technology
Predicting Future Internet Capacity Needs Using Time Series Data
November 24, 2023
In the era of digital transformation, efficient management of internet bandwidth is crucial for both individuals and businesses. As we become increasingly reliant on the internet for our daily activities, predicting future internet capacity needs is no longer just desirable—it’s essential. This blog post will guide you through the process of consuming your internet bandwidth time series data from your network monitoring platform to predict your future capacity needs.
Extracting Specific Key-Value Pairs from a List of Dictionaries in Ansible
May 13, 2023
Have you ever encountered a situation in Ansible where you had a list of dictionaries, each representing an item with multiple attributes, and you needed to extract only specific key-value pairs while keeping the rest of the data hidden? Such as wanting to specific data from a list of dictionaries that contains secrets that you did not want logged in Ansible stdout or stderr, but also did not to use no_log
, making troubleshooting difficult? This can be a common requirement when working with sensitive information or when you want to streamline the data passed to a task. In this article, we’ll explore how to solve this problem in Ansible, leveraging powerful filters and techniques to extract specific key-value pairs from a list of dictionaries.
RHCSA Version 8: Operating Running Systems
January 30, 2022
Boot, reboot, and shut down a system normally
RHCSA Version 8: Getting Started
January 10, 2022
I plan on earning at least an RHCSA again this year, since I’m currently in a role that requires more Linux skills. I previously had an RHCE for version 6, but it has long expired. Since I more or less know what to expect, I believe most of the studying will be a brush up of what I already know. However, I do plan on creating a blog for every major section of the exam objective, which are posted below.
A New Approach to Defending Against DDoS Attacks
October 21, 2016
DDoS (Distributed Denial of Service) attacks are getting larger, more sophisticated, and more pervasive. Just today (October 21, 2016), DDoS attacks against Dyn, Inc have impacted the availability of sites such as Twitter, Netflix, Github, and Spotify.
Network Lifecycle Management with Hierarchical Configuration
July 8, 2016
In a previous blog, I hinted at a network configuration life cycle management library called hierarchical_configuration. I’ve been meaning to write about it for a while, but we’ve been super busy at work. I also wanted to ensure that we get our latest version of the library out in the public for general consumption before I wrote about it.
Multi Change and Netlib Updates
June 22, 2016
I’ve implemented some new changes to pyMultiChange and netlib. The biggest change affects both netlib and pyMultiChange. In netlib, I ripped out both the ‘simple_creds’ and ‘simple_yaml’ methods, as both stored user credentials in plain text on the computer that you used them on.
Kicking the tires on the new Ansible Network Modules, Part 2
March 1, 2016
In the previous blog, I kicked the tires on the ios_command and ios_config Ansible modules. I still had my development environment set up from then, so I decided that I wanted to kick the tires on the ios_template module.
Kicking the tires with the new Ansible Network Modules
February 29, 2016
Ansible recently announced support for multi-vendor network modules, natively within Ansible. There are many examples on the Internet where individuals have taken the initiative to create their own modules to work with their favorite vendor. Some of these examples are Arista supplied modules, NX-OS modules created by Jason Edelman, NTC, and NAPALM. While these are all good, it’s nice to see that Ansible is taking some initiative to create some native functionality.
Using a serial console on Mac OS X
February 15, 2016
As a network engineer, a fundamental task is putting a base configuration onto a device via a serial console. In Windows, there are several applications from Hyper Terminal to Putty. In Linux, there is minicom. I’ve never been a Microsoft fan, but have been a Linux user for many years. Over the last few years have been using Mac OS X full time for work and personal. Given this, I need the ability to access a network device via a serial connection. A quick Google was fruitful.
Using Ansible to update your Home Dynamic DNS via Rackspace Cloud DNS
January 29, 2016
Like most home Internet users, my home Internet has a dynamic IP Address. For many years, I used DynDNS to keep a hostname associated to my home Internet, so that I could access my home resources remotely. After DynDNS started charging for the service, I just created a sub-domain off one of the domains that I own. The problem has always been that I would only find out about my IP Address changing after a failed login attempt. Since then, I have created a couple scripts. However, as I go down the Ansible journey, I try to apply the same problems to Ansible to see how it can solve problems. So, I decided to write a playbook to have Ansible automatically update my DNS record as needed.
Using Ansible to PUSH Cisco IOS Configurations
August 29, 2015
There are a lot of very good articles on the Internet about how Network Engineers can use Ansible to create standardized network device configurations or use Ansible with existing network vendor API’s to make changes to network devices. Some of my favorites can be found on the Python for Network Engineers and Jason Edelman’s sites.
pyMultiChange rewrite and Netlib
August 26, 2015
I re-wrote ‘pyMultiChange’ around my new library for connecting and managing devices. Before I was using ‘pyRouterLib’, but now I’ve deprecated that library with the creation of my new library ‘netlib’.
Dockerizing IOS-XRv
April 5, 2015
I’ve been playing with docker off and on for about a year or so now. One of my ideas, with Docker, is to use it for my network lab. These days, I’ve mostly virtualized my lab. Lately, been doing a lot of it in VIRL, but this hasn’t stopped me from tinkering.
Troubleshooting Internet Connectivity
March 12, 2015
This evening, I noticed that I was having some horrible Internet connectivity issues, from home. Trying to stream anything online? Forget it. Frustrated, I started troubleshooting the issue, fully expecting that I would end up opening up a trouble ticket with my ISP, sending them all my available troubleshooting information, and asking them to resolve their issue.
pyMultiChange and pyRouterLib Updates
February 2, 2015
I recently had a request to combine the SSH and TELNET functionality on my pyMultiChange scripts, as they share a lot of code. I thought that this was a reasonable request, so I started that process today.
MPLS Control and Data Plane Cheat Sheet
December 8, 2014
I made this image to help me wrap my head around the control and data plane flow in regards to MPLS.
Cisco VIRL Status? Digital Paper Weight
December 3, 2014
Update: I fixed the issue. Turns out, I’m a dim wit. There is an updated post, with tips and lessons learned, here.
Cisco VIRL - Bare Metal Install Tips and Lessons Learned
December 3, 2014
In my first post on VIRL - ”Cisco VIRL Status? Digital Paper Weight”, I shared my frustration with not being able to get my system to activate with Cisco. Come to find out, I’m a dim wit. That is, in the ‘Salt ID and domain’ section, I mistakenly left the .pem suffix in the name. Ironically, I blurred out that section, in an attempt to retain some privacy. However, if I hadn’t somebody may have rightly pointed out my error.
The Irony of Using SDN and NFV to Study Legacy Network Technologies
November 30, 2014
I was recently asked to present at a local Network Engineering Meetup. The topic that I’m going to speak about is how I’m using KVM, OpenFlow, Network Overlays, and OVS to integrate my physical network lab and virtual network lab. The presentation can be found here.
Mental Note: Tracking L3 Glean Attacks
November 28, 2014
Here’s a handy debug command for tracking L3 Glean attacks on IOS based Cisco routers / L3 switches.
pyMultiChange - SSH Script Update
November 25, 2014
I updated the ssh-multi.py script from my pyMultiChange repository. It’s now fully functional and allows you to enter ‘enable’ mode on Cisco routers and switches. As I’m using the paramiko library to interact with routers and switches via SSH, I had to switch from using the ‘exec_command’ API to invoke_shell, send, and recv API’s. It took a little more work - and I’m not completely thrilled with how the ‘recv’ API is implemented in paramiko, but it’s what we have to work with for now.
Updated pyRouterLib and pyMultiChange
November 24, 2014
I’ve updated a two pieces of software that I’ve been writing and maintaining. The first is pyRouterLib. pyRouterLib is a library, written in Python, that takes the common functionality of managing a Cisco router or switch, via Python and makes it easy to implement.
Python with Multiple Threads
November 20, 2014
I have a need to have a script to execute the same task, among many devices, as close to the same time as possible. As a non-programmer, whom happens to write code in an effort to make my job easier, I thought the task would be easier than it actually is. Spawning multiple threads is pretty easy. However, hitting resource limits is a limiting factor - as is how you output your data.
Connecting Your Virtual IOS-XE and IOX-XR Lab To Your Physical Lab
October 1, 2014
I’ve been building and using virtual IOS images, such as IOS-XE (CSR1000v) and IOS-XRv for a while now. It’s been great to just spin up a lab, based upon what ever topology that I want, not have to worry about a mess of cables, or hear the mildly annoying hum of a rack of routers and switches running up my electric bill.
Working with Cisco Routers and Switches with Python
July 27, 2014
I’ve updated the pyMultiChange.py script. It now is fully functional, with the addition of enable mode functionality. With this script, you can take a list of routers and switches from a text file and execute a series of commands, from a text file, all from SSH. For example:
Updating my Python Scripts to access Cisco Devices
July 26, 2014
I’ve been working to migrate my python scripts, that access Cisco routers and switches to utilize SSH. I’m building out a ‘pyRouterLib’ class, that currently doesn’t have much functionality, but I’m going to be building it out a lot more in the coming months. I’m also working on my pyMultiChange script, so that it utilizes SSH as well. Currently, the work is going well, although, there is still more work to go.
Dynamic DNS Updates via the Rackspace Cloud DNS
July 26, 2014
Do you remember the old days when dyndns.org offered free sub domains, that pointed to your home internet connection? This service allowed you to access your home computer remotely, by hostname, without the need of remembering your IP Address.
Linux Unified Key Setup
May 29, 2014
Here are some notes that I took about setting up LUKS when studying for the RHCSA. I felt that this would be appropriate to post after the recent issues with TrueCrypt.
OSPF Area Types and LSA's
April 11, 2014
Link State Advertisement (LSA) Types have never been my strong suite. I made a visual representation of how they are forwarded to help me get a better grasp on them.
IOS-XR (XRv) and IOS-XE (CSR1000v) KVM Config Generation
April 5, 2014
As I’m mostly going to be using XRv and the CSR1000v to create my Service Provider Lab Environment to study for the CCNP Service Provider exams, I thought that I would throw together a quick script so that I can build lab environments quickly. If you’ve played with XRv or CSR1000v in KVM at all, you know that it’s a hassle to generate your topologies. I’ve made that way easier with the “Virtual Network Lab Config Generator”. Note that this doesn’t generate device configs, but rather the KVM configuration that you use to spin up and connect your virtual devices. The code is on github.com. It was written hastily, so it’s very rough. :)
CCNP - Service Provider - SPROUTE
April 4, 2014
I plan on studying for the CCNP Service Provider - SPROUTE exam over the up coming months. I suppose the best place to start is from the beginning and work my way through the requirements. As I study, I’ll keep notes and publish them here. Up first, “OSPFv2 and OSPFv3 Routing in Service Provider Environments”.
TelnetCisco.py - A Reusable Module for Accessing Cisco Devices with Python
February 17, 2014
For one reason or another, Python seems to have been my go to scripting language of choice recently. One of the things that I’ve been working on is creating a reusable python library for accessing Cisco devices via telnet. It’s pretty basic code right now, but I’ll be expanding upon what I have soon and will be sharing via github.com as well. For now, here is my simple library.
Quick intro to Puppet
February 9, 2014
I’ve been using puppet for a while to automate several things within the Linux servers that I manage. It’s also one of those things that if I don’t use it in a while, I forget it. So, I’m going to do a quick run through of registering a puppet agent with a puppet master. I’ll also show some of the things that every Linux install gets pushed, aka the default settings.
I'm going to place these here...
December 4, 2013
I found these articles fantastic and I wanted a quick place to reference them all. They are all in relation and deal with NVP, SDN, Open vSwitch, and VXLAN.
DMVPN with VRF's for the Internet interfaces and BGP
November 25, 2013
I’ve been playing with some different DMVPN configurations. In this scenario, I wanted the Internet facing interface to have a separate routing table, which I accomplished with a VRF. I also wanted to use a phase 2 DMVPN - which allows spokes to communicate directly to each other without having to send all traffic to the hub. The tricky part was getting the DMVPN tunnels to form over that interface. This is accomplished via the tunnel vrf command in the tunnel interface and specifying the vrf in the crypto keyring.
Rackspace Performance vs Standard Cloud Server Disk I/O
November 22, 2013
I just spun up a Rackspace High Performance Cloud Server and ran some i/o benchmarks on it and compared it to one of my standard cloud servers. Here are my findings.
Managing Cisco Routers / Switches with Python, Take 2
October 10, 2013
Here is my script to date. It’s functional and works pretty well, in my limited testing.
Configuring Cisco routers and switches with Python
October 8, 2013
Update: I’ve updated the multichange script a lot since I first wrote about it. You can use the category function to see the various posts.
BGP Goodness and Links
September 25, 2013
I had my first real experience with playing with regular expressions in BGP this evening to manipulate traffic. In the instance below, I needed to give a lower preference to traffic that was learned from ‘65002’ and was 4 AS hops out. I did this by creating an as-path access-list, using it in a route-map, and applying it to an eBGP neighbor.
Google Chromecast and scanning for WiFi Networks
August 20, 2013
I’ve been playing around with the Google Chromecast this evening. One of the things that I’ve just run across is that it appears to periodically scan for wifi networks. I’ll write more soon, but this is what I’ve found so far.
Performing a full system restore after a Linux server re-kick
May 24, 2013
Sometimes, a server becomes so corrupt that you need to re-install the operating system and perform a full system restore of the server from backups. After the OS re-install, but before you perform the restore, you need to create a backup of the files that are responsible for booting the server, defining the partition and file system layout, and naming the hardware. Once the full system restore has been completed, you should restore those files.
Introduction to MPLS
May 9, 2013
I ran across this (long) video. It’s a pretty good introduction to what MPLS is.
SELinux For Mere Mortals
April 15, 2013
I ran across a great video that discusses SELinux. It’s called “SELinux For Mere Mortals”.
Cisco Zone Based Firewall and UDP based Traceroute
April 11, 2013
I’ve been using the Cisco Zone Based Firewall features in IOS for a little while now. Mostly at home and in a lab environment. One of the things that was kind of frustrating was that was the lack of outbound traceroute support from the trusted network to the untrusted network. I only use Linux and MacOS X at work and at home, so I never tried it out with a Microsoft based computer. I’ve also haven’t really been able to spend a lot of time to really debug the issue. Recently, I did some digging through the documentation on Cisco’s website and it hit me and it was such a simple answer. Linux/UNIX based operating systems use a UDP method for sending traceroute packets, while Windows based operating systems use a ICMP based method. As UDP is a connectionless protocol and there isn’t any method for keeping a state table for UDP packets in the firewall, you have to allow ICMP host-unreachables and time-exceeded packets IN to the untrusted interface, destined for the trusted network. Here is a sample configuration.
Filesystem I/O Speeds Benchmarking Perl Script
March 7, 2013
I wrote a quick perl script to test the read and write speeds of a file system in Linux. Below is the contents of the script.
Learning Python
February 28, 2013
I know and use Perl and Bash fairly regularly with automating system administration tasks. Lately, I’ve been putting some effort into learning python, as I believe that it will help me grow in my career. I’ve been using Learn Python the Hard Way. So far, it’s been a pretty awesome site! I need to think of some projects to continue to increase my capabilities with it. Maybe, I’ll post some code examples as I create some projects. Either way, check out the site. It’s pretty awesome!
Bash Shell Enumerator - Command Not Found
February 22, 2013
Make this script run when ever a user logs into their system and watch them freak out as it tells them that all their commands aren’t found. :)
Bash - Random Password Changer
February 22, 2013
Here’s a script that will change a user’s password at random internals with a randomly generated 30 character password. :)
Quick one-liner to change all databases tables to InnoDB in MySQL.
February 10, 2013
I’ve been attempting to get a better understanding of the operations of MySQL. For me, the best way to do that is hands on. I had a database, with a lot of tables, that I wanted to change the engine type to InnoDB. Obviously, being a lazy sys admin, I didn’t want to change them all by hand. So, I made a quick one-liner to do the job for me.
OpenNHRP RPM Updated
February 6, 2013
I’ve updated the yum repository with the current version of OpenNHRP. The current version available in the repository is 0.14. For more information, check out the repository link. http://www.packetgeek.net/repository.
Linux File Server for Apple Time Machine Backups
February 4, 2013
I got Apple Time Machine backups working with my Linux file server. Apple allows you to perform backups over the network utilizing the AFP (Apple Filing Protocol), via the Time Machine app. There is an open source implementation of afp in the netatalk package. Here is a quick and dirty run down of how I configured netatalk to work as my storage location for my apple backups.
Rackspace Private Cloud Edition - Compute Setup
January 19, 2013
I finally got a chance to sit down and play with pre-built Open Stack ‘Private Cloud Edition’ built by Rackspace. Once it’s installed, you can spin up instances right out of the box, but there are a few nuances to getting a functional platform for remote access and serving. I figured that I’d do a run through of the install and the initial changes that I made to get my install working.
Rackspace Cloud Servers and Networks with Open vSwitch and VXLAN between Data Centers
January 12, 2013
I’ve been playing with Open vSwitch and the VXLAN patch that is available at: https://github.com/mestery/ovs-vxlan
Playing with Openvswitch.
December 29, 2012
I’ve been playing with openvswitch a little bit this evening. Here are some notes that I took for a very basic configuration on Ubuntu 12.04.
The Nerdiest IPv6 related domain name on the Internet
November 2, 2012
I purchased a new domain last night. The site is 3.4028237e38.com. I don’t actually have any plans for it, yet. It will most likely just have a bunch of IPv6 related information on it. :) Check it out!
IPv6 Subnetting
October 30, 2012
Subnetting IPv6 is just like IPv4, that is it uses the powers of two to determine the subnet mask. IPv6 doesn’t use a subnet mask, per say. Instead it uses slash notation. For example /64, /48, etc. The slash notation is known as a prefix.
SELinux - Listing Available Contexts
October 29, 2012
As you know, I’ve been studying for the RHCE exam. One of the things that I was unsure about with SELinux was how to find all the available contexts. It’s easy to find booleans with the ‘getsebool’ command, but what about a context?
IPv4 Subnetting Made Easy
October 29, 2012
Many people are intimidated by the idea of subnetting a block of IP Addresses. In reality, it’s much easier than what it appears and with some practice it can be easily done in a persons head, on the fly.
RHCE Series: SSH and NTP
October 27, 2012
SSH
- Configure key-based authentication.
- Configure additional options described in documentation.
RHCE Series: SMTP
October 27, 2012
- Configure a mail transfer agent (MTA) to accept inbound email from other systems.
- Configure an MTA to forward (relay) email through a smart host.
RHCE Series: HTTP
October 27, 2012
- Configure a virtual host.
- Configure private directories.
- Deploy a basic CGI application.
- Configure group-managed content.
RHCE Series: DNS
October 26, 2012
- Configure a caching-only name server.
- Configure a caching-only name server to forward DNS queries.
- Note: Candidates are not expected to configure master or slave name servers.
RHCE Series: Configure the service to start when the system is booted.
October 25, 2012
[root@server1 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@server1 ~]# chkconfig --level 345 httpd on
[root@server1 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
[root@server1 ~]# chkconfig --level 345 httpd off
[root@server1 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@server1 ~]# chkconfig httpd off
[root@server1 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@server1 ~]# chkconfig --list
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
svnserve 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
RHCE Series: Configure SELinux to support the service.
October 25, 2012
- Every process or object has a SELinux context:
- identity:role:domain/type
- The SELinux policy controls:
- What identities can use which roles
- What roles can enter which domains
- What domains can access which types
- To change the context of a file, you can use the chcon command:
- chcon -R –reference=/var/www/html
- To restore the default labeling from the policy and apply the contexts to file:
- restorecon -R
- To change the SELinux mode during boot, you can pass the ‘enforcing=0’ option to the kernel in GRUB.
- sestatus
-
setenforce getenforce - policycoreutils
- setroubleshoot
- system-config-selinux <- part of policycoreutils-gui in RHEL.
-
setsebool getsebool - chcon
- restorecon When troubleshooting potential SELinux issues, you can turn off SELinux while troubleshooting.
RHCE Series: Remote Logging
October 24, 2012
I’ll be combining two objectives into one, as I feel that they are very closely related.
RHCE Series: Produce and deliver reports on system utilization
October 24, 2012
The sysstat package provides several utilities for system monitoring and generating reports based upon system utilization.
RHCE Series: Build a simple RPM that packages a single file.
October 24, 2012
Alright, so this is a little more in depth than creating a simple package, but I figured I could full-fill the Red Hat requirement and create a little bit of documentation on how to create the rpm for OpenNHRP in one swoop. :)
RHCE Series: Use /proc/sys and sysctl to modify and set kernel runtime parameters.
October 16, 2012
Kernel tuning is pretty easy. There are a couple of ways of doing it. The old way of modifying kernel perimeters was by modifying the /proc.
RHCE Series: Configure a system as an iSCSI initiator that persistently mounts an iSCSI target.
October 16, 2012
Creating an iscsi target isn’t part of the RHCE objectives, but I’ll show my commands here so that you can create your own target for testing.
RHCE Series: Use iptables to implement packet filtering and configure network address translation (NAT): Part 2
October 15, 2012
In this second part, we’ll discuss how to set up a NAT in Linux, using iptables. As in the previous blog, here are the stats of my VM’s:
Think that you have a compromised Red Hat based system?
October 12, 2012
Use RPM to search for modified binaries.
RHCE Series: Use iptables to implement packet filtering and configure network address translation (NAT): Part 1
October 12, 2012
This section is on using IPTables to create a packet filtering firewall as well as implementing NAT with IPTables. My test environment are two stock installs of CentOS 6.3 in a virtualized environment.
PPTP to HE IPv6 Network Perl Script
October 11, 2012
I forgot about this. This was a perl script that I used to use to connect to Hurricane Electric IPv6 Network via PPTP. Last I checked, their pptp servers were offline. Bummer for those who can’t do IPv6 in IP tunneling. Requires the pptp-setup package.
RHCE Series: Route IP traffic and create static routes
October 10, 2012
As I start preparing for the RHCE exam, I’m attempting to go through each exam objective one by one and put together my notes on the subjects. I’ll try to go trough each exam objective in the order that it’s listed on it’s page, but I may skip around a little bit on the objectives that very vague on what exactly they want. This first set of notes is on routing IP traffic and static routes. Enjoy.
IPv6 Subnetting
October 9, 2012
In conjunction with my knowledge of how IPv4 subnetting works, Ethereal Mind blog on “/48 allocation in /64 chunks” got my mind going on IPv6 subnetting and how it works. I’ll write more on it soon, but it’s pretty easy to understand if you understand how to subnet IPv4 networks. Same concepts, but with 16 bit fields and 128 bit long addresses.
RHCE Exam Objectives
October 7, 2012
I’m starting to study for the RHCE exam. Below are the current exam objectives and will be referring to them as I study.
OpenNHRP is now available via RPM
October 2, 2012
After a LONG hiatus, I’m finally starting to work on my Open Source implementation of DMVPN, again. So far, I’ve started off by taking the OpenNHRP source code and building RPM files. I made no changes to the source code itself. Heck, I don’t even consider myself a developer. I just built the RPM binaries so that a person could build a DMVPN device without needing to have developer tools installed on the device itself. It should be a little more secure that way. :)
Using a Proxy Server to access the IPv6 Internet?
October 1, 2012
I had an idea recently. Could a person use an http proxy server to access the IPv6 portions of the Internet? The answer is, yes.
Logical Volume Management in Linux
October 1, 2012
LVM is a very powerful file system administration tool in Linux. It provides you with the ability to create, extend, resize, and even take snapshots of disk space on live systems. Here are my notes. I created a new hard drive within my test VM. When the server booted, it sees the new drive as /dev/sda. The disk that’s in use by Linux is /dev/vda. To start, we’ll need to partition /dev/sda. Note that you can only have four primary partitions on a single hard drive. Once you reach four primary partitions, if there is any space left on the disk, it will be unusable. Therefore, if you have a couple primary partitions, it’s best to start using logical partitions.
Linux Encrypted Filesystems
September 30, 2012
In the age of mobile devices that contain private information, whether it’s personal or business information, encrypting your devices is a good idea. Filesystem encryption allows you to encrypt a single partition or even an entire hard drive. When configuring correctly, this will help mitigate privacy issues from stolen devices.
Cisco Auto Secure
October 10, 2011
I recently found a new command to help with the securing of Cisco Routers. The command is “auto secure”, which is executed from privileged enable mode. When executed, it asks a few questions and executes several commands based on security best practices for Cisco Routers. Below is an example from a router in my test lab.
IOS Local Password Security Features
February 17, 2011
I’ve been studying some of the security features built in to IOS. These mostly have to do with physical security and local password security built into IOS.
The United States vs Personal Freedoms and Liberties
December 7, 2010
I generally do not get overly involved in politics, because I’ve resigned myself to the fact that it’s a completely flawed system and I’m going to find something that I don’t agree with anyways. But I’ve been noticing a very disturbing trend as of late.
It's been a while...
December 2, 2010
It’s been a while since I’ve updated this. I’ve since earned a CCNP and have several notes and such that I need to put up here from my studies. I’m also focusing on my professional development and continuing to learn more about advanced technologies in depth.
Layer 3 LAN Switching
August 8, 2010
As enterprise LANs grow, there becomes a need to break up LANs with routers. Traditionally, routers have performed the layer 3 functionality, but in today’s high-speed LANs there is a need to be able to forward packets much quicker than the traditional routers have been able to. That is where layer 3 switches come into play.
Virtual LAN's and Trunks
August 4, 2010
Virtual LAN, also known as VLAN, is exactly as it sounds. It’s a method of having several virtual LAN’s on a single switch or even on an enterprise campus LAN. It’s completely driven by software and is strictly layer 2. Just as physical LAN’s, you can connect VLAN’s together with layer 3 devices, either routers or switches capable of providing layer three services.
Diebold FIT File Perl Script
July 28, 2010
I wrote this to generate Diebold FIT files quickly. This script can generate a FIT file in a couple seconds in what would take me hours to do by hand.
VLAN Trunking Protocol
July 27, 2010
VLAN Trunking Protocol, aka VTP, is a Cisco proprietary protocol that allows Cisco switches to manage your VLAN database across all switches in your LAN through a central switch. This is done via a client / server environment.
OSPF Notes and Gotchas
July 20, 2010
Open Shortest Path First (OSPF) is an open standard routing protocol that is used as an interior gateway routing protocol (IGP). Because OSPF is an open standard, it will inter-operate with many network gear vendors, with some configuration tweaks.
What information is your browser giving away?
May 18, 2010
This morning, there was an article where the EFF is claiming that just because you turn off cookies and javascript in your browser doesn’t mean that you’re not giving away information. Unfortunately, they are very correct. Your browser will give away ALL kinds of information about your computer; such as operating system, browser type / version number, browser plugin’s, etc.
Automated Linux Backups utilizing rsync over SSH
May 16, 2010
I was recently tasked with coming up with a backup solution for our Linux based servers. My solution was to use rsync over SSH to pull the data that we wanted over and then use tar to create daily archives, which we can then pull off the server to some other type of storage media or a remote server.
Virtualization Notes, Best Practices, and Gotcha's
March 21, 2010
I spent last week attending the Virtualization Pro Summit. I came away with a wealth of information that I’m still compiling, wrapping my head around, and figuring out where and how I can implement what. Below are some of the notes that I took away from the conference.
Why Open Source helps to build competence in IT
June 3, 2009
I love open source software (OSS), even though, technically, I’m not a developer. I’m a consumer of oss, I guess you could say. At the heart of it, oss has had a profound impact on my development as an IT professional and hobbyist. Let me explain.
NSA Security Configuration Guides
June 3, 2009
I refer to these guides from time to time, but always end up doing a google search to find them. I’m not very good at browser bookmark up keep and I’m always on a different computer then the needed bookmark is on. :)
Using Perl to grab a proccess id in Linux
May 31, 2009
Ever since I first started doing Linux system administration, I’ve used perl scripts to automate some basic tasks. I’ve never really been that great at writing scripts because I never took the time to sit down and really learn the intricate details of the language. Here recently, I’ve written some of my most complex and detail oriented scripts, where I’ve had to really learn a little bit about regular expressions. Along the way I also learned how to pick very specific data out of a array and feed it to my script for processing.
Prepping Ubuntu Server Edition to run as a DMVPN.
May 31, 2009
After reading about the open source implementation of NHRP, I decided that I would play around with it a bit to see where it’s at, development wise. I have a VMWare Session of Ubuntu 9.04 (Server Edition) that I use to geek out on stuff like this. It’s nice, because at a click of a button I can have a default install, by reverting to my default snap shot.
An Open Source Implementation of Cisco's Dynamic Multipoint VPN (DMVPN)
May 31, 2009
For a few years, Cisco has had a pretty innovative VPN solution called “Dynamic Multipoint VPN”. In essence, it’s a traditional hub and spoke VPN design, except that when two, or more, spokes want to communicate directly with each other, they initiate a dynamic IPSEC tunnel with each other instead of sending the traffic to the hub, where the hub would route the traffic to the destination spoke. If you’re confused, the “hub” would be the main office where all VPN sessions are initiated to and the “spoke” are the branch offices.
A Net::Telnet::Cisco Example (Save Running Configuration)
May 31, 2009
This is a simple perl script that uses the Net::Telnet::Cisco
perl module to save the running configuration on a Cisco IOS router or switch. It could be modified to be automated very easily.