Musings


Jan. 21, 2021

ModemCast Podcast

Back in January of 2016 a vain attempt was made to do a networking podcast called “non-blocking”. One episode was recorded - an informative conversation with Peter Phaal of sFlow / inMon. It was really fun to do, and was met as a reasonable freshman endeavor. In the making, however, there were a few thing that were made painfully obvious: Scheduling a podcast is difficult. Getting the right people available at the same time is often a herculean endeavor in and of itself.

Jan. 4, 2021

The Disjointed state of end user IPv6 on broadband networks

I have been sitting on this post for quite some time. This is a long, and personal story with some technical bits for those looking to solve the same problem I was. It was a long, complicated, frustrating journey of sad realization about the state of IPv6 for everyday users and those with business class connections over consumer focused network last mile networks. It is well documented and annoyingly understood thatI am a vocal proponent of IPv6.

Jan. 2, 2021

Navigating Change (NetCollectivePC S03E19)

2 Jan 2021 seems like as good a time as any to start thinking about change. Change is inevitable. The only constant is change. Adapt or die. There are any number of stereotypical and cheesy mantras that can be chanted over a beating drum whilst sitting around a fire. However, saying them and coping with change are very different beasts. AsI have written in the not so distant past, most change invokes an inherent fear of failure and aversion to risk.

Sep. 8, 2019

ElastiFlow Template VM

Flow data is a critical piece of understanding how your network works what what it is actively doing. It also provides a great baseline and capacity planning tool. However, some of the more feature rich NetFlow and/or sFlow collectors can be quite daunting in their cost and/or complexity to install. ElastiFlow is a great alternative for flow analytics and is built on the well traveled and robust ElasticStack, meaning, its back end is well documented, well supported, and scales exceptionally well.

Jun. 29, 2019

The BGP conundrum

BGP. It’s that magical protocol that runs the internet. For for as much as BGP is a fundamental, critical, irreplaceable part of the core functioning of the internet, it is a protocol that has not aged well as far as security is concerned. See, BGP was born when the internet was really still an academic experiment. Handshakes and loose agreements were totally fine for connecting a new site.  Then came the awakening.

Dec. 10, 2018

DNS – the treasure trove of information your ISP can see

In recent years, the nature of privacy on the internet has become a very important topic amongst those concerned with the now lack of net neutrality. The de-facto mechanism for dealing with privacy has been to "SSL all the things", which I am very much in favor of. What many do not realize, though, is that simply using SSL for the traffic that transits a given ISP still leaves a wealth of thick, rich, delicious personal data still easily available to your ISP to harvest, sell, and do with as they please.

Oct. 18, 2018

The rush to automation and the IT pendulum

Recently, the venerable Ivan Pepelnjak published a very insightful article aboutautomation becoming such a popular topic that was spawned by an email from one of his readers. I found this article to be spot on, and wanted to add a bit of my own opinion into the automation pie, as I have been spending a lot of time on automation as it related to existing networks as well as into SDN based environments.

Jul. 16, 2018

Trouble with Tribbles …..errr NAT

As a follow up to my last post, I wanted to dive a little deeper into the world of address translation and to suss out some of the more compelling details. As I’ve said on many occasions, it pains me to see NAT referenced as a security mechanism. That said, where PNAT can be beneficial is in an overall privacy strategy, however, even that is comparatively low value and given the current state of global IPv4 allocations, arguably a detriment to usability - we’ll get to that - before we do, it is important to understand what ’NAT” as we call it today actually is, and to do that we need to explain all of the types of address translation (yes, there are several).

May. 4, 2018

Field Area Networking

It’s no secret that RF technologies and what like to call “specialty networking” are two of my favorite things in the networking space. Put them together and it is like chocolate and peanut butter! Now, some may not consider Field Area Networking (FAN) to be “unconventional”, but it certainly falls well outside of the space of what is typically traditional enterprise networking. That said, Cisco’s FAN briefing at Network Field Day 17 really got me excited and thinking about the alternatives for the IoT space.

Feb. 19, 2018

Strategy Series: Build vs. Buy (sorta)

Build vs. buy is an often lamented and always hotly debated question in all aspects of IT, however, if one is able to truly look at all angles the answer is typically straightforward and can be rooted in one simple strategy: don’t reinvent the wheel. Don’t reinvent the wheel Too many times we as an industry don’t do our homework - we are all guilty of it - and we reinvent a wheel.

Feb. 10, 2018

Strategy Series: How do you view outside of your network?

In the tradition of my NIX4NetEng series I’m going to dive deep into the world of strategy, and specifically into the strategy of how we look at and operate our networks, the data they generate and the analytics that are available (and often overlooked) in how networks are managed both long term and day-to-day. So, in the spirit of visibility, lets think about how typical networks are monitored. My guess is that you either already know, or will soon realize that visibility and testing across disparate networks is hard.

Dec. 18, 2017

Strategy Series: What is your netflow strategy?

You have one, right? Even if your entire strategy is “collect some flow data”, there is absolutely NO reason not to have a netflow implementation, and frankly, it will save you time and money over time if you make the effort to do it. I love network data and analytics and I have waxed poetic about how important they are at every opportunity. There are a myriad of options for analytics and flow data.

Mar. 25, 2017

No privacy may be the new privacy.

Taking politics and putting them aside, what the new administration has been attempting to change with regard to internet privacy is something we should all be informed about. Wether you have a tin foil hat or don’t care, “knowing is half the battle”. The other half is doing - which I will also lend some brief insight to (sorta). What’s changing? Nothing yet (as of the time of this writing). What will likely change?

May. 21, 2016

BGP RPKI – why aren't we using it more?

I was recently at a meeting where BGP RPKI was the topic de jour. While this has been a topic that I have visited on occasion of the last few years and something I wanted to spend significant time on, I have found that setting aside the time has been difficult and sparse, much like the deployment of BGP RPKI. In order to better understand the options available, it's important to break down the pieces and terminology involved; BGP is daunting enough to those unfamiliar with it and adding PKI on top of that can be even more so.

Jan. 18, 2016

Buzzwords, technology, terminology, and the interconnection of modern networking

I'm way overdue for a soapbox session -- I found this one in my drafts and thought it was something I needed to put out there. It's already dated in terminology but that actually helps make the point - it's hard to keep up.  Lets throw this out there: social media can be exhausting. Do not misunderstand me, it’s a great tool for communication, obtaining and disseminating information as well as standard goofing around.

Nov. 5, 2015

Building Interdomain SDN part 3

A few years ago I wrote some text on interdomain SDN. Years later, work is being done, smart people are thinking about it and building ways to make it a reality. Not being one to give up on an idea, I gave this presentation in may at ChiNOG on what my take on what that architecture should be. I (we) propose that the use of existing protocols such as BGP FlowSpec will make this realistically deployable and maintainable given some simple, pluggable middleware.

Jul. 6, 2015

Solarwinds Orion from a UNIX user perspective

Back in February of this year (2015) I was introduced to Solarwinds when they presented to us at Networking Field day 9. Until then I knew of SolarWinds products but only at a cursory level; I had never really seen or used their stuff since it was mostly focused on environments that were either smaller or outside of the networking world that I generally operate in. However, I am a[n insufferable] network monitoring “aficionado” so when the opportunity to play around with it arose, I happily took it.

May. 16, 2015

Ravello Systems review and use case study

There are a vast number of entities that offer the seemingly ubiquitous “cloud”. “SaaS”, “IaaS”, “BLAHaaS”, buzzword compliance is truly a sought after thing by marketing folks. With the proliferation of virtualization, containers and other “time slicing” of hardware by software the chatter can quickly become noise. As technical professionals and the warm bodies with the responsibility for actually making things work and keeping them running, the onus is on us to be able to decipher the useful from the fluff.

Mar. 15, 2015

NetBeez, performance monitoring and the network.

At Networking Field day 9 there was a great deal of discussion regarding monitoring, modeling, and maintaining networks, as would be expected at an event with such a focus. Luckily for us, an interesting product that comes from a company that I was unfamiliar with called NetBeez gave an inspired presentation. Now, NetBeez got my attention for a few reasons. First off, NetBeez is doing some really great things in the field of network monitoring.

Jan. 24, 2015

Network Field Day #9

In a few weeks I’ll have the opportunity to participate in another Network Field Day. I’ve been lucky enough to have the opportunity to attendin the past and have done some remote participation when possible, but like some of the other rare opportunities I have had in my career, NFD is fairly unique in that it is constantly evolving in both the information provided and the individuals involved. As the saying goes, variety is the spice of life.

Aug. 12, 2014

Aging hardware, IPv6 and the growing route table

I’ve blathered on about BGP forever. Say what you will about the venerable protocol, it runs the interwebs, is reliable, extendable and well documented. I’ve also espoused ad nauseam about IPv6, so none of this [admitted] rant should really be a surprise coming from me. As of 8/12/2014, according to the CIRD report (and many mailing lists), thedefault free global ipv4 routing table has reached 512k routes. This is a milestone from many perspectives, but more importantly, it solidifies the fact that there is a great deal of equipment in critical points in the internet that is out of date and cannot perform as intended in its current configuration or function.

Jun. 23, 2014

Crystal Ball: Cisco buying tail-f. What does it mean?

With the recent announcement of Cisco Systems intent to purchase tail-f, proponents of a multi-vendor environment are waiting with baited breath to see how the networking giant will deal with support of competitor hardware and CLIs. Yang is here to stay, there is no doubt about that. As is netconf. Both of these are good things for the industry as a whole, having a standard way to communicate with network hardware [that isn’t openflow] is necessary and immeasurably useful.

May. 17, 2014

Net Neutrality changes could force better fiber networks

Many regular internet users are extremely upset about the recent proposed changes the FCC has opened for comments about the delivery and provisioning of internet services. Watch this video if you’re unaware of the high emotions it has evoked: While these are proposed rules and are not in any way finalized, there is real concern that they may become law. Where this is problematic is that it opens up the possibility of some real misuse, abuse or simple misunderstanding of needs and services.

Feb. 19, 2014

NFD7 Live stream available

Tune in!    

Feb. 10, 2014

Network Field Day 7

A while ago I got an email asking me to participate in Network Field Day 7. I was very happy and humbled to get asked again since I wasn’t able to attend NFD5 or NFD6 for various reasons outside of my control (although I did try toparticipate with NFD5 remotely). If you’re unfamiliar with the tech field day series, you should spend a little time and learn about the value it brings.

Nov. 9, 2013

How to be a [good] Network Engineer (and network engineer appreciation day)

My personal background in computing (specifically networking) is atypical. I have a bachelors in visual arts and only took a handful of computing classes in my relatively long tenure in college. However, I did learn one valuable lesson that has served me pretty well over the 15 or so years I have been doing networking and I’d bet money any good network engineer that has more than 10 years of experience will nod their head at this and agree.

Sep. 21, 2013

Being single vendor does your brain a disservice.

Let me be clear, when I say “single vendor” I’m talking about being “single vendor” in what you work on, not necessarily what you install (although one basically forces the other) and what I really mean is multilingual. I’ll explain after a brief history of why I am the way I am. I’m idealistic but I’m also realistic. I generally propose solutions that I think are best even if it is non-standard or out of current comfort level along with an alternative or two.

Aug. 5, 2013

The sad state of IPv6 and why you need to learn it.

I have been learning and using IPv6 for a quite a while, even before I worked in research and education, back in the ISP days. I thought I should learn it because, frankly, I figured we’d all be converted to it by now, already whole hog using it like it was the layer 3 addressing mechanism that it is. Flashback: My first IPv6 access was via a tunnel to HE a long, long time ago and before that I was reading what I could about it.

Jul. 3, 2013

I want to love cumulus networks…..

I want to preface this by saying that I have not seen or worked on the cumulus networks system yet. This is a stream of consciousness post on my thoughts and opinions based on what I’ve read publicly. Recently anew network player has emerged on the scene with a very simple, straightforward idea. Take linux and put it on a switch. While this isn’t exactly new (see Juniper and FreeBSD, Arista with Linux, Force10 with NetBSD or the plethora of other vendors using an opensource OS as the underpinnings of their NOS), the angle that cumulus networks is taking is a bit more….

Mar. 28, 2013

A missing link in small MPLS, 10G devices.

Lately I’ve been lamenting the fact that there seems to be a lack of options in a very specific product level. Lets say you have a network that looks like this:   Right Away you’re limited since you need MPLS and more than 2 10G interfaces. Even more so if you require full support for IPv6 and ISIS. If budget is of any concern, you’re in real trouble. For many, Cisco pricing and smartnet is potentially going to exclude anything reasonable from them.

Mar. 23, 2013

My SDN soapbox (now with IPv6!)

This week there was a lot of buzz about SDN (as usual). There was alightreading thread that I commented on and a fantastic read by Brent Salisbury about being the steamroller and not the road that got me thinking about OpenFlow and SDN in a way I had not before. <soapbox> All that is old is new again. I remember when internal networks were small and routing protocols were taboo in many internal environments.

Mar. 6, 2013

Network Field Day 5 &#8211; Participate Remotely

Last year, Networking Field Day was something that I’d heard of but wasn’t really aware of what is really was. I occasionally looked at Twitter and saw the hash tags but did not know much about how it was set up or what it was about. In fact, I actually thought it was supposed to be like the HAM radio field day stuff where you go out and build out an emergency network on the fly.

Jan. 22, 2013

Alternate model for Service Provider networks; or how to keep net neutrality intact

There has been a lot of buzz about the service provider model, net neutrality and tiered access for consumers in the past few years. Just this week Google has been accused of paying Orange (more likely Orange is forcing google) for handling its traffic. This is a VERY slippery slope that teeters on the edge of what we all want to avoid as consumers or content creators. This recent story has sparked something I’ve been thinking about for a very long time.

Jan. 10, 2013

SDN Across the WAN, part deux. Primitives.

I’ve been lamenting about the SDN WAN options for a while now. Having SDN/OpenFlow in a data center or campus is relatively well documented and already widely deployed. Google has been doing SDN across their private WAN in production. These pieces are easy. What isn’t easy is the ability to plumb SDN across many domains that are under disparate control. This part is hard. What is lacking is a fundamental framework, or set of primitives to build from.

Jan. 9, 2013

How to install and use the Airport utility under Mountain Lion

I have a bunch of Apple wireless gear at my house. It’s inexpensive, feature rich and easy to maintain. However, with the update to mountain lion a while ago, the ability to install the older Airport Utility stopped. This is annoying since I have what apple now considers “advanced” features like IPv6 at my home and essentially all my gear here is a lab (except for the plex server =) I’ve been spending a lot of time on cacti lately, and I wanted to test out the syslog plugin….

Jan. 2, 2013

Where will Cisco go from here?

After reading Stephen Fosketts post “How Will Cisco Recover From The Consumer Strategy Blunder?”, it got me thinking. It’s a very different world than when Cisco got started all those years ago. I don’t have any brand loyalty to Cisco, I learned on cisco gear 14-15 years ago for the most part, but I try to keep the mentality of “the right tool for the job”, which means constantly surveying th emarket for new and interesting ways to do things.

Jan. 1, 2013

Most popular posts of 2012

I am very happy and flattered that this site actually proves to be useful to folks. It was always my intention to use this as a platform to try to give back a bit, to help with any data I may have run across that was interesting, useful, or obscure. I utilize sites like etherialmind.com, packetpushers.net, evilrouters.net,networkstatic.net and ioshints more than I can even measure. I wanted to try to contribute as much as I could to pay it back.

Dec. 20, 2012

Random Tech Predictions for 2013

I have a love-hate feeling about “predictions” about the upcoming year, especially tech predictions. I don’t like media sensationalism of any kind, and a lot of the tech predctions are just that, sensational, extreme talk to draw in readers or viewers. I’m choosing to go down a more subtle path, these are things I’ve thought about lately but will likely forget in the upcoming year, unless they actually happen, in which case I’d likely do an “ah, I remember thinking that may happen” gesture.

Dec. 15, 2012

CentOS sshguard install for limiting ssh scans

Securing SSH is a form or art. It’s often debated, much like blocking all ICMP packets (which I normally disagree with). If you need good proof, read these posts by Bob Plankers. There is a camp that likes to promote moving to a non-standard port. There is a faction that likes to block it completely except from a handful of hosts. Then there are those that like to leave it open all together.

Dec. 2, 2012

Converting (back) to wordpress from Blogger

For a long time I ran a blog called tech.buraglio.com that was a self hosted wordpress site. After having kids and getting a bit busier at work, I decided to move everything that I had been hosting (images, scripts, hacks, blogs and DNS) to “the cloud”. I managed to do this for everything but my primary DNS resolver, which I had always intended to keep, and one wordpress blog that I hosted for someone else.

Nov. 27, 2012

SDN across domains in the WAN &#8211; a novice look

There has been a flurry of discussion on SDN in the WAN lately, specifically, why and how. Brent Salsbury laid out a few use cases here. The why seems pretty straightforward. I do believe it will happen, however, the how is the interesting part. Admittedly, I’m a tad of a greenhorn in the SDN space, I’ve made it work in a lab, I participate as much as I can in the working groups and I attempt (poorly) to keep up.

Nov. 24, 2012

Workflow and my every day workstation setup.

Recently, there was a thread over at Packet Pushers about what folks use for their daily workflow. I quickly realized that my setup is pretty simple (as I like it) and relied on a large amount of terminal based tools, which makes sense since I have been a UNIX (or UNIX based) OS user since my migration from the original MacOS back in the 1990s. Anyway, Since I wrote most of this up already, I thought I’d post it here:

Nov. 9, 2012

SCinet, a privileged few

Every year there is an international conference for High Performance Computing, or HPC as it is often called. This is a bit of a niche in that it’s something that many enterprises and researchers need but don’t do themselves and so many don’t have a grasp as to what all is invoved. It’s a specialized, potentially expensive and very different environment as well as mindset than the general sysadmin or network engineer will ever see.

Nov. 5, 2012

And a purple pony.

If I had my perfect world where I lived in a gumdrop house with lollypop trees and everything smelled like butterfly kisses, here is what I would like to see in WAN networking gear. I can build a list for LAN and edge gear as well. It’s not a golden rocket ship I’m looking for. OK, maybe it is. Full MPLS support  Full IPv6 support, all the features, not just pieces.

Oct. 31, 2012

Directionality

As I sit here thinking if this site is worth my time, some words that someone said to me recently ring true. “Take from things you’re doing every day” is what Brent Salisbury of networkstatic.net said to me. He was right. …And it was why I originally started this site, in a way. The original goal was to make a site I could take notes on and possibly help out someone trying to solve the same issues as me or look at something from the same perspective I had.

Oct. 18, 2012

A tale of two ISPs&#8230;

I’ve been doing research, carrier and service provider networking for a long time. I my first real service provider experience was beta testing DSL for GTE back in the 1990s, I prototyped and proposed a CLEC for an employer in 1998 and went to work for the only ISP in the area rolling it’s own DSL over ATM in early 2000. Everything seems to come full circle, though, given enough time.

Nov. 1, 2011

A quick post about ARP Networks hosting.

I’ve had a co-located server in one way or another for the last 11 years. From hosting a bare metal box at the ISP I worked for for a while, to sharing a bare metal box at a colo provider to switching to a VPS service, I’ve always had an “offsite box”. I just wanted to post a quick “these guys are great” comment to my current VPS provider, ARP Networks.

Oct. 22, 2011

A security oversight in Mail.app, or, a hidden bcc: field

Recently I was poking around Mail.app, setting up my new machine. I like to keep redundant copies of everything, email being no exception. I have backups of all of my email dating back to 1998, for the most part. It has come in handy from time to time and I like it for reference reasons. It’s a small amount of actual data as far as space goes, and it’s easy to do.

Oct. 15, 2011

iMessage: I&#039;ve been left wanting

I had very high hopes for iMessage. With the release of iOS 5, one of the big new features was iMessage, the ability to do Blackberry messenger style messaging on an iOS device. I had really hoped that this would be something like wifisms or the DeskSMS app for Android. At the very least I was hoping for iChat integration with iMessage. This didn’t happen. Don’t get me wrong, iMessage is still really cool.

Jul. 26, 2011

OSX (10.7; Lion) DHCPv6 client working with pfsense server.

It looks like MacOS 10.7 (Lion) has fully functioning DHCPv6. It’s about time. Before: After: pfSense setup: Using Internet Systems Consortium DHCP Server 4.2.1-P1 as the server (on my pfSense box) I am able to get not only a privacy address (via stateless autoconfigure) but also a normal EUI-64 address as well as an IPv6 address via dhcpv6. I didn’t do anything except use the “Automatic” setting in the network control panel, so out of the box OSX 10.

Jun. 20, 2011

Better support for Linux (and annoyed about it)

I’ve been a *BSD user since around 1997, when I installed NetBSD on a Mac SE 30 that I got for free. I was always intrigued with alternative operating systems like BeOS, *BSD, Plan9 and Linux so it made sense that I’d poke around with different systems.I’d gone back and forth from OpenBSD to FreeBSD but eventually settled on FreeBSD as my OS of choice. I ran it as a desktop before MacOS X came out and was generally happy with it.

Dec. 23, 2010

A bit of IPv6 humor for the holidays

A quick screen grab from here[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Oct. 13, 2010

Android (Nexus One) or iPhone?

Cross posted from my personal blog since it’s a technical subject That is the million dollar question on many phone geeks minds. The iPhone is really a love it or hate it kind of device, much like Apple stuff in general. Android, on the other hand, is still new enough that some folks are still ignoring it. Well, I wanted to know which worked better for me, and so I set out to test them both.