Posts

VyOS is quite interesting OS. It’s a open source Linux based network operating system based on Vyatta. It’s config style seems bit like JunOS in terms of hierarchy and set/edit/delete options while editing configuration.  

**Can one use it in a small ISP or a Corporate LAN setup? 

Someone asked me recently if we can have complete open source based router in smaller network doing basic stuff. Not with not-so-streamlined Linux shell but networking OS where network engineers favorite tool “?” works in CLI with options. Let’s take a possible case with bunch of routers, a server with speedtest-mini running on it and end desktop with Ubuntu-desktop on it along with VyOS based router. Goal here is to have basic features to work (to start with!). I am conducting this test and setup on the VM infrastructure at home but that should have zero impact/configuration of network devices and hence not going to focus on that part. All devices including server, desktop and router are pretty much running on virtual machines or KVM containers.     To configure and test:

So last month I had a wonderful trip to Bangladesh for bdNOG. This is bit delayed.  

Some thoughts on infrastructure

1. In terms of infrastructure - roads & traffic, power, quality of builds - it seemed like India in 2000’s.
2. Specifically roads and traffic was bit terrible and even as an Indian (who manages to drive in Indian traffic!) I still got scared out of traffic in Dhaka. Speeds, roughness and overtaking is pretty high.
3. There was no Uber and app based services are still pretty low. It was mostly usual “yellow taxi” which one had to call. (And it was expensive by local standards).
4. There was excessive, just excessive amounts of overhead cabling in Dhaka and most of key city areas. It’s worth noting that there is way more overhead fiber than India. I guess most of it was running “active ethernet” based solutions (not a PON).  Most was just via media converters on both ends.
5. I got 30Mbps speeds in cheap budget hotel in Dhaka which was more higher then what I have ever seen in India! (Speedtest here)
6. Bangladesh currently is connected to outside world via SEA-ME-WE4 (landing at Cox’s Bazaar) and a terrestrial cable route via Kolkata.
7. Overall network connectivity with India is decent since many large Bangladeshi networks buy transit from Tata Communications (AS6453) and Airtel (AS9498). So mostly there’s direct path to India and if not direct then via Singapore which added bit of latency but was not as bad as India-China routes.
8. Bangladesh has a real & functional internet exchange :)

An interesting promo video on Internet peering and why it is important in context of Africa by Internet Society.

This week I presented in bdNOG 4 on “Misused top ASNs”. It was a study we at Hurricane Electric did to see how many times AS1, AS2 and AS3 appeared in global routing table between 2010 and 2015. This highlights cases where AS1, AS2 or AS3 appeared as a result of wrong prepend.  

My presentation is embedded below:

Overall bdNOG 4 had been a great experience. It’s good to see a nice NOG community actively sharing technical know-how, sharing experiences, and much more. I must say that is something I greatly miss in India. More on bdNOG conference later on.

    Sitting at Kolkata airport. Noticed the usual “Free Wifi in the area!” message and connected to Tata Docomo Free wifi. Performance was quite poor.   Two key issues with wifi:

1. Using of only 2.4Ghz (802.11b/g/n with 20Mhz channel). No AP with 5Ghz box. (Click here to view scanner data). Should have been 5Ghz
2. Entire traffic is getting tunnel via Mumbai i.e West India (while I am sitting on Eastern side). Adding up to latency and performance significantly.

Here are some of traces to random locations:

Came across this impressive cover of last mile broadband issues in Orcas Island in Washington state in Arstechnica.com.

It’s very true on how so many areas are just not served and likely will never be served because when you have large telecom players bidding for billion dollar worth of Spectrum, all they care next for is very high value returns. And if they do not see those kind of returns, areas stay unserved. India has even poor story where it’s challenging to get wired broadband in most areas of country including key metro cities.

There seems be an ongoing route leak by AS49505 (Selectel, Russia) for K root server.

K root server’s IP: 193.0.14.129
Origin Network: AS25152  

Here’s trace from Airtel Looking Glass, Delhi PoP

Mon Oct 26 16:21:18 GMT+05:30 2015
traceroute 193.0.14.129
Mon Oct 26 16:21:22.053 IST
Type escape sequence to abort.
Tracing the route to 193.0.14.129
 1   \*
    203.101.95.146 19 msec  4 msec
 2  182.79.224.73 14 msec  3 msec  1 msec
 3  14.141.116.89.static-Delhi.vsnl.net.in (14.141.116.89) 7 msec  3 msec  2 msec
 4  172.23.183.134 26 msec  45 msec  26 msec
 5  ix-0-100.tcore1.MLV-Mumbai.as6453.net (180.87.38.5) 151 msec  153 msec  152 msec
 6  if-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17) \[MPLS: Label 383489 Exp 0\] 160 msec  163 msec  155 msec
 7  if-2-2.tcore2.WYN-Marseille.as6453.net (80.231.217.2) \[MPLS: Label 595426 Exp 0\] 161 msec  162 msec  162 msec
 8  if-7-2.tcore2.FNM-Frankfurt.as6453.net (80.231.200.78) \[MPLS: Label 399436 Exp 0\] 149 msec  151 msec  155 msec
 9  if-12-2.tcore1.FNM-Frankfurt.as6453.net (195.219.87.2) 164 msec  163 msec  159 msec
 10 195.219.156.146 153 msec  151 msec  160 msec
 11 spb03.transtelecom.net (188.43.1.226) 190 msec  192 msec  189 msec
 12 Selectel-gw.transtelecom.net (188.43.1.225) 185 msec  185 msec  185 msec
 13 k.root-servers.net (193.0.14.129) 183 msec  204 msec  196 msec
RP/0/8/CPU0:DEL-ISP-MPL-ACC-RTR-9#

The routing information (show route 193.0.14.129 output) from their looking glass doesn’t seems useful since it shows that it’s learning K root Noida route via NIXI. This is likely because routing information is different from actual forwarding information in that device. So the trace looks extremely weird. It’s leading traffic to K root which does has anycast instance in Noida, landing into Russia!   Why is that happening? Let’s look at what Tata Communications (AS6453) routing table has for K root’s prefix. I am looking at feed of AS6453 which it’s putting into RIPE RIS RRC 03 collector.

I have been using OpenVPN from quite sometime and very much like it. Earlier I was running OpenVPN client on TP Link 1043nd router and that worked great. But recently I switched home routing to Microtik Map2N which has much better VLAN & IPv6 support. Since then I had trouble in getting VPN back live. I can always use VPN client on laptop but that’s ugly for daily use specially when this is my primary work location!  

Enjoyed ISC’s presentation about their analysis of F root server (one 13 root DNS servers which power the Internet) about anycast performance gloablly for 192.5.5.0/24 announced (and anycasted) by AS3557 (ISC). This was presentation at UKNOF 32.

Embedded presentation below (or click here to watch on YouTube directly)

K root in Noida seems to be not getting enough traffic from quite sometime and connectivity does seems bit broken. This is a blog post following up to Dyn’s excellent and detailed post about how TIC leaked the world famous 193.0.14.0/24 address space used by AS25152. It was good to read this post from RIPE NCC written by my friend Emile (and thanks to him for crediting me to signal about traffic hitting outside!)