Hurricane Electric’s Looking Glass and Route Server Utility

Hurricane Electric is proud to offer a number of free services.  We provide a dual-stack DNS management tool with dynamic DNS support, an IPv6 certification program used worldwide in 101 countries, an IPv6 Tunnel Broker currently supporting 75,000 user-created tunnels, and a newly released interactive programming service which has already delivered nearly 500,000 exercises since its inception.

One other service that you may have seen mentioned is Hurricane Electric’s Network Looking Glass.  In general, the looking glass allows you to examine network behavior like connectivity, path, and routing information from various vantage points in Hurricane Electric’s (awesome) network.  Looking glasses are commonly used for verifying routing between providers.

There are two ways to access Hurricane Electric’s looking glass.  The first is to telnet to our public route server at route-server.he.net and the second option is to use the web interface available at lg.he.net.  Our web-based looking glass utility is a unique PHP/Perl blend which was created in-house in Fremont, California.

Upon visiting lg.he.net, you’ll find a list of some of our routers at core locations and commands that you can run to a specified destination.  The “ping” command displays roundtrip time between the selected Hurricane Electric node and the specified IP address.  “Traceroute,” on the other hand, shows all router hops encountered in the path between the specified router and IP address. Also available through lg.he.net is the BGP Route command and IPv4/IPv6 BGP summaries which display Border Gateway Protocol route propagation information.

What reasons are there for using Hurricane Electric’s looking glass?  Besides offering transparency in how we operate our backbone infrastructure, you can evaluate to some degree how our network stacks up to your current provider.  Feel free to check out how well-connected Hurricane Electric is and how you might benefit from buying transit with us or by peering (write to sales@he.net and peering@he.net for more info).

In truth, a looking glass is more for network operators and ‘Net geeks who love everything about “pushing bits.”  The ping command allows us to see that a device is up and capable of returning packets and traceroute can help diagnose network routing issues while following a packet to its destination.  The BGP commands are a bit of a different story.

Border Gateway Protocol is a routing protocol similar to RIP, EIGRP, OSPF, and IS-IS, but is instead an exterior gateway protocol used to connect all the different autonomous systems (AS) across the Internet.  This allows ISPs to connect to each other and end-users to connect to more than one ISP, something known as multi-homing.

BGP keeps a table of IP network prefixes which announce connectivity between those ASes; the protocol then makes decisions based on this reachability information and on path and network policies.  Using the BGP Route command shows matching routes with status details; the BGP Summary (IPv4 and IPv6) commands show a limited view of the BGP routing table used for a given route in Hurricane Electric’s network.

So the Hurricane Electric looking glass can be very useful. If you change routing announcements, it’s possible to check that your routing changes were correctly deployed and that the “world” is seeing your network the way you planned.  You can utilize looking glasses to verify that your routes are propagating correctly across the Internet and to see whether any are “flapping” (when a destination network is advertised via one route then another in quick succession).  If we’re one of your upstream providers, you can make sure that we’re seeing your announced prefixes.  Troubleshooting, like checking for consistency across networks or for a filter change that might be blocking your routes, is also possible on looking glasses.

Visit lg.he.net to try out the utility and all its functions for yourself.  If you have any questions (or you’ve decided to pull the trigger on buying transit), be sure to send us an email.

Helpful Hints for Colocation Clients

Careful Positioning of Equipment

Servers come in many lengths. You should place shorter machines on top of longer machines when possible so the mouse, keyboard and video connectors may be easily reached.

Boot Without Keyboard

Check your server’s BIOS to ensure checking for keyboard attached is disabled. This will keep the infamous message “Keyboard not found – Press F1 to continue” from popping up after a power cycle or reboot.

Practice Safe Scripting

The Problem:
When installed correctly, CGI scripts provide great functionality for web sites, enabling shopping cart programs, database access and dynamically generated displays of information. But incorrectly installed or outdated CGI scripts are an open invitation to hackers and are a common way web servers are compromised.

Rule One: Finish the installation. It’s tempting to ignore the last step in an installation script. You know the one. It’s where the user is told to change the permissions on this folder or that folder and to remove the install script. After all, your shopping cart program or image gallery is working and it’s much more fun to begin working with that instead of finishing those mundane cleanup tasks. But – this is often how hackers get in. Because the install script is still there and because the folders often remain writeable by anyone, script kiddies can find their way in.

Rule Two: Don’t put “Powered by” on your home page. Yes, it’s nice to give credit where credit is due, but that just makes it easier for the hackers who use search engines to look for web sites using CGI scripts with known vulnerabilities. If you insist on displaying the name of the software then keep the version number vague.

Rule Three: Keep your CGI scripts up-to-date. There is a reason developers release new versions of their scripts. Bugs are fixed, improvements are made and most importantly, security holes are patched. Running an out-of-date CGI script is an invitation to hackers to attack your web site. Be responsible and help Hurricane Electric keep your web site safe.

Backing Up is Hard to Do (but very important)

Grace Hopper once said that hardware has no importance. It is only the information stored on it that matters.

The information you have on your web site is what’s important, not the speed at which the server runs or the bandwidth of your Internet connection. To this end, it is incumbent upon everyone to ensure their files are backed up frequently.

Backing up the hidden elements of your web site
Modern web sites employ many techniques to create and deliver their content. Web sites are often driven by php and perl scripts, with much of their content stored in MySQL databases. Simply ‘capturing’ a set of web pages – viewing them in a browser and saving them as files – won’t back up these hidden elements.

If you are working with a web developer, be certain to ask them about what scripts that have been employed in the creation of your web site as well as how and where they are backed up. If your web site uses a database, ask your developer about the frequency with which it is backed up and where those backups are stored. Remember, the best place to store any backup is somewhere physically away from the web server itself.

If you don’t have a web developer or no longer work with whoever created your web site then you should find someone local and ask them to review your web site and its backup procedures and update them where needed.

Helpful Hints For HE Colocation Customers

Careful positioning of equipment in rack – Heat rises. That’s a fact we all know and understand, but it’s a fact that is often forgotten when servers are placed in a rack. Today’s servers pack a lot of hardware into ever-smaller enclosures and increasing care must be taken to ensure the airflow in the cabinet is adequate. We recommend using empty vertical space between pieces of equipment to maximize airflow, with equipment generating the most heat placed toward the bottom of the cabinet. Care should also be taken not to block the vent at the top of the cabinet, as that is the optimum path for the escape of warm air.

In our new colocation Suite 1200 we have implemented a hot and cold aisle arrangement. Cold air from the air conditioners is forced through one aisle while an updraft removes hot air on the next. You should position your equipment so that the intake fans are facing the cold aisle side and the exhaust fans the hot side.

Did You Know?
Our support staff can check the temperature in and around your cabinet for you.