Looking for a cheap and reliable way of doing packet capture remotely. I found this reference to using PFSense and it looks like a pretty slick idea. I was quite happy with PFSense when I was using it as a firewall so this idea looks like a winner. I’ll post back if I try it out.
I’m mystified as to how Cisco.com can go down worldwide for 2+ hours during business hours and there is virtually nothing in the news about it. I managed to find this reference in the Register. Not surprising as the outage hit the UK in the middle of the day. I’ve not found any other comments.
How is it that the king of the networking world, preacher of all things BC/DR, can be down for 2+ hours and no one thinks it’s a big deal.
If nothing else, it sure would be nice to get a root cause analysis from Cisco so we can have a “teaching moment”. If there’s a scenario where arguably the most savvy networking company in the world can suffer a catastrophic failure of a high availability service, we would all be well served to understand the details.
And Cisco’s response about the dangerous power failure at the data center that I tweeted about? I’m not buying that. If that happened then it should have shut down and failed to the DR site. I can’t believe that Cisco has all of Cisco.com in a single data center.
This is like your parents telling you every day not to smoke and then you catch them puffing away one day.
What’s the deal Cisco???
Helped someone figure out a weird problem just now. He would telnet to a router and then telnet back out to a host. He would then try the ctrl-shift-6, x sequence and he would get nothing on the screen. He could type disconnect 1 and get no feedback but as soon as he pressed enter it would show the router prompt and immediately reconnect the session. Seems like it was only listening to the “enter”.
Turns out it was an echo problem. In his Putty settings he had Terminal:Line discipline options set to Force On for both Local Echo and Local line editing. He set these both to Auto and it worked fine after that.
Not sure how that get set but I thought I’d share. A quick google didn’t turn anything up that seemed similar.
Comcast managed to hose up my internet connection which I host this site as well as some forums on. They did this by assigning my static IP’s to another location in their network. The result was split routes at their peering routers with the majority of traffic going into a black hole and a trickle getting through to me.
Once I explained to them what they broke it was a relatively quick fix.
Then, we lost power after a storm last night. Batteries lasted about an hour but that was not nearly enough.
And traffic has really been sucky for my day job. 2.5 hours almost every trip this week. That’s each way.
Ugh. I’m tired.
I didn’t see much in the way of review info on the
NORCO RPC-450 4U Rackmount Server Case
. On top of that, the pics almost always showed a microATX motherboard installed, which was nice for having lots of room left. However, I had an Extended ATX or EEB motherboard that I wanted to get into this thing so it was little bit of a gamble when I ordered it. I’m pretty happy with the results although there are caveats and some tight areas. Without further ado, the review:
Newegg shipped this thing double boxed and it arrived in fine condition. I don’t live very far from the New Jersey distribution warehouse and I’m lucky enough to get stuff from them within a day or two.
 |
| From NorcoTek RPC-450 |
The RPC-450 comes with 2 big 120mm fans up front. Once you remove those you can slide out the drive cages. What’s cool about this is that the drive cages are kind of like 5in3′s. As you can see in this pic the space could support 3 5.25″ drives vertically but with the cages installed there are slots for 5 3.5″ drives. The 2 cages slide in and out using the same locking tabs you’d use for drives.
 |
| From NorcoTek RPC-450 |
On to the motherboard installation. The EEB size motherboard really does fill the space. Making matters worse, the fans and heatsinks for the dual xeons are located way up at the front of the motherboard. Here you can see how close one of the fans is to the frame:
 |
| From NorcoTek RPC-450 |
In this pic you can see my thumb 
and also how close the installed optical drive is. If the fans are any taller you aren’t getting the optical drive in.
 |
| From NorcoTek RPC-450 |
You can see here that this fan problem also means you can’t put more than 2 hard drives in the middle cage. Anything below that and the plugs would interfere with the fans:
 |
| From NorcoTek RPC-450 |
Just an overhead shot. The power supply fit easily and didn’t get in the way. I didn’t get my hands all hacked up either like is common when I’m working in some cases. Most of the edges really are rolled.
 |
| From NorcoTek RPC-450 |
So, in the end, it works. If you have a smaller motherboard you’ll have almost no problems. I got a second case for my Unraid setup and that used a MicroATX motherboard. Lots of space and the cooling has been excellent. The same setup in a Coolermaster CM690 had the 1TB Hitachi drives hitting 40C+. In this case with the 120mm fans blowing right across them I’m usually in the high 20′s on the Hitachi and only occasionally does it hit 30C. That’s a lot of piece of mind for the life of my drives.
All pics are here http://picasaweb.google.com/mdgeek/NorcoTekRPC450# although the rest are fairly blurry.
I might have mentioned that before. In case I didn’t…I hate java. Now, today’s issue didn’t come directly because of java but it was the result, and an obscure one at that.
I’ve been struggling with a client issue that basically boiled down to slow or non-responsive websites that were passing through IOS firewalls. Most websites would work fine and if we re-routed the traffic to another outbound connection that had an ASA it would work perfectly. Also, if we connected a laptop directly to these remote site internet connections it would be smooth sailing. So obviously something was unhappy on the IOS firewall. I tried changing MTU, MSS, disabling the websense (urlfilter) connection. All kinds of different things! Nothing made a bit of difference.
I decided to run the Tweak Test over at dslreports.com to see what the MTU and MSS results would be, thinking that’s still what I needed to fix. Tweak test is a java applet. I had someone onsite run it and I happened to be watching the console at the same time. All of a sudden I start seeing “FW-3-HTTP_JAVA_BLOCK” messages popping up. WTH! So, I figure out that java is blocked by default on IOS firewall. Here’s the fix:
access-list 3 permit any
ip inspect name inspect http java-list 3
Yep, basically add the acl for any and then add java-list to the end of the http inspect. I also have a urlfilter on the end to maintain the websense checks. ARGH! I decided to try my problematic website, of which enterprise.com happens to be one, and it popped right up. I never got an error message about java before trying to run this app on dslreports.com. I never saw reference to a Java problem in any of my debugs.
I know this wasn’t java’s fault directly, but if java wasn’t such a piece of garbage it might not have to be blocked by default.
I’ve been working on some complex VPN configurations by using GNS3 and PEMU which is built in. It’s nice to be able to throw together a bunch of devices and get them talking without much fuss. However, I discovered today that PEMU is really designed to emulate a PIX 525 by default, although supposedly it can also emulate a PIX 506e.
In Cisco’s infinite wisdow it decided that no one would ever want to use something above a 506e as an ezvpn client. So, they removed the client code and only put in the server code.
Per Cisco: The PIX 515/515E, PIX 525, and PIX 535 act as Easy VPN Servers only because the capacity of these devices makes them appropriate VPN headends for higher traffic environments.
Umm…gee, thanks for making that decision for me. And Cisco stopped at PIXOS 6.3 for the 506e. Yeah.
Do they try to make it harder?
It’s official, I’m going independent. I know, I probably could have picked better market timing. I think we’ll be getting a bump in the next month or so though and this year might turn out ok. Time will tell.
In the meantime, I need to find some contract work! I have a number of opportunities lined up but the process of lining up more work needs to start now.
If you haven’t guessed from reading this blog, I’m primarily a Cisco guy focused on Core, Voice and Wireless. I’ve done projects as large as managing a team of engineers (and being the lead engineer) on a 30+ 6500 switch rollout (both hybrid and native mixed) to installing and fixing single T1 scale routers. A fair bit of the work I’ve done in the last few years has involved either voice or wireless. I’ve designed and assisted with the rollout of a number of multisite Cisco Voice solutions. I’ve performed wireless site surveys and then designed wireless solutions based on the results. Those wireless solutions have generally been LWAPP based which I also implemented. In the course of performing these wireless implementations I’ve converted standalone APs to LWAPP, configured Guest access with the portal and installed coverage maps in WCS.
I currently hold a CCNP and CCDA and I’m pursuing a CCVP. I have a number of partner focused certs such as:
I previously held the Wireless SE and FE certs but have not renewed them due to role requirements within Cisco’s partner certification process.
So, I’m looking for interesting contract based gigs in the Metro DC area. Baltimore is great too.
More to come as things develop!
I’ve been hearing this rumor for a while now that Cisco is getting into the blade server business. I’m having a hard time with this being a smart move but I can see the reasoning. Om posted about the latest rumors today and I think he hits on some important points.
It’s not like making servers (well, lets be honest and call it rebranding) is new to Cisco. They’ve been selling CallManager, Unity, ACS and various other servers for years. They started putting Pico-ITX size (I think) PC’s on NetMods for the ISR routers years ago as well. The NM PC’s are probably the closest thing they have to blade servers. In general these devices have done pretty well although I’d argue that Cisco hasn’t maximized their potential. Still, going from a single NM in a router to a blade chassis with specific cooling, SAN and addressing requirements is a pretty big jump.
What’s Cisco hope to gain? I think the question should be more like, what do they stand to lose? Everything I’ve heard about Cisco’s entry into the data center, mostly the Nexus platform, is that it’s been slow going. They haven’t been able to get the penetration they want. I don’t think that’s especially surprising as that market was already somewhat mature and had several niche players leading it. No, my guess is that they expected it to be a slow start, just not as slow as it’s been. This is the usual problem for Cisco. They are seen as a networking company, not an “everything to IT” company. The server guys look at Cisco as “that networking stuff that I have to have.” They don’t really like dealing with the network jockey. If Cisco really does come out with a blade server it’ll be derided as Ver. 1 gear and not mature enough for production use. And that’ll be somewhat true.
Something to remember though is that Cisco did this before. About 10 years ago they decided to step on the voice guys toes. It took a while and they had some real pain in the beginning but look at where things are now. Who’s bankrupt?
Speaking of voice, is it just me or does it seem Cisco has decided on an incremental growth strategy for their voice platform? There’s a distinct feeling of a lack of attention on the voice product. I’m excluding the telepresence stuff from that as it’s so damn expensive.
Discovered today that the EMC NX4 will do Cisco standard Etherchannel for bonding Ethernet links. It’ll also do LACP but Etherchannel seemed a bit easier. Nothing special to configure on the Cisco switch aside from the usual channel-group.
The Cruft Of My Brain is Stephen Fry proof thanks to caching by WP Super Cache