vimrc sets

2015.02.25

vim has become a bigger part of my life lately so i need to make it more useful. here’s my .vimrc set statements:

set number
syntax on
filetype indent plugin on
set tabstop=2
set expandtab
set shiftwidth=2
set softtabstop=2
set ruler
set hlsearch
set ignorecase
Categories : geek

nx-os route redistribution, simplified

2014.01.06

in a previous post, i talked about nx-os route redistribution, with a route-map. if you want all your static routes to be redistributed, you can simplify your route-map. how simple? skip the prefix list! ūüôā

examine your static routes…

n7k1# sh run | inc “ip route ”

ip route 0.0.0.0/0 10.0.0.2
ip route 10.10.10.0/24 10.0.0.4
ip route 10.20.10.0/20 10.0.0.1
ip route 192.168.172.0/24 10.10.10.3

create a route-map, skip the prefix list.

route-map examplestaticmap permit 10

add them to your eigrp instance…

router eigrp 14
redistribute static route-map examplestaticmap

my coworkers are clever.

Categories : geek

eigrp offset-list

2013.04.13

offset lists are a tool to manipulate paths for eigrp routes.  in my topology, 4.4.4.4/32, 4.4.4.5/32, and 4.4.4.6/32 are loopbacks on r4.  fa1/0 has a delay of 10000 and fa2/0 has a delay of 15000 on both r2 and r3.  without any any changes, successor and feasible successor to r4 show up in the topology table but fa1/0 is preferred.

i want to make 4.4.4.5/32 and 4.4.4.6/32 prefer fa2/0 instead. ¬†i found it’d be easier to understand outbound metric changes, since the router announcing the routes is the authority on which path to take.

offsetlistopology
routing table:

r2#sh ip route 4.4.4.5   
Routing entry for 4.4.4.5/32
  Known via "eigrp 1", distance 90, metric 2946560, type internal
  Redistributing via eigrp 1
  Last update from 10.23.23.3 on FastEthernet1/0, 00:00:41 ago
  Routing Descriptor Blocks:
  * 10.23.23.3, from 10.23.23.3, 00:00:41 ago, via FastEthernet1/0
      Route metric is 2946560, traffic share count is 1
      Total delay is 105100 microseconds, minimum bandwidth is 10000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

topology:

r2#sh ip eigrp top 4.4.4.5/32
EIGRP-IPv4 Topology Entry for AS(1)/ID(2.2.2.2) for 4.4.4.5/32
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2903808
  Descriptor Blocks:
  10.23.23.3 (FastEthernet1/0), from 10.23.23.3, Send flag is 0x0
      Composite metric is (2946560/2713600), route is Internal
      Vector metric:
        Minimum bandwidth is 10000 Kbit
        Total delay is 105100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
        Originating router is 4.4.4.4
  10.23.23.131 (FastEthernet2/0), from 10.23.23.131, Send flag is 0x0
      Composite metric is (6741248/2713600), route is Internal
      Vector metric:
        Minimum bandwidth is 12004 Kbit
        Total delay is 255000 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
        Originating router is 4.4.4.4

from r3, i can create an acl for routes i want to offset:

r3#sh run | s access-list
access-list 45 permit 4.4.4.5
access-list 45 permit 4.4.4.6

i use the offset-list to make fa1/0 less desirable than fa2/0:

r3#sh run | sec router eigrp 1
router eigrp 1
 network 3.3.3.3 0.0.0.0
 network 10.23.23.0 0.0.0.255
 network 10.34.34.0 0.0.0.255
 redistribute static
 offset-list 45 out 10000000 FastEthernet1/0  < ---------
 eigrp router-id 3.3.3.3

net result is that it adds 10000000 to the existing metric on fa1/0:

r3#sh ip prot
*** IP Routing is NSF aware ***

Routing Protocol is "eigrp 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Outgoing routes in FastEthernet1/0 will have 10000000 added to metric if on list 45  < ---------
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  Redistributing: static
! dropped irrelevant

back on r2, i should see the path to 4.4.4.5/32 via fa2/0:

r2#sh ip route 4.4.4.5       
Routing entry for 4.4.4.5/32
  Known via "eigrp 1", distance 90, metric 6741248, type internal
  Redistributing via eigrp 1
  Last update from 10.23.23.131 on FastEthernet2/0, 00:00:06 ago
  Routing Descriptor Blocks:
  * 10.23.23.131, from 10.23.23.131, 00:00:06 ago, via FastEthernet2/0
      Route metric is 6741248, traffic share count is 1
      Total delay is 255000 microseconds, minimum bandwidth is 12004 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

both successor and feasible successor should still be in the topology table on r2:

r2#sh ip eigrp top 4.4.4.5/32
EIGRP-IPv4 Topology Entry for AS(1)/ID(2.2.2.2) for 4.4.4.5/32
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2903808
  Descriptor Blocks:
  10.23.23.131 (FastEthernet2/0), from 10.23.23.131, Send flag is 0x0
      Composite metric is (6741248/2713600), route is Internal
      Vector metric:
        Minimum bandwidth is 12004 Kbit
        Total delay is 255000 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
        Originating router is 4.4.4.4
  10.23.23.3 (FastEthernet1/0), from 10.23.23.3, Send flag is 0x0
      Composite metric is (12946560/12713600), route is Internal
      Vector metric:
        Minimum bandwidth is 10000 Kbit
        Total delay is 495725 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
        Originating router is 4.4.4.4

verification from r1:

r1#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
  1 10.12.12.2 16 msec 16 msec 24 msec
  2 10.23.23.3 40 msec 44 msec 44 msec  < ---------
  3 10.34.34.4 72 msec *  56 msec
r1#traceroute 4.4.4.5
Type escape sequence to abort.
Tracing the route to 4.4.4.5
VRF info: (vrf in name/id, vrf out name/id)
  1 10.12.12.2 20 msec 20 msec 20 msec
  2 10.23.23.131 44 msec 44 msec 40 msec  <---------
  3 10.34.34.4 64 msec *  60 msec

i’ll use this at work for some traffic engineering on datacenter-datacenter links. ¬†i wanted to send some non-critical traffic down a slower link to get some better utilization across both links. we’re paying for unlimited transit, so don’t want one path to sit idle.

Categories : geek

cisco ipv6 acls

2012.05.29

in the usual ipv4 variety, i have a web/ssh server with static NAT entries in my 1841 router.  i also use NAT overloading for users behind the router in RFC1918 space.  the NAT overload offers some semblance of protection by not having end users directly accessible from the internet.

i use an ipv6 tunnel from hurricane electric‘s free tunnel broker service. ¬†i’ve got a full /48 of routable ipv6 address space and have 3-4 /64s carved up. ¬†i set it up for CCNP lab’ing. ¬†it works but not terribly fast. ¬†however, the cisco 1841 is a router and just forwards packets by default. ¬†therefore, it needs an ACL to stop my internal network from being accessible from the outside while still allowing the internal network to access the outside. next piece of the puzzle was to allow http/s and ssh access to my server from the outside.

i chose eui-64 because i’m lazy.

here’s my tunnel config, relevant sections bolded:

1841#sh run int tu0
Building configuration…
Current configuration : 346 bytes
interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ip route-cache flow
ipv6 address 2001:470:7:806::2/64
ipv6 enable
ipv6 traffic-filter inbound in
ipv6 traffic-filter outbound out

ipv6 flow ingress
ipv6 flow egress
tunnel source FastEthernet0/0
tunnel destination x.y.z.a
tunnel mode ipv6ip
end

‘inside’ interface config with relevant bits:

1841#sh run int fa0/1
Building configuration…
Current configuration : 308 bytes
!
interface FastEthernet0/1
description inside
ipv6 address 2001:470:E24F:2::/64 eui-64
ipv6 enable
end

here’s the tricky part: i needed the REFLECT¬†keyword to make stateful. ¬†also needed to use both inbound and outbound ACLs together.

1841#sh run | beg access-list inbound
ipv6 access-list inbound
sequence 50 permit tcp any host 2001:470:E24F:2:202:B3FF:FEAB:733F eq 22
permit tcp any host 2001:470:E24F:2:202:B3FF:FEAB:733F eq www
permit tcp any host 2001:470:E24F:2:202:B3FF:FEAB:733F eq 443
sequence 130 evaluate OUTREFLECT
permit tcp any host 2001:470:E24F:2:202:B3FF:FEAB:733F eq domain
permit udp any host 2001:470:E24F:2:202:B3FF:FEAB:733F eq domain
!
ipv6 access-list outbound
sequence 30 permit ipv6 2001:470:8:806::/64 any reflect OUTREFLECT
permit ipv6 2001:470:E24F::/48 any reflect OUTREFLECT
!
ipv6 access-list sshaccess
permit ipv6 2001:470:E24F::/48 any

my server MAC has changed since i did this, i should probably update this ACL since the eui-64 address changed. ūüôā

should limit ipv6 ssh access to my router from my internal network too, using the sshaccess ACL from above.

1841#sh run | beg vty
line vty 0 4
access-class 10 in
ipv6 access-class sshaccess in
transport input ssh

world ipv6 day is coming. ready?

Categories : geek

Apple IDs

2012.04.16

Apple offers a way to create iTunes IDs without a credit card. This works IFF* you don’t already have an Apple ID.

There are cases where you have an Apple ID that isn’t associated with iTunes; whether it’s for developer accounts, discussion forums, registering your product, AppleCare, or Store appointments.

However, it doesn’t offer a way to convert/link an existing Apple ID with an iTunes ID without using a credit card.

This needs to change.

*If and only if

Categories : geek

why school

2012.01.31

many times it seems like i’m not learning anything useful in school, applicable to someone who has been working in IT for a dozen years already. at first, it was learning to program and learning processes, then documentation and workflow. now i’m learning some basic nuts and bolts of how computing works, which is neat but doesn’t seem immediately applicable.

i was reminded last month that maybe school isn’t about tools or skills but instead about access; access to explore new ideas and figure out what you want to do. maybe it’s about getting pointed in the direction you’re interested. maybe it’s about teaching you to think about problems differently.

i’m nearing the end but still don’t feel like i have a direction. i’ve been reading the acm and sigcomm periodicals for ideas and inspiration. some graduate-level classes look interesting but i’m burned out with school. although, i feel when I pause, i won’t go back.

the pause is inevitable as i follow through on a commitment to my wife but the duration is undecided.

Categories : about

cold-brewed coffee

2012.01.29

a few people have asked how we make our cold-brewed coffee. ¬†we make it a gallon at a time, you can adjust quantities as needed. ¬†it takes a while to make a batch but you can make the second batch while consuming the first. ¬†ūüôā

you need a pitcher, a sun-tea jar, a strainer, coffee grounds (medium or dark roast), and coffee filters.

medium-grind two cups of coffee beans, pour them in the pitcher, add water (seems to be about two quarts.)  let it stand at room temperature for 12 hours.  stir it every couple of hours if you remember.

after 12 hours, put your coffee filter in your strainer and place it on top of the sun tea jar.

pour the coffee concoction through the filter. ¬†you can fill up the filter but it won’t flow outside the jar. ¬†this is the slowest/hardest/worst part for us because we’re impatient. ¬†pour the mix in and walk away for 10 minutes, don’t watch it. ¬†repeat this until the pitcher is empty. ¬†you can replace the coffee filters when they get too gunked up to pass coffee any more.

 

almost done!  use your fingers on the outside to gauge how deep the coffee is.  then add that much water.  chill.  enjoy.  it will be good for about five days but rarely lasts any more than two days in our house.

Categories : fun  geek  reviews

3ware migrate/resize/extend crap

2011.11.27

turns out you can’t migrate/resize/extend a 3ware lun without adding disks, at least on a 9650se controller. ¬†i had 4x 750gb disks attached to a controller, no free slots. ¬†i replaced one by one with 1.5tb disks. ¬†i wanted to extend the 2.05tb lun to 4.0tb but the software won’t let you do it.

[root@schitzo src]# ./tw_cli
//schitzo> /c2 show

Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy
------------------------------------------------------------------------------
u0   RAID-5   OK     -      -      64K    2095.44  ON    OFF

Port Status Unit Size    Blocks     Serial
---------------------------------------------------------------
p0   OK     u0   1.36 TB 2930277168 x
p1   OK     u0   1.36 TB 2930277168 y
p2   OK     u0   1.36 TB 2930277168 z
p3   OK     u0   1.36 TB 2930277168 a

//schitzo> /c2/u0 show

Unit    UnitType Status %RCmpl %V/I/M Port Stripe Size(GB)
------------------------------------------------------------------------
u0      RAID-5   OK     -      -      -    64K    2095.44
u0-0    DISK     OK     -      -      p1   -      698.481
u0-1    DISK     OK     -      -      p2   -      698.481
u0-2    DISK     OK     -      -      p0   -      698.481
u0-3    DISK     OK     -      -      p3   -      698.481
u0/v0   Volume   -      -      -      -    -      2095.44

//schitzo> /c2/u0 migrate type=raid5 disk=0:3
Error: (CLI:008) Invalid ID specified. Found a specified ID already in use.

lame.  time to destroy, create, mount, and restore.

Categories : geek

vmware server 2.0.2 crap

2011.11.27

largely saving for reference

Today i ran into something very strange, a freshly set up VMWare Server 2.0 host wasn’t accessible by https and vsphere client.
I analysed the logfiles and came accross

[2010-11-06 13:35:09.843 'Proxysvc' 4128988016 warning] SSL Handshake on client connection failed: SSL Exception: error:00000000:lib(0):func(0):reason(0)

which seemed to be related to some SSL v2 Certificate thingie.
It didn’t work out for me to enable SSL v2 but as a quick hacky solution replacing all

‚ÄúhttpsWithRedirect‚ÄĚ with ‚ÄúhttpAndHttps‚ÄĚ
in /etc/vmware/hostd/proxy.xml
then do a /etc/init.d/vmware-mgmt restart

atleast now lets me connect to the server without ssl encryption just fine.
I know its not 100% safe but on a local network server its acceptable to me.
Keep in mind instead of https://xxx:8333 you now have to use http://xxx:8222

thanks thorian

Categories : geek

cisco nxos route redistribution

2011.11.06

wanted to redistribute some static routes into eigrp, this is handled differently in nxos.  all redistributes need to use a route map, easiest to populate the route map with a prefix list.

examine your static routes…

n7k1# sh run | inc "ip route "

ip route 0.0.0.0/0 10.0.0.2
ip route 10.10.10.0/24 10.0.0.4
ip route 10.20.10.0/20 10.0.0.1
ip route 192.168.172.0/24 10.10.10.3

create a prefix list of subnets you want into eigrp..

ip prefix-list examplestatic seq 15 permit 10.10.10.0/24
ip prefix-list examplestatic seq 20 permit 10.20.10.0/20
ip prefix-list examplestatic seq 25 permit 192.168.172.0/24

create a route-map, add your prefix-list to it…

route-map examplestaticmap permit 10
match ip address prefix-list examplestatic

add them to your eigrp instance…

router eigrp 14
 redistribute static route-map examplestaticmap

validate whether the routes showed up on your other routers; this is a downstream ios device:

2911#sh ip route 10.20.10.0
Routing entry for 10.20.10.0/20
  Known via "eigrp 14", distance 170, metric 52224, type external
  Redistributing via eigrp 14
  Last update from 192.168.97.19 on GigabitEthernet0/0, 3w5d ago
  Routing Descriptor Blocks:
  * 192.168.97.20, from 192.168.97.20, 3w5d ago, via GigabitEthernet0/0
      Route metric is 52224, traffic share count is 1
      Total delay is 1040 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1492 bytes
      Loading 1/255, Hops 4
    192.168.97.19, from 192.168.97.19, 3w5d ago, via GigabitEthernet0/0
      Route metric is 52224, traffic share count is 1
      Total delay is 1040 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1492 bytes
      Loading 1/255, Hops 4
2911#sh ip route | beg 10.20.10
D EX     10.20.10.0/20 [170/52224] via 192.168.97.20, 3w5d, GigabitEthernet0/0
                       [170/52224] via 192.168.97.19, 3w5d, GigabitEthernet0/0

that’s it. ¬†my examples show up twice because i did the redistribution on two n7ks.



Categories : geek