Archive for the ‘Internet’ Category

The Helmet

March 14, 2010

“There are many things, that you can point to, and prove humans are not smart. But my personal favorite would have to be, that we had to invent the helmet. What was happening, apparently, is that we were involved in a lot of activities that were cracking our heads.

We chose not to avoid these activities but instead come up with some sort of device to help us to continue to enjoy, our head-cracking lifestyle. The Helmet !

Even that didn’t work, because enough people weren’t wearing them, so we had to come up with the helmet law, which is even stupider because the idea behind the helmet law is to preserve a brain, who’s judgment is so poor, that it doesn’t even try to stop the cracking of the head it’s in!”

– Jerry Seinfeld


Lahore’s live temprature.

January 2, 2010

So it just clicked my mind – not sure if its a good idea or not but I have a temp beacon working on my roof top, and I’m relaying the temperature updates over to twitter after every 30 mins from Lahore 🙂 ENJJOY it here :

Lahore Live Temprature

BGP Multihome and my fluic condition :|

October 5, 2008

So finally i made up my mind to finish up an old research i was working on – this to multihome with two ISP between two different locations.

I ended up waking around 4 AM in the morning due to my flu and then thought to use my time for this task.

As many people end up with questions and problem and dream to achieve it without any issues, i’m gonna post out the details .

Task Details:

Subnet : 2x.1x.2x.0/23 needs to be advertised via two ISP for redundancy between datacenters.


Upstream providers:

Global Crossings, Level 3

I’m assuming following steps has been followed already before configurations:

Step – 1 : would be to own and register a public ASN

Step – 2: would be to talk with both upstream providers and get appropriate filters updated so that you can advertise your IP block as you want on both providers. Some ISP’s dont allow to go under /24 – ideally in filters i would break a /23 like below:

  • 2x.1x.2x.0/23
  • 2x.1x.2×1.0/24
  • 2x.1x.2×2.0/24

This way you have two options,

  1. Redundancy by prepaending AS PATH
  2. Load-balancing by subneting and advertising more specifics

– Scenario:


Both routers needs to run IGP between, my personal prefference is EIGRP which is NOT COMPLEX and is MORE FLEXIBLE than running OSPF 🙂 (i beg to differ)

As both routers are not connected directly, but have IP routing internall, i have made up a GRE IP to IP Tunnel between both routers:

Philadelphia Router:

interface Tunnel9999
 ip address
 ip tcp adjust-mss 1436
 ip summary-address eigrp 1 250
 keepalive 10 3
 tunnel source 10.x.x.x
 tunnel destination 10.x.x.x

Pittsburgh Router:

interface Tunnel9999
 ip address
 ip tcp adjust-mss 1436
 ip summary-address eigrp 1 250
 keepalive 10 3
 tunnel source 10.x.x.x
 tunnel destination 10.x.x.x


EIGRP Configs:

Philadelphia Router:

router eigrp 1
 passive-interface default
 no passive-interface Tunnel9999
 no auto-summary
 eigrp router-id 10.x.x.x
 eigrp stub connected

Pittsburgh Router:

router eigrp 1
 passive-interface default
 no passive-interface Tunnel9999
 no auto-summary
 eigrp router-id 10.x.x.x
 eigrp stub connected

I’ll post out the BGP configs in another post as can’t any more. Current challenge i have to cover is the ICMP/TRACEROUTE requests which are being tagged by 192.168.192.x address when primary ISP is down and traffic is routed from Level3 over to Philadelphia by GRE Tunnel. Its a bit complex and requires a debugging. Good practice is to always make a very specific ACL and use it for debugging instead of open debugging as your router will immediately sieze it self in processing DEBUG messages and you would end up loosing connection.

Following is my output:

*Oct  5 01:39:43.526: IP: s=2x.2x.1x.1x (Tunnel9999), d=2x.1x.2x.1, len 28, rcvd 0
*Oct  5 01:39:43.526:     UDP src=49862, dst=33482
*Oct  5 01:39:43.526: IP: tableid=0, s= (local), d=2x.2x.1x.1x (Tunnel9999), routed via FIB
*Oct  5 01:39:43.526: IP: s= (local), d=2x.2x.1x.1x (Tunnel9999), len 56, sending
*Oct  5 01:39:43.526:     ICMP type=3, code=3
*Oct  5 01:39:46.522: IP: s=2x.2x.1x.1x (Tunnel9999), d=2x.1x.2x.1, len 28, rcvd 0
*Oct  5 01:39:46.522:     UDP src=49863, dst=33483
*Oct  5 01:39:46.522: IP: tableid=0, s= (local), d=2x.2x.1x.1x (Tunnel9999), routed via FIB
*Oct  5 01:39:46.522: IP: s= (local), d=2x.2x.1x.1x (Tunnel9999), len 56, sending
*Oct  5 01:39:46.522:     ICMP type=3, code=3
*Oct  5 01:39:49.522: IP: s=2x.2x.1x.1x (Tunnel9999), d=2x.1x.2x.1, len 28, rcvd 0
*Oct  5 01:39:49.522:     UDP src=49864, dst=33484
*Oct  5 01:39:49.522: IP: tableid=0, s= (local), d=2x.2x.1x.1x (Tunnel9999), routed via FIB
*Oct  5 01:39:49.522: IP: s= (local), d=2x.2x.1x.1x (Tunnel9999), len 56, sending
*Oct  5 01:39:49.522:     ICMP type=3, code=3

Travelling Plans & Narations ….

May 24, 2008

Damn … i’m again en-route to US. Somehow i wasn’t able to get a ticket from Lahore to Washington or NY …weired ; seems like summer holidays are making too many people flee from Posh Areas.

OK so here’s the story – I’m currently writing these words from Doha (well i planned that i have some time to kill before my flight and so i’ll update this blog)

i left from yesterday around 7 PM – reached Airport around 7:45 PM; flight to Karachi was scheduled at 9:30; After the Flight Drama (which i’ll tell below) – we took off around 10:45 and reached Karachi around 12 AM.  Again as usual (as discussed with Danish couple of hours ago) that Pakistani Airline flights are good for getting Gunah maaf; and it went exactly like that 😉 Bad Weather – some poor attitude people and the media fiasco ended up in my worst ever faced turbulance. It was quite quite horrible and plan was shaking like peas in a pot.

ok long story short – plan was stopped by CAA due to poor weather while we all were seated but after 1 hour – a guy (uncle actually) got angrey and started shouting to make the plan run and flight reached geo/ajj etc.. ect.. after couple of minutes CAA allowed for takeoff but when it reached up 😀 the guy who was shouting to bring it up was holding his seat together and he was cursed by everyone in plane that he is a stupid jerk ! going to get us all killed 😛

At karachi, i just gave my self some internet shock – worked on hacked insecure internet and took a flight around 6 AM to reach here around 8:30 AM PKST ….

would be leaving around 12 PM PKST towards Washington ; i guess i won’t be able to write off from DC as i have to catch a flight to Philadelphia and i’m gonna be dead tired till that – not sure if anyone else but i’m kind of a guy who doesn’t get much sleep while traveling.

will update later hopefully….some pictures are already uploaded on facebook , i’ll send more soon.


– shakeel


April 30, 2008
  1. You joined a Facebook “Support Group for Uber User Internet Addicts.” TRUE
  2. You’re surprised when people ask why your business card lists your email address as the same as your Facebook, LinkedIn, MSN IM, Plaxo Pulse, Gizmo Project and Yahoo IM IDs and even more upset if your boss will not let you list that fact on your business card. (submitted by Suzanne Bowen) TRUE
  3. Carpal Tunnel Syndrome is your best excuse for ending a conversation.
  4. You’re seriously considering a laptop to accompany the magazines by the commode. (submitted by Jody Carbone) I DO CARRY ONE 😛
  5. People call you by your screen name more then you real name. TRUE
  6. You extend your wireless coverage all the way to the community pool… well, just because you can do stuff like that and someone might want Internet access when they’re sitting at the pool. (submitted by Joel Barrett) – well i do extend my wireless range around my home but i’m mean about it 🙂
  7. Your best pick up line is… I Stumbled Upon your Twitter, Reddit and found it
  8. You have more networking gear in your home lab than the one at the office (submitted by Nathan Gregory) – Absolutely true – even more bandwidth then my previous office
  9. Carpal Tunnel Syndrome is your best excuse for ending a conversation.
  10. Humnn, You know you are a internet freak when you actually blog your review of an ongoing movie halfway through in a movie hall during the interval on your GPRS enabled cell phone. (Damn, I actually did it 😀 ) (submitted by Sreeraj S Arasa)  – i’ll do that exactly if i go to movie hall 😀
  11. he last social function you attended was a LAN Party  – haha – joined many parties like these
  12. You sit with your girlfriend in the living room, but instead of talking to each other you use messenger, Sametime, Skype to ask her for a cup of tea! (submitted by Isabell Otterbein) – well not girl friend but 2 of my brothers in same home and we talk on Gtalk 😛
  13. Your online gaming rig came with an integrated espresso maker.
  14. If you launch a blog for your baby before he or she is born, track its search engine ranking on a daily basis, and actually consider the possibility of ad revenues – then you might be an Internet addict. (submitted by Jeff Brainard)
  15. You can’t believe that “l8r, OMG, TTYL, and BFF” are not in Webster’s Dictionary. TRUE
  16. You talk to your kids and collect family information through Facebook. (submitted by Debbie Zioni)
  17. You haven’t watched TV on a TV since Al Gore invented the Internet. LMAO – exactly 😀
  18. You have pets named, “Avatar, “Linden,” and “Digg.” (submitted by Gabriel Garcia)
  19. You can’t laugh anymore, you only LOL! –  how true :D:D:D:D:D:D:D LOLZ
  20. Your Facebook page gets more traffic than a drive though window.

My recorded moves ! WAO !

March 22, 2008

So it’s been couple of days i have started tracking my moves around the city via my new GPS reciever – and today I traveled from my current home to a new home (very soon) – and its path on G-Map is amazing – its amazing how much distance i covered in 1 hour in a round trip 😀 here the pictures :


WAO !!


Back to Home !!


4.8 Billion & Their Slaps

February 15, 2008

O boy – i am fan of this man – he is a great great pessimist. Got sometime ready his columns at JANG

JNCIA-ER Certfication Cleared

December 3, 2007

so finally after a gap of three years i returned back to education and have finally cleared Juniper’s JNCIA-ER exam today. I hope to finish JNCIP-ER and CCIP both within next 4-6 week. Wish me all the luck 🙂

Security by Letterhead

October 30, 2007

i am not sure how many of you have faced this – but i face this very often and this article represents my true feelings.  

Security by Letterhead – by Bruce Schneier

“This otherwise amusing story has some serious lessons:

John: Yes, I’m calling to find out why request number 48931258 to transfer was rejected.ISP: Oh, it was rejected because the request wasn’t submitted on company letterhead.

John: Oh… sure… but… uh, just so we’re on the same page, can you define exactly what you mean by ‘company letterhead?’

ISP: Well, you know, it has the company’s logo, maybe a phone number and web site address… that sort of thing. I mean, your fax looks like it could’ve been typed by anyone!

John: So you know what my company letterhead looks like?

ISP: Ye… no. Not specifically. But, like, we’d know it if we saw it.

John: And what if we don’t have letterhead? What if we’re a startup? What if we’re redesigning our logo?

ISP: Well, you’d have to speak to customer–

John (clicking and typing): I could probably just pick out a semi-professional-looking MS Word template and paste my request in that and resubmit it, right?

ISP: Look, our policy–

John: Oh, it’s ok, I just sent the request back in on letterhead.

Ha ha. The idiot ISP guy doesn’t realize how easy it for anyone with a word processor and a laser printer to fake a letterhead. But what this story really shows is how hard it is for people to change their security intuition. Security-by-letterhead was fairly robust when printing was hard, and faking a letterhead was real work. Today it’s easy, but people — especially people who grew up under the older paradigm — don’t act as if it is. They would if they thought about it, but most of the time our security runs on intuition and not on explicit thought.

This kind of thing bites us all the time. Mother’s maiden name is no longer a good password. An impressive-looking storefront on the Internet is not the same as an impressive-looking storefront in the real world. The headers on an e-mail are not a good authenticator of its origin. It’s an effect of technology moving faster than our ability to develop a good intuition about that technology.

And, as technology changes ever increasingly faster, this will only get worse.”

PTCL and my thoughts

October 4, 2007

On a mailing list, i ended replying too long against PTCL and i thought to post it out – thats my personal views about PTCL/PIE:

 PTCL is a strange company i have ever seen providing worst services &
SLAs (with upstream providers) and still sayin they are redundant.
They are totally not redundant. Service levels are the poorest on IP
Cloud or IPLCs both. IPLCs on SMW3/SMW4 are always flapping (and i am
not talking about any specific city, i have seen it at multiple places
at the same time) and no one knows what the reason is – the blame game
goes on and on. IP Cloud is never upto SLA, destinations are always
having packet loss, delays and extra routing hops via hongkong/london
even if you have to reach a simple hop in New York. And for solving
routing issue, client itself have to originate a conference call, and
grab engineers from all service providers using its contacts and guess
what PTCL NOC staff cannot join the international conference call – as
they have 2min. auto-drop feature on all international phones in their

For Flag network, your E1s are always having problem and next day you
figure out there was problem in port at mux and this happens 5 times
in a month. For Verizone, your next hop latency have too much jitter
to make it worse for Real time data applications. And they take 2
months to figure out their Router in NY is having high CPU. For PIE
managed b/w, its just like a local cable wala system, sometime their
internal routers are having packet loss on higher MTUs and it took
client to make them understand what MTU is and why that problem is,
after changing router port, they tell the client no it there was no
problem with them, it was in Karachi or at client media.
Technically TW1 also doesn’t provide us any total redundancy. They
only provide redundancy till Gulf, from their onwards we are on the
same/shared fiber optics which Flag or Verizone are using. The actual
redundancy can only be formed if we have an active fiber link with
India (and its real important for our economy as well) and multiple
providers like TW1 and some other directly make contracts with other
Tiers via Hong Kong path.
May be i am expecting more from PTCL when i compare PTCL services to
my other providers i.e. Global crossing, level3, Verizone USA/UUNet,
Cogent – but point is we are paying for these services and from past
5+ years there haven’t been any significant improvement with PIE/PTCL
and they don’t accept it either.