News items for tag network - Koos van den Hout

2016-11-12 Disabling IPv4 on the Raspberry Pi 3 months ago
I have two Raspberry Pi's running in the house, currently with IPv4 still enabled on them. They both run Raspbian 8.0. I was wondering whether I can disable IPv4 on the Raspberry Pi, but a google search does not yield very helpful answers, most of the search terms I try still find pages about disabling IPv6. I want to disable the legacy IP protocol.

Only one way to find out: go for it. Now rebooting one with the statement ipv6only in /etc/dhcpcd.conf.

First thing I noticed was that the searchdomain was not set in /etc/resolv.conf which was indeed only available via the DHCP process for IPv4. So now radvd advertises the search domain via the DNSSL option in /etc/radvd.conf:
   RDNSS 2001:980:14ca:42::18 {
   };
   DNSSL idefix.net {
   };
The first results are:
  • It turned out the ntp config on the raspberry had one IPv6-only and one IPv4-only server. Added a dual-stack server.
  • And ndpmon really does not like the DNSSL option, even when I add it in the config_ndpmon.xml file as
                      <dnssl>
                        <domain lifetime="600">idefix.net</domain>
                      </dnssl>
    
    Fixed by changing it to
                      <dnssl>
                        <domain lifetime="600">^Fidefix^Cnet</domain>
                      </dnssl>
    
    yes, with literal ctrl-F and ctrl-C characters, showing that there is some error in the parsing somewhere.
  • rwhod is IPv4-only so the status is not visible in my network anymore. A workaround for that is not disabling IPv4 completely but just removing the default route, not using ipv6only in /etc/dhcpcd.conf but using the option nooption routers.

Tags: , , ,
2016-11-10 Backup to .. the cloud! 3 months ago
So I now have some cloudstorage space available also via webdav and I am working on using this for backups. The main idea is to have a daily backup to the cloud service and do the tape backups less often.

I still want incremental backups so I can go back to specific older versions of files. So I want to use amanda for backups. I installed the davfs2 package to be able to mount the webdav filesystem and access it from Linux. The first few clues come from Set Up Virtual Tapes - Amanda Howto but I had to switch to the chg-multi driver as described in Backup to Virtual Tapes on a non-UNIX Filesystem - Amanda Howto because the webdav filesystem does not support symlinks.

I/O performance during the backup isn't ideal and the vdsl uplink is completely full during the filetransfer. Maybe I need to slow down the backup process a bit and ratelimit the webdav transfer.

Tags: , ,
2016-11-07 The future of the Internet is IPv6 3 months ago
Just read Internet Architecture Board Statement on IPv6 with:
The IAB expects that the IETF will stop requiring IPv4 compatibility in new or extended protocols. Future IETF protocol work will then optimize for and depend on IPv6.

Preparation for this transition requires ensuring that many different environments are capable of operating completely on IPv6 without being dependent on IPv4 [see RFC 6540]. We recommend that all networking standards assume the use of IPv6, and be written so they do not require IPv4. We recommend that existing standards be reviewed to ensure they will work with IPv6, and use IPv6 examples. Backward connectivity to IPv4, via dual-stack or a transition technology, will be needed for some time.

Tags: , ,
2015-03-05 Am I part of an interesting attack? 1 year ago
Noticable traffic:
13:06:15.787470 IP (tos 0x0, ttl 110, id 27178, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x48c7 (correct), 2310054019:2310054019(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.188187 IP (tos 0x0, ttl 92, id 14152, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x2c3a (correct), 1627317698:1627317698(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.588698 IP (tos 0x0, ttl 96, id 64188, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x6e9f (correct), 249296256:249296256(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:16.989469 IP (tos 0x0, ttl 97, id 54770, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0xa3fc (correct), 3532061815:3532061815(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.390192 IP (tos 0x0, ttl 92, id 5400, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0xaae9 (correct), 1786797457:1786797457(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:17.792734 IP (tos 0x0, ttl 81, id 42621, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x925d (correct), 3619031271:3619031271(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
13:06:18.193910 IP (tos 0x0, ttl 81, id 6384, offset 0, flags [DF], proto TCP (6), length 52) 148.251.47.107.80 > xx.xx.xx.xx.53: S, cksum 0x5712 (correct), 841083335:841083335(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
The variation in ttl values suggests a distributed denial of service attack trying to make me part of it.

Tags: , ,
2015-02-25 Samsung TV decides the Internet is broken 1 year ago
Currently our Samsung 'smart' TV is convinced the Internet is broken and refuses to start any of the applications. According to some network protocol sniffing the TV decides this purely based on a DNS query for www.samsung.com which takes an interesting CNAME tour. According to what I can find this hasn't changed when the smart TV stopped working so this must be something in the software in the TV itself.
; <<>> DiG 9.4.2-P2.1 <<>> www.samsung.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39167
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.samsung.com.               IN      A

;; ANSWER SECTION:
www.samsung.com.        253     IN      CNAME   www.samsung.com.edgekey.net.
www.samsung.com.edgekey.net. 3171 IN    CNAME   www.samsung.com.akadns.net.
www.samsung.com.akadns.net. 253 IN      CNAME   china-www.samsung.com.edgekey.net.
china-www.samsung.com.edgekey.net. 2765 IN CNAME china-www.samsung.com.edgekey.net.globalredir.akadns.net.
china-www.samsung.com.edgekey.net.globalredir.akadns.net. 853 IN CNAME e1722.g.akamaiedge.net.
e1722.g.akamaiedge.net. 14      IN      A       23.206.87.52

;; Query time: 0 msec
;; SERVER: 2001:980:14ca:42::18#53(2001:980:14ca:42::18)
;; WHEN: Wed Feb 25 20:20:34 2015
;; MSG SIZE  rcvd: 244
Online there are some similar messages: Smart TV mayhem for Sony and Samsung users after central servers go down, Internet-Ausfall bei Samsung Smart-TV

Update:
According to some reports the fix is simple: Users fix Samsung Smart TV down time themselves – Two workarounds known which both hardcode an Akamai IP for www.samsung.com and skip the CNAME chain. Remember when DNS manuals told you CNAME chains were a bad idea? They still are, I guess. I implemented the fix locally with pdns-recursor and the export-etc-hosts option which allows me to serve an A record for www.samsung.com (the IP I get from the CNAME chain). And indeed, the smart TV applications work again.
Read the rest of Samsung TV decides the Internet is broken

Tags: , ,
2014-03-01 Netgear GS716Tv2 switch and IPv6 management 2 years ago
Sharing my earlier experiences with the hidden telnet interface on the Netgear GS716T switch was appreciated by someone else with a Netgear GS110p switch: "Hidden" CLI interface on Netgear GS110TP. So I guess this is a feature on multiple netgear switches.

And that article made me look at the firmware version, finding in the release notes for the newer version:
New Features:
* Add IPv6 management, IPv6 ACL, and IPv6 DiffServ support.
I like that feature a lot! And indeed, after upgrade and setting the IPv6 management address:
Read the rest of Netgear GS716Tv2 switch and IPv6 management

Tags: , ,
2013-12-16 (#) 3 years ago
Ik vroeg me recent af wat het aanbod is in access-points voor thuis met dual-radio support, dus tegelijkertijd actief op 2.4 GHz en 5 GHz. Op de 5 GHz band is minder storing maar niet alle apparaten die wifi gebruiken ondersteunen 5 GHz. En 802.11n op 2.4 GHz doen is volgens mij asociaal omdat je dan helemaal andere netwerken in de buurt stoort.

Toevallig blijkt het agentschap telecom het met me eens te zijn: Met een combi-router ben je goed voorbereid op de Wi-Fi van de toekomst - Agentschap Telecom.

Dus liefst heb ik een access-point met dual-radio, 802.11n ondersteuning alleen op 5 GHz, WPA2 en niet te veel stroomgebruik. Het lijkt soms dat 2 access-points met verschillende settings wel eens goedkoper in aanschaf kunnen zijn dan eentje met al deze opties, alleen dan vast in stroomgebruik niet.

Tags: , , ,
2013-12-10 (#) 3 years ago
Conrad maakt in z'n laatste mailing reclame voor een Conrad POF thuisnetwerkkabel starterkit. Alleen ik kan nergens terugvinden hoe snel data over plastic optic fiber (POF) kan. Ik dacht uit het verleden dat dit beperkt was tot 100 megabit maar misschien is er een nieuwe standaard die wel tot gigabit gaat.

Plastic optic fiber kan een goeie aanpak zijn om in huis langere afstanden te overbruggen zonder terug te vallen op ethernet over stroomnet. In de voordelen van plastic optic fiber noemt Conrad ook Geen afstraling (elektrosmog). Ik zou 'geen radiostoring' een betere omschrijving vinden, maar dit spreekt natuurlijk meer aan.

Tags: , ,
2013-11-19 (#) 3 years ago
Interesting DNS problem:
hout0101@monitoring:~$ getent hosts fg.geo.uu.nl
131.211.64.24   fg.geo.uu.nl
hout0101@monitoring:~$ telnet fg.geo.uu.nl 80
telnet: fg.geo.uu.nl: Name or service not known
fg.geo.uu.nl: Unknown host
Found out after serious searching that this was caused by the /etc/resolv.conf line:
options rotate
Of the 3 available nameservers, numbers 2 and 3 decided to negatively cache fg.geo.uu.nl for good reasons earlier. Options rotate counts per program which means the impact isn't that big for short-lived programs. I guess telnet does a query before querying the nameserver for the needed address to connect to.

Tags: , ,
2013-07-19 (#) 3 years ago
My speedtest on T-Mobile umts The predicted change from KPN to T-Mobile took a bit longer than predicted but it has finally happened. Network speed is now 1 mbit down and 32 kbit up according to speedtest.

Somebody I spoke about it wondered whether there was a data subscription included at all or this was the rate at which things could get expensive fast but the T-Mobile business website confirms that this is the slowest data subscription available from T-Mobile NL.

Tags: , , ,
2013-05-29 (#) 3 years ago
I checked for updates of NDPMon, an IPv6 neighbour discovery protocol monitor and noticed I was way behind the current times. I also found out it can now monitor multiple network interfaces in once instance of the program, so I can keep an eye on both wired and wireless networks at home.

Do take the advice of using the 'learning' mode of NDPMon as mentioned in the documentation for NDPMon. It makes getting the entire correct router advertisment correct into the datafile correctly so much easier. Downside is you have to run at a quiet time and after each IPv6 network reconfiguration.

It would also be nice if NDPMon would report on which interface certain traffic was seen.

Update: Ok, NDPMon still manages to warn about a router configuration it has learned itself. I found a remark in the NDPMon documentation/configuration page:
Under the tag addresses are listed the IPv6 global addresses of the router. This is not required for the tool to work properly, but can be useful is the router send NA messages for its global addresses (to avoid raising NA router flag alerts).
So I added the global IPv6 addresses of the routers, let's see if this decreases the noise.

Tags: , , ,
2013-05-08 (#) 3 years ago
Monoskop
multicast stream test image: Philips PM5544 testcard I had to test some part of the multicast setup on the work network and fired up VLC.

And from the department of 'some things never change' or 'still going strong', Bratislava STV2 testcard is still available under the title 'Monoskop' on vlc url rtp://@233.10.47.73:1234. This stream must have been going for years, I remember using it in tests years ago.

And during the day when STV2 has no program, it still transmits an actual Philips PM5544 testcard.

Tags: , , ,
2013-03-09 (#) 3 years ago
In the search for the source of the interference I do note the Devolo dlan powerline network has lousy performance when I compare the speed the devolo utilities say I will get compared to what iperf says:
koos@metcalfe:~$ dlanlist eth0
Type    MAC address        Mbps TX/RX       Version/Product
local   00:0B:3B:5F:95:AB  ---.-- / ---.--  INT6000-MAC-3-3-3348-00-2764-20080808-FINAL-B devolo dLAN 200 AVplus [MT2165]
remote  00:0B:3B:6F:AE:90   73.50 / 112.88  INT6000-MAC-3-3-3348-00-2764-20080808-FINAL-B
And from iperf:
[  3]  0.0-10.2 sec  1.43 MBytes  1.18 Mbits/sec
Interesting difference of opinion there, 73/112 megabit versus 1.18 megabit.

Update: it helps when I remember the setup of the system: I installed the wondershaper on that system which throttles bandwidth at .. 1 megabit. Re-running the test with the throttle disabled gives totally different results:
[  3]  0.0-120.1 sec    308 MBytes  21.5 Mbits/sec
Testing with udp gives even higher speeds:
[  3]  0.0-120.0 sec  1.34 GBytes  95.6 Mbits/sec
And in the other direction:
[  3]  0.0-120.3 sec    649 MBytes  45.2 Mbits/sec  0.204 ms 1075187/1538185 (70%)

Reception of 2 meter radio doesn't get worse/better during these tests. According to the devolo dlan 200 faq the devices work in the range of 0 to 30 MHz with notches for HF amateur frequencies. With the software defined radio I also see no change in the 2 meter band when running bandwidth tests. Which doesn't say a lot: I can't even find the output from PI3UTR at 145.625 MHz in the output plot, even with a receiver nearby receiving that same signal fine. The output plot does show APRS active on 144.800 MHz.

Tags: , ,
2012-12-18 (#) 4 years ago
Another thing I puppetized: setting static routes on redhat-like servers. We have two rfc1918 ranges for management network so systems with a public IPv4 address and a management IPv4 address need a static route to the other half of the management network. Time for puppet which distributes the /etc/sysconfig/network-scripts/route-* files and does an ifdown and ifup of the affected interface. Using the variables from facter I can find whether a host is on one of the management IPv4 ranges and on which interface, and create routes accordingly.

Tags: , , ,
2012-11-10 (#) 4 years ago
I just tried to visit Laser charged glowing display - Hack a Day but the page kept loading forever. The problem is with loading page content (images and scripts) from s0.wp.com, s1.wp.com, s2.wp.com. All of which seem to be part of wordpress hosting and come via the edgecast content distribution network:
koos@machiavelli:~$ host s0.wp.com
s0.wp.com is an alias for cs82.wac.edgecastcdn.net.
cs82.wac.edgecastcdn.net has address 93.184.220.111
cs82.wac.edgecastcdn.net has IPv6 address 2606:2800:234:1922:15a7:17bf:bb7:f09
koos@machiavelli:~$ host s1.wp.com
s1.wp.com is an alias for cs82.wac.edgecastcdn.net.
cs82.wac.edgecastcdn.net has address 93.184.220.111
cs82.wac.edgecastcdn.net has IPv6 address 2606:2800:234:1922:15a7:17bf:bb7:f09
koos@machiavelli:~$ host s2.wp.com
s2.wp.com is an alias for cs82.wac.edgecastcdn.net.
cs82.wac.edgecastcdn.net has address 93.184.220.111
cs82.wac.edgecastcdn.net has IPv6 address 2606:2800:234:1922:15a7:17bf:bb7:f09
And all suffer from a reachability problem via IPv6:
koos@machiavelli:~$ telnet s0.wp.com 80
Trying 2606:2800:234:1922:15a7:17bf:bb7:f09...
Taking a while to fall back to IPv4, which results in long page loading times. I noticed this on other sites too, like pages using gravatar. Which uses the same cdn with the same problem:
koos@machiavelli:~$ host 0.gravatar.com
0.gravatar.com is an alias for cs91.wac.edgecastcdn.net.
cs91.wac.edgecastcdn.net has address 68.232.35.121
cs91.wac.edgecastcdn.net has IPv6 address 2606:2800:234:124e:17ca:871:eb2:2067
koos@machiavelli:~$ telnet 0.gravatar.com 80
Trying 2606:2800:234:124e:17ca:871:eb2:2067...
Seems edgecast has an IPv6 reachability problem from here (home, xs4all IPv6) but not from other places. I can't reach the edgecast site either since it's on their own network. Or at least I can't via the squid proxy, I can when not using a proxy, since firefox has its own ideas about timeouts.

I tried to notify edgecast via e-mail and twitter.

Update 2012-11-12: Noted by others: WordPress IPv6 Issues - dereenigne.org seeing something more like PMTU problems.
And Edgecast is working on it: Thanks, @jmccrohan and @khoos. We're working hard on this right now. More soon. cc @florianoverkamp @cwoodfield
After a few changes and a lot of testing, we believe the IPv6 issue experienced by some users is now resolved.
But I'm still seeing routing issues:
$ traceroute6 www.edgecast.com
traceroute to www.edgecast.com (2606:2800:234:1df9:13d:1d4e:6b0:10cf) from 2001:980:14ca:61::13, port 33434, from port 44865, 30 hops max, 60 byte packets
 1  lo1.dr4.1d12.xs4all.net (2001:888:0:4401::1)  15.529 ms  14.870 ms  16.175 ms 
 2  1314.ae3.xr3.3d12.xs4all.net (2001:888:0:4403::2)  15.349 ms  16.757 ms  14.426 ms 
 3  0.ge-1-2-0.xr1.sara.xs4all.net (2001:888:1:4005::1)  17.594 ms  16.123 ms  15.212 ms 
 4  ge-0.ams-ix.amstnl02.nl.bb.gin.ntt.net (2001:7f8:1::a500:2914:1)  17.108 ms  16.405 ms  15.552 ms 
 5  ae-2.r03.amstnl02.nl.bb.gin.ntt.net (2001:728:0:2000::12a)  18.093 ms  17.441 ms  16.083 ms 
 6  * * *         
 7  * * *         
 8  * * *         
 9  * * *         

Update 2012-11-15: More traceroutes to test. It seems the only thing unreachable is exactly the /48 which holds the IPv6 content server(s).

Update 2012-12-07: A network engineer at xs4all contacted Edgecast and got the problem solved pronto. I guess he has a better entry point!
koos@greenblatt:~$ telnet -6 www.edgecast.com 80
Trying 2606:2800:234:1df9:13d:1d4e:6b0:10cf...
Connected to www.edgecast.com.
Escape character is '^]'.

Tags: , ,
2012-11-04 (#) 4 years ago
Some updates to the findings on playing with a cablemodem after getting access to a second cablemodem. The interesting conclusion is that the first one still seems to be 'blacklisted' as I can't get an answer to DHCP requests when using that one.

Tags: , , ,
2012-09-14 (#) 4 years ago
RIPE NCC Begins to Allocate IPv4 Address Space From the Last /8

IPv4 addresses aren't "finished" at RIPE yet, but allocation is now according to quite strict rules: IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region.

Tags: , ,
2012-07-26 (#) 4 years ago
I run arpwatch on my home networks (wired and wireless are separate with slightly different policies). Since a Samsung Galaxy s3 showed up on the home wifi network things have been interesting. It does speak IPv6 with privacy enhancements. It also makes up a daily 10/8 address which get noted by arpwatch.

Tags: , , ,
2012-07-25 (#) 4 years ago
Internet history collected: the Internet history collection at the Computer History Museum in Mountain View, California. Close to El Camino Real, so near the places where the history happened.

Tags: , ,
2012-06-11 (#) 4 years ago
I recently got access to a Motorola SBV5121E cablemodem. No, I'm not switching to cable Internet access at the moment as ziggo still doesn't offer fixed IPv4 addresses or IPv6 at all on consumer connections. But it was interesting to give the cable modem a try.

If I am correct, this is the 'previous' generation cable modem. The maximum speed on the ethernet interface is 100 Megabit where Ziggo now offers subscriptions up to 120 Megabit.

When not connected to the cable network, the modem runs a small DHCP server for IPv4 which gives out 192.168.100.x addresses. The management interface is reachable via http://192.168.100.1/, username admin password motorola.

When I connect the RF interface to the tv cable, it gets a link. In the management interface I see Downstream frequency 186000000 Hz (186 MHz) with QAM256 modulation. The upstream frequency is 36000000 Hz (36 MHz) and the interface lists QPSK, 32QAM and 64QAM modulation, I guess the fastest one with a reasonable error-rate is chosen. Downstream speed is listed as 55.616 Megabit and upstream speed as 30.720 Megabit.

Interesting to see quadrature amplitude modulation (QAM) used here, just like in the DVB standards. I guess this is the best way to fit bits in a broadcast channel.

Connected to the ziggo cable and running tcpdump shows arp traffic originating from ziggo routers. Trying to cause traffic to ziggo IPv4 addresses from the outside shows arp for only one IPv4 address I tried, not for lots of others. Which means either all those clients are active (needing no ARP try needed) or one IPv4 address to the next being active in separate broadcast domains.

I also ran tcpdump with the modem starting up disconnected at the cable side. Absolutely no packet comes out on the ethernet interface.

First time I tried to get an IPv4 address from cable using DHCP while connected it gave me a IPv4 address from the 198.18.0.0/15 range, a range "reserved for benchmark tests of network interconnect devices". When I tried to visit any website I got redirected to www.ziggo-activatie.nl at 172.25.4.6 / 172.25.38.6 (which is in RFC1918 space). This website identifies itself as activation site for the provider, asking for a provisioning code and password. I guess the activation site will link cable mac and customer account in the databases at the cable operator side.

A scan of the assigned network (a /24 out of 198.18.0.0/15) shows several IPs in use all having the same MAC address 00:30:B8:xx:xx:xx (RiverDelta Networks). A search for RiverDelta Networks shows it is a maker of cable modem termination systems and has been acquired by motorola.

When I tried it again it with the same cable modem it doesn't give me an IPv4 address at all. An interesting change.

Update: Later another Motorola SBV5121E cablemodem found its way to me. Trying this modem gave me an IPv4 address via DHCP again and a new try at the activation server so I could look up certain things described in this item and update it.

Tags: , , ,
  Older news items for tag network ⇒
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 2C66 3B5D F0D7 C263 local copy PGP key 2C66 3B5D F0D7 C263 via keyservers pgp key statistics for 0x2C663B5DF0D7C263 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps