Adding an image to DevStack

I had some time to play with OpenStack this week so I rolled a DevStack install on an Ubuntu VM running in Parallels on my MacBook Air following the instructions here. Once OpenStack was up and running I was able to log in to Horizon at http://localhost/ and started to poke about. I decided I wanted to try and create a compute instance just to see what all the fuss was about … as it turns out, you need to have an image to base this instance on.

With a little bit of help from the OpenStack documentation and a little bit of trial and error I was able to quickly upload an image as follows:

First things first. Create a directory for your images:

mkdir /tmp/images
cd /tmp/images

Then grab the latest CirrOs image with wget:

wget -c https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img

We can then upload to glance:

glance --os-username=admin --os-password=password --os-tenant-name=demo 
--os-auth-url=http://localhost:5000/v2.0 image-create --name 
cirros-0.3.0-x86_64 --disk-format qcow2 --container-format bare 
< /tmp/images/cirros-0.3.0-x86_64-disk.img

+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | 50bdc35edb03a38d91b1b071afb20a3c     |
| container_format | bare                                 |
 Continue reading

Adding an image to DevStack

I had some time to play with OpenStack this week so I rolled a DevStack install on an Ubuntu VM running in Parallels on my MacBook Air following the instructions here. Once OpenStack was up and running I was able to log in to Horizon at http://localhost/ and started to poke about. I decided I wanted to try and create a compute instance just to see what all the fuss was about … as it turns out, you need to have an image to base this instance on.

About Me

I'm Dave Tucker. I've worn many hats in the past (including a Red Fedora). From Consultant to Engineer, from Technical Marketing to Product Management but there is always one thing that remains constant. My love of making things that delight people.

I've helped to build a number of successful open source software products (for details see my Github profile). I co-founded and built SocketPlane which was acquired by Docker in March 2015. I'm currently helping to build Docker for Desktop (macOS and Windows).

My passion continues outside of work where I enjoy experimenting with single-board computers (Arduino, Raspberry Pi, Beaglebone, Cubieboard et. al) and 3D Printing. When I'm not tinkering, I can be found spending time with my family, cooking or practicing Tai Chi.

If I'm not making, I like to be talking about making. To that end, I've spoken at conferences and events across the world about technical topics like Networking and Docker containers. I'm a big fan of mentoring others and I enjoy volunteering at my local library.

I've recently taken the plunge and entered back in to education to pursue a degree in Astronomy and Planetary Science and one day I would love for something that I Continue reading

Detecting Layer2 Loops

We all too familiar with the devastating impact a talented layer 2 loops could have on a data center lacking sufficient controls and processes being in place. If you are using Cisco Nexus switches in your data center, you would be happy to know that NX-OS offers an interesting new tool you should add to […]

Sorry state of JunOS control plane protection

I've been looking into how to protect MX80 11.4R5 from various accidental and intentional attempts to congest control plane and I'm drawing pretty much blank.

Main discoveries so far.

  1. ISIS always leaked to control plane, even when no 'family iso' or 'protocol isis' on interface
  2. PVST always leaked to control plane. Even when just 'family inet' configured to interface
  3. LLDP protocol not matched by ddos-protection feature
  4. Essentially impossible to protect against attack from eBGP
  5. ddos-protection feature mis-dimensioned

ISIS

This is pretty bad for anyone running ISIS, as you cannot use ddos-protection to limit ISIS, as it won't distinguish between bad and good ISIS. If you don't use ISIS, just set ddos-protection limit low and you're good to go.

ISIS is punted with different code than IP packets, but resolving the punt path it goes to the same path. This path is still seeing full wire rate, i.e. there isn't magic 10kpps limit before it

HCFPC2(le_ruuter vty)# show jnh 0 exceptions control pkt punt via nh PUNT(34) 9134818 1065269880 HCFPC2(le_ruuter vty)# show jnh 0 exceptions nh 34 punt Nexthop Chain: CallNH:desc_ptr:0xc02bbc, mode=0, rst_stk=0x0, count=0x3 0xc02bb8 0 : 0x127fffffe00003f0 0xc02bb9 1 : 0x2ffffffe07924a00 0xc02bba 2 : 0xda00601499000a04 0xc02bbb 3 : Continue reading

Applescript – Rename PDF to Title from Metadata

Today I downloaded a the full set of Configuration and Command references for the HP 12500 Series Switch from HP.com. When I looked in my download finder they were all helpfully named "cXXXXXX.pdf". Interestingly enough the title in the metadata seemed to be correct, so I wrote an AppleScript to batch rename them.

Applescript – Rename PDF to Title from Metadata

Today I downloaded a the full set of Configuration and Command references for the HP 12500 Series Switch from HP.com. When I looked in my download finder they were all helpfully named "cXXXXXX.pdf". Interestingly enough the title in the metadata seemed to be correct, so I wrote an AppleScript to batch rename them.

set theFiles to choose file with multiple selections allowed
repeat with theFile in theFiles
    set filePath to quoted form of POSIX path of theFile
    set theName to do shell script "mdls -name kMDItemTitle " & filePath & " -raw"
    set theName to theName & ".pdf"
    if theName is not "(null)" then try
        tell application "System Events" to set name of theFile to theName
    end try
end repeat

References: Apple Support Fourms

Applescript – Rename PDF to Title from Metadata

Today I downloaded a the full set of Configuration and Command references for the HP 12500 Series Switch from HP.com. When I looked in my download finder they were all helpfully named "cXXXXXX.pdf". Interestingly enough the title in the metadata seemed to be correct, so I wrote an AppleScript to batch rename them.

Grabbing IETF RFCs and I-Ds in ebook format using rsync

IETF drafts get no love from my Tablet. I 've tried sending drafts to Instapaper for offline reading, I've tried using Readability but all of these fail to render correctly. Is it too much to ask to be able to read RFC's on the go?

Fortunately I found that the RFCs and I-D's are published to tools.ietf.org in both epub and mobi formats. To pull the full list of epub:

rsync -avz --include="*.epub" --exclude="*" rsync.tools.ietf.org::tools/ebook/ /destination

And for mobi:

rsync -avz --include="*.mobi" --exclude="*" rsync.tools.ietf.org::tools/ebook/ /destination

These are pretty hefty downloads so you might want to tailor these to your current needs by creating using a txt file full of include rules, lets call it filter.txt

Working Group RFC & Internet Drafts

Add lines like this to your filter.txt to download the latest RFCs and I-Ds for the WGs you are following:

*lisp*.mobi
*conex*.mobi 
*nvo3*.mobi
*tsvwg*.mobi

Published RFCs

To download the mother load of RFCs add the following line:

rfc.mobi

Published RFCs by Area

To download RFCs by Area add the following:

area.rtg.mobi
area. Continue reading

Cisco UCS B200 M3: “Invalid Adaptor IOcard”

I received two brand spanking new B200 M3 blade servers for a new project. These bad boys are packing 393GB of RAM and two Intel Xeon E5-2680 2.7GHz 8-core processors each. I wanted to get these installed as soon as possible, so I could make sure the firmware was up to current (they came with 2.0(3c), which is what I’m running) and apply service profiles to them. At the end of the initial deep hardware discovery, I received a strange error in UCSM - “Invalid Adaptor Iocard”:

Cisco UCS B200 M3: “Invalid Adaptor IOcard”

I received two brand spanking new B200 M3 blade servers for a new project. These bad boys are packing 393GB of RAM and two Intel Xeon E5-2680 2.7GHz 8-core processors each. I wanted to get these installed as soon as possible, so I could make sure the firmware was up to current (they came with 2.0(3c), which is what I’m running) and apply service profiles to them. At the end of the initial deep hardware discovery, I received a strange error in UCSM - “Invalid Adaptor Iocard”:

How to prevent or stop DoS attacks?

How does the internet work - We know what is networking

The response and prevention In order to defend against Denial of Service attacks the combination of attack detection use is typically involved in it, classification of traffic as well as response tools, and the target is to block traffic if identified as illegal and permit the legal traffic only after identifying it. Below is a […]

How to prevent or stop DoS attacks?

BGP Decision Process

Cisco’s BGP decision process basically decides which BGP route to take when comparing multiple prefixes to the same destination. It is a rather long process and somewhat tricky. Below, I created a quick reference to its steps.

Before I talk about each step I would like to discuss in what order are multiple prefixes compared. For example if you have three prefixes to 10.2.0.0/16 how do you compare all three at once? By default Cisco’s algorithm will compare the younger prefixes to the older and finally compare the oldest to the winner.

The rest of this post are my notes on the BGP decision process. Hopefully you’ll find it useful.

 

BGP Preconditions

For any path to be considered valid it has to meet these requirements.

  1. Next-hop IP address of that path is reachable.
  2. The local AS number is not part of the AS_PATH (basic loop prevention).
  3. If BGP synchronization is enabled, the candidate prefix is in the IGP routing table. If using OSPF, router-ID have to match for the OSPF and BGP process.
  4. The BGP prefix is not dampened.
  5. With inbound soft resets enabled, make sure that no BGP polices are filtering the candidate prefix.

1 Continue reading

DoS Methods – PDoS, Permanent DoS attacks

How does the internet work - We know what is networking

A PDoS or permanent denial-of-service, also referred to as phlashing, is a severe attack that completely damage a system as a result of which the system’s reinstallation of hardware or replacement is required. A PDoS attack exploits the flaws of security which further permits the administration present far away on the hardware of the victim […]

DoS Methods – PDoS, Permanent DoS attacks

DoS Methods – ICMP and SYN flood, Teardrop and Low-rate DoS attacks

How does the internet work - We know what is networking

ICMP flood Smurf attack is one specific form of a flooding DoS attack that occurs on the public Internet. It solely depends on incorrect configuration network equipments that permit packets that are supposed to be sent to all hosts of computer on a specific network not via any machine but only via network’s broadcast address. […]

DoS Methods – ICMP and SYN flood, Teardrop and Low-rate DoS attacks

FEX Architectures

Here is an old post I never finished. With the benefits of the Nexus 2000 and the FEX architecture (a earlier post), scalability, simplified management, flexibility, Cisco extended its use further into the servers all the way up to the virtual hosts.This allows much greater control and flexibility. After all network guys should look after […]
1 3,667 3,668 3,669 3,670 3,671 3,694