Saturday, March 31, 2007

RFC 3330 instead of RFC 1918

Many people have implemented RFC 1918 to block private addresses. Actually there are other range of IP addresses that you need to block according to RFC 3330.

   Address Block             Present Use                       Reference
---------------------------------------------------------------------
0.0.0.0/8 "This" Network [RFC1700, page 4]
10.0.0.0/8 Private-Use Networks [RFC1918]
14.0.0.0/8 Public-Data Networks [RFC1700, page 181]
24.0.0.0/8 Cable Television Networks --
39.0.0.0/8 Reserved but subject
to allocation [RFC1797]
127.0.0.0/8 Loopback [RFC1700, page 5]
128.0.0.0/16 Reserved but subject
to allocation --
169.254.0.0/16 Link Local --
172.16.0.0/12 Private-Use Networks [RFC1918]
191.255.0.0/16 Reserved but subject
to allocation --
192.0.0.0/24 Reserved but subject
to allocation --
192.0.2.0/24 Test-Net
192.88.99.0/24 6to4 Relay Anycast [RFC3068]
192.168.0.0/16 Private-Use Networks [RFC1918]
198.18.0.0/15 Network Interconnect
Device Benchmark Testing [RFC2544]
223.255.255.0/24 Reserved but subject
to allocation --
224.0.0.0/4 Multicast [RFC3171]
240.0.0.0/4 Reserved for Future Use [RFC1700, page 4]


All incoming packets with source IP address of these address blocks facing to your internet gateway you need to filter it.

Friday, March 30, 2007

Algorhyme

I think that I shall never see
A graph more lovely than a tree.
A tree whose crucial property
Is loop-free connectivity.
A tree which must be sure to span
So packets can reach every LAN.
First the Root must be selected
By ID it is elected.
Least cost paths from Root are traced
In the tree these paths are placed.
A mesh is made by folks like me
Then bridges find a spanning tree.


By Radia Perlman (some people call her "Mother of Internet")

On my previous blog entry, I've put algorhyme before. But this is complete with her picture and also MP3 if you would like to her sing this poem. If you like to hear her voice, please go to http://podcasts.networkworld.com/misc/050506perlman.mp3

Kijang Innova 2005 ada masalah ?

Barusan terima telpon dari Auto2000, yang menginformasikan bahwa Kijang Innova yang dibeli tahun 2005 mempunyai masalah pada suspensi belakang. Dulu pernah tanya juga ke Auto2000 ketika ramai2 berita dari auto2000 tentang masalah di suspensi belakang apakah mobil saya masuk dalam keluaran yang bermasalah dan jawaban mereka untuk keluaran mei 2005 tidak ada masalah.
Mobil ini udah 3 kali ke Ponorogo (Jatim), dan beberapa kali ke Bandung. Alhamdulillah, beruntung tidak pernah terjadi apa-apa.

How Akamai Server works

For people working in ISP, Akamai is sound familiar. But a lot of people ask me how Akamai Server work ? Here we go:
  • Akamai's customer (bbc, cnn, microsoft, yahoo, etc) pay to Akamai
  • Akamai put servers to ISPs around the worlds for free
  • Akamai server software is squid that have been modified. So remember, Akamai server is working like cache engine. If Akamai server doesn't have the content, it will find the content to the nearest other akamai servers. But if it's found in its cache, it will deliver that content.
  • Normally content in Akamai servers are heavy contents like image, downloaded files.
  • When you go to www.yahoo.com, it won't go to akamai server for the html file. But inside of html file (images files) will point to the nearest location Akamai server of users/clients.
  • How Akamai can point to your nearest Akamai servers ? By DNS ! So your DNS configuration in PC/notebook will determine which akamai servers will be located for you. So use your ISP's DNS server instead other DNS.
  • Why DNS ? Akamai DNS server will check if the resolving DNS are from range IP address of ISP A, it will give Akamai servers that located in ISP A.

Wanted, IPv6 Killer Application

We've deployed IPv6 on our networks. Most of the access can use IPv6 as a network layer. But still, we lack of killer application in IPv6 that make people say "Wow, I need IPv6 installed in my network/computers". Some input to make people will curious to use IPv6 :
  • For ISP, give customers additional bandwidth if they are using IPv6
  • Put few website that only available on IPv6
  • For the merchant, give additional discount if the users are using IPv6

Your input please ?