https://www.arin.net/announcements/20200728/
ARIN Internet Routing Registry walkthrough.
Anatomy of a DDoS
Remote workers and engaging with them
Some of the things in the following article are kinda “buzzwordy” and very corporate mentatlity. A one-size-fits-all approach does not work for everyone. However, there are some very good ideas in this article.
Technology marches on
Sent the following to recycle.
Tower climbs from the archives
Follow me on Instagram @j2sw. #tower #packetsdownrange #tower
FD-IX: Local-pref and default routes
I just finished up an article over on the FD-IX blog about local-prefs, default routes, and Internet exchanges.
https://www.fd-ix.com/uncategorized/local-pref-and-default-routes/
Not everyone on the Internet needs full feeds from their provider. In this case, how does learning routes from an Internet Exchange such as FD-IX benefit you if all you are doing is default routes?
So let’s take a scenario. You are a local hosting company. You don’t provide Internet to customers, you just do hosting of websites and data. You have a couple of providers you are buying Internet from, mainly for redundancy. One of these is primary and the other is a backup. You are doing BGP just because. All you are receiving from these providers is a default route and that is it. Why would you want to receive all these routes from an IX?
The problem with broadband projects in general
Before Covid I tried to attend as many meetings community leaders and towns had about bringing broadband to their communities. This is what you are supposed to in order to let the leaders know you, or in my case, my clients are there, right? Sometimes I would attend to provide my input as part of giving back to a community.
I have found some similarities in these meetings and workshops. Let’s go over them. If you are a community leader don’t let yourself fall into some of these.
The High-Level view
The high-level view starts out with noble intentions. The leaders want to get broadband to underserved areas. They have not bothered to dig deeper into seeing what is actually in the areas they want to cover. These folks may have called the ISP they have or someone their family has. they don’t actually know which providers service what areas. In their defense it’s not their job to. What they do with these meetings determines if progress is made or not. I have been in meetings where there have been four providers that service the area in question. The leaders say they must do more studies to see who is in the area. You literally have four sitting at your table who can tell you what they service. Take their information, take their maps and progress.
Bedazzled by the incumbent
Typically this person has XYZ Internet at their home and they love it. They love it so much they want it everywhere. This is great, but there are reasons that XYZ Internet is not everywhere. Otherwise, you would not be doing these meetings. Some of this is due to lack of money. Either XYZ Internet does not have enough or the return just is not there. This leader is one of the most hampering of all. I have been in many meetings where the small local company is putting their own money into investing in the community and this type of leader overlooks the small company. They even go as far to suggest the local company help XYZ become bigger in their own service area.
These leaders often invite their beau to these meetings to give their take on broadband in the area. Sometimes these companies are honest and straightforward. Sometimes they paint the picture they are the only ones who can solve the broadband issue.
The “let’s do a study” crowd
Studies are nice. They give you nice graphs, charts, and tons of fluff information about an area. It makes for good reading for those who like to learn about facts. These folks are probably the ones who know the stats of many sports figures, who lived in the prominent houses in the lcoal towns and other facts. They are willing to spend twenty thousand dollars on a piece of paper to get this information. In many instances, sitting down with the right group of people could tell you 90% of the information you need.
Unrealistic goals
Let’s face it, not everyone knows everything about the topic they are trying to address. Being able to provide gigabit to every home is a nice goal, but is hard to achieve. Not everyone needs or wants gigabit. In my county and the surrounding area, there are towns of only three or four houses. Unless lots of government money is involved fiber will not be coming to them anytime soon.
The academic
These are usually the most frustrating for the existing ISP. Terms like focus groups and thirty thousand foot view are thrown around. They are usually applying for some grants or RPF. They already have their goal and possibly the outcome in mind. They are not there to solve issues but to get the “bigger picture”. They may only know broadband from buzzwords. 5G and internet of everything are thrown around alot.
What folks do you see at these meetings? Let me know as we are working on a funny video.
OpenGear Resilience gateway for ISPs
Some quick notes and screenshots from the OpenGear Resilience Gateway https://opengear.com/products/acm7000-resilience-gateway . The model I am working with is the ACM7004-2-L. It has 4 serial Cisco Straight pinout, Dual 1 GbE Ethernet, Global 4G LTE-A Pro cellular, 2 DIO, and 2 output ports.
So what does this thing do and what can it do for you as an ISP? At the basic level, this is a console server with multi wan capability. What this means is when the crap hits the fan you should be able to login to this device across the internet and see what your switches and routers are doing across a console connection. In most ISP scenarios they are bringing in their internet connections from another provider and landing it on a switch or a router. As most followers of this blog know I am a fan of switch-centric based setups. this means your transport and internet connections are landed on a switch or switches and then a router on a stick attaches to these switches.
So why would you need this setup? Not every POP site justifies, or has available multiple transport or internet connections. Imagine you have a switch plugged in and that switch doesn’t come back from a reboot or power event? Without a console server such as this you are driving to the site and plugging in a console cable to see what is going on. With this you can access the device over on of the multiple wan connections, including a cellular connection to gain console access.
Even in redundant setups, a console server can give you insight into what is going on with a router or switch. You can access the console port without ever having to drive. Is the switch booting? Is it getting stuck on a bootloader somewhere? This is all information you can gain from the console port.
Some Screenshots of the Gui. One of the things I like is the dashboard. I am a sucker for dashboards. One reason I am is on any new piece of gear I am reviewing or learning a well thought out dashboard will give me much of the information I need to know. Are my interfaces up? Have VPN connections established? These can help me learn as well as save time troubleshooting
Some interesting notes about the features of this device. It does have environmental status indicators. If you have a device that you can plug into one of the console ports either via USB or rj45 console you can use the gateway to monitor this. Couple this with the Nagios and/or SNMP integration you now have a temperature, door alarm, or other sensors for your remote sites.
Other notable features include Digital Input and output, remote syslog monitoring, IPSec and OpenVPN, and many other features. If you are deploying lots of these Opengear has a Lighthouse Server for centralized management.
One of the best things I like about this is you are able to access the console server via the web interface. And the best thing? No Java required. This saves from remembering complicated port numbers, for when you ssh and want to access a specific device.
So how am I using this in a network? this device is going at a data center. The client has two cisco switches and two mikrotik routers which will plug into this. It will have an in-band wan connection on a management vlan directly into both routers. If both of these routers are down the gateway has a cellular backup with a IPSEC VPN to a router in a remote data center. You could always switch this up by connecting your second ethernet port into a secondary ISP in the data center. Some networks have a management router where management devices such as this plug into. I have done this with Mikrotik 4011s and it works just fine. I can plug an in-band connection into the mikrotik and a secondary ISP such as a cable or other ISP in the data center.
The cost may discourage some folks. On Amazon, these are just under a thousand dollars. If you need more console ports the price goes up from there. To them, I say what are the costs of downtime and your time. For this client, the closest tech is an hour away. I am two hours away. If a simple firmware or bootloader command fixes a switch not booting and turns 2 hours of minimum downtime into 5 minutes that is a huge win.
Look for a video overview soon.
Minuteman missile Silo codes
https://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si-1473483587
Those in the U.S. that had been fitted with the devices, such as ones in the Minuteman Silos, were installed under the close scrutiny of Robert McNamara, JFK’s Secretary of Defence. However, The Strategic Air Command greatly resented McNamara’s presence and almost as soon as he left, the code to launch the missile’s, all 50 of them, was set to 00000000.