Posts

Post to determine whether or not NIXI carries full Indian routing table?

Analysis of impact of de-peering between NTT AS2914 and Cogent AS174

Post covering latency between Pakistan and Europe via existing & newly proposed route via China.

This post analyses Google Cloud routing tiers and how they relate in the BGP world

Last month after the mnNOG 5 event in Mongolia, I got a chance to visit Skytel’s IPTV headend. Skytel is one of the large Mongolian operators doing mobile and fixed-line networks. Tour of network infrastructure is always interesting and this time it was not just IP but broadcast network over the IP which excited me. In past, I have visited datacenters, IXPs etc and those are mostly IP (layer 3) or ethernet (layer 2) networks. This was the first time a tour of the broadcast infrastructure. Special thanks to friends from Skytel especially my friend Tuvshuu from the IP broadcast network team for arranging this tour of this infrastructure.

I have been in Ulaanbaatar, Mongolia for the last few days. This is my first travel to Mongolia and this far up in the North (except for previous travel to Russia in 2016 and some parts of Nordic areas in Europe). Geographically Mongolia is located between Russia (on the North side) and China (on the South side).

I am here for mnNOG 5 event. mnNOG is the Mongolian Network Operators Group. On Monday mnNOG conducted it’s 5th annual conference and it followed a five-day workshop. I am doing a workshop here on Network automation along with engineers from local networks. Mongolia is a landlocked country with no access to sea and hence no sub-sea cable. For the internet Mongolia relies on in-land fibre optic cables to connect to Russia and China. Though cables connect physically via Russia and China, I do not see Mongolian networks doing L3 termination in Russia or Mainland China. Instead, there is connectivity to Hong Kong, Singapore, Frankfurt etc. for the L3 connectivity. Interestingly due to it’s geographic location, a bit of China-Russia internet traffic exchange happens via Mongolia.

APNIC 56 is happening next month in Kyoto, Japan. This would be my third-time travel to Japan and besides meeting network operators around the region at the event, I will be doing a one-day tutorial on Network automation with Christoff Visser from IIJ research labs and Abdul Awal from APNIC. The agenda is similar to (though a subset) of network automation workshops I have done over the last few months across different events. Tutorial typically is a “view only” event where the audience would be presented with content in the form of slides, live terminal demo etc. It does not involve a hands-on workshop for the attendees as one day time won’t support that.

For a while, I have been looking for a smokeping alternative for latency monitoring from different servers spread around. While smokeping has survived well over time, in 2023 it feels like an outdated package, with limited options, lacks federation etc. This post from Karan Sharma / Zerodha on “Monitoring my home network” was exciting. His setup included a telegraph agent on a local server, Prometheus to scrap data and Grafana to draw latency data. I explored doing the same but in a distributed manner a bunch of servers spread around. After some tries, I didn’t like Telegraf. Don’t get me wrong - it’s a good “agent” to run on Linux servers but is primarily designed assuming push target against a time series database like InfluxDB which created it. I am still exploring using it for a different use case (which is pulling SNMP data from switches).

Earlier in March I visited Andaman & Nicobar Islands. The trip was purely personal as my wife happened to have been born there. These are Indian islands in the Bay of Bengal located in the South East of West Bengal and geographically quite near Myanmar and Thailand. The nearest large Indian cities on the mainland are Kolkata and Chennai.

In the initial part of the trip, we stayed in Swaraj Dweep (old name Havelock islands) and later in Port Blair. The place is isolated and has amazing natural beauty. It has one of the most beautiful beaches in the world (Radhanagar Beach). Tourism has grown nicely in Andaman & Nicobar islands in recent years and besides many other factors, one of that is a submarine cable!

Background

I am running my own authoritative DNS servers for the last few years. In earlier stages I just used registrar-provided DNS, later moved to “Cloud provider” provided DNS and ultimately settled for running my own auth DNS.

Two major requirements pushed me to self-host auth DNS:

1. Requirement of REST API for DNS needed by the web servers to resolve Letsencrypt certbot DNS-based challenge. This allows me to have internally hosted tools with Letsencrypt issues TLS certificates instead of self-signed ones. The API access is mostly missing in the registrars hosted DNS.
2. Occasional DDoS on my blog. There have been occasional DDoS on my blog (probably from random people who enjoy doing volumetric attacks). This always worried me about DNS bills during DDoS, especially for low TTL records. The last hosted DNS option I had over a year ago was Google Cloud DNS and they charge $0.40 per million queries per month. This can add a significant amount to the bill if under massive DDoS resulting in many millions of DNS queries. Plus per zone 20 cents charge gets expensive at a scale with a half a dozen domains.

After exploring a few options I settled for running PowerDNS with MySQL backend. This is kind of a comfort zone since I ran similar systems for my employers in past and it worked well. PowerDNS is a great option for authoritative DNS as it has nice documented REST API, CLI utility pdnsutil for easy high-level scripting, supports a bunch of backends to store DNS records from BIND like text files to MySQL. It is also good (automated) support to handle DNSSEC for signing the zone.