Browsing though the iBooks and downloading some free out of copyright titles for free.
One such book is ‘Moby Dick’. Who would’ve though that the sperm whale would be censored!
Finishing off urgent works in the datacentre.
Zzzzzz
Learnt this neat little trick to discover MTU on a link:
pe1.zzz1#ping
Protocol [ip]:
Target IP address: 10.92.249.166
Repeat count [5]: 1
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]: ver
Loose, Strict, Record, Timestamp, Verbose[V]:
Sweep range of sizes [n]: y
Sweep min size [36]: 1500
Sweep max size [18024]: 2000
Sweep interval [1]:
Type escape sequence to abort.
Sending 501, [1500..2000]-byte ICMP Echos to 10.92.249.166, timeout is 2 seconds:
Packet sent with the DF bit set
Reply to request 0 (28 ms) (size 1500)
Reply to request 1 (28 ms) (size 1501)
Reply to request 2 (24 ms) (size 1502)
Reply to request 3 (28 ms) (size 1503)
Reply to request 4 (24 ms) (size 1504)
Reply to request 5 (28 ms) (size 1505)
Reply to request 6 (24 ms) (size 1506)
Reply to request 7 (28 ms) (size 1507)
Reply to request 8 (24 ms) (size 1508)
Reply to request 9 (28 ms) (size 1509)
Reply to request 10 (24 ms) (size 1510)
Reply to request 11 (24 ms) (size 1511)
Reply to request 12 (28 ms) (size 1512)
Request 13 timed out (size 1513)
Request 14 timed out (size 1514)
Request 15 timed out (size 1515)
Success rate is 76 percent (13/17), round-trip min/avg/max = 24/26/28 ms
pe1.zzz1#
We can conclude the maximum MTU is 1512!
Very neat way to quickly discover MTU!
…you find chicken feet in the office fridge!
One of the most important things about building a network is making it scalable. The fact that it “works” now should never be an excuse for a poor design.
In BGP, there are several ways you can control routes that are received from or sent to a BGP neighbor, prefix lists, IP Access Lists and BGP Community tags.
All 3 are used and in different purposes in the ASN’s I administer.
In the past few months, I’ve seen a repeating occurrence with some ISP’s who have either a Prefix List or Access-List configured facing their upstreams and peers to control their customer and internal routes. This is a very bad idea.
A case I’ve come across today is pictured below.
Network Next Hop Metric LocPrf Weight Path *> 202.22.171.0 206.223.143.164 100 250 0 18221 4826 7606 9942 9942 9942 ? *> 202.22.174.0 206.223.143.164 100 250 0 18221 4826 7606 9942 9942 9942 ?
So what has happened here? AS9942 is originating a route, which is received by AS7606 (a peering IX) advertised to AS4826 and onto AS18221. AS18221 advises this route onto a peering IX (which is where the above is displayed from).
AS18221 in this case has these to prefixes configured to be allowed through its access-lists or prefix lists to be advertised upstream or to other peers. AS4826 is AS18221′s transit provider, so this is generally a bad idea to do as you’re transiting traffic that will cost you money!
Why might this have occurred? There are a few possibilities for this, the most common is lazy house keeping. If you were originating a customer prefix who then moved to another provider, but didn’t clean up your access-lists, you’d learn their route from your upstream and send it back on to the internet!
This also has possible security concerns for the end user, as their traffic could be passing through a rouge ASN who is spying on the traffic, but, this is a different more in-depth topic on BGP security (or the lack of).
The simplest ways for ISPs and Carriers to prevent leaking routes unintentionally like this is to implement BGP Community controls. By tagging the route as it enters your network your routers will be able to back you up for lazy house keeping to prevent the route leaking.
Create a community tag for customer routes learnt from eBGP direct to your customer. Another for your internal routes. While you’re at it, you can tag peers and upstreams too for better control. What you’ll end up with is a route-map like this:
route-map peer-out deny 10 match community upstream route-map peer-out permit 20 match community customer route-map peer-out permit 30 match community internal ! route-map upstream-out deny 10 match community peer route-map upstream-out permit 20 match community customer route-map upstream-out permit 30 match community internal
While this is not the only solution, it is by far the most scalable. One other option is to put an AS_PATH filter on your peers/upstreams, listing the neighbor ASN and denying it to be advertised.
While this works, its not a scalable option as when your network grows, you need to update all of the filters again for each new peer you make. It also doesn’t resolve the issue of lazy house keeping with turn ups/downs.
Please remember though, use of BGP Communities on their own can be dangerous also, as you don’t know what your customer might be sending you, so continue to use your prefix-lists/access-lists and AS_PATHs to help manage and protect your network, but consider the use of communities to track a routes origin and make sure you’re handling it correctly.
I am not an administrator of AS18221.
Look at the awesomeness that I picked up on lamma island!
It’s a shame there isn’t a lot of flies here 
While Google are attempting to be smart by offering DNS services to the globe – this will result in poor perfoamance for users unless they shape things up very quickly!
All CDNs (Content Delivery Systems), including Google, use DNS to decide where to send users to a webpage.
The decisisions done by the CDNs is based on the location to your ISPs DNS server(s). The CDN will look at the DNS servers that are querying its hosting servers, see the latencey and reliability of paths it has from its caches or clusters to that DNS server and pick the closest and fastest cache for that DNS server.
What are Google doing wrong then?
-They don’t have geographic DNS servers.
When I do a query of popular news website hosted by Akamai (another content delivery network), www.news.com.au, I should expect to be directed to a server close to me, this isn’t the case.
C:\Documents and Settings\Tom>nslookup www.news.com.au 8.8.8.8 Server:Â google-public-dns-a.google.com Address:Â 8.8.8.8 Non-authoritative answer: Name:Â Â Â a1273.g.akamai.net Addresses:Â 58.27.186.113, 58.27.186.104 Aliases:Â www.news.com.au, www.news.com.au.edgesuite.net C:\Documents and Settings\Tom>
Now, this couldn’t be so bad could it? Well, yes it could! Lets compare it to the DNS resolution from the ISP.
C:\Documents and Settings\Tom>nslookup www.news.com.au Server:Â P1-REMQIP01-P.p1.com.my Address:Â 122.255.96.148 Non-authoritative answer: Name:Â Â Â a1273.g.akamai.net Addresses:Â 63.150.131.157, 63.150.131.200 Aliases:Â www.news.com.au, www.news.com.au.edgesuite.net C:\Documents and Settings\Tom>
And now lets compare latencey results:
Google Results:
Reply from 58.27.186.113: bytes=32 time=244ms TTL=51
ISP Results:
Reply from 63.150.131.157: bytes=32 time=98ms TTL=55
I won’t go into how TCP Windowing will affect performance here – but the latencey figures should be enough to show!
Google’s FAQ talks about them using Anycast routing to direct you to the closest server, but they’re only announcing the ranges (8.8.8.0/24 and 8.8.4.0/24) out of their US network, so any user reaching them will _have_ to go to the USA which will result in poor performance for the CDNs.
There is also the problem that it takes a quarter of a second to reach the USA from other parts of the world – which also will result in poor performance.
I would have hoped Google should know better than advertise it as something to speed up browsing for users and that they should understand the protocols better.
Foxtel have finally got the next step and now include online content with their package.
If you subscribe to Foxtel, you get free access to their online content based on your package and the channels you’ve selected.
As I’ve got the premium package, I’ve got everything. At the moment, there isn’t too much included in the online content, however there are quite a few movies.
You select the content you want online, click through and it’ll pop up the foxtel downloader.
All the content is hosted on Akamai, so its retreived very quickly.
Once you’ve downloaded the movies, it moves to “My Downloads”
The application itself works quite well, however what it downloads is encrypted. no saving for later
Anyway – about time foxtel, pleae put up more content.
The Federal Government has announced in the past week that it seeks structural separation of Telstra from wholesale and retail arms.
This was announced by Senator Stephen Conroy with glee as he had finally worked out a way to drive a stake through the giant and the greatest problem for his career.
The Rudd Government, had recently announced its National Broadband Network (NBN) ambitions, chaired by The Communications Minister, the honourable senator listed above.
This ambitious project is set to spend over AU$40,000,000,000 of tax payer funds to deploy high speed broandband services to every household in Australia. The Government is also expecting the sale of NBN Co. (their $2 company set up to create this network) to achieve the required investment required to complete the network.
This grand plan, is horribly flawed.
With an investment this high, the government needs to ensure it can have a return on its gratuitous investment. The problem is, why would any one bother to switch over to the NBN?
Initial projections have shown that the NBN wholesale cost will be greater than the retail cost of current offerings. In an already extremely competitive market, why would anyone bother?
So the government, well, really the Australian population & tax payers, would be left with a White Elephant which cost billions of dollars, but without any real value.
This represents a big big problem for the Government, which hasn’t even put through the senate for approval on the broadband plan. The government would be left licking its wounds as the Australian voter would hardly be impressed with this loss of funds. With the current Global Financial Crisis, a spend of money this big could be considered over-zealous with no guaranteed return. What can be done now?
This is where the brilliant idea came in, chaired by Senator Conroy and announced by ACCC, the Australian Competition & Consumer Commission. The structural separation and sale of Telstra Wholesale would level the governments playing field. The one competitor they have that is capable of knocking down their house of cards, with the NBN capable network already in place.
Without Telstra having a multi-bullion network already in the ground with the ability to undercut NBN at every turn, they could have success… maybe… just maybe…
There is one major ethical problem though, can the Government force someone to give up their property? According to the Australian Constitution, it states the parliament can:
- The acquisition of property on just terms from any State or person for any purpose in respect of which the Parliament has power to make laws
Is forcing someone to sell something that they own, just? What are “just terms”?
If you’ve seen the movie “The Castle”, you’ll know this well. The High Court of Australia rules that the forced sale of The Kerrigan’s house was not “on just terms”.
In my opinion, I don’t think the forced sale of one entity’s possessions so that another can be viable can be considered “just”. The ACCC’s announcement is also against its primary reason for existence, competition.
The act being played out has been done by previous Governments; and they’ve lost. Where they don’t see something they like, they try to legislate.
I hope Telstra’s share holders, who comprise of hundreds of thousands of Australians bring this to the high court, with the support of Telstra’s legal team to fight this “unjust” and politically destroying ruling.
This ad, Targeted to Uni students to connect to Pacnet with the tag line:
“Looking to HookUp with someone on campus this year?”
“I Love Pacific Internet” with Fandi in the Ad. Fandi was the Singapore Soccer Star of the time (as from Wikipedia.) Noted as the best soccer player from singapore, he appeared in this ad to tell of how much he loved Pacnet
These next two are my favorite of the old ad’s. Designed for a Shock – these ad’s if printed today would’ve appeared on Today Tonight and ACA within days.
Some great marketing had gone into some of these! a good piece of the past.