Attending NANOG 75 in San Francisco. I have always found NANOG very fascinating w.r.t the size of event and a fact that internet started in this side of world. Yesterday was day 0 with Hackathon and task was network automation with ZTP, Ansible, Open/R for IGP etc. 😄 Our team’s presentation about it:
Writing this post from my hotel room in Kathmandu. I found that many of the servers appear to be DNS resolvers which is unusual. Have a look at these weird DNS replies: dig @anuragbhatia.com . ns +short a.root-servers.net. b.root-servers.net. c.root-servers.net. d.root-servers.net. e.root-servers.net. f.root-servers.net. g.root-servers.net. h.root-servers.net. i.root-servers.net. j.root-servers.net. k.root-servers.net. l.root-servers.net. m.root-servers.net. dig @google.com . ns +short b.root-servers.net. c.root-servers.net. d.root-servers.net. e.root-servers.net. f.root-servers.net. g.root-servers.net. h.root-servers.net. i.root-servers.net. j.root-servers.net. k.root-servers.net. l.root-servers.net. m.root-servers.net. a.root-servers.net. This seems unusual and is the result of basically port 53 DNS hijack.
I recently came across an excellent draft at IETF by Job Snijders & friends. This is to address scenarios where a network might miss communication about a maintenance activity when BGP shutdown happens. Once implemented, this can potentially offer to send peer a message with up to 128 bytes with info about shutdown like “Ticket XXX: We are upgrading the router, will be back live in 1hr” etc. It depends by appending such data to the sys notification which is part of BGP protocol.
A while back I posted about routing filter generation via bgpq3 for Cisco (ios and XR) and Juniper JunOS based routers. I have received a number of emails in last few months about automated filter generation for Mikrotik routeros. Since Mikrotik’s CCRs are getting quite popular across small to mid-sized ISPs. So this blog post is about ways for generating filter config for a given ASN via IRR. One can use such logic with some kind of remote login mechanism like rancid (look for mtlogin here).