John Mann's Weblog (on sng)
 

String around my finger
A 'blog to remember things I found.
Tie a string around your finger
My Home Page
I work for NIS ITS Monash University Australia.

Index

Flavours

  • index
  • circa 1993
  • RSS
  • Links
    These are a few of my favourite links.

  • Home Page
  • Live weblog
  • Static weblog
  • raelity bytes ;-)
  • Slashdot
  • Subscribe
    Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.


    blosxom

    GeoURL

    IP Geotargeting
    Visit eBay

    Click to call me FWD# 61159

       
    Wed, 27 Jul 2005

    Mail Filtering

    Or, how to block a few million spams per day without breaking a sweat.

    Includes Sendmail Config, Blackmilter, Graymilter, Spfmilter, ClamAV, Procmail, and Bayesian filters.

    The Hall of Shame lists DNS-RBL and AOL:

    You can see their full list of AOL's email errors here: http://postmaster.info.aol.com/errors/. It makes amusing reading. I guess they think they are big enough that they can just define their own internet standards, and everyone else will adapt to them. Well, no thanks.

    [ /monash | # ]

    Mon, 18 Jul 2005

    Cisco pwr675

    Ross Khan (at Monash South Africa ) reports

    ATS doesn't address the issue of the lack of redundancy of the PSUs within the various pieces of equipment in the rack. Cisco offers a solution for externally powering switches, using the PWR675(?) external power supply, which can power up to 6 Cisco switches.
    When we did our new Core switch based on 2x Cisco 3750s, we acquired a PWR675 unit for each 3750 (using one powr port each) and then connected the switch's internal power supply to SupplyA and the external PWR675 input to SupplyB.
    This works really well under normal conditions, however there are 2 drawbacks:
    1. - When power is restored, the switch doesn't switch back to the internal supply
    2. - When running on the external supply and with power restored to the switch's internal supply, the switch is prone to random reboots (this observed behaviour is documented in the manual).
    In spite of these caveats, the presence of the PWR675 unit does improve the availability of the 3750 based cluster vs. the cluster running from only internal power supplies...
    It has to be said that Cisco don't recommend that the PWR675 be used in this configuration - we'll have to revisit this in the not-too-distant future...
    :-)

    Cisco might recommend 1 PWR675 to backup a stack of 2 switches.

    But I can'ty see why 1 PWR675 per switch dould be un-recommended. It gives power feed resilience, as well as power-supply resilience.

    [ /monash | # ]

    Fri, 15 Jul 2005

    CWDM EOL

    EOS/EOS for Cisco 1000BASE-CWDM Line of CWDM Passive Devices

    New products pass 1330nm ATM wavelengths; more 4-color OADMs that do Gray+Violet+Blue+Green (470-nm, 1490-nm, 1510-nm, and 1530nm), Yellow+Orange+Red+Brown (1550-nm, 1570-nm, 1590-nm, and 1610-nm); new 1330/1510 bidirectional splitter.

    Updated 15 Jul 2005

    Cisco WDM Series Passive Optical System Installation Note HTML PDF. Interesting pages are 1-8 (pictures and part numbers) and 25-26 (specifications).

    [ /monash | # ]

    Wed, 08 Jun 2005

    Catalyst 3750 IPv6 MLD

    IPv6 MLD (Multicast Listener Daemon) snooping is the equivalent of IPv4 IGMP snooping.

    Switches snoop this traffic so that they can tell which ports on a switch are interested in particular streams of multicast traffic.

    I installed the new code on our GrangeNet LAN routers and switches.

    I think it worked, but I think it's too hard to tell if the routers aren't running IPv6 multicast. Very frustrating!

    [ /monash | # ]

    Thu, 12 May 2005

    E-mail Address Length

    > What is the maximum number of characters that an email address can have?

    Theoretically speaking, e-mail addresses can be very long.

    From ftp://ftp.rfc-editor.org/in-notes/rfc2821.txt

       The standard mailbox naming convention is defined to be
       "local-part@domain" ...
     
       local-part
          The maximum total length of a user name or other local-part is 64
          characters.
     
       domain
          The maximum total length of a domain name or number is 255
          characters.
     
       path
          The maximum total length of a reverse-path or forward-path is 256
          characters (including the punctuation and element separators).

    So, the limit on the total length of an e-mail address is 256 characters, and the local-part before the "@" is limited to 64 characters.

    In the Monash Name Router, the limits are

       First   Middle  Last    Group   Mailbox
        16      16      30      30      80

    So a name-based e-mail address of up to

    {16}.{16}.{30}@{30}.monash.edu.au

    can be mapped to a

    80-char mailbox name

    In the future, MDS -based e-mail routing may provide longer limits.

    [ /monash | # ]

    Mon, 25 Apr 2005

    Dropbox

    Say you want to send someone a large file. But the file is bigger than the (hard to pre-determine) limit for the e-mail systems involved.

    Or if you want to tell lots people about a large file, and clogging up everyone's mailbox is the wrong way to do it since not everyone will really be interested in it?

    A long, long time ago, on a network called ACSNET there was sendfile / fetchfile.

    More recently, you would just tell someone to "put the file on a Web site somewhere" and send the recipients a link. But what if the sender doesn't have a Web site under their control?

    Dropload
    Allows you to upload files up to 100 MB each. A file may only be downloaded once (e.g. by one recipient). Files are deleted after 7 days.

    YouSendIt
    Doesn't require creation of an account first. Allows you to upload files up to 1000 MB (1GB). Allows a list of recipients, and a "limited" number of downloads. Files are deleted after 7 days. Recommended.

    Streamload
    A "Freeloader" account will allow storage of up to 10 GB, download of files up to 10 MB totalling less than 100 MB per month. They do tend to SPAM you with suggestions to upgrade to a paying account! Other plans are available with unlimited storage, and up to 15 Terabyte per month download allowances. Streamload do have their own client to manage uploading and downloading There is a Perl module Net-Streamload and a sample program that does uploading.

    Note that uploading large files from home over (asymmetrical) Cable or DSL links can tie up your Web browser for long periods.

    [ /monash | # ]

    Mon, 18 Apr 2005

    Rack Power

    One of the problems we face at Monash it trying to provide resilient power to racks of equipment. We have several hundred racks with 1 to 10 devices in them. These devices have only one power cord, and one power supply each.

    The Cisco Catalyst switches do have the option of a separate box providing power via a special connector (protecting against failure of the box's internal power supply rather than against external power feed failure). This however introduces different scaling and provisioning problems ...

    One idea would be to supply each rack with two separate power feeds (resiliency through redundancy), and somehow get both power feeds to all devices.

    One options is to use a ATS (Automatic Transfer Switch). From the APC website:

    APCs Rack Automatic Transfer Switch (ATS), also known as the Redundant Switch, is a high availability switch that has two input power cords, one for each AC line, which provide redundant power to connected equipment. The Rack ATS is designed to supply power to the connected load from a primary AC source. If that primary source becomes unavailable for whatever reason, the Rack ATS will automatically begin sourcing power from the secondary source. The transfer time from one source to the other is seamless to the connected equipment. The Networked units have built-in network connectivity, which allows for remote management via Web, SNMP, or Telnet interfaces.

    One problem with the APC products is that their 120V products can have e.g. six or eight outputs for supplying individual devices, but the 230V products have e.g. two or even one unusual output connector. This would then require power strip(s) to distribute power to the individual devices -- yet another box in the rack.

    Another problem with the APC equipment is that it isn't cheap. . There are cheaper ATS's that are made for e.g. domestic mains/generator switchover, but I expect that they don't provide seamless switchover. A brief power glitch may cause a switch to reboot -- which may or may not be acceptable.

    Another question is whether to provide a UPS in each rack, e.g. resilent power for VoIP phones connected to Power-over-Ethernet switches. A UPS could be connected to one mains feed, or to two feeds via a ATS (I hadn't seen any UPS's that had two input feeds). In the two mains case, a single output from a ATS could be all you need:

    two mains == ATS -- UPS -- power board(s) ... switches

    Or there could be a big UPS in the bottom of each building providing power to all racks in that building. This UPS could have dual power feeds via a ATS, or each rack could have a ATS to select between UPS and raw mains. ...

    [ /monash | # ]

    Thu, 31 Mar 2005

    6500 upgrade

    1. find current image name

    # show boot
    BOOT variable = sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin,1

    2. backup current image to card0:

    # copy sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin disk0:
    ...

    3. make space for new image

    # format sup-bootflash:
    ...

    4. download new image

    # copy scp://130.194.11.103//var/tftp/s72033-pk9s-mz.122-18.SXD3.bin sup-bootflash:
    ...

    5. fix boot variable

    # sho run | i boot system
    boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin
    # conf t
    (config)# no boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD.bin
    (config)# boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD3.bin
    # wri mem

    6. check

    # sho run | i boot system
    boot system flash sup-bootflash:s72033-pk9s-mz.122-18.SXD3.bin
    # dir sup-bootflash:s72033-pk9s-mz.122-18.SXD3.bin
        1  -rwx    34838464  Mar 31 2005 17:00:11 +10:00 s72033-pk9s-mz.122-18.SXD3.bin

    7. reload

    # reload
    ...

    [ /monash | # ]

    Tue, 21 Dec 2004

    Jumbo Frames

    http://www.aarnet.edu.au/engineering/networkdesign/mtu/

    http://www.aarnet.edu.au/engineering/networkdesign/mtu/link.html

    http://darkwing.uoregon.edu/~joe/jumbo-clean-gear.html

    Some Cat6000 10/100 cards don't support jumbo frames.

    Cat3750: "Configurable maximum transmission unit (MTU) of up to 9000 bytes, with a maximum Ethernet frame size of 9018 Bytes (Jumbo frames) for bridging on Gigabit Ethernet ports, and up to 1546 bytes for bridging and routing on Fast Ethernet ports."

    http://www.cisco.com/en/US/products/hw/switches/ps5023/products_data_sheet09186a0080161371.html

    http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml

    [ /monash | # ]

    Mon, 13 Dec 2004

    3750 Upgrade

    I was scheduled to upgrade all the 3750 switches in the basin precinct. This is 58 switches, Doing the same thing manually 58 times over is a) too repetitive, and b) too likely to be done inconsistently.

    So, I wrote some scripts on ns0a and automated it a bit
    # get list of all switches to upgrade
    netc -r 172.20.16 | grep -E 'fes|bds|tbs' > basin.3750.all
     
    # check current status before we change anything
    apply fping < basin.3750.all | tee basin.fping
    apply apply.show_ver < basin.3750.all | tee basin.ver.all
    apply apply.show_boot < basin.3750.all | tee basin.boot.all
    grep path-list basin.boot.all | grep -v 19
     
    # load new software, and check
    apply apply.12.2.20 < basin.3750.all | tee basin.12.2.20
    apply apply.show_ver < basin.3750.all | tee basin.ver.all.2
    apply apply.show_boot < basin.3750.all | tee basin.boot.all.2
    grep path-list basin.boot.all.2 | grep -v 20
     
    # reload the fes's (remote edge of network)
    grep fes basin.3750.all | apply /usr/local/bin/ciscoreload
    apply apply.show_ver < basin.3750.all | tee basin.ver.all.3
     
    # reload non-edge devices (fes's become unreachable again)
    grep -v fes basin.3750.all | apply /usr/local/bin/ciscoreload
    apply apply.show_ver < basin.3750.all | tee basin.ver.all.4
     
    # check results using commands like
    grep "12.1(1" basin.ver.all.4
    wc basin.ver.all*
    wc basin.boot.all*
    

    These scripts are still a little bit rough, and you need to check their output carefully.

    [ /monash | # ]

    Thu, 14 Oct 2004

    Changes for new monash3-gw

    New Links
    monash3-gw 3/1 to clay-gnet-gw 1/0/10 clay-monash3-gnet Vlan544 .28.176/30
    monash3-gw 3/3 to clay-gnet-gw 1/0/11 GrangeNet EXTERNAL Vlan800
    monash3-gw 3/15 to clay0-gw 3/15 monash3-core Vlan538 .28.152/30
    Re-define Vlan544
    Define Vlan538
    Extend Vlan800 to monash3-gw

    Shut down interface Vlan800 on old monash3-gw

    Rename monash3-gw to vcp-gnet-gw
    swap loopback addresses of old/new-monash3-gw
    Add OSPF to new-monash3-gw, and check.
    Restart OSPF on vcp-gnet-gw on new address, and check.

    Enable interface Vlan800 on new monash3-gw

    Remove Multicast border config from vcp-gnet-gw
    Remove iBGP from vcp-gnet-gw
    Remove Vlan249

    Remove iBGP from vcp-gnet-gw, caul-gnet-gw, clay-gnet-gw

    Enable and check 
    ip route-cache flow
    ip flow-export

    Enable Multicast border config on monash3-gw

    Fix
    [root@ns0a tftp]# grep  'spanning-tree mode' configs/cisco/*gnet* 
    Fix
    drc0-gw#sho vtp status 
    New iBGP peer-list 
    pushacl.pl monash.ibgp.peer

    Fix MRTG monitoring

    Optional: Redisign eBGP for monash3-gw to be more-like eBGP for other monash*-gw's.

    [ /monash | # ]

    Tue, 12 Oct 2004

    Test lab

    Upgraded old clay3-sw to latest CatOS and c6msfc image.

    Converted old clay2-gw to be monash3-gw and converted from HybridIOS to NativeIOS.

    [ /monash | # ]

    Wed, 06 Oct 2004

    waitxxfor

    http://www.hennessynet.com/waitfor/
    This utility will wait until a url is available, until a port is being listened to, until an amount of time has passed or until a shell command succeeds. It's very useful when you want to coordinate the startup or shutdown of services. Each item you wish to wait for is specified on the command line as a series of URLs. The program will repeatedly test each one until it 'succeeds' or until the maximum wait time is exceeded.

    [ /monash | # ]

    IP Multicast

    Configuring IP Multicast Routing
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca794.html

    http://www.caida.org/tools/taxonomy/multicast.xml

    http://www.caida.org/tools/taxonomy/mcsttaxonomy.xml#mhealth http://imj.ucsb.edu/mhealth/download-v1.0/

    http://www.caida.org/tools/measurement/mantra/

    pcm6cast 0.1l

    Broadband dreams and multicast 'beams' by Vint Cerf
    http://www.zdnet.com.au/news/communications/0,2000061791,39161201,00.htm

    I have been involved with Multicast IP for many years, and have noticed several problems:

    1) When a Multicast IP network has problems, they are harder to track down than unicast IP problems. The technology is more complex, and debugging tools aren't available.

    2) Billing: It is hard to tell if a particular end-user has requested a particular multicast

    [ /monash | # ]

    Location Independent Networking

    http://www.ja.net/development/network_access/lin.html
    JANET Location Independent Networking (LIN) Trial Service. This is a service where a guest user can authenticate from a visited organisation back to their home organisation. The visited organisation trusts the home organisation in its response to the authentication process so that if successful, the visited organisation will grant the guest user network access in accordance with its local site policy.

    Uses a hierachy of proxy RADIUS servers - organisational / national / continent.

    http://www.ja.net/development/network_access/JANET-LIN-Architecture-document-Final.pdf

    Initially, wired, web-based redirection, 802.1X and Roamnode network access methods will be supported as part of the trial service.

    [ /monash | # ]

    Tue, 05 Oct 2004

    Cisco IOS Documentation

    12.2 Mainline http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/

    12.2 S http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/

    All IOS releases http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_cisco_ios_software_releases.html

    [ /monash | # ]

    Wed, 29 Sep 2004

    Branding of E-mail addresses

    "Branding" is appropriate using Web sites. Faculties, departments, centres, projects, even individuals can all have their own Web site to promote their own brands.

    E-mail addresses, like telephone numbers and postal addresses, are not suitable for branding. Do you have separate telephones on you desk for your different roles as Monash-staff-member, Buseco-staff-member, GSB-staff-member, Department-staff-member, Subject-lecturer, project-staff-member ? Do you run different e-mail programs to access e-mail for these different work roles? These different roles can/do all have their own web site, their own brand, but each individual doesn't require multiple telephones or e-mail accounts.

    E-mail Groups, e.g First.Last@Group.monash.edu.au are used for
    • Faculties
    • Divisions (of University Administration)
    to reduce the number of First.Last name clashes, and to subdivide e-mail administration.

    The Graduate School of Business appears to be contained within the Faculty of Business and Economics, and so it is appropriate that they use the First.Last@buseco.monash.edu.au e-mail addresses.

    [ /monash | # ]

    Tue, 21 Sep 2004

    Heat Lite Webservice

    https://secure.monash.edu/its/servicedesk/webservice/main.php

    [ /monash | # ]