I while ago I wrote two articles for SearchTelecom that deal with traffic management in Service Provider networks and Deep Packet Inspection (DPI). The first article analyses whether you need dedicated boxes doing the traffic management in your network; the second one whether you really need DPI to manage the traffic.

Just in case you haven't noticed it yet: Petr Lapukhov wrote a great (and very long) article describing MSTP. It covers everything, from the basics to multi-region design and interoperability issues. Highly recommended reading.

Shivlu left an interesting comment to my IPv6 is not ready for residential deployment post. He wrote: “Still no customer is ready for IPv6. How do I convince them?” The unfortunate answer to this problem is: you can't, but they'll only hurt themselves. If they persist long enough, they’ll become obsolete.

The migration issues are just one of the topics covered in the Enterprise IPv6 Deployment workshop. You can attend an online version of the workshop or we can organize a dedicated event for your team.

The web content providers have long realized that their customers have too many choices. Zvezdan Martič, one of the participants in the last year’s Slovenian IPv6 summit roundtable succinctly explained this phenomenon: “nobody cares whether my web site can be viewed in Internet Explorer or Firefox; if I don’t support the major browsers, the customers will find one of my competitors that does.”

Daniel Miessler described an interesting application of the Workstation-as-a-Service (now you know what WAAS stands for ;) cloud service (formerly known as virtual desktop): enterprise network will have to protect their workstations against browser-based attacks and the best approach is to virtualize the browsers and isolate them in a sandbox behind a firewall.

Virtualization, virtual desktops and other security-related cloud services are described in my Next-generation IP Services workshop.

Today I really wanted to write a deeply technical post (for example, Joe Cozzupoli sent me working configs for QPPB in Inter-AS MPLS VPN environment), but a gem from the SearchNetworking site caught my undistracted attention: they claim the licensing changes introduced in IOS release 15.0 target illicit use of Cisco IOS by Dynamips. The story quotes two of my blogger friends: Stretch and Greg (congratulations to both !!!). Each of them makes very valid points (I am wholeheartedly supporting Stretch’s plea for educational licenses), but somehow the story’s author managed to mix ingredients from their stories to come to a sensational (and totally wrong) conclusion (with a great headline).

When I’ve first heard about Passive Optical Networks, this blast from the past almost made my head explode. Imagine this: you’re replacing obsolete copper cabling with fiber and decide to create shared media access network similar to the widely hated cable networks.

The only benefit of PON networks that I can see is that it only needs passive equipment at the concentration point. My list of drawbacks is huge, ranging from security concerns to service evolution. What’s your opinion? Would you like to correct my bearing?

Jared Valentine found an interesting bug in the EEM’s SNMP event detector: if you’re triggering your EEM applet when the increment of an SNMP variable exceeds the threshold, you cannot re-arm the applet; the exit-type increment does not work. He fixed the problem with a somewhat more convoluted approach:

• The first EEM applet reads the SNMP variable, waits a second, does a second read and stores the difference in a counter.
• The second EEM applet is triggered based on the counter values.

I’m collecting tips like this one in the Embedded Event Manager (EEM) workshop. You can attend an online version of the workshop; we can also organize a dedicated event for your networking team.

Here’s the source code for the first applet (he had to execute CLI show commands to work around the CB-QoS MIB limitations).

More than a year ago, I wrote about the very slow update rate of the variables in the CB-QoS MIB. In August WB found a workaround (do a show policy-map interface before reading the counters) and now Jared has tested it and confirmed that it works. He’s configured a simple EEM applet that executes the show command once per second:

event manager applet UpdateMibTables 
event timer watchdog time 1 
action 1.0 cli command "enable" 
action 2.0 cli command "show policy-map int dialer0" 

With this fix, he can use the SNMP variables in other EEM applets to detect VoIP calls within 1-2 seconds.

Don’t forget: numerous EEM topics are described in the Embedded Event Manager (EEM) workshop. You can attend an online version of the workshop; we can also organize a dedicated event for your networking team.

It’s almost unbelievable: more than 10 years after the IPv6 specs have been completed, someone finally realized it would be a good idea to specify the minimum requirements for a decent IPv6 CPE router. While this document will not solve the lack of low-cost IPv6-ready CPE devices, it’s definitely a step in the right direction, more so as it clearly acknowledges the need for DHCPv6 (some people still believe SLAAC is the solution to every problem ever invented).

Here are a few highlights from the document:

A while ago I was pushed (actually it was a kind nudge) into another interesting technology area: optical networks, with emphasis on IP over DWDM. I realized almost immediately that I’d encountered another huge can of worms. A few issues you can stumble across when trying to plug routers or switches directly into DWDM networks are documented in my IP over dense wave division multiplexing (DWDM): Metro and core issues article recently published by SearchTelecom.com.

Greg Ferro has republished an older post in which he compares Cloud Computing with public transport (and notes that nothing has changed in more than a year since he wrote the original article). His analogy is more than fitting; a perfect example is Google’s new Google Docs offering, where Stephen Foskett did a nice cost analysis of the unsupported service as compared to supported one.

I’m describing aspects of cloud computing in its various incarnations in my Next-generation IP Services workshop. You can attend an online version of the workshop or we can organize a dedicated event for your team.

Translated into public transport terms: if you want to fly cheap, choose Ryan Air (in Google’s case, you pay 25 cents per gigabyte per year); if you want reasonable support and flexibility, use Lufthansa ($3.50 per gigabyte per year for Google Apps Premier Edition customers or 14 times more than the unsupported capacity).

If you’re unhappy with my choice of airlines, insert your own selection in the above paragraph ;)

When the current variant of IPv6 was selected 15 years ago, seamless integration with IPv4 was a big deal, resulting in NAT-PT architecture. NAT-PT tried to solve too many problems and (as I pointed out in my IPv6 Deployment workshop), while the 6to4 NAT is manageable, the 4to6 NAT is horrific (NAT64 and DNS64 are more reasonable; more about them in an upcoming post).

NAT between IPv4 and IPv6 hosts is just one of the topics covered in the Enterprise IPv6 Deployment workshop. You can attend an online version of the workshop or we can organize a dedicated event for your team.

To make matters worse, the NAT-PT implemented in Cisco IOS is totally broken due to removal of fast switching support in IOS release 12.4(20)T and numerous other releases. As I wrote a year and a half ago, removing fast switching will bite us eventually … and so it does when you try to use NAT-PT.

A few hours after I’ve published my review of the “Cisco routers for the desperate” book someone posted a link to a digital (pirated) copy of the book to my Facebook page, no doubt feeling like a hero fighting for the freedom of information (or some similar nonsense).

I didn’t even try to download the book to see whether it was a leaked copy from the publisher (in which case someone has some serious problems) or a scanned PDF.

Bad designer sent me an interesting comment: 2G and 3G networks have huge latency issues. GPRS is intolerable, UMTS is awful and HSPDA is reasonable but still not what one would hope for.

The latency does not seem to be associated with serialization delay. UMTS gives you reasonable transfer rates and significant latency and GPRS gives you an order of magnitude higher latency than ISDN with comparable transfer rate. If anyone knows enough about the mobile technologies to explain this phenomenon (or at least give me useful pointers) I’d really appreciate your comments.

My friend Stretch alerted me to an article published by BBC News, which reports that “an EU cyber security expert” told “a House of Lords committee” (wow, that’s the perfect body to deal with Internet issues) that the proposal submitted by Chinese to an ITU-T study group required “modifications to BGP” which would “threaten the stability of the entire Internet.”

Regardless of whatever the original proposal has been, the information has been distorted, twisted, adapted, abstracted, and misunderstood so many times before being published that it’s impossible to figure out what exactly has been going on. The account of an eyewitness (sitting in the Kampala talks in September) doesn’t tell much more.