Author Archives: sr71rocks

Dealing With Carriers — Good Experience with TWtelecom

So, if you’ve been following any of my recent experiences with an unnamed carrier, you know how difficult it can be dealing with them. (You can read those posts here…Part 1 and Part 2.) However, there are good carriers out there, and TWtelecom is one of them. Sure, no carrier is perfect, but I’ve been dealing with TWtelecom for over 6 months now and they are a pleasure to work with. I actually look forward to calling their Support Center, and that says a lot! Take today for an example…

I have three district offices that use TWtelecom for their WAN connectivity (via IPsec tunnels), and all three offices took a quick hit this morning for about 5 minutes. Let me tell you, when you start getting a bunch of text messages all showing various offices going down, it REALLY gets your attention! I grabbed my WAN document (you do have all your WAN circuits documented, right??), and quickly realized that all three locations had TWtelecom as their carrier. So that tells me it’s not a core router issue, and that no more sites should be going down.

BTW…what’s the next thing I did? No, not call TWtelecom. I walked over to the Help Desk area and let them know what happened and which sites were down, and to expect a bunch of calls.

And one more thing I realized…knowing TWtelecom, my sites should be coming back up rather quickly. An outage like this usually means an upstream device or circuit took a hit, and most times they will recover quickly (unless a backhoe was involved). As I was starting to call TWtelecom, the circuits all came back up. (Whew!)

I still called TWtelecom…they needed to know what happened, and I wanted to make sure it wasn’t the start of a recurring issue. And like always, it was wonderful chatting with them…their support personnel are very polite, know what they are talking about, and are quickly able to route tickets to the appropriate department. Within 15 minutes I received a call back confirming they saw the outage, and that it was due to a local LEC issue with one of their aggregate fiber circuits.  And now, about 3 hours later, things are still stable.

I wish all carriers were as pleasant to work with as TWtelecom. (And no, I was not paid to endorse TWtelecom. Unfortunately.)

A Great Day with My Motorcycle

Sometimes I love California, and sometimes I don’t. You’ve got crazy politics out here, earthquakes, fires, and a drought. All at the same time. But on days like today, I am reminded why living in CA is awesome…THE WEATHER!!

It’s in the low 90’s, clear blue skies, a light breeze…a perfect day to ride the bike to work. I’m not able to ride my bike to work often, as I have a fair amount of field work which requires equipment and tools. But today I could…and did! It was a great ride to work and out to lunch for a quick bite.

BMW K1200LT

My personal stress reducer

Remember…in the midst of a busy life (work, family, stress), take time to enjoy the day. See the beauty of God’s Creation…it is all around you!

Have a great weekend!!

IPv6 Adoption Rate via Google Metrics

Are you curious about the adoption of IPv6? How is the US doing compared to other parts of the world? Well, thanks to Google, you can keep tabs on IPv6. (Google really does know all and see all. Never forget that!) Check out their IPv6 adoption graph…very cool stuff! Also note the other tab showing Per-Country IPv6 adoption.

I’ve been following this graph for a long time…and the rate for IPv6 is increasing. I made a comment with some friends a while back that I would end up retiring before I actually had to configure a public facing IPv6 interface. I have a feeling that I will be proven wrong.

Security – Additional Shellshock Resource – Cisco

As a followup to my previous post concerning the BASH bug, known as Shellshock, Cisco has confirmed that a number of it’s products are vulnerable. You can read Cisco’s Security Bulletin for information that may end up affecting some of your network infrastructure.

As more vendors check their equipment, you will see additional bulletins posted. Stay on top of this…active exploits are already being seen out in the Internet.

Security – The BASH Bug Gives Us Shellshock

Oh dear…here we go again. And this one is a biggie! (If you only use Windows systems and servers, then you are probably not vulnerable to this. You can sit back and watch all us Linux/UNIX people squirm…which you don’t get to do very often!!)

A vulnerability has been found in the BASH shell, which runs on most Linux/UNIX systems. And when I say most, I mean LOTS of systems. Known as Shellshock, some believe this will end up being worse than Heartbleed. And that’s saying a lot. To stay up to date on this issue I would recommend several things…

Visit SANS Internet Storm Center at:  https://isc.sans.edu   They have a number of detailed articles concerning Shellshock and mitigation procedures.

I would also visit the main websites of whatever flavor Linux distro you are using, such as www.centos.org. They will also have updated information for mitigation and testing.

For an example, I use CentOS on several systems. Patching them was rather simple…just run “yum update bash”…

BASH update example on CentOS

BASH update example on CentOS

Note: Further testing has revealed that the initial patches have not completely solved the problem, although they have helped. Don’t just run this quick update and think you are done. Stay updated on this issue as noted above…network security is a constant vigil.

More Network Security Reading

Here are a couple of additional security resources to check out, and they are both very good. (Check out my first post on security resources if you missed it.)

US-CERT  –  This governmental organization does a good job of monitoring and alerting on critical vulnerabilities and associated fixes/patches. Go to their homepage and sign up for their alerts and tips.

Verizon Data Breach Investigation Report  –  This is an excellent source of information from around the world concerning the hacking community, methods of infiltration and what’s driving the hackers. This report comes out once a year and is well documented and detailed. You really can’t read it all in one sitting, so download a copy onto your tablet, and work your way through it bit by bit during your daily lunch. (Note: After reading this your first impulse will be to run to work and disconnect your company from the Internet. Effective, yes….but not very conducive to long term employment.)

Using the RELOAD Command to Prevent Lockouts

There are two types of Network Engineers…those that have locked themselves out of a router and those that will. I am in the former group. If you do this long enough, so will you. How to prevent this? You can use the RELOAD command to schedule a reload should you get locked out. I made use of this feature earlier today, just in case.

I had to reconfigure a router at our DR site (Disaster Recovery) due to some IP address changes, and this involved both re-configuring the VTI tunnel interface and the main access-list. (Oh, and the router is located out of state.) This is just ripe for accidentally locking yourself out of the router should you mistype an ACL entry or add an entry in the wrong order. Let’s look at the options for RELOAD…

reload1

Viewing the options for the RELOAD command

As you can see there are several options. My changes would only take about 5 minutes to input so I decided to configure a reload in 10 minutes…

Configuring the reload for 10 minutes out

Configuring the reload for 10 minutes out

To review the reload status, simply do a “show reload”…

SHOW RELOAD to view status

SHOW RELOAD to view status

I also added a reason for the reload, so if someone else logged into the router they would know the “who” and the “why” for the reload. They would see something like this…

RELOAD status for other users that might connect into the router

RELOAD status for other users that might connect into the router

Now you can proceed with the configuration changes…just don’t save the configuration, at least not yet. If you do get locked out, then wait just a bit. The router will reload and come back up with it’s original configuration, and you can connect right back in and try again. I have used this many times, and it has saved me on more than one occasion.

After you have successfully made your configuration changes without getting locked out, then you can cancel the reload…

Canceling the reload

Canceling the reload

Hope this helps!  (And don’t forget to save your changes!!)

Security in the Internet of Things – Get Educated

Security in all of it’s different flavors…network, server, PCs, mobile…is something that every Network Engineer needs to be aware of, study on, and implement in their networks. In this area, there is no truer statement than “If you are not part of the solution, then you are part of the problem”.  Whether you are a student working towards your IT degree or a seasoned IT veteran, security should be part of your daily experience. How to begin? Find some good blogs and websites that focus on security, and make it a daily read. You will be amazed at how much you will learn once you get this habit started. Here are several of my favorite sites…

krebsonsecurity.com  –  Excellent articles on hackers and how they think, plus tons of information on how they broke into various organizations. Most of what you hear reported on the news came from this website. This is a must read.

sans.org  –  The best IT security training around. Expensive, but worth every penny. Click on their “Resources” tab…lots of great information here. Visit their Internet Storm Center everyday. Plus check out their free whitepapers in their GIAC site and make sure to read their 20 Critical Controls. They also have a great semiweekly email newsletter (free!!) which you can sign up for here: https://www.sans.org/account/login

packetstormsecurity.com  –  Nothing but security here on every kind of platform, OS and application. It will make your head swim.

This is a good start, but there is much more to add….which I will as I have time.

On Second Thought…the iPhone 6 Dilemma

I’ve been playing with my iPhone 6 Plus replica for almost a day now, and I must say it is really big. (Read my iPhone 6 Plus post if you missed it.) I’m now second guessing on whether to get the 6 Plus or go with the smaller 6. Of course, to properly determine which phone would best suite my needs required the construction of an iPhone 6 replica…to scale of course…

Just like before...two layers of cardboard and a color printout from Apple's website

Just like before…two layers of cardboard and a color printout from Apple’s website

The plain 6 definitely sits in your hand more comfortably and feels more secure, and the thumb can easily reach any of the icons. Here is a side by side picture…

Side by side comparison of my cardboard replicas

Side by side comparison of my cardboard replicas

Still not sure yet…this will require a bit more time and testing. But it is fun!

You Know You’re a Geek If…

Yes, I’m a geek. If it has anything to do with technology then count me in. So for the last couple of days, the question in my mind has been:  iPhone 6 or iPhone 6 Plus

I would like the added size and features of the Plus, but I’m not so sure how the larger phone will fit in my pocket. What to do? Create a full size replica of course…

My iPhone 6 Plus (some cardboard and a color printout)

My iPhone 6 Plus…two layers of cardboard and a color printout from Apple’s website

Yep…that did the trick. It’s a touch large in my hand but still easy to navigate and it fits in my pocket just fine. I’m looking forward to the larger screen as I do a lot of reading and researching on my phone. (Thanks to my fellow co-worker as it was his initial idea that got us going on this.)