Networking

I have been using OpenVPN from quite sometime and very much like it. Earlier I was running OpenVPN client on TP Link 1043nd router and that worked great. But recently I switched home routing to Microtik Map2N which has much better VLAN & IPv6 support. Since then I had trouble in getting VPN back live. I can always use VPN client on laptop but that’s ugly for daily use specially when this is my primary work location!  

A blog post dedicated to BSNL AS9829. It just tried so hard to become as irrelevant as it can from everyone’s life (and that doesn’t excludes me now).   So what really is BSNL btw?

• A Govt of India telco sitting at a extensive fiber of over 600,000 Kms across the country (staying just unused and unavailable for anyone’s use!)
• A telco which has an extensive last mile copper (which is very poorly maintained and barely works!)
• A backbone with over 200Gbps of IP transit capacity (which completely sucks due to rotten routing)
• An integrated telecom provider offering services from landline to DSL broadband, from leased line to datacenter services! (out of which everything fails miserably from product line to technical ground level operations)
• An extensive manpower (which is terribly arrogant and from top to ground level staff anyone barely works!)
• Although telecom industry just boomed, it went from 10,000 crore profits in 2004 to 8000 crore losses in 2015. And still politics goes around it!
• While private sector was busy with focus on 4G LTE deployment, BSNL’s market share dropped below 10% in 2014
• While private sector firms like Sterlite, Radius Infratel focused on FTTH rollouts, BSNL rolled out FTTH plans for 4000 INR/month for 50GB cap and FUP speed of (amazing) 512Kbps to ensure no one uses it
• While Reliance Jio is about to come, Airtel is extensively launching 4G LTE, cool companies like ACT are getting more investment, BSNL is putting 6000 crore in public wifi infrastructure to give few mins of free wifi and with hop of users paying it afterwards. (Wow?!)

All above tells nothing but ways in which BSNL is 100% screwed up for now. I don’t expect it to ever pick up again. Politically, technically, and fundamentally it’s a mess. I became BSNL broadband user in 2008 and it has been over 7 years of (painful and terrible) experience with them. As a company which put so much of infrastructure to connect India worked extremely hard to do as many stupid things as possible. For me trouble remained that in my city they were only wired telecom provider for retail services.   Last month I got a long haul circuit from Airtel (provisioned on fiber) between my city and a friend’s ISP PoP for 10Mbps bandwidth. Circuit is delivered at a Airtel BTS site location (slightly away from my home) and I have installed Microtik SXT Lite 5’s shooting link from there to my home (around 1km link with clear LoS). This is a usual long range fixed wireless RF link over un-licensed 5.8Ghz band. (Thankyou govt. of India for delicensing it in 2007 and making available for public use). Thanks to companies like Microtik and Ubiquiti for opening up world of good fixed wireless radios and antennas which really work great and are available for quite good prices. I got pair of SXT Lite5’s from Amazon.in at 7700 INR (~$116). Fortunately BTS site has a private WISP tower and the owner of tower agreed to let me use his tower for my radio for reasonable price.    

One of things which people often asked me around in past was on how to have multiple IPs on Linux machine under various circumstances. I know there are ton of blog posts about this but very few explain how it works and possible options under different use cases etc.   I will share router side and server side config with focus on how it should be done from server end. Assuming server side config to be for Ubuntu/Debian. You can find similar concept for CentOS.   Say you have a router on IP 10.10.10.1 and server on IP 10.10.10.2 on a /24 (255.255.255.0) subnet. Assming that entire 10.10.10.0/24 is available for server’s connectivity. Setup would be like: Configuration so far is super simple. You have got 10.10.10.1 placed on R1’s interface (g1/0) which connects to server01 and server01 has 10.10.10.2.

One of very cool features of IPv6 is link-local address which stays local to a given link. For this fe80::/10 is reserved. A /10 is a huge amount of address space in IPv6 (and in IPv4 too :) ). This means from fe80:0000:0000:0000:0000:0000:0000:0000 to febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff.

Since by design link-local address stays local, the address configured on the upstream/gateway router can be kept same for ease of use and comfort. This wasn’t the case of IPv4 where each VLAN/layer 2 domain had it’s own gateway.   So e.g if you have two VLANs or interfaces say: Gi1/0 and Gi2/0. You decide to use 10.100.100.0/30 on Gi1/0 and 10.100.100.4/30 on Gi2/0.

Out in Mumbai to attend SANOG 26.

Meet and greet if you are attending as well or around in Mumbai. :)

Came across this excellent presentation of Peter Hoose (Facebook). It gives a very good logical way of troubleshooting problems. Less about actual problems but about how Ops members companies like Facebook troubleshoot them.

This is from NANOG 64. Enjoy the presentation. :)

Few days back a friend of mine (who works for an ISP) congratulated me for joining HE. Along with wishes he told me that our bgp.he.net doesn’t works well and the reason he fealt so is because he couldn’t see all peers for his ASN in our tool.

This is not a problem and to be more broader - same applies on all popular tools other then bgp.he.net like RIPE Stats, Robtex AS analysis etc. The reason many of these tools do not and cannot show all peers is because they show what they see from the point of collection. E.g right now I am on BSNL (AS9829).

Just was looking around at EDNS support by Google. To find how it supports and how packet looks like I created a test NS records for dnstest.anuragbhatia.com pointing to one of test server (178.238.225.247). I wasn’t running any DNS server on the server. Just ran quick tcpdump.  

At server end:

sudo tcpdump 'port 53 and dst 178.238.225.247' -nn -vvv -w sample.pcap

Then I forcefully triggered DNS queries via Google’s recursor using:**

Few months ago I moved away from Google Chrome to Opera Mobile on my Android device. Google Chrome is pretty loaded and overall slow.   Recently I noticed browsing was pretty slow. I noticed that “Off-Road mode” was enabled.  

I disabled it and performance was much better. I did heard of it in past and clearly it’s a proxy mode where packets between Opera instance running on cell phone and destination server are routed via an Opera server which uses some special compression technologies and helps in making browsing faster. Carrying with my obsession for looking at ASNs and IP address, I enabled it again and visited bgp.he.net and was surprised to see the result.

I have been to quite a few countries but I must say Japan just stands out in internet connectivity. Overall connectivity is just amazing out here. As I landed on airport in Fukuoka, I noticed open free wifi (just one signup online form to accept TOS and it was up), later I noticed Fukuoka City Wifi project and it’s really visible across streets and very much works. As

I got to hotel, I was given SSID for wifi and it was just up! No crazy proxy, no crazy use of hotel room numbers/last name combinations. I was getting 20Mbps speed on wifi. This was a clear sign that transit was not bottleneck and likely wifi/end point connectivity was the one which was putting it on to 20Mbps (802.11n on a good quality router with 5Ghz). As I connected my laptop on wired LAN, I noticed (which I did expected by now) - connection synced at 100Mbps LAN and that was pretty much internet speed I was getting.