Comments

IPv6 Tacacs+ Support (tac_plus)

Posted by cooper on Jun 17, 2014 in cisco, g33k, juniper, linux, tech

Recently @ Facebook we found that we required IPv6 access to TACACS for auth (AAA) for the majority of our production Network Equipment. Tacacs+ (tac_plus) is an old daemon released by Cisco in the late 90s. It still works (even at our scale) and the config was doing what we required, so it was decided that we should add IPv6 Support to it to move forwards until we no longer require TACACS for authentication, authorization and accounting.

IPv6 is good for you ...

Get IPv6’in

IPv6 has been added in true dirty 90s C code style via pre-processor macros. The source is publicly available via a GitHub Repository.

This version is based off F4.0.4.19 with the following patches (full history can be seen in the Git Repository):

  • Logging modifications
  • PAM Support
  • MD5 support
  • IPv6 (AF_INET6) Socket Listening

Readme.md has most of the information you require to build the software and I have included RPM .spec files (that have been tested on CentOS 6). The specs generate two RPMS with tacacs+6 relying on the tacacs+ rpm to be installed for libraries and man pages.

RPMS Build on CentOS 6.5 x86_64 + SRC rpms avaliable here: http://cooperlees.com/rpms/

Usage Tips:

  • Do not add listen directives into tac_plus.conf so that each daemon can load the same conf file (for consistency)
  • Logging:
    • /var/log/tac_plus.acct and tac_plus6.acct are where accounting information will go (as well as syslog) Logrotate time …
    • /var/log/tac_plus.log and tac_plus6.log is where default debug logs will go
  • Configure syslog to send the LOG_LOCAL3 somewhere useful (this will get both tac_plus and tac_plus6 log information)
  • Pid Files will live in /var/run/tac_plus.pid.0.0.0.0 and tac_plus6.pid.::
  • The RPM does not /sbin/chkconfig –add or enable, so be sure to enable the version of tac_plus you require.

Tested Support on Vendor Hardware

  • Arista EoS (4.13.3F): need to use ‘ipv6 host name ::1’ as TACACS conf can’t handle raw IPv6 addresses (lame) 
  • Cisco NXOS (6.0(2)U2(4) [build 6.0(2)U2(3.6)]):
    feature tacacs+
    tacacs-server key 7 “c00p3rIstheMan”
    tacacs-server host a:cafe::1
    tacacs-server host b:b00c::2
    aaa group server tacacs+ TACACS
    server a:cafe::1
    server b:b00c::2
    source-interface Vlan2001 (ensure what IP request will come from)
  • Juniper: >= Junos 13.3R2.7 required for IPv6 Tacacs (Tested on MX)

I know it’s old school code but please feel free to submit bug patches / enhancements. This should allow us to keep this beast running until we can deprecate it’s need …

Tags: , , , , , , , , , , , , , , , , , , ,

 
Comments

VMWare Guest Consoles over a WAN with Latency

Posted by cooper on Jun 16, 2012 in g33k, tech

Have you ever used the VMWare console over a WAN with latency and it enters multiple key strokes into the console and makes using the console super annoying! It makes me HATE VMWare and want to smash it into 10000 pieces with a baseball bat.

Well the answer is to add a line to your VMs VMX file to allow it to be ‘laggier’. For example the following will give you 2 second between key strokes:

  • keyboard.typematicMinDelay = “2000000”

For more information: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=196

Tags: , , , , , , , ,

 
Comments

IPERF CSV Data Summary Script

Posted by cooper on Jan 13, 2012 in g33k, linux, solaris, tech

Recently I was required to do a network performance test between a Head Office and a WAN site. I knocked up this quick python script to parse the data collect to see the results. Thought it could be handy for others so here it is to download / share.

Download Script

Sample Output:

cooper@dfbit:~/scripts/iperf-parse$ ./iperf-summary.py 
------------------------------------
   --   IPERF CSV Summariser   --   
-- Cooper Lees <me@cooperlees.com --
------------------------------------
-- SUMMARY --
- 20111212103043 to 20120103090052
- 1004 runs of IPERF
- Averages:
-	Average Sent			= 2.64M
-	Average Received		= 2.28M
-	Average Send Bandwidth		= 985.75K
-	Average Receive Bandwidth	= 805.12K
-	Max Send Bandwidth		= 1.08M (at 20111230183021)
-	Max Receive Bandwidth		= 837.16K (at 20120102113052)
------------------------------------

Code:

#!/usr/bin/python

# date,sender-ip,sender-port,receiver-ip,receiver-port,id,interval,transfer,bandwidth
# 20111212103043,10.120.15.8,45020,10.120.13.120,5001,5,0.0-21.4,2490368,931080
# 20111212103109,10.120.15.8,5001,10.120.13.120,57022,4,0.0-24.2,2228224,736145

FILENAME = 'client-iperf.log'

RUNS = 1

MAX_BANDWIDTH_SENT = 0
MAX_BANDWIDTH_SENT_DATE = 0
MAX_BANDWIDTH_RECEIVED = 0
MAX_BANDWIDTH_RECEIVED_DATE = 0

TOTAL_BANDWIDTH_SENT = 0
TOTAL_BANDWIDTH_RECEIVED = 0

TOTAL_SENT = 0
TOTAL_RECEIVED = 0

def convert_bytes(bytes):
	bytes = float(bytes)
	if bytes >= 1099511627776:
		terabytes = bytes / 1099511627776
		size = '%.2fT' % terabytes
	elif bytes >= 1073741824:
		gigabytes = bytes / 1073741824
		size = '%.2fG' % gigabytes
	elif bytes >= 1048576:
		megabytes = bytes / 1048576
		size = '%.2fM' % megabytes
	elif bytes >= 1024:
		kilobytes = bytes / 1024
		size = '%.2fK' % kilobytes
	else:
		size = '%.2fb' % bytes
	return size

f = open(FILENAME)
l1 = f.readline().strip().split(',')
l2 = f.readline().strip().split(',')
while l2 and l2[0] != '':
	if RUNS == 1:
		START = l1[0]

	BW_SENT = int(l1[8])
	BW_RECEIVED = int(l2[8])

	TOTAL_SENT = TOTAL_SENT + int(l1[7])
	TOTAL_RECEIVED = TOTAL_RECEIVED + int(l2[7])

	TOTAL_BANDWIDTH_SENT = TOTAL_BANDWIDTH_SENT + int(l1[8])
	TOTAL_BANDWIDTH_RECEIVED = TOTAL_BANDWIDTH_RECEIVED + int(l2[8])

	if BW_SENT > MAX_BANDWIDTH_SENT:
		MAX_BANDWIDTH_SENT = BW_SENT
		MAX_BANDWIDTH_SENT_DATE = l1[0]

	if BW_RECEIVED > MAX_BANDWIDTH_RECEIVED:
		MAX_BANDWIDTH_RECEIVED = BW_RECEIVED
		MAX_BANDWIDTH_RECEIVED_DATE = l2[0]

	END = l2[0]
	RUNS = RUNS + 1
	l1 = f.readline().strip().split(',')
	l2 = f.readline().strip().split(',')

f.close()

print "------------------------------------"
print "   --   IPERF CSV Summariser   --   "
print "-- Cooper Lees <me@cooperlees.com --"
print "------------------------------------"
print "-- SUMMARY --"
print "- %s to %s" % ( START, END )
print "- %d runs of IPERF" % RUNS
print "- Averages:"
print "-\tAverage Sent\t\t\t= %s" % convert_bytes((TOTAL_SENT / RUNS))
print "-\tAverage Received\t\t= %s" % convert_bytes((TOTAL_RECEIVED / RUNS))
print "-\tAverage Send Bandwidth\t\t= %s" % convert_bytes((TOTAL_BANDWIDTH_SENT / RUNS))
print "-\tAverage Receive Bandwidth\t= %s" % convert_bytes((TOTAL_BANDWIDTH_RECEIVED / RUNS))
print "-\tMax Send Bandwidth\t\t= %s (at %s)" % (convert_bytes((MAX_BANDWIDTH_SENT)), MAX_BANDWIDTH_SENT_DATE)
print "-\tMax Receive Bandwidth\t\t= %s (at %s)" % (convert_bytes((MAX_BANDWIDTH_RECEIVED)), MAX_BANDWIDTH_RECEIVED_DATE)
print "------------------------------------"

Cron Job Script to Collect Data:

#!/bin/bash

SERVER="x.x.x.x"
LOG="client-iperf.log"
TIME="5"

echo "--> Starting iperf client @ $(date) ..." | tee -a $LOG

if [ "$1" == "-v" ]; then
        iperf -t $TIME -c $SERVER -r -y C | tee -a $LOG
else
        iperf -t $TIME -c $SERVER -r -y C >> $LOG
fi

echo "--> Finished iperf client @ $(date)" | tee -a $LOG

Tags: , , , , , , , , ,

 
Comments

Mac OS X 10.7 Lion + ATEN UC232A USB to Serial Adapter

Posted by cooper on Jul 23, 2011 in g33k, tech

32- and 64-bit PL2303 drivers for OS X 10.6 are available here.

You’ll need to modify, as root, the ‘/System/Library/Extensions/ProlificUsbSerial.kext/Contents/Info.plist ‘ file after installing the driver to suit the USB manufacturer and device ID. For the ATEN UC232A, examples below appear to work for it (for me in 10.7).

To obtain the IDs, Wayne Roberts (who informed my via the SAGE-AU mailing lists), used ‘USB Prober.app’ which comes with the developer tools/XCode.

Modify the current lines of the XML:

# <key> can be the Hex values as 'Vendor'_'Product', Wayne thinks this is more cosmetic however.
<dict>
<key>0557_2008</key>
<dict>

----

# <idProduct> and <idVendor> should be the decimal of the respective values, as per USB Prober.app
<key>idProduct</key>
<integer>8200</integer>
<key>idVendor</key>
<integer>1367</integer>

Once you’ve done this, either restart the machine or run ‘kextunload’ and ‘kextload’ on ProlificUsbSerial.kext and it should show up as /dev/tty.usbserial.

** If you have installed the UC232A Drivers, either rm or mv the ‘UC-232AC.kext’ before the reboot to avoid conflicts **

Tags: , , , , , , , , ,

 
Comments

GPU Upgrade – 9800gt to 280gtx

Posted by cooper on May 5, 2010 in g33k, tech

So I have parted my cheeks and bought a new Nvidia GTX 280gtx for my Hackintosh / Win7 i7 920 6gb of memory desktop machine. It also caused me to buy a new Coomaster 650W PSU to power the power hungry fella and Zalman 10x Quiet CPU Cooler. Dam it’s a nice GPU, despite it requiring 40 amps on the 12v rail !

So I did some benchmarking …

Nvidia 9800gt 3d Mark Score

Nvidia 9800gt 3d Mark Score

Nvidia 280tgtx 3d Mark Score

Nvidia 280tgtx 3d Mark Score

So we can see a small increase there, especially on the raw GPU score … 🙂

And apparently my Windows experience is now better !

Windows with a 9800gt

Windows with a 9800gt

Windows with a 280gtx

Windows with a 280gtx

So, time for me to get Steam again and come back to some online gaming … Let me know what I should be playing 🙂

Tags: , , , , , , , , ,

 
Comments

Miniatur Wunderland Hamburg – The Largest Model Train set in the WORLD !

Posted by cooper on Sep 25, 2009 in g33k, tech

I like to control room! ANSTO Main reactor control eat your heart out !

For more info visit:
Miniatur Wunderland Hamburg

Tags: , , , , , ,

 
Comments

Apple Mac OS X Time Machine over NFS (10.5 or greater)

Posted by cooper on Sep 21, 2009 in g33k, tech
  1. Create a Sparebundle to copy to your NFS/SMB/AFP volume
    hdiutil create -size $SIZEg -fs HFS+J -type SPARSEBUNDLE -volname “Backup of $MACHINENAME” $MACHINENAME_$MACADDRESS.sparsebundle
  2. Use ifconfig and sub in your $MACHINENAME_$MAC_ADRESS into the sparsebundle filename – Remove the ‘:’ chars
    e.g. 0018b31184dd
    Use hostname to get your machines hostname – Don’t use fqdn
    Size can be adjusted at a later date if required – g = gigabytes
  3. Copy the budle to the nfs volume
    cp -rp $MACHINENAME_$MACADDRESS.sparsebundle /Path/to/nfs
  4. Run the defaults command to turn on timemachine for unsupported volumes support (As normal user – don’t sudo)
    defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
  5. Now go to your System Prefrences and choose time machine
    Choose your NFS/SMB/AFP volume as the timemachine disc

Tags: , , , , , , , ,

 
Comments

uit.sh Hits over 1000 Downloads !

Posted by cooper on Aug 11, 2009 in g33k, linux, tech

Just thought I would pass on that my Ubuntu Iphone teathersing Shell Script has passed 1000 downloads.
Feels good to have people all over the world use your script 🙂

Hope everyone that has downloaded it has enjoyed it as much as I have in the car on the way to work.

The iPhone in Tethering Mode

The iPhone in 'Tethering Mode'

To see my super high tech counter visit:
http://us.cooperlees.com/ to see the current count 🙂

Tags: , , , ,

 
Comments

Ubuntu iPhone 3.0 Bluetooth Tethering with uit.sh

Posted by cooper on Jun 24, 2009 in g33k, linux, tech

If you would like to use your iPhone 3.0 with your bluetooth capable Ubuntu 9.04 PC then uit.sh (Ubuntu Iphone Thethering) is for you. This script installs all required conf, allows you to enable and disable your iphone tethering and even uninstall the conf if you no longer need it. I do expect NetworkManager to eventually support this out of the box.

Thanks to http://xn--9bi.net/2009/06/17/tether…o-ubuntu-9-04/ blog post which assisted me in knowning what configuration was needed.

Usage:
— Ubuntu iPhone Tethering (uit) Version 0.1 – Cooper Lees <me@cooperlees.com> —
Usage: ./uit.sh options
– This script will install, uninstall, enable and disable iPhone tethering with iPhone 3.0 Software.
– It has been tested on a upto date (patched) box as of 20090623.
– !! Be careful, this script will ask for your password to get root privledges to your system!

OPTIONS:
-h Show this message
-i Install required configuration
-u Uninstall required configuration
-c Connect Tethering
-d Disconnect Tethering
-m [] Set iPhone’s MAC Address (to /home/USERNAME/.uitrc)
-v Verbose

Install Guide:
Avaliable from: http://us.cooperlees.com/download.php?F=uit.sh.gz

– Inital installation requires an active Internet Connection to get required dependancies through apt-get. Current dependancies = ‘bluez-compat’
– Only the install requires you to sudo the script, other areas apropriately sudo where required.

Install Process:

  1. Open terminal
  2. wget http://us.cooperlees.com/download.php?F=uit.sh.gz
  3. gunzip uit.sh.gz
  4. chmod 755 uit.sh
  5. [OPTIONAL] Move the script into your sbin – ‘sudo mv uit.sh /usr/sbin’ (This will allow it to be in your PATH)
  6. Run ‘sudo uit.sh -i’ (You will need to have your iphone in discoverable mode with Bluetooth on)
  7. You will be notified if it all sucessfully installs.

Connect Process:
– Ensure Bluetooth is on and paired with your system (use the GNOME Bluetooth tool to pair). Also make sure Internet Tethering is on.

  1. uit.sh -c

– Once connected you will see the iPhone come up with a blue bar stating ‘Internet Tethering’ is activated.

Disconnect Process:
One command will disconnect from the iphone tethering – You should see the blue notification text dissapear.

  1. uit.sh -d

Uninstall Process:

  1. uit.sh -u

– This will remove conf from files and also make backup of files modified.

Hope you enjoy it as much as I am. Finding the bluetooth a little slow. But still very handy and good. Thanks Apple.

Tags: , , , , , , ,

 
Comments

Crazy F1 Controlled by Mobile Phone

Posted by cooper on May 7, 2009 in g33k, tech

Not 100% sure if it’s 100% legit but dam it’s cool !

Tags: , , , , , ,

Copyright © 2017 I-R-Coops Blog All rights reserved. Theme by Laptop Geek.