Securing the Wedge 100BF BMC

Fri, Apr 23, 2021 - 396 Words - 2 minutes

The BMC of the Edgecore Wedge 100BF has a default password. You can change it with passwd(1), but after a reboot it returns to the default password because the root filesystem of the BMC runs in memory. This article describes how you can change the default passwords such that they survive a reboot or power cycle.


Libre Domain-Specific Architectures

Thu, Dec 17, 2020 - 1378 Words - 7 minutes

Every couple of years I run across a presentation that impacts my way of thinking about (network) technology.


Van XS4ALL Naar Freedom

Sun, Jun 14, 2020 - 817 Words - 4 minutes

Verslag van mijn overgang van XS4ALL naar


Turris Omnia and XS4ALL VDSL

Sun, Mar 15, 2020 - 384 Words - 2 minutes

I am using an OpenWRT based [Turris Omnia]( router with my ISP XS4ALL. Until recently, I used a simple VLAN setup, but that is not supported anymore. So I have moved to a routed setup.


Intel/Barefoot Network Asic with Optical I/O

Wed, Mar 11, 2020 - 455 Words - 3 minutes

On 5 March Intel announced that is successfully integrated its 1.6 Tbps silicon photonics engine with a 12.8 Tbps Barefoot Tofino 2 ASIC. This switch uses optical fiber to the front panel ports instead of the usual copper tracks on the PCB (Printed Circuit Board) to QSFP28 front panel cages.


IPv6 Segment Routing

Mon, Jan 13, 2020 - 1762 Words - 9 minutes

Segment routing is a form of source routing in which a node that originates a packet (the headend node), adds an ordered list of segments (or instructions) to that packet. Such an ordered list is called a segment routing (SR) policy. These segments tell the routers along the path how that packet should be forwarded. Only the headend node to a segment routing domain maintains per flow state. There is no per flow state inside the network.


The End of Moore's Law

Tue, Mar 19, 2019 - 945 Words - 5 minutes

For about half a century we have been living in a world where the speed of computers grew at an exponential rate. This is known as Moore's law, which is actually an observation of Gordon Moore that the number of transistors in an integrated circuit doubled approximately every two years. But today, that rate has almost levelled off. And Moore's law is not the only exponential that has come to its end. The same is true for Dennard scaling. In networking we are also hitting limits. We have reached the Shannon limit in optical communication. And in network ASIC design we reached the limit of serial bandwidth I/O. The next sections explore the current challenges and the final sections describe R&D that is exploring ways to overcome these challenges.


Cuckoo Hashing

Mon, Mar 11, 2019 - 1372 Words - 7 minutes

Hash tables play an important role in routers and switches because lookups need to done in constant time. Minimal size packets (64 bytes on Ethernet) on a 100 Gb/s link arrive at a rate of once every 6.7 ns. All packet handling (lookup, rewrite of next hop, updating CRC, etc.) must be done within that time. Hash tables satisfy that requirement and they are typically used for exact match lookups, such as the MAC addressing forwarding table or host IP route lookups.


Network Programming with XDP and BPF

Mon, Mar 11, 2019 - 523 Words - 3 minutes

The BPF framework can be used to load programs into the Linux kernel at runtime. It can be used for both tracing and for network programming. The BPF code runs in a virtual machine inside the kernel. BPF has a small (around 100 opcodes) RISC-like 64-bit Instruction Set Architecture (ISA). It uses 11 64-bit registers and a 512-byte stack. BPF programs can be written in various languages (C, Go, Rust, etc.) and compiled with clang/LLVM to BPF bytecode.


Playing with the OCP Open Optical Monitoring

Mon, Apr 23, 2018 - 653 Words - 4 minutes

I had a first look at the Open Optical Monitoring (OOM) project of the Open Compute Project. OOM is a kernel driver that accesses the I2C management interface of SFP and QSFP modules. It can retrieve inventory data like model, serial number, manufacturor, optical power levels, etc.


BIND and apparmor

Fri, Apr 13, 2018 - 153 Words - 1 minutes

I run DNS for my own domain ( and it also supports DNSSEC. DNSSEC suddenly stopt working and it turned out that a change in Ubuntu 18.04 apparmor(7) was the reason.