Jens’ BLOG

Just taken with my new toy AF-S VR 70-300

I realy hate windows….

3 minutes to setup my Linux box to print on the printer connected to my mom’s Mac. About 2 hours to setup my dad’s new netbook to print to the same printer.

And BTW: why has a Windows printer driver to be about 70MB when installed? Thankfully the uninstaller forgot some files (less then 1MB) which contained the actual driver which I then could use to install the printer using the usual windows mechanism.

Many applications like Apache or Nagios have a special command line swich or a dedicated tool to check if
the configuration file(s) are correct without restarting the server. This is very nice. When you’ve made a mistake you can fix it with a minimal downtime.

Make makes it quite easy to combine the check and the restart of the application. Here is an example Makefile for my Nagios setup. After changing the configuration I just type make and the rest is done automatically. I’m also using similar Makefiles for apache2, bind, postfix, …


all:
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
/etc/init.d/nagios restart


Just found this article about IPv6 support in the latest Windows version.

I try to avoid using Microsoft but they do support IPv6 quite well and they are actually using it.

From Microsoft’s perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process.

IP-HTTPS is something every firewall admin should look at.

IPv6 has a Chicken and Egg problem. Which comes first access or content.

Many access providers claim that there is only little IPv6 content. And they are right. Content providers claim that there is little IPv6 access and they are right too.

So what can an end user do? Well asking for IPv6 would be a start. Ask your provider, your favorite online shop, your hardware vendor if and when they support IPv6. Eventually you get some positive feedback. But you might also be ignored or laughed at.

It’s rather old news but still a lot of people don’t know about Junipers Fast Track program.

Juniper offers free study materials and test vouchers for several intro level course / certifications.

For those of you who know Cisco’s IOS and want to take a look at Juniper’s JunOS take a look at “JunOS as 2nd language”

More and more server providers offer IPv6. The question is how to assign an address to a customer? With IPv6 there are several ways:

SLAC – StateLess Auto Configuration is a realy nice But there are some drawbacks:

1. IPv6 is might be enabled on a lot of host without the user knowing about it. Now consider Joe Looser, who was barely able to setup Linux on his server and who had a hard time securing his box with iptables (by putting together bits and pieces found on the net without realy knowing what these bits and peaces are realy doing[1].). By announcing prefixes you just enabled a nice backdoor into Joe’s server.

2. If hardware is replaced, a server will get a new IPv6 address. The user then has to change at least his DNS configuration, probably much more (MTA, MDA, monitoring, packet filter, …)

3. Moving all customers who want IPv6 into a different VLAN might be an option but this will require changes in your IPv4 setup.

DHCPv6 – The way to go in the IPv4 world. Unfortunately there is no (default) way to configure a MAC – IPv6 address binding[2]. This way, if the hardware changes the user gets a new IPv6 address. The same problems as with SLAC apply.

Manual configuration – For me the best way to go right now. Everybody who want’s to run IPv6 should be able to do this and it only takes a minute or two.

[1] I was told that this is not very uncommon.
[2] At least none that I know of.

Many people (include many of those who are usually wearing ties) love some. Just buy a box which will make your network more secure in one way or the other.

Right now I sitting behind such a box which is used to control WLAN access. From my notebook (using the WLAN):

jens@bowmore:~$ dig AAAA www.quux.de @8.8.8.8 +short
jens@bowmore:~$


From my workstation at home:

jens@laphroig:~$ dig AAAA www.quux.de @8.8.8.8 +short
2001:6f8:1138::1


In the latest release candidate of GNS3 support for Juniper (Olive) was added. This enables you to easily integrate some virtual Juniper Routers into your virtual IOS network.

And before you ask: No I will not provide you with any IOS, PixOS or JunOS files.