Thursday, March 3, 2016

Diffie and Hellman Receive Turing Award 2015

When we study IPSec, we know Mr. Diffie and Mr. Hellman invented a method in year 1976 that is the core of Internet Key Exchange (IKE) to create mutually shared secret. We also have to specify and configure DH Group Number in ISAKMP policy sets (crypto-map in Cisco IOS).

A.M. Turing Award Logo. Captured on ACM Official Website.

I am not going to dig in the details about the mathematics behind Diffie-Hellman method. I just want you to know Mr. Diffie and Mr. Hellman receive Turing Award 2015 together.

Tuesday, February 23, 2016

Increase iPhones’ battery life by removing unnecessary IPv6 multicast Router Advertisements

I came across a new RFC 7772: “Reducing Energy Consumption of Router Advertisements”. I want to share my learnings after reading this RFC.

Internet Engineering Task Force (IETF) Logo, captured on Wikipedia.

I intentionally mentioned “iPhone” at the subject to have your attention. Actually, the whole discussion applies to any mobile devices with limited battery capacity, such as smart phones and tablet computers.

It is quite obvious mobile devices will consume more power while awake than asleep. The question is how serious this problem is?

Wednesday, February 17, 2016

Update your Cisco ASA OS ASAP!

I just want to make sure you have known this news and updated your Cisco ASA OS already.

Cisco announced a "critical" vulnerability of Cisco ASA OS and released patched OS for them at the same time. Hackers could make use of this vulnerability to gain control of your Cisco ASA.
The first fixed version of ASA OS to fix this problem.
Screen captured on Cisco's web site.

Vulnerable Products

Cisco ASA Software is affected by this vulnerability if the system is configured to terminate IKEv1 or IKEv2 VPN connections.

This includes the following:
  • LAN-to-LAN IPsec VPN
  • Remote access VPN using the IPsec VPN client
  • Layer 2 Tunneling Protocol (L2TP)-over-IPsec VPN connections
  • IKEv2 AnyConnect
Cisco ASA Software can be downloaded from the Software Center on by visiting

The full details about this vulnerability and patched OS is on Cisco's official web site:
Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (CVE-2016-1287)

Wednesday, October 14, 2015

Cisco IOS OSPF Hidden Command: show ip ospf route

I saw this Cisco IOS hidden command show ip ospf route for OSPF in this post. I tried to create a running example for myself so I can learn more about this hidden command.

Monday, June 22, 2015

Checking system-wide uptime on several Cisco hardware platforms

We all know adding redundant supervisors/CPUs to any given system, we can increase the uptime for that system. With In-Service Software Upgrade (ISSU), Cisco hardware even allow us to upgrade the operating system software on-the-fly without stopping the whole system.

Flowers of Cassia fistula was blooming together in southern Taiwan starting from mid-May.
This photo was taken around this location in Baihe District of Tainan City, Taiwan.

An interesting question might be asked. Does Cisco hardware keep track of system uptime even upon supervisor/CPU failover events? And how to display the system uptime, in addition to individual supervisor/CPU uptime?

I spent some time and I summarize my findings in this post.

Popular Posts