Is your bad internet experience being caused by your ISP's underperforming DNS? Find out today

So you have finally signed up for that broadband and dedicated internet bandwidth that you ISP has been trying to sell you for the last one year and has been telling you all the nice things that dedicated bandwidth can do! you decided to bite the bullet and release that hard earned cash to experience that fast lane for internet, may be it started out so well on day one but the experience gets worse by the day and soon or later you can't even tell the difference between your old and new connection.

Well, there are other factors that affect internet speeds and trust me you can have a whole pipe of 100Mbps to yourself, but if your ISP's DNS (Domain Name Server) has issues, it will always have a direct impact to your internet experience. 

One of the major performance indicators (a.k.a KPIs) for DNS is the "DNS Response Time"; This is the time it takes (in milliseconds) for the DNS to resolve a requested domain (for example www.facebook.com) into it's corresponding IP (Internet Protocal) address (for example 157.240.7.35).

A slow, overloaded or unreliable DNS has a direct impact on customer's internet experience and noticeably slows down virtually all your internet use. Every ISP has their own DNS infrastructure that is closer to their end users (topology-wise), but this does not directly imply that it will be the fastest DNS in response time. There are many well known publicly available DNS alternatives, which by geo-location and topology-wise are far away from your access device but have better response times and today am going to show you how you can determine that and also optimize your connection.

"You can't optimize it until you can measure it"

Another important point is that your ISP DNS could be in the wrong order, with the secondary DNS performing faster than the primary DNS and this also matters because the requests will always be sent to the primary DNS first. so this article is for both the end user and you the ISP engineer. Am sure you don't want a customer to walk into your office and present to you a report of how publicly available DNS(s) are performing better than your DNS(s)! So you better measure it now and optimize it now.

DNS Benchmark is a freeware tool and you can download it HERE
This tool compares the performance of the ISP DNS with many well known publicly available alternatives. The tool then generates visual reports that compare your ISP DNS response time with other public DNS(s), these reports are easy to interpret and the DNS(s) are ranked according to response time. You don't need to be an expert or geek to use this tool, and you will find the "How tos?" on the download website.

See below a screen shot of the tool and sample report:

DNS Benchmark

DNS Benchmark Report

Based on the results and conclusions from the benchmark, you can determine if you should continue using the DNS(s) provided by your ISP (if they rank top) or if you should change to public DNS(s), that's if the public DNS(s) rank on top of your ISP DNS(s). And if the DNS settings for your connection can't be manually changed, you have the right to walk up to your ISP and challenge them, just make sure to save your benchmark reports.

Going forward, don't let a slow DNS ruin your internet experience. Have fun

Credits: Precision Freeware by Steve Gibson

How to configure port mirroring on juniper MX series routers?

Summary: 

How to configure port mirroring on juniper MX series routers?

Problem or Goal:

You are in a situation where you want to capture and analyse live traffic in/out of a juniper MX series router interface. The most common network analyzer tool is wireshark.

Cause:

There are so many scenarios why you might want to capture and analyze network traffic at protocol level, in many cases you would be troubleshooting an application or network problem.

Solution:

In this example, a laptop with a network analyzer tool (Wireshark) is connected to port ge-1/1/2 of the router.
The traffic of interest is in/out of interfaces ge-1/1/0 and ge-1/1/1, i.e. from the clients laptops towards the webserver, two-way. 

Port Mirroring on Juniper MX series routers

1. Configure the interface where you are going to connect the wireshark laptop

set interface ge-1/1/2 description to_wireshark_laptop 
set interface ge-1/1/2 unit 0 family inet address 192.168.0.1/30
set interfaces ge-1/1/2 unit 0 family inet address 192.168.0.1/30 arp 192.168.0.2 mac A0:1D:48:B3:A1:26

2. Create the filter for example this filter is called "wireshark_capture"

set firewall filter wireshark_capture term 1 from source-address 0.0.0.0/0
set firewall filter wireshark_capture  term 1 from destination-address 0.0.0.0/0
set firewall filter wireshark_capture term 1 then port-mirror
set firewall filter wireshark_capture term 1 then count output-pm
set firewall filter wireshark_capture term 1 then accept

set firewall filter wireshark_capture term allow-all-else then accept

3. Apply the filter to the interfaces carrying the traffic of interest

set interfaces ge-1/1/0  unit 0 family inet filter output wireshark_capture 
set interfaces ge-1/1/0  unit 0 family inet filter input wireshark_capture 
set interfaces ge-1/1/1  unit 0 family inet filter output wireshark_capture 
set interfaces ge-1/1/1  unit 0 family inet filter input wireshark_capture 

4. Configure the port mirror

set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring input run-length 1
set forwarding-options port-mirroring family inet output interface ge-1/1/2.0 next-hop 192.168.0.2
set forwarding-options port-mirroring family inet output no-filter-check

5. Commit the configuration

#commit check
#commit