Juniper PSN-2010-01-626 (AS4 Again!)

              · · · · · ·

I’ve had a couple of mails relating to this PSN, which again references the research that Andy Davidson, Jonathan Oddy and I did last year. It seems that some of the sources of the initial mailing list posts we made are gone (particularly the merit.edu one that is referenced from both Juniper’s site and most other places). For that reason, I’ve included both the mails that we sent to NANOG/C-NSP/J-NSP last year here.


Visualising MPLS-TE Networks

              · · ·

For all network deployments, there is a requirement to present information relating to both topology, and various utilisation statistics to some human operator. In many cases, this process has become so ingrained in network requirements that there are almost ubiquitous solutions to the visualising data - for example, link utilisation is almost always presented via some framework or tool powered by RRDTool. Other tools, such as network "weathermap" diagrams linking this utilisation information into an overview of a network topology are also seen in many NOCs.


Network Updates and Opportunities

              · ·

A quick personal post to break the silence here! I’m currently very interested in hearing about any UK or EU-based network engineering or architecture opportunities that are out there, especially in SP networks that run MPLS with TE. If anyone has some such opportunity, or knows of something that they think might suit me – please drop me a mail to rjs@rob.sh for a copy of my CV. An outline of my CV is available on LinkedIn.


LINX 65 Presentation

              · · · · · · · ·

Further to my previous post - I presented this issue at LINX65 - video and slides can be found below. Video Fixed Slides - LINX’s PowerPoint install seems to have corrupted my slides on the day. Comments and feedback are most welcome.


32-bit AS numbers introduce a new BGP flaw.

              · · · · ·

Last Friday, Andy Davidson, Jonathan Oddy, and I pushed out some research that has some quite worrying repercussions. Whilst I’ve heard from a lot of people privately about this matter, there’s a big flaw here, and as Andy posted on his blog (which is much more informative than mine, I think!), this is a big problem. The reason, I think, that we’re getting limited public discussion of this exploit (I hesitate to call it an exploit, it’s a flaw really, because it’s actually a result of the RFC that the problem exists), is because the implementations of 4-byte AS support that are out there already are generally not standards compliant.


Building the RIPEDB server

              · · ·

It took me a few hours over the course of this week to build the RIPE whois server for some internal projects – given that there seems to be a very limited amount of documentation for the build process, and threads on mailing lists, I’m going to post this here. I hope that it gets picked up by Google. The first problem that is encountered is that the libtool that is included with the whois server does not support ‘modern’ tags, such as –tag=CC.


IPv6 - It *Doesn't* Just Work.

              · ·

I was reading an entry posted by Brett Carr on Nominet’s techblog today entitled “ipv6 It just works”. Unfortunately, for IPv6, and for the sentiment behind this message (IPv6 can be run pretty easily!), in my experience, IPv6 - it doesn’t just work! It’s easy to dismiss the previous sentence, given that many networks aren’t designed to run IPv6, and there’s kit out there that’s just not IPv6-capable yet. When building the AS29636 network, we specified that IPv6-capability was one of the things that would be a requirement of the kit that was going into the new network, not just something that we’d like to have.


ic.ac.uk fetchmailrc Settings

              ·

Imperial College are currently implementing changes so that you need to access either POP3 or IMAP with SSL enabled, I figured since they didn’t list Fetchmail in their new site, then I’d post my configuration (.fetchmailrc) here in case anyone else uses it: poll icex.imperial.ac.uk proto pop3 user “USERNAME” password “PASSWORD” is “LOCALADDRESS” here ssl sslfingerprint “7D:E8:74:1F:E8:B1:E6:15:A6:0C:02:2B:BA:89:BE:4D” Enjoy.


Django

              · · ·

Since I’ve got a few moments, and I’ve decided to actually write down some rants rather than deciding that I can’t be bothered to - I’m going to use some space to single the praises of Django. I’ve been using Django for a couple of years now - since around the autumn of 2005, and as such, feel that I’ve got a pretty good grasp of how the framework works. I haven’t really hacked around that much with the innards of Django (although I did propose a patch), however, what I really like about this framework isn’t particularly the internals, but just the whole philosophy that there seems to be in terms of building a web application.


crontab hacks

              ·

30 23 28-31 * * [ "`date +%m`" != "`date +%m --date=tomorrow`" ] && /Users/rjs/bin/monthEnd.py 2>&1 >/dev/null Pretty handy for running on the last day of the month - and should work on Linux.