jim – Page 4 – TECHJOCKEY.net

F5 BIGIP — Alternative using HAProxy and keepalived — Part 2

Okay we’re back!! Welcome to Part#2. If you’ve read my last post in this high availability and load balancing series(Part#1) you understand the need for HAProxy to complete our setup. If you recall, I am looking for a alternative solution to BIGIP F5 LTMs products. These products provide both high-availability fail-over via a Floating IP between LTMs, and the Load Balancing of requests to service endpoints. In the previous post, we managed to tackle the former part and provide High Availability, but not the Load Balancing part.

To complete this alternative we now add HAProxy into our setup.
Continue reading…

November 5, 2013 by jim F5 Linux 2

F5 BIGIP — Alternative using HAProxy and keepalived — Part 1

I come from a strong BIG IP F5 background and wanted to explorer alternatives to their LTM product line. BIG IP F5 LTMs are their Highly Availability and Load-Balancing network products, see here. They are primarily used as a means to mitigate infrastructure failover across server clusters. How this is done is by use of a floating IP address that is shared between two independent devices, in this case LTMs. One LTM is always active and responds to request for this Floating IP from client devices. In the event of a device failure, the secondary LTM will sense this via a variety of means and take over as the Active LTM. This essentially is how the High-Availability or failover is maintained at an infrastructure connectivity perspective. The second piece to these devices is their load-balancing functionality. Load-balancing has many forms, for this case, we are talking about network service load balancing (pretty much layer 4 and above. This allows more intelligence into the distribution of request to a server farm or cluster.

Now as I stated previously, I was looking into alternative solutions and I came across a GNU free software called keepalived which seemed to do exactly what I needed. Remember their are two pieces I wanted to fullfill as an alternative solution to LTM; it has to be able to maintain Network failover (seamlessly) and provide load-balancing for serivce endpoints. Also, surprisingly, much of the configuration statements in the keepalived.conf look very simlar to F5 LTM bigip.conf file.
Continue reading…

November 5, 2013 by jim F5 Linux 6

Cisco IOS –DHCP/DNS Authoritative Server on Router

I was trying to set up a SOHO router for a small client the other day and was having difficulty getting the DNS server to function the way I wanted on the router. I could get the DNS server to run on the Cisco Router, but it would only work on external domains. Any static record I added would not be resolvable for clients.

For starters, I will assume you have your own Cisco router running 12.4+ IOS firmware with ipservices.

DHCP first…

First, let’s set up DHCP on the Router

R1(config)# interface fastEthernet 0/1
R1(config)# ip address 10.0.0.1 255.255.255.0
R1(config)# no shutdown

Enable DHCP service on that interface
```
R1(config)# ip dhcp-server 10.0.0.1
```

Configure DHCP settings

R1(config)# ip dhcp pool dhcp-pool
R1(config-dhcp)# network 10.0.0.0 255.255.255.0
R1(config-dhcp)# domain-name yourdomain.local
R1(config-dhcp)# dns-server 10.0.0.1
R1(config-dhcp)# default-router 10.0.0.1
R1(config-dhcp)# lease 7

October 30, 2013 by jim Cisco 1

Linux — MRTG in Minutes!

MRTG is one of those tools a Network Engineer has on his/her toolbelt. MRTG allows the graphing of trending network activity for a wide range of devices. It uses SNMP to query a host and poll it’s network information and statistics. It can be used with Routers, Switches, Linux Hosts, etc.

I’m going to run MRTG against a Linux Router(running IPtables), a HP PowerConnect Switch, a Cisco Router, and an ESXi host. Anyway….Let’s get started.

August 18, 2013 by jim Linux 1

Cisco IOS — Link Aggregation with LACP and NIC Teaming

Hi All!, been awhile since I posted an article and I don’t think I have ever posted one on Network Link Aggregation!! Link Aggregation is the physical combining of network links into one logical link. There are two main advantages to this practice. First is the increase throughput that you obtain by combining links, for example combining 2x 1GB links will increase your total bandwidth to 2GB.(Keep in mind this will not change your latency…) Secondly, link aggregation grants the benefits of redundancy. Imagine the setup above. If 1 of the 1GB links fails, you would still have the other 1GB link to fall back on, woot!.

Wikipedia Image
–Image From Wikipedia
Continue reading…

June 18, 2013 by jim Cisco 7

Squid Proxy — Splash Page

Hi All! So after my last article regarding securing a guest network web access with Squid and SquidGuard, I wanted to share how I came about creating a Splash Page for Guest users of my Free WiFi hotspot. My goal was to present new Guests with a splash page identifying certain Terms of Usage, etc. Basically we will need a HTML or PHP Splash Page, an ACL identifying the Guests by IP, an external ACL program (squid_session), and a Deny with Information (deny_info).
Continue reading…

May 17, 2013 by jim Linux Network 4

Squid Proxy — Caching Proxy with SSL with Squid3.1

Hello, hello! Recently I posted a two part article on creating a Guest wireless network using OpenWRT, VLANs, and Firewall rules. Now we left things kinda open from a security standpoint. WE gave our Guest users full Internet access with no restrictions on sites, bandwidth usage, or ports!! Yikes! For this article I am going to walk you through the steps to close those gaps. We are going to first configure a Web Proxy server that will proxy outbound Internet connections. This allows us to check where and what are Guests are trying to get their hands on. Good and bad. We will also force Guests to connect to this Web Proxy server transparently. What I mean by that is the Guests will not be required to do anything on their side to connect, our firewall will take care of that. And lastly, I want only allow limited bandwidth of HTTP traffic. You will see later on how we can accomplish this. I’ve expanded upon this article of mine that uses squid proxy to filter Ads.
Continue reading…

May 17, 2013 by jim Network Security 32

Linux — dd Operations Notes

I recently was helping a friend with some computer trouble which resulting in me first creating a full disk Image backup using “dd”. I’ve done this before years ago, but I wanted to add some of the common dd backup/restore methods to my notepad. There are so many articles online on how to use dd to do a Full disk backup and restore it. I will be using similar methods.

dd Terms

if — input device (file,hardware,CD,etc).
of — output device (file,hardware,CD,etc).
bs — sets “dd” read and write size.
noerror — continues after read errors.
readom — CD to ISO utility.
mount — Linux command to mount file-systems
gz — gunzip is a compression utility which helps to reduce the size of images created with dd.
md5sum — a checksum utility to ensure integrity when moving large image files.

May 6, 2013 by jim Linux SAN 0

OpenWRT — Multiple Access Points With 802.1Q (part2)

Welcome back!

In the last part, part 1, we configured our OpenWRT device, got it to emit two(2) Access Point SSIDs (insecureWiFi & secureWiFi), created two(2) VLANs to separate traffic frames, and created a trunk to our PoweConnect switch! Wow!
For this part, part 2, we will be creating another VLAN Trunk from our Dell PowerConnect switch to our Linux router, designing and configuring some Firewall rules.
Continue reading…

April 16, 2013 by jim Uncategorized 4

OpenWRT — Multiple Access Points With 802.1Q (part1)

I set out on this home project with the intent of providing wireless internet to friends and family when visiting. I wanted to provide internet without allowing any malicious clients from consuming all my bandwidth and/or crippling my internal home network. There are many Wireless Access Points(WAP) that are capable of broadcasting multiple SSIDs. Cisco makes a few from their Aironet series, however they seem to be pretty expensive. I settled with a Netgear WNDR3700 after reading a few posts on hardforum.com that had success running OpenWRT.

OpenWRT is an third-party firmware designed for consumer based Access Points, such as Netgear, Linksys, Dlink, etc. OpenWRT adds many additional features, including the two features I needed. Support for 802.1Q trunking and gives the ability to run multiple SSID wireless signals.

Topology

April 16, 2013 by jim Uncategorized 1