donatas abraitis

One more anecdotal Internet Protocol version

I don’t think it’s the best place to put anecdots, but I see there are even more interesting proposals over the earth.

Read More

Takeaways from SRECon17 Europe

As every last three years in a row, I attended SRECon in Europe. I can literally say this year was totally broken comparing with former conferences. I think it’s because I had much higher expectations from this conference. The first shot in 2014 was more than awesome, but year to year it’s getting worse. Almost all talks from Google were like a summary of every chapter in SRE book. We just skipped all the rest of the talks sourced by Google.

Read More

Lazy flowspec using large BGP communities

Almost every ISP responds unfortunately, they still cannot handle flowspec standard. It’s nearly 2018, almost every BGP-aware daemon software is able to send/receive flowspec. Those who don’t know what flowspec is:

Read More

sendfile() and TLS

Every skilled sysadmin knows about sendfile() syscall.

Read More

Running QuakeWorld under OSX

Already 15 years passed when I played QuakeWorld and I feel too much nostalgic remembering those days. QuakeWorld (aka. Quake1) was released in 1996. It celebrates 21 this year and I tried to go back to 2002-2008 (it was the time I played QW quite professional). I must say, that well-known players such like Milton, Locktar are still on the track.

Read More

Limit bandwidth by Openresty

Nginx has two cool features to limit bandwidth for responses:

Read More

Measure TCP metrics LD_PRELOAD-ish way

Why LD_PRELOAD?

Read More

::1/128 enlarge to not to enlarge?

IPv4 has by design 127.0.0.0/8 delegated for loopback usage. It means that you can use ~16M addresses to identify hosts inside your fleet. I’ve touched this usage in networking world, but who else really needs this behavior while we are living in 2017 (containers world)? To be honestly, I’m talking about ancient IPv4 protocol.

Read More

$Cisco high CPU usage with RPKI enabled validation

I don’t know how much of ISPs are now using RPKI based validation for BGP prefixes to avoid hijacking attacks, but a few years ago most of the ISPs still used old-school method (prefix/ACL lists) to filter “good” and “bad” prefixes from neighbors. I remember when I was working on ISP we dealt with this problem as well.

Read More

Overwhelmed security for scaredy-cats

Yesterday I read ip(7). While reading I found IP_TTL and remembered such a nice feature almost every vendor has for BGP security called BGP ttl-security check.

Read More