nick's site

largely saving for reference

Today i ran into something very strange, a freshly set up VMWare Server 2.0 host wasn’t accessible by https and vsphere client.
I analysed the logfiles and came accross

[2010-11-06 13:35:09.843 'Proxysvc' 4128988016 warning] SSL Handshake on client connection failed: SSL Exception: error:00000000:lib(0):func(0):reason(0)

which seemed to be related to some SSL v2 Certificate thingie.
It didn’t work out for me to enable SSL v2 but as a quick hacky solution replacing all

“httpsWithRedirect” with “httpAndHttps”
in /etc/vmware/hostd/proxy.xml
then do a /etc/init.d/vmware-mgmt restart

atleast now lets me connect to the server without ssl encryption just fine.
I know its not 100% safe but on a local network server its acceptable to me.
Keep in mind instead of https://xxx:8333 you now have to use http://xxx:8222

thanks thorian

wanted to redistribute some static routes into eigrp, this is handled differently in nxos.  all redistributes need to use a route map, easiest to populate the route map with a prefix list.

examine your static routes…

n7k1# sh run | inc "ip route "

ip route 0.0.0.0/0 10.0.0.2
ip route 10.10.10.0/24 10.0.0.4
ip route 10.20.10.0/20 10.0.0.1
ip route 192.168.172.0/24 10.10.10.3

create a prefix list of subnets you want into eigrp..

ip prefix-list examplestatic seq 15 permit 10.10.10.0/24
ip prefix-list examplestatic seq 20 permit 10.20.10.0/20
ip prefix-list examplestatic seq 25 permit 192.168.172.0/24

create a route-map, add your prefix-list to it…

route-map examplestaticmap permit 10
match ip address prefix-list examplestatic

add them to your eigrp instance…

router eigrp 14
 redistribute static route-map examplestaticmap

validate whether the routes showed up on your other routers; this is a downstream ios device:

2911#sh ip route 10.20.10.0
Routing entry for 10.20.10.0/20
  Known via "eigrp 14", distance 170, metric 52224, type external
  Redistributing via eigrp 14
  Last update from 192.168.97.19 on GigabitEthernet0/0, 3w5d ago
  Routing Descriptor Blocks:
  * 192.168.97.20, from 192.168.97.20, 3w5d ago, via GigabitEthernet0/0
      Route metric is 52224, traffic share count is 1
      Total delay is 1040 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1492 bytes
      Loading 1/255, Hops 4
    192.168.97.19, from 192.168.97.19, 3w5d ago, via GigabitEthernet0/0
      Route metric is 52224, traffic share count is 1
      Total delay is 1040 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1492 bytes
      Loading 1/255, Hops 4

2911#sh ip route | beg 10.20.10
D EX     10.20.10.0/20 [170/52224] via 192.168.97.20, 3w5d, GigabitEthernet0/0
                       [170/52224] via 192.168.97.19, 3w5d, GigabitEthernet0/0

that’s it.  my examples show up twice because i did the redistribution on two n7ks.

there was a pinata game.  the pinata was shaped like a baseball, but filled with sex toys.

nate ended up with it on his head.

I don’t like unions.

That said, I see no reason government should be allowed to tell people how they can organize. I find it hilarious a bunch of people who claim to be for small government, want government to be able to dictate how people can negotiate. Further, there shouldn’t have to be laws allowing people to collectively bargain. In a free society that’s like having laws allowing people to breath.

there’s a couple decent tools to lab & test multicast routing.  one is mcast.exe and the other is VLC.  the third, i suppose, is to join a cisco interface to a multicast group.  dan mentioned a fourth tool, nortel’s multicast hammer.

symantec endpoint protection 11 disabled broadcast & multicast by default.  you will need to disable this if you have it installed.  🙂

mcast.exe is a part of the windows 2003 resource kit.  in windows 7, you need to run your command prompt as administrator for it to work.  on the “source side”, all you need to specify is a source interface/ip-address and multicast group.  i usually test with more packets of obnoxious sizes.  :)  overriding TTL gives you more testing options.

mcast /intf:10.11.13.2 /send /grps:239.192.1.101 /pktsize:65535 /numpkts:20000000000 /ttl:128

on the “destination side”, all you need to specify is a source interface/ip-address and multicast group.

mcast /intf:10.11.12.50 /recv /grps:239.192.1.101

another way to test is with VLC.  i’ve tested this in 0.98 and 1.1.  it’s easier & faster from the command line than the GUI.  on the “source side”, you need to specify a destination multicast group, port, and override the default TTL of 1.

vlc -vvv c:\media\SomeShow.S02E03.720p.HDTV.x264-CTU.mkv –sout udp:239.192.1.100:1234 –ttl 255 –loop

for the “destination side”, specify a multicast group and port to tune into

vlc udp://239.192.1.100:1234

i found an annoying nuance in VLC 1.1 or windows 7 for a client tuning into a multicast stream

vlc udp://@239.192.1.100:1234

last but not least, a cisco interface.

sw1(config-if)#do sh run int loopback 153
Building configuration...

Current configuration : 121 bytes
!
interface Loopback153
ip address 10.11.153.1 255.255.255.0
ip pim sparse-mode
ip igmp join-group 239.192.1.110
end

verify igmp memberships. maybe check pim rp if you’re up for it:


sw1#sh ip igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter Group Accounted
239.192.152.143 Vlan2 3d02h 00:02:57 10.11.12.110
239.192.1.110 Loopback153 00:01:56 00:02:49 10.11.153.1
239.255.255.250 Vlan2 27w4d 00:02:52 10.11.12.236
224.0.1.24 Vlan2 1w1d 00:02:51 10.11.12.4
224.0.1.60 Vlan2 07:09:12 00:02:53 10.11.12.9
224.0.1.40 Vlan1 27w4d 00:02:52 192.168.200.1

quotes of the day.

I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours.

– stephen f roberts

and

If they say “Just God. I only believe in the one God,” I’ll point out that they are nearly as atheistic as me. I don’t believe in 2,870 gods, and they don’t believe in 2,869.
– Ricky Gervais

i attended zombie walk detroit 2010, especially since it was happening around my job.  :)  there were 3-4 blocks of zombies walking around greektown, right around when the detroit lions ended.  there was complete chaos in the streets.

bride

yougin

dorothy

zombie robot? robot zombie?

zom

there’s much more over here.  http://agitated.net/gallery/v/2010/zombiedetroit/

someone with netware 4.1 still around..

we went to cozumel for our five year anniversary. we took a bunch of friends and family with us. we swam, snorkeled, ate, read, toured, shopped, scootered, and relaxed.

highlight pictures below the cut.  rest of the pictures are over here.  http://agitated.net/gallery/v/2010/cozumel/

by artist Raoef Mamedov. seems you can find more work over here.

click the image for high-res.

thanks tmbo