This month I started a new challenge at the company CGI. I really like being a member of this wonderful and successful organization. Currently CGI has around 69000 employees and is this growing in current economical times.
The first few days I kept myself busy getting familiar with the internal CGI systems. This week I have my first interview to see if I can start working on an assignment. Hopefully I’ll find a assignment soon! If you’re interested to invite me for an interview, please let me know. I’m really looking forward to get started again and work on some challenging new network environments.
Let the good times begin!
Most Internet Service Providers (ISP) don’t have the ability yet to get native IPv6 on your home router/modem. Most modems the ISP provides don’t have the ability to router IPv6 packets, but only IPv4. If you ask you ISP to configure their provided modem in a bridged mode, you then can connect you own device to it and that device will provide your router function in your home network.
If you use a Time Capsule as your home router you can fairly easy set up a IPv6 tunnel if your provider does not support a native IPv6 connection. This tunnel allows you to connect to the IPv6 Internet. Your connection with your ISP will still be only using IPv4. If you connect to a website which is only available via IPv4 nothing will change. If you connect to a website which is available on IPv6. Your home router will encapsulate the IPv6 packet into an IPv4 packet and send it to the other end of the tunnel. The packet which normally only has a IPv6 header, now has a IPv4 header in front of it. Therefore your ISP will handle this traffic exactly the same as the other IPv4 packets.
So how does your router know to where it must send the encapsulated IPv6 packet? You tell the router by configuring the tunnel parameters manually. For such a configuration you need a so called Tunnel Broker. This Tunnel Broker is the other end of the Tunnel where the IPv4 header is removed again and only the IPv6 packet will be left and routed to the final destination.
So before you can start your manual IPv6 tunnel configuration, the only thing you need is so called Tunnel Broker. I use the Hurricane Electric Free IPv6 Tunnel Broker.
On the website you must provide the Tunnel Broker with your IPv4 address. If you don’t know your IPv4 address, you can check this on www.whatismyip.com. Your details will look like:
Tunnelbroker.net Tunnel details
The black blocks are specific for your connection, and at the green block you have to fill your home IPv4 address.
Go to the settings of your TC with the Airport Utility and select the tab Internet:
Airport Utility – Internet tab
on the field IPv6 DNS Servers fill in the Anycasted IPv6 Caching Nameserver address.
Form there go to to button Internet Options… which is located at the bottom. Now you can start configuring your IPv6 tunnel.
Airport Utility – Internet options
From the drop down menu’s select Manually for Configure IPv6 and choose Tunnel for IPv6 mode.
Now you only need to fill in some addresses which are on the tunnelbroker.net webpage. The fields you need for you Time Capsule configuration are:
- IPv6 WAN Address: Client IPv6 Address
- IPv6 Default Route: Server IPv6 Address
- Remote IPv4 Address: Server IPv4 Address
- IPv6 Delegate Prefix: Routed /64
- IPV6 LAN Address: choose a address form the Routed /64 you filled in the line above. e.g. the prefix ending with ::1
Now your tunnel is set up correctly. Go to test-ipv6.com to test your IPv6.
I was trying to install Windows 8 (64-bit) on a computer and I ran into the error message:
“Windows cannot install required files. The file may be corrupt or missing. Make sure all files required for installation are available, and restart the installation. Error code: 0×80070570″
My fist guess was that this had to do with the fact I ordered a windows version which stated “Pre-existing OS License and Product Key Required”. So I tried a clear install of Windows 7 (64-bit) and I got the same error message. I searched the internet and most posts were releated to failed burned copies. Since I had a legal DVD this was not the problem. I even tried two different ones.
The I found a post which mentioned this could be related to memory problem as well. So I started to remove DIMM’s one by one. When I removed the first DIMM, I even got a blue-screen and the PC halted. I put back this first one and I removed the second DIMM. The installation was really quick and no problems occur any more. So the 0×80070570 error code was in my case a faulty memory module.
So problem solved :)
A while ago I saw a video on Picture Correct and I had to try this myself. I really loved the good tutorial by Gavin Hoey as he explains everything very well!
The equipment I used for the Photo below is:
The lens has a nice wide angle which helps a lot for this picture. If you don’t have a very wide angle you just have to take some more pictures.
The disadvantage of the Tripod I have, is that it has a ball head which rotates in all directions. It’s not possible to lock the camera vertically and only move it horizontally. It helped me for this picture to keep the horizon in the finder window on exactly the same position. Small errors are luckily fixed by Photoshop, so you don’t need to buy a new tripod(head).
Little Planet by Tavenier
The latest version for the Time Capsule is at the moment is 7.6.3.
I installed this update and after the installation I experienced issues with my IPv6 connectivity. I googled around and found many discussions and blogs where people are explaining they have issues with IPv6 tunnels (6in4) after the update.
When I started my AirPort Utility I noticed that my native IPv6 configuration options are still the same. But the weird thing is that Apple somehow changed the IPv6 WAN address to address from the 6to4 prefix (described in RFC 3056). This prefix starts with 2002: then followed by the IP Address converted to hexadecimal numbers, which together makes the /48 6to4 prefix.
So if my IPv4 address was
220.127.116.11 my 6to4 address would be:
2002:7BEA:7BEA::/48. You need to do the calculation from decimal to hexadecimal (123 = 0x7B and 234 = 0xEA).
The weird thing is that in the configuration you can see my address was still manually configured to a IPv6 unicast prefix, but somehow Apple changed the active IPv6 on the WAN interface to the 6to4 prefix. You can see this in the picture below:
The only solution to get IPv6 to work again is to downgrade the Time Capsule. You need to click on your Time Capsule. When you hover over you version number and use the ‘option’ button when you click you get the option to select your previous version number. See the screenshot below:
After the downgrade to 7.6.1 I see that the configured IPv6 WAN address is the same as the active IPv6 address. A visit to test-ipv6.com shows that IPv6 is working again :).
- RIPE IPv6 reference card (very useful as a quick reference for the different IPv6 prefixes)
I was looking for the type of Intel processors Apple is using for the new 27″ iMac. There is no list from Apple where a exact types are mentioned. When I started to search on the Intel website which CPU’s exactly match the descriptions Apple give on their website.
There are three types of processors, according Apple’s descriptions:
- 2.9GHz quad-core Intel Core i5 processor (Turbo Boost up to 3.6GHz) with 6MB L3 cache
- 3.2GHz quad-core Intel Core i5 processor (Turbo Boost up to 3.6GHz) with 6MB L3 cache
- 3.4GHz quad-core Intel Core i7 processor (Turbo Boost up to 3.9GHz)
A quick search on the Intel website brings me to the following Intel processors:
The only difference between the two 2.9GHz i5 processors the Graphics Models; the i5-3470S uses an Intel® HD Graphics 2500 and the i5-3475S a Intel® HD Graphics 4000. I’m not sure which model Apple puts in there new iMac’s.
The difference biggest between the i5-3470 and i7-3770, next to the difference in clock speeds, is that the i7 supports Intel® Hyper-Threading Technology. which allows the i7 up to 8 simultaneous threads (2 on each core) and therefor use the processor more efficiently.
See the details and comparison on the Intel website.
Today I got two new Cisco Catalyst 3750-X Series switches for a customer to configure. Next to the defaults contents, there was also one StackPower cable in each box. Since I didn’t see this cable before I did some research on the cisco webpage. And I found a nice white paper about the Cisco StackPower.
This white paper explain how to use this StackPower cable and all the different setups and possibilities. The cable basically is capable of connecting multiple switches and share their power source. In my case I’m going to use the described ring topology to connect the switches together in the same way as the switches are connected together with a ‘normal’ stack cable. There is also a star topology which can be configured by using a Cisco eXpandable Power System.
For the ring topology there are two modes of operation;
- Power-Sharing mode
- Redundant mode
Both modes could be used in strict or non-strict (loose) mode. The default is loose Power-Sharing mode. Which means that all power supplies of the switches in the power stack are added to a big power pool and the power can be allocated to switches in the power stack. As long as all the available power together in the pool is more then all the required power together (allocated power), you have, as Cisco it calls, a balanced power budget (
Available power > Allocated power). which means we have Negative budget if the following equation is true:
Available power < Allocated power.
For example you have four 3750-X switches with each one power supply of 715W. One switch in the stack requires 1000W and the other 3 requires only 250W. This gives us a balanced budget:
- Power budget = 4x715W = 2860W
- Allocated power = 1000W+3x250W = 1750W
- Available unallocated power = 1110W
This even means that is one power supply fails there is still enough power available (a balanced budget). If the strict mode is enable you cannot have a negative power budget, if in case of an power supply failure the budget becomes negative the power stack begins shedding power until you have a balanced power budget. This will be done by preset (configured or defaults) priority levels. The higher the priority level number the earlier the power is shed. The default priority levels are divided in three categories:
- Switches = 1-9
- High Priority Ports = 10-18
- Low Priority Ports = 19-27
In this case the low Priority ports are power shed as first. Then the High priority ports and last the switches.
The Redundant mode reserves in the power pool the amount of power (cannot be allocated) of the power supply with the most capacity. In this case you are sure you never have a negative power budget in case a random power supply fails.
For some nice pictures and best practices see the Cisco white paper.
Source: Cisco StackPower white paper (pdf)
If you have a planned maintenance and you know you will hit your Failover LAN between two ASA’s in an Active/Standby configuration. If is very useful to temporary disable the Failover mechanism so the Standby firewall stays Standby and you don’t end up in a situation where you have two Active firewalls.
Below is an example output of the
show failover output of an ASA 5520: (only relevant information is shown in this output)
firewall/act# show failover
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/1 (up)
This host: Primary - Active
Other host: Secondary - Standby Ready
Now login to the Standby firewall and disable failover very easily via the
no failover command in configuration mode:
firewall/act# conf t
firewall/stby(config)# no failover
INFO: This unit is currently in standby state. By disabling failover, this unit will remain in standby state.
You can see on the output it adds
NoFailover to the CLI prompt.
We’re back on the Active unit and you can see the Secondary in Disabled where it was previously Standby Ready:
firewall/act# show failover
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/1 (up)
This host: Primary - Active
Other host: Secondary - Disabled
If your maintenance is finished, you should enable the failover mechanism again on the Standby node:
Detected an Active mate
Beginning configuration replication from mate.
End configuration replication from mate.
Now you’re done, check you Active/Standby status again, this should be the same as the first
show failover command in this post.
Yes, I got my LPI Linux Essentials certification!
As a network engineer I’m on Linux systems on a daily basis and therefor I think it is important to have basic skills of Linux as well.
On the the InfoSecurity.nl event I got the chance to subscribe for an paper basis exam for any of the LPI certifications. Since this certification track was new for me I started with the very basics, LPI Linux Essentials, also known as LPI-010.
If you subscribe for paper basis Linux exams via the LPI events, you can save some money as well. The LPI event exams are about 50% cheaper then the normal exams which are computer based at Pearson VUE Test centers. The only disadvantage of the paper basis exams is that you don’t have an immediate result. It normally takes about 3-4 weeks, in my case this was only 17 days.
Here you can find a nice Free Linux Essentials Training Manual I used for my exam preparations.
Last week I attended the Splunk Live! event in Amsterdam. This is an event which is organised by Splunk itself and is about learning the Splunk community about their product. Some speakers of the event Splunk CIO Doug Harr, Splunk Sales Engineer Marco Paniagua, but maybe even more interesting Splunk users Wiam Vos for Kadaster and Karl Lovink for Belastingdienst.
Splunk is an tool which collects data (any data!) of any amount, any location and any source. Since there is no upfront schema defined for Splunk you can really import any data you like. This is as Splunk tries to tell us the strength of their product. Splunk indexes all the data in receives on so called indexers and via a search-head you are able to search or view the data via a Dashboard. This can be done via basis search strings or via advanced graphs and/or apps.
Splunk can be downloaded and installed very easily. Once you installed it you can add sources an play around. Splunk indexes all the information you feed it and you can search an graph all that data in a way you like it. What is even greater is that you can use the Splunkbase to install apps. This can save you a lot of work since good apps are already developed by other people and you can use them to display specific needs. Some examples of apps to view application specific data are:
The default license is Free which gives you the ability to index 500MB per day. If you exceed this amount of data you need a Enterprise license. The price depends on the amount of data you index with Splunk per day. You also get some extra features like Access Control and Index Replication.
You could run Splunk in a virtual environment, but it is important to keep in mind that Splunk needs a lot of disk IO. therefor it might be better to use dedicated hardware for Splunk. To be sure the Splunk performs well on a virtualized environment you could give several Splunk virtual machines a dedicated amount CPU/memory/disk space.
For good performance it might also be wise to use separate machines for indexing and for searching. for example you could use a loadbalancer to load balance traffic between two locations, where on each side one search-head and one indexer is running. You could send data form all reporting devices to both indexers. In this way you geographical separate your data (for disaster recovery purposes) and balance the load of the servers as well, which enrich the user experience when using this tool.
In the short future I hope to do some tests with real network traffic and post some results here as well.