packetgeek.net

packetgeek.net is my technology blog. The topics range greatly and often reflect what is interesting to me at the time or what I'm studying.

Predicting Future Internet Capacity Needs Using Time Series Data

November 24, 2023

In the era of digital transformation, efficient management of internet bandwidth is crucial for both individuals and businesses. As we become increasingly reliant on the internet for our daily activities, predicting future internet capacity needs is no longer just desirable—it’s essential. This blog post will guide you through the process of consuming your internet bandwidth time series data from your network monitoring platform to predict your future capacity needs.

Extracting Specific Key-Value Pairs from a List of Dictionaries in Ansible

May 13, 2023

Have you ever encountered a situation in Ansible where you had a list of dictionaries, each representing an item with multiple attributes, and you needed to extract only specific key-value pairs while keeping the rest of the data hidden? Such as wanting to specific data from a list of dictionaries that contains secrets that you did not want logged in Ansible stdout or stderr, but also did not to use no_log, making troubleshooting difficult? This can be a common requirement when working with sensitive information or when you want to streamline the data passed to a task. In this article, we’ll explore how to solve this problem in Ansible, leveraging powerful filters and techniques to extract specific key-value pairs from a list of dictionaries.

RHCSA Version 8: Operating Running Systems

January 30, 2022

Boot, reboot, and shut down a system normally

RHCSA Version 8: Getting Started

January 10, 2022

I plan on earning at least an RHCSA again this year, since I’m currently in a role that requires more Linux skills. I previously had an RHCE for version 6, but it has long expired. Since I more or less know what to expect, I believe most of the studying will be a brush up of what I already know. However, I do plan on creating a blog for every major section of the exam objective, which are posted below.

A New Approach to Defending Against DDoS Attacks

October 21, 2016

DDoS (Distributed Denial of Service) attacks are getting larger, more sophisticated, and more pervasive. Just today (October 21, 2016), DDoS attacks against Dyn, Inc have impacted the availability of sites such as Twitter, Netflix, Github, and Spotify.

Network Lifecycle Management with Hierarchical Configuration

July 8, 2016

In a previous blog, I hinted at a network configuration life cycle management library called hierarchical_configuration. I’ve been meaning to write about it for a while, but we’ve been super busy at work. I also wanted to ensure that we get our latest version of the library out in the public for general consumption before I wrote about it.

Multi Change and Netlib Updates

June 22, 2016

I’ve implemented some new changes to pyMultiChange and netlib. The biggest change affects both netlib and pyMultiChange. In netlib, I ripped out both the ‘simple_creds’ and ‘simple_yaml’ methods, as both stored user credentials in plain text on the computer that you used them on.

Kicking the tires on the new Ansible Network Modules, Part 2

March 1, 2016

In the previous blog, I kicked the tires on the ios_command and ios_config Ansible modules. I still had my development environment set up from then, so I decided that I wanted to kick the tires on the ios_template module.

Kicking the tires with the new Ansible Network Modules

February 29, 2016

Ansible recently announced support for multi-vendor network modules, natively within Ansible. There are many examples on the Internet where individuals have taken the initiative to create their own modules to work with their favorite vendor. Some of these examples are Arista supplied modules, NX-OS modules created by Jason Edelman, NTC, and NAPALM. While these are all good, it’s nice to see that Ansible is taking some initiative to create some native functionality.

Using a serial console on Mac OS X

February 15, 2016

As a network engineer, a fundamental task is putting a base configuration onto a device via a serial console. In Windows, there are several applications from Hyper Terminal to Putty. In Linux, there is minicom. I’ve never been a Microsoft fan, but have been a Linux user for many years. Over the last few years have been using Mac OS X full time for work and personal. Given this, I need the ability to access a network device via a serial connection. A quick Google was fruitful.

NANOG 66

February 15, 2016

NANOG 66 took place a couple weeks ago. Video’s and presentations are trickling on the Internet. Here are the list of video’s and presentations that I found particularly interesting:

Using Ansible to update your Home Dynamic DNS via Rackspace Cloud DNS

January 29, 2016

Like most home Internet users, my home Internet has a dynamic IP Address. For many years, I used DynDNS to keep a hostname associated to my home Internet, so that I could access my home resources remotely. After DynDNS started charging for the service, I just created a sub-domain off one of the domains that I own. The problem has always been that I would only find out about my IP Address changing after a failed login attempt. Since then, I have created a couple scripts. However, as I go down the Ansible journey, I try to apply the same problems to Ansible to see how it can solve problems. So, I decided to write a playbook to have Ansible automatically update my DNS record as needed.

Using Ansible to PUSH Cisco IOS Configurations

August 29, 2015

There are a lot of very good articles on the Internet about how Network Engineers can use Ansible to create standardized network device configurations or use Ansible with existing network vendor API’s to make changes to network devices. Some of my favorites can be found on the Python for Network Engineers and Jason Edelman’s sites.

pyMultiChange rewrite and Netlib

August 26, 2015

I re-wrote ‘pyMultiChange’ around my new library for connecting and managing devices. Before I was using ‘pyRouterLib’, but now I’ve deprecated that library with the creation of my new library ‘netlib’.

Dockerizing IOS-XRv

April 5, 2015

I’ve been playing with docker off and on for about a year or so now. One of my ideas, with Docker, is to use it for my network lab. These days, I’ve mostly virtualized my lab. Lately, been doing a lot of it in VIRL, but this hasn’t stopped me from tinkering.

Troubleshooting Internet Connectivity

March 12, 2015

This evening, I noticed that I was having some horrible Internet connectivity issues, from home. Trying to stream anything online? Forget it. Frustrated, I started troubleshooting the issue, fully expecting that I would end up opening up a trouble ticket with my ISP, sending them all my available troubleshooting information, and asking them to resolve their issue.

pyMultiChange and pyRouterLib Updates

February 2, 2015

I recently had a request to combine the SSH and TELNET functionality on my pyMultiChange scripts, as they share a lot of code. I thought that this was a reasonable request, so I started that process today.

MPLS Control and Data Plane Cheat Sheet

December 8, 2014

I made this image to help me wrap my head around the control and data plane flow in regards to MPLS.

Cisco VIRL Status? Digital Paper Weight

December 3, 2014

Update: I fixed the issue. Turns out, I’m a dim wit. There is an updated post, with tips and lessons learned, here.

Cisco VIRL - Bare Metal Install Tips and Lessons Learned

December 3, 2014

In my first post on VIRL -  ”Cisco VIRL Status? Digital Paper Weight”, I shared my frustration with not being able to get my system to activate with Cisco. Come to find out, I’m a dim wit. That is, in the ‘Salt ID and domain’ section, I mistakenly left the .pem suffix in the name. Ironically, I blurred out that section, in an attempt to retain some privacy. However, if I hadn’t somebody may have rightly pointed out my error.

The Irony of Using SDN and NFV to Study Legacy Network Technologies

November 30, 2014

I was recently asked to present at a local Network Engineering Meetup. The topic that I’m going to speak about is how I’m using KVM, OpenFlow, Network Overlays, and OVS to integrate my physical network lab and virtual network lab. The presentation can be found here.

Mental Note: Tracking L3 Glean Attacks

November 28, 2014

Here’s a handy debug command for tracking L3 Glean attacks on IOS based Cisco routers / L3 switches.

pyMultiChange - SSH Script Update

November 25, 2014

I updated the ssh-multi.py script from my pyMultiChange repository. It’s now fully functional and allows you to enter ‘enable’ mode on Cisco routers and switches. As I’m using the paramiko library to interact with routers and switches via SSH, I had to switch from using the ‘exec_command’ API to invoke_shell, send, and recv API’s. It took a little more work - and I’m not completely thrilled with how the ‘recv’ API is implemented in paramiko, but it’s what we have to work with for now.

Updated pyRouterLib and pyMultiChange

November 24, 2014

I’ve updated a two pieces of software that I’ve been writing and maintaining. The first is pyRouterLib. pyRouterLib is a library, written in Python, that takes the common functionality of managing a Cisco router or switch, via Python and makes it easy to implement.

Python with Multiple Threads

November 20, 2014

I have a need to have a script to execute the same task, among many devices, as close to the same time as possible. As a non-programmer, whom happens to write code in an effort to make my job easier, I thought the task would be easier than it actually is. Spawning multiple threads is pretty easy. However, hitting resource limits is a limiting factor - as is how you output your data.

Connecting Your Virtual IOS-XE and IOX-XR Lab To Your Physical Lab

October 1, 2014

I’ve been building and using virtual IOS images, such as IOS-XE (CSR1000v) and IOS-XRv for a while now. It’s been great to just spin up a lab, based upon what ever topology that I want, not have to worry about a mess of cables, or hear the mildly annoying hum of a rack of routers and switches running up my electric bill.

Working with Cisco Routers and Switches with Python

July 27, 2014

I’ve updated the pyMultiChange.py script. It now is fully functional, with the addition of enable mode functionality. With this script, you can take a list of routers and switches from a text file and execute a series of commands, from a text file, all from SSH. For example:

Updating my Python Scripts to access Cisco Devices

July 26, 2014

I’ve been working to migrate my python scripts, that access Cisco routers and switches to utilize SSH. I’m building out a ‘pyRouterLib’ class, that currently doesn’t have much functionality, but I’m going to be building it out a lot more in the coming months. I’m also working on my pyMultiChange script, so that it utilizes SSH as well. Currently, the work is going well, although, there is still more work to go.

Dynamic DNS Updates via the Rackspace Cloud DNS

July 26, 2014

Do you remember the old days when dyndns.org offered free sub domains, that pointed to your home internet connection? This service allowed you to access your home computer remotely, by hostname, without the need of remembering your IP Address.

Linux Unified Key Setup

May 29, 2014

Here are some notes that I took about setting up LUKS when studying for the RHCSA. I felt that this would be appropriate to post after the recent issues with TrueCrypt.

OSPF Area Types and LSA's

April 11, 2014

Link State Advertisement (LSA) Types have never been my strong suite. I made a visual representation of how they are forwarded to help me get a better grasp on them.

IOS-XR (XRv) and IOS-XE (CSR1000v) KVM Config Generation

April 5, 2014

As I’m mostly going to be using XRv and the CSR1000v to create my Service Provider Lab Environment to study for the CCNP Service Provider exams, I thought that I would throw together a quick script so that I can build lab environments quickly. If you’ve played with XRv or CSR1000v in KVM at all, you know that it’s a hassle to generate your topologies. I’ve made that way easier with the “Virtual Network Lab Config Generator”. Note that this doesn’t generate device configs, but rather the KVM configuration that you use to spin up and connect your virtual devices. The code is on github.com. It was written hastily, so it’s very rough. :)

CCNP - Service Provider - SPROUTE

April 4, 2014

I plan on studying for the CCNP Service Provider - SPROUTE exam over the up coming months. I suppose the best place to start is from the beginning and work my way through the requirements. As I study, I’ll keep notes and publish them here. Up first, “OSPFv2 and OSPFv3 Routing in Service Provider Environments”.

TelnetCisco.py - A Reusable Module for Accessing Cisco Devices with Python

February 17, 2014

For one reason or another, Python seems to have been my go to scripting language of choice recently. One of the things that I’ve been working on is creating a reusable python library for accessing Cisco devices via telnet. It’s pretty basic code right now, but I’ll be expanding upon what I have soon and will be sharing via github.com as well. For now, here is my simple library.

Quick intro to Puppet

February 9, 2014

I’ve been using puppet for a while to automate several things within the Linux servers that I manage. It’s also one of those things that if I don’t use it in a while, I forget it. So, I’m going to do a quick run through of registering a puppet agent with a puppet master. I’ll also show some of the things that every Linux install gets pushed, aka the default settings.

I'm going to place these here...

December 4, 2013

I found these articles fantastic and I wanted a quick place to reference them all. They are all in relation and deal with NVP, SDN, Open vSwitch, and VXLAN.

DMVPN with VRF's for the Internet interfaces and BGP

November 25, 2013

I’ve been playing with some different DMVPN configurations. In this scenario, I wanted the Internet facing interface to have a separate routing table, which I accomplished with a VRF. I also wanted to use a phase 2 DMVPN - which allows spokes to communicate directly to each other without having to send all traffic to the hub. The tricky part was getting the DMVPN tunnels to form over that interface. This is accomplished via the tunnel vrf command in the tunnel interface and specifying the vrf in the crypto keyring.

Rackspace Performance vs Standard Cloud Server Disk I/O

November 22, 2013

I just spun up a Rackspace High Performance Cloud Server and ran some i/o benchmarks on it and compared it to one of my standard cloud servers. Here are my findings.

Managing Cisco Routers / Switches with Python, Take 2

October 10, 2013

Here is my script to date. It’s functional and works pretty well, in my limited testing.

Configuring Cisco routers and switches with Python

October 8, 2013

Update: I’ve updated the multichange script a lot since I first wrote about it. You can use the category function to see the various posts.

BGP Goodness and Links

September 25, 2013

I had my first real experience with playing with regular expressions in BGP this evening to manipulate traffic. In the instance below, I needed to give a lower preference to traffic that was learned from ‘65002’ and was 4 AS hops out. I did this by creating an as-path access-list, using it in a route-map, and applying it to an eBGP neighbor.

Google Chromecast and scanning for WiFi Networks

August 20, 2013

I’ve been playing around with the Google Chromecast this evening. One of the things that I’ve just run across is that it appears to periodically scan for wifi networks. I’ll write more soon, but this is what I’ve found so far.

Performing a full system restore after a Linux server re-kick

May 24, 2013

Sometimes, a server becomes so corrupt that you need to re-install the operating system and perform a full system restore of the server from backups. After the OS re-install, but before you perform the restore, you need to create a backup of the files that are responsible for booting the server, defining the partition and file system layout, and naming the hardware. Once the full system restore has been completed, you should restore those files.

SDN Goodness

May 9, 2013

Here are a few nuggets pertaining to OpenvSwtich, NVP, SDN, and Nicira.

Introduction to MPLS

May 9, 2013

I ran across this (long) video. It’s a pretty good introduction to what MPLS is.

SELinux For Mere Mortals

April 15, 2013

I ran across a great video that discusses SELinux. It’s called “SELinux For Mere Mortals”.

Cisco Zone Based Firewall and UDP based Traceroute

April 11, 2013

I’ve been using the Cisco Zone Based Firewall features in IOS for a little while now. Mostly at home and in a lab environment. One of the things that was kind of frustrating was that was the lack of outbound traceroute support from the trusted network to the untrusted network. I only use Linux and MacOS X at work and at home, so I never tried it out with a Microsoft based computer. I’ve also haven’t really been able to spend a lot of time to really debug the issue. Recently, I did some digging through the documentation on Cisco’s website and it hit me and it was such a simple answer. Linux/UNIX based operating systems use a UDP method for sending traceroute packets, while Windows based operating systems use a ICMP based method. As UDP is a connectionless protocol and there isn’t any method for keeping a state table for UDP packets in the firewall, you have to allow ICMP host-unreachables and time-exceeded packets IN to the untrusted interface, destined for the trusted network. Here is a sample configuration.

Filesystem I/O Speeds Benchmarking Perl Script

March 7, 2013

I wrote a quick perl script to test the read and write speeds of a file system in Linux. Below is the contents of the script.

Learning Python

February 28, 2013

I know and use Perl and Bash fairly regularly with automating system administration tasks. Lately, I’ve been putting some effort into learning python, as I believe that it will help me grow in my career. I’ve been using Learn Python the Hard Way. So far, it’s been a pretty awesome site! I need to think of some projects to continue to increase my capabilities with it. Maybe, I’ll post some code examples as I create some projects. Either way, check out the site. It’s pretty awesome!

Bash Shell Enumerator - Command Not Found

February 22, 2013

Make this script run when ever a user logs into their system and watch them freak out as it tells them that all their commands aren’t found. :)

Bash - Random Password Changer

February 22, 2013

Here’s a script that will change a user’s password at random internals with a randomly generated 30 character password. :)

Quick one-liner to change all databases tables to InnoDB in MySQL.

February 10, 2013

I’ve been attempting to get a better understanding of the operations of MySQL. For me, the best way to do that is hands on. I had a database, with a lot of tables, that I wanted to change the engine type to InnoDB. Obviously, being a lazy sys admin, I didn’t want to change them all by hand. So, I made a quick one-liner to do the job for me.

OpenNHRP RPM Updated

February 6, 2013

I’ve updated the yum repository with the current version of OpenNHRP. The current version available in the repository is 0.14. For more information, check out the repository link. http://www.packetgeek.net/repository.

Linux File Server for Apple Time Machine Backups

February 4, 2013

I got Apple Time Machine backups working with my Linux file server. Apple allows you to perform backups over the network utilizing the AFP (Apple Filing Protocol), via the Time Machine app. There is an open source implementation of afp in the netatalk package. Here is a quick and dirty run down of how I configured netatalk to work as my storage location for my apple backups.

Rackspace Private Cloud Edition - Compute Setup

January 19, 2013

I finally got a chance to sit down and play with pre-built Open Stack ‘Private Cloud Edition’ built by Rackspace. Once it’s installed, you can spin up instances right out of the box, but there are a few nuances to getting a functional platform for remote access and serving. I figured that I’d do a run through of the install and the initial changes that I made to get my install working.

Rackspace Cloud Servers and Networks with Open vSwitch and VXLAN between Data Centers

January 12, 2013

I’ve been playing with Open vSwitch and the VXLAN patch that is available at: https://github.com/mestery/ovs-vxlan

Playing with Openvswitch.

December 29, 2012

I’ve been playing with openvswitch a little bit this evening. Here are some notes that I took for a very basic configuration on Ubuntu 12.04.

The Nerdiest IPv6 related domain name on the Internet

November 2, 2012

I purchased a new domain last night. The site is 3.4028237e38.com. I don’t actually have any plans for it, yet. It will most likely just have a bunch of IPv6 related information on it. :) Check it out!

IPv6 Subnetting

October 30, 2012

Subnetting IPv6 is just like IPv4, that is it uses the powers of two to determine the subnet mask. IPv6 doesn’t use a subnet mask, per say. Instead it uses slash notation. For example /64, /48, etc. The slash notation is known as a prefix.

SELinux - Listing Available Contexts

October 29, 2012

As you know, I’ve been studying for the RHCE exam. One of the things that I was unsure about with SELinux was how to find all the available contexts. It’s easy to find booleans with the ‘getsebool’ command, but what about a context?

IPv4 Subnetting Made Easy

October 29, 2012

Many people are intimidated by the idea of subnetting a block of IP Addresses. In reality, it’s much easier than what it appears and with some practice it can be easily done in a persons head, on the fly.

RHCE Series: SSH and NTP

October 27, 2012

SSH

  • Configure key-based authentication.
  • Configure additional options described in documentation.

RHCE Series: SMTP

October 27, 2012

  • Configure a mail transfer agent (MTA) to accept inbound email from other systems.
  • Configure an MTA to forward (relay) email through a smart host.

RHCE Series: HTTP

October 27, 2012

  • Configure a virtual host.
  • Configure private directories.
  • Deploy a basic CGI application.
  • Configure group-managed content.

RHCE Series: FTP

October 26, 2012

  • Configure anonymous-only download.

RHCE Series: DNS

October 26, 2012

  • Configure a caching-only name server.
  • Configure a caching-only name server to forward DNS queries.
  • Note: Candidates are not expected to configure master or slave name servers.

Making NAT work with the default Red Hat iptables ruleset

October 26, 2012

Just a mental note.

RHCE Series: Configure the service to start when the system is booted.

October 25, 2012

[root@server1 ~]# chkconfig --list httpd
httpd           0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@server1 ~]# chkconfig --level 345 httpd on
[root@server1 ~]# chkconfig --list httpd
httpd           0:off 1:off 2:off 3:on 4:on 5:on 6:off
[root@server1 ~]# chkconfig --level 345 httpd off
[root@server1 ~]# chkconfig --list httpd
httpd           0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@server1 ~]# chkconfig httpd off
[root@server1 ~]# chkconfig --list httpd
httpd           0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@server1 ~]# chkconfig --list
auditd          0:off 1:off 2:on 3:on 4:on 5:on 6:off
crond           0:off 1:off 2:on 3:on 4:on 5:on 6:off
httpd           0:off 1:off 2:off 3:off 4:off 5:off 6:off
ip6tables       0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables        0:off 1:off 2:on 3:on 4:on 5:on 6:off
lvm2-monitor    0:off 1:on 2:on 3:on 4:on 5:on 6:off
named           0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole      0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs           0:off 1:off 2:off 3:on 4:on 5:on 6:off
network         0:off 1:off 2:on 3:on 4:on 5:on 6:off
portreserve     0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix         0:off 1:off 2:on 3:on 4:on 5:on 6:off
rdisc           0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond     0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog         0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd       0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd            0:off 1:off 2:on 3:on 4:on 5:on 6:off
svnserve        0:off 1:off 2:off 3:off 4:off 5:off 6:off
sysstat         0:off 1:on 2:on 3:on 4:on 5:on 6:off
udev-post       0:off 1:on 2:on 3:on 4:on 5:on 6:off
xinetd          0:off 1:off 2:off 3:off 4:off 5:off 6:off

RHCE Series: Configure SELinux to support the service.

October 25, 2012

  • Every process or object has a SELinux context:
    • identity:role:domain/type
  • The SELinux policy controls:
    • What identities can use which roles
    • What roles can enter which domains
    • What domains can access which types
  • To change the context of a file, you can use the chcon command:
    • chcon -R –reference=/var/www/html
  • To restore the default labeling from the policy and apply the contexts to file:
    • restorecon -R
  • To change the SELinux mode during boot, you can pass the ‘enforcing=0’ option to the kernel in GRUB.
    • sestatus
    • setenforce getenforce
    • policycoreutils
    • setroubleshoot
    • system-config-selinux <- part of policycoreutils-gui in RHEL.
    • setsebool getsebool
    • chcon
    • restorecon When troubleshooting potential SELinux issues, you can turn off SELinux while troubleshooting.

Free Web-Based F5 Training

October 25, 2012

F5 offers a free web-based course! How cool is that?

RHCE Series: Remote Logging

October 24, 2012

I’ll be combining two objectives into one, as I feel that they are very closely related.

RHCE Series: Produce and deliver reports on system utilization

October 24, 2012

The sysstat package provides several utilities for system monitoring and generating reports based upon system utilization.

RHCE Series: Build a simple RPM that packages a single file.

October 24, 2012

Alright, so this is a little more in depth than creating a simple package, but I figured I could full-fill the Red Hat requirement and create a little bit of documentation on how to create the rpm for OpenNHRP in one swoop. :)

RHCSA Class Notes

October 16, 2012

Here are some notes from a recent RHCSA class.

RHCE Series: Use /proc/sys and sysctl to modify and set kernel runtime parameters.

October 16, 2012

Kernel tuning is pretty easy. There are a couple of ways of doing it. The old way of modifying kernel perimeters was by modifying the /proc.

RHCE Series: Configure a system as an iSCSI initiator that persistently mounts an iSCSI target.

October 16, 2012

Creating an iscsi target isn’t part of the RHCE objectives, but I’ll show my commands here so that you can create your own target for testing.

RHCE Series: Use iptables to implement packet filtering and configure network address translation (NAT): Part 2

October 15, 2012

In this second part, we’ll discuss how to set up a NAT in Linux, using iptables. As in the previous blog, here are the stats of my VM’s:

Think that you have a compromised Red Hat based system?

October 12, 2012

Use RPM to search for modified binaries.

RHCE Series: Use iptables to implement packet filtering and configure network address translation (NAT): Part 1

October 12, 2012

This section is on using IPTables to create a packet filtering firewall as well as implementing NAT with IPTables. My test environment are two stock installs of CentOS 6.3 in a virtualized environment.

PPTP to HE IPv6 Network Perl Script

October 11, 2012

I forgot about this. This was a perl script that I used to use to connect to Hurricane Electric IPv6 Network via PPTP. Last I checked, their pptp servers were offline. Bummer for those who can’t do IPv6 in IP tunneling. Requires the pptp-setup package.

RHCE Series: Route IP traffic and create static routes

October 10, 2012

As I start preparing for the RHCE exam, I’m attempting to go through each exam objective one by one and put together my notes on the subjects. I’ll try to go trough each exam objective in the order that it’s listed on it’s page, but I may skip around a little bit on the objectives that very vague on what exactly they want. This first set of notes is on routing IP traffic and static routes. Enjoy.

IPv6 Subnetting

October 9, 2012

In conjunction with my knowledge of how IPv4 subnetting works, Ethereal Mind blog on “/48 allocation in /64 chunks” got my mind going on IPv6 subnetting and how it works. I’ll write more on it soon, but it’s pretty easy to understand if you understand how to subnet IPv4 networks. Same concepts, but with 16 bit fields and 128 bit long addresses.

RHCE Exam Objectives

October 7, 2012

I’m starting to study for the RHCE exam. Below are the current exam objectives and will be referring to them as I study.

OpenNHRP is now available via RPM

October 2, 2012

After a LONG hiatus, I’m finally starting to work on my Open Source implementation of DMVPN, again. So far, I’ve started off by taking the OpenNHRP source code and building RPM files. I made no changes to the source code itself. Heck, I don’t even consider myself a developer. I just built the RPM binaries so that a person could build a DMVPN device without needing to have developer tools installed on the device itself. It should be a little more secure that way. :)

Using a Proxy Server to access the IPv6 Internet?

October 1, 2012

I had an idea recently. Could a person use an http proxy server to access the IPv6 portions of the Internet? The answer is, yes.

Logical Volume Management in Linux

October 1, 2012

LVM is a very powerful file system administration tool in Linux. It provides you with the ability to create, extend, resize, and even take snapshots of disk space on live systems. Here are my notes. I created a new hard drive within my test VM. When the server booted, it sees the new drive as /dev/sda. The disk that’s in use by Linux is /dev/vda. To start, we’ll need to partition /dev/sda. Note that you can only have four primary partitions on a single hard drive. Once you reach four primary partitions, if there is any space left on the disk, it will be unusable. Therefore, if you have a couple primary partitions, it’s best to start using logical partitions.

Linux Encrypted Filesystems

September 30, 2012

In the age of mobile devices that contain private information, whether it’s personal or business information, encrypting your devices is a good idea. Filesystem encryption allows you to encrypt a single partition or even an entire hard drive. When configuring correctly, this will help mitigate privacy issues from stolen devices.

Cisco Auto Secure

October 10, 2011

I recently found a new command to help with the securing of Cisco Routers. The command is “auto secure”, which is executed from privileged enable mode. When executed, it asks a few questions and executes several commands based on security best practices for Cisco Routers. Below is an example from a router in my test lab.

IOS Local Password Security Features

February 17, 2011

I’ve been studying some of the security features built in to IOS. These mostly have to do with physical security and local password security built into IOS.

History Repeats itself?

December 8, 2010

Very good article.

The United States vs Personal Freedoms and Liberties

December 7, 2010

I generally do not get overly involved in politics, because I’ve resigned myself to the fact that it’s a completely flawed system and I’m going to find something that I don’t agree with anyways. But I’ve been noticing a very disturbing trend as of late.

It's been a while...

December 2, 2010

It’s been a while since I’ve updated this. I’ve since earned a CCNP and have several notes and such that I need to put up here from my studies. I’m also focusing on my professional development and continuing to learn more about advanced technologies in depth.

Layer 3 LAN Switching

August 8, 2010

As enterprise LANs grow, there becomes a need to break up LANs with routers. Traditionally, routers have performed the layer 3 functionality, but in today’s high-speed LANs there is a need to be able to forward packets much quicker than the traditional routers have been able to. That is where layer 3 switches come into play.

Virtual LAN's and Trunks

August 4, 2010

Virtual LAN, also known as VLAN, is exactly as it sounds. It’s a method of having several virtual LAN’s on a single switch or even on an enterprise campus LAN. It’s completely driven by software and is strictly layer 2. Just as physical LAN’s, you can connect VLAN’s together with layer 3 devices, either routers or switches capable of providing layer three services.

Using Bittorrent to Distribute Software Updates?

July 28, 2010

I just thought that this was a very cool concept.

Diebold FIT File Perl Script

July 28, 2010

I wrote this to generate Diebold FIT files quickly. This script can generate a FIT file in a couple seconds in what would take me hours to do by hand.

VLAN Trunking Protocol

July 27, 2010

VLAN Trunking Protocol, aka VTP, is a Cisco proprietary protocol that allows Cisco switches to manage your VLAN database across all switches in your LAN through a central switch. This is done via a client / server environment.

OSPF Notes and Gotchas

July 20, 2010

Open Shortest Path First (OSPF) is an open standard routing protocol that is used as an interior gateway routing protocol (IGP). Because OSPF is an open standard, it will inter-operate with many network gear vendors, with some configuration tweaks.

What information is your browser giving away?

May 18, 2010

This morning, there was an article where the EFF is claiming that just because you turn off cookies and javascript in your browser doesn’t mean that you’re not giving away information. Unfortunately, they are very correct. Your browser will give away ALL kinds of information about your computer; such as operating system, browser type / version number, browser plugin’s, etc.

Automated Linux Backups utilizing rsync over SSH

May 16, 2010

I was recently tasked with coming up with a backup solution for our Linux based servers. My solution was to use rsync over SSH to pull the data that we wanted over and then use tar to create daily archives, which we can then pull off the server to some other type of storage media or a remote server.

Network Nuetrality

May 12, 2010

Net Nuetrality is a very important subject for anybody who connects to the Internet to watch TV, movies, view websites, play games, work, and download files. Teir 1 telecommunications companies (AT&T, Verizon, Comcast, etc) want to assign priorities to certain traffic instead of allowing ALL traffic through their networks equally. Services like file downloads and streaming media rich content (VoIP, streaming movie servcies like Netflix, etc) can be degredated to a point where it’s not worth it or impossible if the telecommunications companies get their way. I don’t know about you, but I don’t want my service provider to tell me how I can access the Internet and at what speeds. The FCC has tried to enforce Net Nuetrality, but the U.S. courts sided with Comcast. Our government needs to give the FCC the necessary powers to enforce Net Nuetrality. It’s good for the consumer and will force the telecommunications companies to engineer their networks to better support those services that people want. Normally I’m a huge fan of de-regulation, but this is an instance where an industry has proven that they can’t be trusted to be unregulated.

Virtualization Notes, Best Practices, and Gotcha's

March 21, 2010

I spent last week attending the Virtualization Pro Summit. I came away with a wealth of information that I’m still compiling, wrapping my head around, and figuring out where and how I can implement what. Below are some of the notes that I took away from the conference.

OSI and TCP/IP Layer Models

June 4, 2009

Background History

Why Open Source helps to build competence in IT

June 3, 2009

I love open source software (OSS), even though, technically, I’m not a developer. I’m a consumer of oss, I guess you could say. At the heart of it, oss has had a profound impact on my development as an IT professional and hobbyist. Let me explain.

NSA Security Configuration Guides

June 3, 2009

I refer to these guides from time to time, but always end up doing a google search to find them. I’m not very good at browser bookmark up keep and I’m always on a different computer then the needed bookmark is on. :)

Using Perl to grab a proccess id in Linux

May 31, 2009

Ever since I first started doing Linux system administration, I’ve used perl scripts to automate some basic tasks. I’ve never really been that great at writing scripts because I never took the time to sit down and really learn the intricate details of the language. Here recently, I’ve written some of my most complex and detail oriented scripts, where I’ve had to really learn a little bit about regular expressions. Along the way I also learned how to pick very specific data out of a array and feed it to my script for processing.

Prepping Ubuntu Server Edition to run as a DMVPN.

May 31, 2009

After reading about the open source implementation of NHRP, I decided that I would play around with it a bit to see where it’s at, development wise. I have a VMWare Session of Ubuntu 9.04 (Server Edition) that I use to geek out on stuff like this. It’s nice, because at a click of a button I can have a default install, by reverting to my default snap shot.

An Open Source Implementation of Cisco's Dynamic Multipoint VPN (DMVPN)

May 31, 2009

For a few years, Cisco has had a pretty innovative VPN solution called “Dynamic Multipoint VPN”. In essence, it’s a traditional hub and spoke VPN design, except that when two, or more, spokes want to communicate directly with each other, they initiate a dynamic IPSEC tunnel with each other instead of sending the traffic to the hub, where the hub would route the traffic to the destination spoke. If you’re confused, the “hub” would be the main office where all VPN sessions are initiated to and the “spoke” are the branch offices.

A Net::Telnet::Cisco Example (Save Running Configuration)

May 31, 2009

This is a simple perl script that uses the Net::Telnet::Cisco perl module to save the running configuration on a Cisco IOS router or switch. It could be modified to be automated very easily.