Andree Toonk's Avatar

Andree Toonk

@atoonk

I like Internet infrastructure engineering πŸ‡³πŸ‡± in VancouverπŸ‡¨πŸ‡¦ https://toonk.io/

235
Followers 223
Following 24
Posts 10.11.2024
Joined
Posts Following

Latest posts by Andree Toonk @atoonk

Awesome growing list of network automation enthusiasts

go.bsky.app/N9nHqzg

24.11.2024 17:13 πŸ‘ 24 πŸ” 3 πŸ’¬ 2 πŸ“Œ 0
Post image

6am, Rise and shine! Nothing like starting the day by making sure the Border0 packet parser handles fragmented IP packets correctly πŸ€“ #NetworkingGeek

27.11.2024 14:12 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

I'm heading to AWS re:Invent next week! πŸš€
If you're attending, swing by our Booth 1768 to meet the Border0 team (and me!) in person. We're showcasing the World’s First Application-Aware VPN! Stop by for a demo, a chat, or just to say hello! πŸ‘‹
πŸ“ Find us at Booth 1768 #Reinvent2024

26.11.2024 15:49 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
'All your problems melt away': Vancouverite delights in close encounter with orca family in False Creek | CBC News Family of orcas got up close to small ferries Sunday afternoon.

www.cbc.ca/news/canada/...

26.11.2024 06:39 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
β€˜One in a million’: Pod of orcas glide through Vancouver’s False Creek
β€˜One in a million’: Pod of orcas glide through Vancouver’s False Creek YouTube video by Castanet News

Wow, just wow! These Orcas came to visit right in front of our place. A mother Orca and her three "little" ones. They're so majestic! 😍 #Vancouver www.youtube.com/watch?v=NYBX...

26.11.2024 06:38 πŸ‘ 7 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
a man in a suit and tie talking on a cell phone with the words big mistake written below him ALT: a man in a suit and tie talking on a cell phone with the words big mistake written below him

Was talking about exactly this yesterday with someone, a common response after an outage:
β€œBe mindful of the knee-jerk management response: β€œWe need more change management process!” Unless you’re a real YOLO shop, this is rarely the answer.”

toonk.io/navigating-i...

19.11.2024 15:09 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

this was posted in the equinix metal community slack a few days ago

17.11.2024 19:28 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Ooh man, bummed to hear Equinix Metal is shutting down. I loved the original Packet service and later the Equinix version. Ran many of my network perf testings and BGP anycast pet projects on their amazing infra. End of an era. πŸ˜”

17.11.2024 00:17 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
A simple Go TCP server demonstrating how to use libwrap with /etc/hosts.allow and /etc/hosts.deny for access control. The server listens on port 12344 and filters client connections based on TCP Wrapp... A simple Go TCP server demonstrating how to use libwrap with /etc/hosts.allow and /etc/hosts.deny for access control. The server listens on port 12344 and filters client connections based on TCP Wr...


To be clear, there's no issue here, this was just me being curious πŸ€“ Either way, that was my geeky early Saturday morning: a mix of coffee, FreeBSD, Go, and curiosity.
Anyone still use hosts.allow style filtering?
Example code for the curious: gist.github.com/atoonk/8863c...

16.11.2024 20:50 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I'm sure there's a good reason though. My guess? Likely performance related. Avoid using pf to squeeze more performance out of these boxes and make them more resilient against attacks.

16.11.2024 20:50 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Now, I have no idea if Netflix uses this method it could be in-app (bgpd/sshd) filtering, or some other proxy thing(even nginx) filtering TCP entirely. What’s intriguing to me is the choice not to use the kernel firewall (pf) for this kind of traffic filtering as that would be the "obvious" choice.

16.11.2024 20:50 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

To make it interesting, I wrote a simple Go program that integrates with libwrap, the library enabling /etc/hosts.allow functionality. Sure enough, when adding a deny statement, I replicated the same behavior: TCP session established, followed by an immediate disconnect.

16.11.2024 20:50 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

It’s been about 20 years since I last used that feature, but I woke up early this morning, made some coffee, and decided to revisit it, poke around πŸ€“ . I spun up a FreeBSD box on Vultr (Netflix famously uses FreeBSD for their caching servers) and started experimenting with /etc/hosts.allow.

16.11.2024 20:50 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

It got me wondering: Is this filtering happening in the applications themselves (e.g., sshd or bgpd) or somewhere else? Or perhaps a blast from the past... could this be the classic /etc/hosts.allow and /etc/hosts.deny at play?

16.11.2024 20:50 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Running an nmap scan, I noticed something interesting: ports 22 (SSH) and 179 (BGP) appeared to be wide open. This surprised me. we all know best practices dictate that sensitive services like these should only be accessible from trusted sources, not the wide open internet?!

16.11.2024 20:50 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

Yesterday, while Netflix was grappling with the live streams covering Iron Mike, I got curious and decided to poke around a bit, specifically checking where my caching server was located.

16.11.2024 20:50 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

According to @kentik.bsky.social's OTT Service Tracking, Netflix traffic volume is currently up almost 3x normal. #TysonPaul

Are you experiencing any buffering?

www.kentik.com/product/subs...

16.11.2024 03:56 πŸ‘ 8 πŸ” 6 πŸ’¬ 4 πŸ“Œ 0

Hhm interesting
Project for later πŸ€“ thanks πŸ™

11.11.2024 03:58 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a man in a suit and tie is sitting at a desk and says right ALT: a man in a suit and tie is sitting at a desk and says right
11.11.2024 03:02 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a man in a suit and tie is running down a sidewalk and says `` let me in '' . ALT: a man in a suit and tie is running down a sidewalk and says `` let me in '' .

It feels friendly :) great first impression
And yah reminds me of early twitter days πŸ˜€

11.11.2024 01:21 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
a bald man in a suit and tie is smiling while sitting in front of a window . ALT: a bald man in a suit and tie is smiling while sitting in front of a window .
11.11.2024 00:25 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a white cat wearing a pink knitted hat with ears ALT: a white cat wearing a pink knitted hat with ears
11.11.2024 00:19 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a man in a green sweater is standing in front of a pioneer video player ALT: a man in a green sweater is standing in front of a pioneer video player

Yes πŸ‘‹

10.11.2024 23:49 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a black seal is sitting on a white board in front of a body of water ALT: a black seal is sitting on a white board in front of a body of water

hi!

10.11.2024 22:38 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a cartoon character is raising his arms in the air and shouting . ALT: a cartoon character is raising his arms in the air and shouting .
10.11.2024 22:38 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a brown bear is standing behind a fence waving its paw and saying hello . ALT: a brown bear is standing behind a fence waving its paw and saying hello .

Twitter is depressing ;) giving bsky a try. Let's see.
here it is, my first post :)

10.11.2024 22:18 πŸ‘ 51 πŸ” 2 πŸ’¬ 9 πŸ“Œ 1