8 x 100G Host NIC’s feeding the Snake Test: 48 Hours
2x400G Uplinks to Snake Test Switch: 48 Hours
Snake Test Switch 32x400G: 48 Hours
Snake Test Switch @ 25.6 Tbps: 48 Hours
8 x 100G Host NIC’s feeding the Snake Test: 48 Hours
2x400G Uplinks to Snake Test Switch: 48 Hours
Snake Test Switch 32x400G: 48 Hours
Snake Test Switch @ 25.6 Tbps: 48 Hours
DNS over TLS is a big step in fixing a badly designed protocol, at least in terms of privacy, but it still leaves you having to trust the endpoint with all of that data that you are trying to keep private. While Cloudflare claims not to log your info or sell your data, you can never know for sure what’s going on at the far end.
To that point, I’ve decided to send all of my DNS traffic over my self managed VPN that terminates on a server I rent in a Canada. This is an extra step I take to break the direct connection from my home IP address. In fact there are ZERO DNS packets leaving my home network, port 53 or 853.
I’m running a DNS-TLS resolver on my pfSense firewall and connecting to 1.1.1.1 on port 853. I’m also explicitly blocking Google DNS 8.8.8.8/8.8.4.4 and QUIC protocol (UDP 443)
While my DNS lookup times suffer greatly, the resolver caches entries so only the initial lookup is slow.
DNS Lookup to digg.com took 721 msec! (west coast to east coast and back)
The following lookup took 3msec, much better!
Here are my pfSense settings where I’m sending the DNS over the VPN
More DNS Resolver settings
General DNS Settings:
DNS Traffic exiting my VPN Server in Canada
Blocking Google DNS and QUIC with pfSense
Read more about DoT and DoH at Cloudflare:
https://www.cloudflare.com/learning/dns/dns-over-tls/
https://blog.cloudflare.com/handshake-encryption-endgame-an-ech-update/
This weekend I got motivated to start building out my EVE-NG lab with SONiC since we are in the middle of testing out 400G in our hardware labs. The green links below need to be added to our real environment so I figured I would get the configurations vetted ahead of time. Also I’ll be using this lab to practice my network automation with Python, Nornir, Netmiko, NAPALM, etc.
There are a few links at the bottom that are helpful and should spell out all you need to do. The hardest part I had was finding a link to the virtual image so I included that direct link below for anyone else who may struggle to find that.
I may add some more details later but it’s already Sunday evening and I’ve been messing with this lab all day long and it’s time for bed.
Here you can see EVE-NG stats installed onto ESXi 7.0
TOP showing that Juniper uses 94% CPU and IOL is using 1%. I made some tweaks for KVM performance but it still is not where I’m expecting to see it. You can see the Arista using about 7-10% and SONiC using 13-16% CPU.
SONiC running in eve-ng, along with Arista, Juniper and Cisco.
SONiC Baking in the oven as we perform 400G optic testing.
Download sonic-vs.img.gz: https://sonic-jenkins.westus2.cloudapp.azure.com/job/vs/job/buildimage-vs-image-202012/lastStableBuild/artifact/target/
How-To #2: http://www.networkhints.com/2021/01/microsoft-sonic-virtual-switch-on-eve-ng.html
EVE-NG Blog: https://jncie.eu/
Juniper Performance vs Lite Mode: https://www.juniper.net/documentation/us/en/software/vmx/vmx-getting-started/topics/task/vmx-chassis-flow-caching-enabling.html
Today I found a great article on hacker news with regards to Object Oriented Programming. Some interesting arguments about code complexity causing issues with Volkswagen accelerator issues and the Boeing MAX issues.
https://suzdalnitski.medium.com/oop-will-make-you-suffer-846d072b4dce
“None of the built-in OOP features help with preventing spaghetti code — encapsulation simply hides and scatters state across the program, which only makes things worse. Inheritance adds even more confusion. OOP polymorphism once again makes things even more confusing — there are no benefits in not knowing what exact execution path the program is going to take at runtime. Especially when multiple levels of inheritance are involved.”
These are very valid arguments based on my own experience with JAVA based OOP. The complexity it adds seems to outweigh the “efficiency” of the code and runs the risk of morphing into tangled mess of “Spaghetti Code”.
A great read and an interesting concept for people who do software development.
I updated my 2009 macbook pro this weekend from 10.11 (last supported OS) to 10.15. The best part about it all is that the computer runs FASTER with Catalina installed then it did with El Capitan! It’s possible that this is due to the fresh install but it’s nice to breathe new life into old hardware that is clearly still working perfectly fine as a daily machine. If i need some more horsepower there is always the ESXi 7.0 instance with any flavor of OS, including the new version of Catalina I virtualized last weekend.
Macbook upgrade patch can be found at https://dosdude1.com, just make sure you have a decent thumb drive. I spent HOURS fidgeting with this issue before plugging in a proper EFI supported hard drive for the boot device.
Mac OS on ESXi 7.0 tutorial can be found here, everything works great with the 3.02 unlocker patch needed for ESXi to create the mac OS virtual machine.
You may or may not have heard of Rocket.Chat. It’s basically an open source clone of Slack that you deploy on your own server. The best thing about it is that it’s free and you own all of your data. They also offer a service you can subscribe to if you don’t want to do all the fun work of setting up the server, but who wants that? You certainly won’t learn anything new that way!
I’ve been playing around with this software for about a year now and I’ve come to the conclusion that this makes a really good personal journal. With that said, I wanted to setup a local (permanent) instance of Rocket.Chat on my Synology DS415+, in addition to the instance I have running on my internet facing server.
A quick google search brought me to this great post which outlines the installation process. Unfortunately I was not able to complete the installation without a couple of changes. I’ve put together my own tutorial with screenshots over in the Home Lab section
I wrote a python script to query a website and check to see if an item is in stock. If it finds the product in question it will email me a report with a hyperlink so that I can click the link and place and order straight from my email. This script runs as a cron job (once every hour) and saves me the time of having to constantly check their website, wondering when they will get the next delivery.
It was a great exercise in using the BeautifulSoup4 python library as well as using selenium for the first time which was needed to flesh out the javascript that is creating the dynamic content.
from selenium import webdriver
from bs4 import BeautifulSoup as bs
from selenium.webdriver.firefox.options import Options
from selenium.common.exceptions import NoSuchElementException
import lxml
import smtplib
import time
options = Options()
options.headless = True
mylist = []
not_found = ''
driver = webdriver.Firefox(options=options)
driver.get("https://www.website.com)
# Try and fix the random timing errors --> better way is with selenium waitfor
time.sleep(5)
# Look for the state "no product in stock" --> "0 matches, that stinks"
try:
not_found = driver.find_element_by_class_name("css-1ctldcn.ew1p50q2")
not_found_html = not_found.get_attribute('innerHTML')
# handle the exception of product actually being found.
except NoSuchElementException as e:
print (str(e))
# print "not found message" and exit program
if(not_found):
print (not_found_html)
driver.close()
exit()
try:
# They have stock; now find how many products they have at runtime.
products = driver.find_element_by_class_name("css-hecap1.ettsl931")
total_products = products.get_attribute('innerHTML')
# handle the exception of product elements not being found and exit program
except NoSuchElementException as e:
print (str(e))
driver.close()
exit()
# Find all of the Grid Elements, or all of the products available - all products use the same grid ID
element = driver.find_element_by_class_name("css-19ofktj.e29d1tf2")
html = element.get_attribute('innerHTML')
soup = bs(html, "lxml")
print (total_products)
for a in soup.find_all('a', href=True):
mylist.append("Found the URL: https://www.website.com" + a['href'])
# Python 3 only
print (*mylist, sep="\n")
# See the whole tree with price and description for each item
# prettyHTML = soup.prettify()
# print (prettyHTML)
port = 587
sender_email = "SENDER@gmail.com"
receiver_email = "RECEIVER@email.com"
message = """\
Subject: new products have arrived!
{}. """ .format(total_products) + str(mylist)
server = smtplib.SMTP('smtp.gmail.com', 587)
server.ehlo()
server.starttls()
server.ehlo()
server.login(sender_email, "SENDERPASSWORD")
server.sendmail(sender_email, receiver_email, message)
server.quit()
driver.close()
Free DNS subdomains via afraid.org is a great resource for lab and test machines.
They also have a free Dynamic DNS service which is a great way to keep tabs on your Home IP address in the event it should change. In the past I would use this to make sure I can VPN back to the house but now I have a OpenVPN server in a Data Center in Canada that I use.
Since I mentioned it, KimsUfi is a great resource for cheap servers. Pro Tip look for a “flash sale” to get a nice discount on your bill for as long as you continue rent the machine.
Happy to say that I passed my CCNP re-certification after letting it expire in 2016. It felt good getting back in the lab and running through various routing and switching problems. I used EVE-NG to study with, it’s simply amazing software.