String around my finger
A 'blog to remember things I found.
My Home Page
I work for
NIS
ITS
Monash University
Australia.
Index
- hardware 19
- linux 13
- media 24
- misc 21
- monash 18
- networks 33
- oss 1
- security 1
- software 17
- voip 37
- windows 3
Flavours
Links
These are a few of my favourite links.
Subscribe
Subscribe to a syndicated feed of my weblog,
brought to you by the wonders of RSS.
Click to call me
FWD# 61159
Wed, 27 Jul 2005
Or, how to block a few million spams per day without breaking a sweat.
Includes Sendmail Config, Blackmilter, Graymilter, Spfmilter, ClamAV, Procmail, and Bayesian filters.
The Hall of Shame lists DNS-RBL and AOL:
You can see their full list of AOL's email errors here: http://postmaster.info.aol.com/errors/. It makes amusing reading. I guess they think they are big enough that they can just define their own internet standards, and everyone else will adapt to them. Well, no thanks.Mon, 18 Jul 2005
Ross Khan (at Monash South Africa ) reports
ATS doesn't address the issue of the lack of redundancy of the PSUs within the various pieces of equipment in the rack. Cisco offers a solution for externally powering switches, using the PWR675(?) external power supply, which can power up to 6 Cisco switches.
When we did our new Core switch based on 2x Cisco 3750s, we acquired a PWR675 unit for each 3750 (using one powr port each) and then connected the switch's internal power supply to SupplyA and the external PWR675 input to SupplyB.
This works really well under normal conditions, however there are 2 drawbacks:
1. - When power is restored, the switch doesn't switch back to the internal supply
2. - When running on the external supply and with power restored to the switch's internal supply, the switch is prone to random reboots (this observed behaviour is documented in the manual).
In spite of these caveats, the presence of the PWR675 unit does improve the availability of the 3750 based cluster vs. the cluster running from only internal power supplies...
It has to be said that Cisco don't recommend that the PWR675 be used in this configuration - we'll have to revisit this in the not-too-distant future...
:-)
Cisco might recommend 1 PWR675 to backup a stack of 2 switches.
But I can'ty see why 1 PWR675 per switch dould be un-recommended. It gives power feed resilience, as well as power-supply resilience.
Fri, 15 Jul 2005EOS/EOS for Cisco 1000BASE-CWDM Line of CWDM Passive Devices
New products pass 1330nm ATM wavelengths; more 4-color OADMs that do Gray+Violet+Blue+Green (470-nm, 1490-nm, 1510-nm, and 1530nm), Yellow+Orange+Red+Brown (1550-nm, 1570-nm, 1590-nm, and 1610-nm); new 1330/1510 bidirectional splitter.
Updated 15 Jul 2005
Cisco WDM Series Passive Optical System Installation Note HTML PDF. Interesting pages are 1-8 (pictures and part numbers) and 25-26 (specifications).
Wed, 08 Jun 2005IPv6 MLD (Multicast Listener Daemon) snooping is the equivalent of IPv4 IGMP snooping.
Switches snoop this traffic so that they can tell which ports on a switch are interested in particular streams of multicast traffic.
I installed the new code on our GrangeNet LAN routers and switches.
I think it worked, but I think it's too hard to tell if the routers aren't running IPv6 multicast. Very frustrating!
Thu, 12 May 2005> What is the maximum number of characters that an email address can have?
Theoretically speaking, e-mail addresses can be very long.
From ftp://ftp.rfc-editor.org/in-notes/rfc2821.txt
The standard mailbox naming convention is defined to be
"local-part@domain" ...
local-part
The maximum total length of a user name or other local-part is 64
characters.
domain
The maximum total length of a domain name or number is 255
characters.
path
The maximum total length of a reverse-path or forward-path is 256
characters (including the punctuation and element separators).
So, the limit on the total length of an e-mail address is 256 characters, and the local-part before the "@" is limited to 64 characters.
In the Monash Name Router, the limits are
First Middle Last Group Mailbox
16 16 30 30 80
So a name-based e-mail address of up to
{16}.{16}.{30}@{30}.monash.edu.au
can be mapped to a
80-char mailbox name
In the future, MDS -based e-mail routing may provide longer limits.
Mon, 25 Apr 2005Say you want to send someone a large file. But the file is bigger than the (hard to pre-determine) limit for the e-mail systems involved.
Or if you want to tell lots people about a large file, and clogging up everyone's mailbox is the wrong way to do it since not everyone will really be interested in it?
A long, long time ago, on a network called ACSNET there was sendfile / fetchfile.
More recently, you would just tell someone to "put the file on a Web site somewhere" and send the recipients a link. But what if the sender doesn't have a Web site under their control?
Dropload Allows you to upload files up to 100 MB each. A file may only be downloaded once (e.g. by one recipient). Files are deleted after 7 days.
YouSendIt Doesn't require creation of an account first. Allows you to upload files up to 1000 MB (1GB). Allows a list of recipients, and a "limited" number of downloads. Files are deleted after 7 days. Recommended.
Streamload A "Freeloader" account will allow storage of up to 10 GB, download of files up to 10 MB totalling less than 100 MB per month. They do tend to SPAM you with suggestions to upgrade to a paying account! Other plans are available with unlimited storage, and up to 15 Terabyte per month download allowances. Streamload do have their own client to manage uploading and downloading There is a Perl module Net-Streamload and a sample program that does uploading.
Note that uploading large files from home over (asymmetrical) Cable or DSL links can tie up your Web browser for long periods.
Mon, 18 Apr 2005One of the problems we face at Monash it trying to provide resilient power to racks of equipment. We have several hundred racks with 1 to 10 devices in them. These devices have only one power cord, and one power supply each.
The Cisco Catalyst switches do have the option of a separate box providing power via a special connector (protecting against failure of the box's internal power supply rather than against external power feed failure). This however introduces different scaling and provisioning problems ...
One idea would be to supply each rack with two separate power feeds (resiliency through redundancy), and somehow get both power feeds to all devices.
One options is to use a ATS (Automatic Transfer Switch). From the APC website:
APCs Rack Automatic Transfer Switch (ATS), also known as the Redundant Switch, is a high availability switch that has two input power cords, one for each AC line, which provide redundant power to connected equipment. The Rack ATS is designed to supply power to the connected load from a primary AC source. If that primary source becomes unavailable for whatever reason, the Rack ATS will automatically begin sourcing power from the secondary source. The transfer time from one source to the other is seamless to the connected equipment. The Networked units have built-in network connectivity, which allows for remote management via Web, SNMP, or Telnet interfaces.
One problem with the APC products is that their 120V products can have e.g. six or eight outputs for supplying individual devices, but the 230V products have e.g. two or even one unusual output connector. This would then require power strip(s) to distribute power to the individual devices -- yet another box in the rack.
Another problem with the APC equipment is that it isn't cheap.
.
There are cheaper ATS's that are made for e.g. domestic mains/generator
switchover, but I expect that they don't provide seamless switchover.
A brief power glitch may cause a switch to reboot -- which may or may not be acceptable.
Another question is whether to provide a UPS in each rack, e.g. resilent power for VoIP phones connected to Power-over-Ethernet switches. A UPS could be connected to one mains feed, or to two feeds via a ATS (I hadn't seen any UPS's that had two input feeds). In the two mains case, a single output from a ATS could be all you need:
two mains == ATS -- UPS -- power board(s) ... switches
Or there could be a big UPS in the bottom of each building providing power to all racks in that building. This UPS could have dual power feeds via a ATS, or each rack could have a ATS to select between UPS and raw mains. ...
Thu, 31 Mar 20051. find current image name
# show boot BOOT variable = sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin,1
2. backup current image to card0:
# copy sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin disk0: ...
3. make space for new image
# format sup-bootflash: ...
4. download new image
# copy scp://130.194.11.103//var/tftp/s72033-pk9s-mz.122-18.SXD3.bin sup-bootflash: ...
5. fix boot variable
# sho run | i boot system boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin # conf t (config)# no boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin (config)# boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD3.bin # wri mem
6. check
# sho run | i boot system
boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD3.bin
# dir sup-bootflash:s72033-pk9s-mz.122-18.SXD3.bin
1 -rwx 34838464 Mar 31 2005 17:00:11 +10:00 s72033-pk9s-mz.122-18.SXD3.bin
7. reload
# reload ...Tue, 21 Dec 2004
http://www.aarnet.edu.au/engineering/networkdesign/mtu/
http://www.aarnet.edu.au/engineering/networkdesign/mtu/link.html
http://darkwing.uoregon.edu/~joe/jumbo-clean-gear.html
Some Cat6000 10/100 cards don't support jumbo frames.
Cat3750: "Configurable maximum transmission unit (MTU) of up to 9000 bytes, with a maximum Ethernet frame size of 9018 Bytes (Jumbo frames) for bridging on Gigabit Ethernet ports, and up to 1546 bytes for bridging and routing on Fast Ethernet ports."
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_data_sheet09186a0080161371.html
http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml
Mon, 13 Dec 2004I was scheduled to upgrade all the 3750 switches in the basin precinct. This is 58 switches, Doing the same thing manually 58 times over is a) too repetitive, and b) too likely to be done inconsistently.
So, I wrote some scripts onns0a and automated it a bit
# get list of all switches to upgrade netc -r 172.20.16 | grep -E 'fes|bds|tbs' > basin.3750.all # check current status before we change anything apply fping < basin.3750.all | tee basin.fping apply apply.show_ver < basin.3750.all | tee basin.ver.all apply apply.show_boot < basin.3750.all | tee basin.boot.all grep path-list basin.boot.all | grep -v 19 # load new software, and check apply apply.12.2.20 < basin.3750.all | tee basin.12.2.20 apply apply.show_ver < basin.3750.all | tee basin.ver.all.2 apply apply.show_boot < basin.3750.all | tee basin.boot.all.2 grep path-list basin.boot.all.2 | grep -v 20 # reload the fes's (remote edge of network) grep fes basin.3750.all | apply /usr/local/bin/ciscoreload apply apply.show_ver < basin.3750.all | tee basin.ver.all.3 # reload non-edge devices (fes's become unreachable again) grep -v fes basin.3750.all | apply /usr/local/bin/ciscoreload apply apply.show_ver < basin.3750.all | tee basin.ver.all.4 # check results using commands like grep "12.1(1" basin.ver.all.4 wc basin.ver.all* wc basin.boot.all*
These scripts are still a little bit rough, and you need to check their output carefully.
Thu, 14 Oct 2004New Links monash3-gw 3/1 to clay-gnet-gw 1/0/10 clay-monash3-gnet Vlan544 .28.176/30 monash3-gw 3/3 to clay-gnet-gw 1/0/11 GrangeNet EXTERNAL Vlan800 monash3-gw 3/15 to clay0-gw 3/15 monash3-core Vlan538 .28.152/30
Re-define Vlan544 Define Vlan538 Extend Vlan800 to monash3-gw
Shut down interface Vlan800 on old monash3-gw
Rename monash3-gw to vcp-gnet-gw swap loopback addresses of old/new-monash3-gw Add OSPF to new-monash3-gw, and check. Restart OSPF on vcp-gnet-gw on new address, and check.
Enable interface Vlan800 on new monash3-gw
Remove Multicast border config from vcp-gnet-gw Remove iBGP from vcp-gnet-gw Remove Vlan249
Remove iBGP from vcp-gnet-gw, caul-gnet-gw, clay-gnet-gw
Enable and check ip route-cache flow ip flow-export
Enable Multicast border config on monash3-gw
Fix [root@ns0a tftp]# grep 'spanning-tree mode' configs/cisco/*gnet*
Fix drc0-gw#sho vtp status
New iBGP peer-list pushacl.pl monash.ibgp.peer
Fix MRTG monitoring
Optional: Redisign eBGP for monash3-gw to be more-like eBGP for other monash*-gw's.
Tue, 12 Oct 2004Upgraded old clay3-sw to latest CatOS and c6msfc image.
Converted old clay2-gw to be monash3-gw and converted from HybridIOS to NativeIOS.
Wed, 06 Oct 2004http://www.hennessynet.com/waitfor/
This utility will wait until a url is available, until a port is being
listened to, until an amount of time has passed or until a shell command
succeeds. It's very useful when you want to coordinate the startup or
shutdown of services. Each item you wish to wait for is specified on the
command line as a series of URLs. The program will repeatedly test each
one until it 'succeeds' or until the maximum wait time is exceeded.
Configuring IP Multicast Routing
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca794.html
http://www.caida.org/tools/taxonomy/multicast.xml
http://www.caida.org/tools/taxonomy/mcsttaxonomy.xml#mhealth http://imj.ucsb.edu/mhealth/download-v1.0/
http://www.caida.org/tools/measurement/mantra/
pcm6cast 0.1l
Broadband dreams and multicast 'beams' by Vint Cerf
http://www.zdnet.com.au/news/communications/0,2000061791,39161201,00.htm
I have been involved with Multicast IP for many years, and have noticed several problems:
1) When a Multicast IP network has problems, they are harder to track down than unicast IP problems. The technology is more complex, and debugging tools aren't available.
2) Billing: It is hard to tell if a particular end-user has requested a particular multicast
Location Independent Networking
http://www.ja.net/development/network_access/lin.html
JANET Location Independent Networking (LIN) Trial Service. This is a
service where a guest user can authenticate from a visited organisation
back to their home organisation. The visited organisation trusts the home
organisation in its response to the authentication process so that if
successful, the visited organisation will grant the guest user network
access in accordance with its local site policy.
Uses a hierachy of proxy RADIUS servers - organisational / national / continent.
http://www.ja.net/development/network_access/JANET-LIN-Architecture-document-Final.pdf
Initially, wired, web-based redirection, 802.1X and Roamnode network access methods will be supported as part of the trial service.
Tue, 05 Oct 200412.2 Mainline
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/
12.2 S
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/
All IOS releases http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_cisco_ios_software_releases.html
Wed, 29 Sep 2004"Branding" is appropriate using Web sites. Faculties, departments, centres, projects, even individuals can all have their own Web site to promote their own brands.
E-mail addresses, like telephone numbers and postal addresses, are not suitable for branding. Do you have separate telephones on you desk for your different roles as Monash-staff-member, Buseco-staff-member, GSB-staff-member, Department-staff-member, Subject-lecturer, project-staff-member ? Do you run different e-mail programs to access e-mail for these different work roles? These different roles can/do all have their own web site, their own brand, but each individual doesn't require multiple telephones or e-mail accounts.
E-mail Groups, e.g First.Last@Group.monash.edu.au are used for- Faculties
- Divisions (of University Administration)
The Graduate School of Business appears to be contained within the Faculty of Business and Economics, and so it is appropriate that they use the First.Last@buseco.monash.edu.au e-mail addresses.
Tue, 21 Sep 2004https://secure.monash.edu/its/servicedesk/webservice/main.php