Posts

Lately, I have been playing with many tools and as one gets into deploying those tools, SSL comes as a pain point. A large number of web-based tools I use are internal and on a private network. VPN (with OSPF running over FRR) takes care of connectivity but still, it’s good to have SSL on these machines. Non-HTTPs websites are getting more & more ugly with browsers and even things like password managers do not fill the passwords anymore on their own for non-HTTPS websites.

Back in 2017 Google shared details about Espresso which is their SDN solution for scaling up their routing.
Saw this fascinating presentation from Google at SIGCOMM 2017. This blog post covers it in detail besides the talk.

Key design principles for their routing platform

1. Hierarchical control plane consisting of both global as well as local control. Global takes care of overall traffic flow, inputs coming from performance metric etc while local take care of failure of BGP sessions, port/device failure etc.

Day 16 of lockdown here in Haryana due to Covid19. Time for some distraction.

Last week it was reported that Wireguard will be added in next version of Linux kernel. I have been using Wireguard from over a year and it has been working great. I replaced OpenVPN with Wireguard for both site to site VPN as well as client-server VPN. If you are looking for a free open source VPN for remote employees or just connecting to your own remote servers Wireguard can be a really good candidate.

A fascinating lecture by Mr Anil Swarup (retired IAS, ex-Secretary to Govt. of India & State Govt of UP) at Lt Governer, Puducherry Raj Niwas. His Wikipedia page here and Twitter account here.

The first half is the talk itself, followed by some time of Q&A, followed by a short talk by Mr Ashwani Kumar (Chief Secretary to Government of Pondicherry) and in the end is Lt Governor Kiran Bedi.

In Melbourne for the week for APRICOT 2020. Someone jokingly said it’s should be “APRICOT and RPKI 2020”. :-)

It seems like both JPNIC and TWNIC are doing a good job at promoting their member operators in Japan & Taiwan for signing ROA. I thought to check for the status in India to find how India is doing.

RPKI ROA status for India

1. Total prefixes: 40,834 (IPv4 + IPv6)
2. Prefixes with valid ROA: 4693
3. Prefixes with invalid ROA: 354
4. Prefixes without ROA: 35,787

I had calls with a couple of friends over this week and somehow discussion IPv6 deployment came up. “How much has been IPv6 deployment in India now in 2020” is a very interesting question. It’s often added with - “how much of my traffic will flow over IPv6 once it is enabled”?

Game of numbers

There is a drastic difference in IPv6 deployment depending on which statistic we are looking at here in India. There can be a bunch of factors based on which we can try to judge IPv6 deployment:

A post to dump mind views. Hasgeek folks (who run RootConf conference in Bangalore + some other places around) seem to be in expanding mode. Besides RootConf which is a conference primarily for DevOps community, they are doing events on Fintech etc and now expanding to networks. I have been to and presented at multiple RootConfs on RIPE Atlas probes and BGP routing security. Both of these topics were from networking domain but closely touch the Sysadmins and thus probably made sense.

IRINN (Indian Registry for Internet Names and Numbers) is a NIR (National Internet Registry) for India operating under the APNIC RIR (Regional Internet Registry). IRINN is run and managed by NIXI. It’s a decent NIR and was set up in 2012. Indian organisations have the option to either maintain relation with APNIC or with IRINN.

A large number of small networks prefer IRINN because it’s annual charges are 25000 INR / $351 USD against APNIC’s membership fee which is over 2x of that.

A nice short 20mins video by VOX on how the internet works. It covers the basic idea of connectivity a higher level and I am probably going to pass this link to friends & family members outside of the networking domain when they ask. It also covers 60 Hudson Street which I visited exactly an year ago. :)

Hello world from Gujarat! This is my 3rd visit to Gujarat. :)

Coming to today’s post: I have noticed ISPs doing really crazy things to maximise traffic on peerings and IXPs. Some of those are bad and some are very bad. Additionally I came across this comment and thought to put this quick post.

Example of some bad ways to increase IXP traffic:

• Using upstream’s ASN to keep AS path shorter (yes, believe me I have seen that!)