Snake Test: 4 Nodes @ 800Gbps = 25.6 Tbps

8 x 100G Host NIC’s feeding the Snake Test: 48 Hours

2x400G Uplinks to Snake Test Switch: 48 Hours

Snake Test Switch 32x400G: 48 Hours

Snake Test Switch @ 25.6 Tbps: 48 Hours

Posted in Uncategorized | Comments Off on Snake Test: 4 Nodes @ 800Gbps = 25.6 Tbps

DNS over TLS over VPN and back

DNS over TLS is a big step in fixing a badly designed protocol, at least in terms of privacy, but it still leaves you having to trust the endpoint with all of that data that you are trying to keep private. While Cloudflare claims not to log your info or sell your data, you can never know for sure what’s going on at the far end.

To that point, I’ve decided to send all of my DNS traffic over my self managed VPN that terminates on a server I rent in a Canada. This is an extra step I take to break the direct connection from my home IP address. In fact there are ZERO DNS packets leaving my home network, port 53 or 853.

I’m running a DNS-TLS resolver on my pfSense firewall and connecting to 1.1.1.1 on port 853. I’m also explicitly blocking Google DNS 8.8.8.8/8.8.4.4 and QUIC protocol (UDP 443)

While my DNS lookup times suffer greatly, the resolver caches entries so only the initial lookup is slow.

DNS Lookup to digg.com took 721 msec! (west coast to east coast and back)

The following lookup took 3msec, much better!

Here are my pfSense settings where I’m sending the DNS over the VPN

More DNS Resolver settings

General DNS Settings:

DNS Traffic exiting my VPN Server in Canada

Blocking Google DNS and QUIC with pfSense

Read more about DoT and DoH at Cloudflare:

https://www.cloudflare.com/learning/dns/dns-over-tls/

https://blog.cloudflare.com/handshake-encryption-endgame-an-ech-update/

Posted in Uncategorized | Comments Off on DNS over TLS over VPN and back

Prepping for changes with EVE-NG; SONiC, Arista, Juniper and Cisco

This weekend I got motivated to start building out my EVE-NG lab with SONiC since we are in the middle of testing out 400G in our hardware labs. The green links below need to be added to our real environment so I figured I would get the configurations vetted ahead of time. Also I’ll be using this lab to practice my network automation with Python, Nornir, Netmiko, NAPALM, etc.

There are a few links at the bottom that are helpful and should spell out all you need to do. The hardest part I had was finding a link to the virtual image so I included that direct link below for anyone else who may struggle to find that.

I may add some more details later but it’s already Sunday evening and I’ve been messing with this lab all day long and it’s time for bed.

Here you can see EVE-NG stats installed onto ESXi 7.0

TOP showing that Juniper uses 94% CPU and IOL is using 1%. I made some tweaks for KVM performance but it still is not where I’m expecting to see it. You can see the Arista using about 7-10% and SONiC using 13-16% CPU.

SONiC running in eve-ng, along with Arista, Juniper and Cisco.

SONiC Baking in the oven as we perform 400G optic testing.

Download sonic-vs.img.gz: https://sonic-jenkins.westus2.cloudapp.azure.com/job/vs/job/buildimage-vs-image-202012/lastStableBuild/artifact/target/

How-To: https://translate.google.com/translate?sl=auto&tl=en&u=https://moisio.fr/2021/01/11/sonic-sur-eve-ng/

How-To #2: http://www.networkhints.com/2021/01/microsoft-sonic-virtual-switch-on-eve-ng.html

EVE-NG Blog: https://jncie.eu/

Juniper Performance vs Lite Mode: https://www.juniper.net/documentation/us/en/software/vmx/vmx-getting-started/topics/task/vmx-chassis-flow-caching-enabling.html

Posted in bgp, Networks | Comments Off on Prepping for changes with EVE-NG; SONiC, Arista, Juniper and Cisco

Object-Oriented Programming vs. Functional Programming

Today I found a great article on hacker news with regards to Object Oriented Programming. Some interesting arguments about code complexity causing issues with Volkswagen accelerator issues and the Boeing MAX issues.

https://suzdalnitski.medium.com/oop-will-make-you-suffer-846d072b4dce

“None of the built-in OOP features help with preventing spaghetti code — encapsulation simply hides and scatters state across the program, which only makes things worse. Inheritance adds even more confusion. OOP polymorphism once again makes things even more confusing — there are no benefits in not knowing what exact execution path the program is going to take at runtime. Especially when multiple levels of inheritance are involved.”

These are very valid arguments based on my own experience with JAVA based OOP. The complexity it adds seems to outweigh the “efficiency” of the code and runs the risk of morphing into tangled mess of “Spaghetti Code”.

A great read and an interesting concept for people who do software development.

Posted in Programming | Comments Off on Object-Oriented Programming vs. Functional Programming

OSX 10.15 on 2009 Macbook Pro & ESXi 7.0

I updated my 2009 macbook pro this weekend from 10.11 (last supported OS) to 10.15. The best part about it all is that the computer runs FASTER with Catalina installed then it did with El Capitan! It’s possible that this is due to the fresh install but it’s nice to breathe new life into old hardware that is clearly still working perfectly fine as a daily machine. If i need some more horsepower there is always the ESXi 7.0 instance with any flavor of OS, including the new version of Catalina I virtualized last weekend.

Macbook upgrade patch can be found at https://dosdude1.com, just make sure you have a decent thumb drive. I spent HOURS fidgeting with this issue before plugging in a proper EFI supported hard drive for the boot device.

Mac OS on ESXi 7.0 tutorial can be found here, everything works great with the 3.02 unlocker patch needed for ESXi to create the mac OS virtual machine.

Posted in Uncategorized | Comments Off on OSX 10.15 on 2009 Macbook Pro & ESXi 7.0

Rocket.Chat Installation on Synology DS415+

RocketChat on DS415+ Tutorial

You may or may not have heard of Rocket.Chat. It’s basically an open source clone of Slack that you deploy on your own server. The best thing about it is that it’s free and you own all of your data. They also offer a service you can subscribe to if you don’t want to do all the fun work of setting up the server, but who wants that? You certainly won’t learn anything new that way!

I’ve been playing around with this software for about a year now and I’ve come to the conclusion that this makes a really good personal journal. With that said, I wanted to setup a local (permanent) instance of Rocket.Chat on my Synology DS415+, in addition to the instance I have running on my internet facing server.

A quick google search brought me to this great post which outlines the installation process. Unfortunately I was not able to complete the installation without a couple of changes. I’ve put together my own tutorial with screenshots over in the Home Lab section

Posted in Computer Admin | Leave a comment

Python Inventory Search

I wrote a python script to query a website and check to see if an item is in stock. If it finds the product in question it will email me a report with a hyperlink so that I can click the link and place and order straight from my email. This script runs as a cron job (once every hour) and saves me the time of having to constantly check their website, wondering when they will get the next delivery.

It was a great exercise in using the BeautifulSoup4 python library as well as using selenium for the first time which was needed to flesh out the javascript that is creating the dynamic content.

from selenium import webdriver
from bs4 import BeautifulSoup as bs
from selenium.webdriver.firefox.options import Options
from selenium.common.exceptions import NoSuchElementException
import lxml
import smtplib
import time

options = Options()
options.headless = True

mylist = []
not_found = ''

driver = webdriver.Firefox(options=options)
driver.get("https://www.website.com)

# Try and fix the random timing errors --> better way is with selenium waitfor
time.sleep(5)

# Look for the state "no product in stock" --> "0 matches, that stinks"
try:
    not_found = driver.find_element_by_class_name("css-1ctldcn.ew1p50q2")
    not_found_html = not_found.get_attribute('innerHTML')

# handle the exception of product actually being found.
except NoSuchElementException as e:
    print (str(e))

# print "not found message" and exit program
if(not_found):
    print (not_found_html)
    driver.close()
    exit()

try: 

    # They have stock; now find how many products they have at runtime.
    products = driver.find_element_by_class_name("css-hecap1.ettsl931")
    total_products = products.get_attribute('innerHTML')

# handle the exception of product elements not being found and exit program
except NoSuchElementException as e:
    print (str(e))
    driver.close()
    exit()

# Find all of the Grid Elements, or all of the products available - all products use the same grid ID
element = driver.find_element_by_class_name("css-19ofktj.e29d1tf2")
html = element.get_attribute('innerHTML')
soup = bs(html, "lxml")

print (total_products)

for a in soup.find_all('a', href=True):
    mylist.append("Found the URL: https://www.website.com" + a['href'])

# Python 3 only
print (*mylist, sep="\n")

# See the whole tree with price and description for each item
# prettyHTML = soup.prettify()
# print (prettyHTML)

port = 587  
sender_email = "SENDER@gmail.com"
receiver_email = "RECEIVER@email.com"

message = """\
Subject: new products have arrived!

{}. """ .format(total_products) + str(mylist)

server = smtplib.SMTP('smtp.gmail.com', 587)
server.ehlo()
server.starttls()
server.ehlo()
server.login(sender_email, "SENDERPASSWORD")
server.sendmail(sender_email, receiver_email, message)
server.quit()

driver.close()
Posted in Python | Leave a comment

Free DNS subdomains

Free DNS subdomains via afraid.org is a great resource for lab and test machines.

They also have a free Dynamic DNS service which is a great way to keep tabs on your Home IP address in the event it should change. In the past I would use this to make sure I can VPN back to the house but now I have a OpenVPN server in a Data Center in Canada that I use.

Since I mentioned it, KimsUfi is a great resource for cheap servers. Pro Tip look for a “flash sale” to get a nice discount on your bill for as long as you continue rent the machine.

Posted in DNS, Networks | Leave a comment

DMVPN with BGP & OSPF

DMVPN with BGP and OSPF

Posted in bgp, dmvpn, Networks, ospf | Leave a comment

CCNP Enterprise – Valid Through 2023

Happy to say that I passed my CCNP re-certification after letting it expire in 2016. It felt good getting back in the lab and running through various routing and switching problems. I used EVE-NG to study with, it’s simply amazing software.

Posted in Uncategorized | Leave a comment