Not that I am expecting a large number of people to have anything to say about what I post on this site - but I just added a comments system using the Django FreeComment system. The contrib comments module seems to have a load of features - and did just about everything I was hoping of it! There’s an excellent tutorial on the Django wiki.

Feel free to tell me I’m posting rubbish at any time :-)