Developers Club geek daily blog

Program Internet gateway for not the small company (Shorewall, OpenVPN, OSPF). Part 2

1 year, 7 months ago
I submit the second article from a series, the "continuing" system administrators oriented on, for experienced I will hardly open something new.
In these articles we will consider creation of the Internet gateway on linux allowing to connect several offices of the company and to provide limited access in a network, a prioritetzation of a traffic (QoS) and simple balancing of loading with reservation of the channel between two providers.
Specifically in this part:
  • More detailed Shorewall setup
  • Terrible and not clear QoS
  • Balancing of loading and reservation


And in the previous part were considered:
  • The elementary Shorewall setup
  • Awfully difficult dnsmasq setup
  • Not less difficult OpenVPN setup
  • And for many continuing administrators atypical, dynamic routing, on the example of OSPF

Read more »


Wi-Fi Alliance announced the new Wi-fi type for IoT and devices with low energy consumption

1 year, 7 months ago


Wi-Fi is one of main types of a wireless communication now. The majority of communication devices are equipped with this wireless type of communication. But here smart gadgets, i.e. devices with the smart prefix usually do not use Wi-Fi for communication with each other. Exceptions are, but there is not a lot of them.

Vendors reluctantly go for embedding of such communication modules in smart gadgets as Wi-Fi demands considerable costs of energy. And it is a real problem for devices which have to be small, cheap and work in a standalone mode months or even years. But now this problem is gradually solved, apparently. Wi-Fi Alliance is going to certify the Wi-fi HaLow standard, the main for which serves the IEEE 802.11ah specification unconfirmed so far.

Read more »


Stories from practice of optimization of a network

1 year, 7 months ago
Hi! I with colleagues optimize the available channels. We are constantly confused to optical sealants, to engineers-cablemen, in general, to loaders.



And our work is an analysis of a stack of protocols and its complete rearrangement under features of the channel, setup of the optimum sizes of a frame, collecting of several packets for the channel with big latency in one, a deduplication, normal compression, analysis of SSL and reassembly with the same certificate. It is solved in the simplest case installation of special iron on the accepting and transmitting end. As it is necessary to reach each point, we also work as exit engineers. And, as at any exit engineers, stories at us the sea. Below I will tell a little, I will only change a number of minor circumstances that it was impossible to recognize the customer.

For example, there are night works in very large shop. The administrator of the customer and our engineer came per hour nights into server, work. The engineer left in a toilet, returned. In a couple of minutes – knock at a door. Open — and at once GBR with automatic machines, at once legs for the body, a muzzle in a floor and in handcuffs flies.

Then approach police and main on shop. Main assesses a situation and with authority declares:
— I know this, this is our administrator. And I do not know this. Take away.

Read more »


Kill switch for OpenVPN on the basis of iptables

1 year, 7 months ago
It is known that at connection to open Wi-Fi to networks your traffic can be easily listened. Of course, now more and more websites use HTTPS. Nevertheless, it is yet not 100%. There is a natural desire to secure the traffic at connection to such open Wi-Fi to networks.

Popular solution of this problem — connection through VPN. In that case your traffic is transferred in encrypted form to the VPN server, and already from there goes to the Internet.

Such solution has a small shortcoming: until VPN connection is not set yet, all applications on your computer (including open tabs of the browser) get Internet access bypassing VPN connection.

In this article I will tell how it is possible to avoid it.

Read more »


Domain sharding: implementation on the Ruby on Rails and results of application

1 year, 7 months ago
I solved on the example of one project recently to learn, how strongly influences the speed of loading of the website domain sharding. I will remind, an essence of this optimization that static files are loaded from different domains (which, however, can indicate the same server), and it allows to bypass restriction of browsers for the number of simultaneous connections to one domain. Intuitively it seems that in case of a large number of small files it has to accelerate significantly loading of the website in general. Let's check, whether so it actually.

Read more »


Gray servers: extraordinary schemes of import of the B2B-equipment to Russia

1 year, 7 months ago
I have a good friend – will name him Anatoly (actually his name is differently, but it is not important). It works in the company which is directly connected with supplies of equipment of world giants IT different there and the telecom industry in a public sector – that is, in other words, with state procurements. We with Anatoly regularly gather behind a glass of beer a cup of tea, and here approximately a month ago we had very interesting conversation. At once to an opredmech its subject: in the field of supplies of equipment in the B2B segment is created tako - about - oye … No, the speech even not about "gray" and "left" schemes, and about – I will not be afraid of this expression – violation of strategic interests of the state.

image

Read more »


FlexPod Express: UCS-Managed configuration

1 year, 7 months ago
Among three previous configurations of Small/Medium/Large in architecture of FlexPod Express one more appeared under the name Cisco UCS-Managed. In this article the speech about this new configuration will go. FlexPod Express and FlexPod Datacenter are divided into two main types of connection: direct connection of SHD to servers (between SHD and servers there is no switch) or via the switch (between SHD and servers there is a switch), I will remind that Fabric Interconnect is not the switch, but part of the UCS domain of servers.

It should be noted several important differences of a new configuration from previous three.
  • First in architecture there were Fabric Interconnect, let also performed by the internal devices installed in the UCS Mini chassis with blades.
  • Secondly in architecture the possibility of direct connection of SHD to Fabric Interconnect appeared, earlier between servers and SHD there shall be a switch. At the same time the switch had to be only Nexus (3048/3500/9300).
  • In the third if we have a configuration of FlexPod Express Cisco UCS-Managed with direct connection, the switch for connection of ultimate users shall not be Nexus. Now it can be any standard switch maintaining fault tolerance on similarity of Multi Chassis Etherchannel. But if between UCS and FAS the switch is necessary, then the switch is obliged to be Nexus.

Read more »


Balancing of traffic between two NAT on different providers on one physical router

1 year, 7 months ago
At the classical scheme of connection of two ISP to one router, there is an opportunity to use at once two channels for Natirovaniya of internal clients with balancing of loading, and not just for a feylover at failure of one of providers.

Read more »


What did year 2015 bring to us?

1 year, 7 months ago


Would like to congratulate all habrovchan with coming New Year and Christmas! Behind a window of our Moscow office in the heat winter: it is a lot of pools and +8 on a thermometer. Year comes to an end, and it is time to sum up the results. We decided to try to remember what appeared such interesting in 2015 in the world of IT. And as the world of IT is huge and to remember everything — a task extremely difficult (is a match unless for Schwarzenegger), narrowed the look and stopped on the following companies: Cisco, HPE, Microsoft and VMware. As it appeared (who actually would doubt) if to try to tell about all innovations of the companies stated above, it will be necessary to try very strongly. But soon holidays, it is also necessary to buy gifts, to go to cut a fir-tree, to begin to cook Russian salad. Therefore we tried to select only what, in our opinion, was the most significant for us and our customers. In any case we so hope.

So, there will be enough lyrics, begin our TOP of solutions/devices of other trifles which we selected, having separated on vendors.

Read more »


We look in looking-glass

1 year, 7 months ago
Remarkable example of network solidarity are the numerous looking-glass services allowing to glance behind the scenes of very many big and small networks around the world. It is so surprising in the modern world hidden behind one hundred security systems just like that to take and execute commands on routers being one of the most critical devices of all infrastructure of data transmission.

looking-glass version6


It is only necessary to enter the IP address or a prefix in the field and to receive in reply the routing table or trace and results of work of the utility of ping. Therefore when you understand that it is possible to enter not only addresses, but also some other characters created in intelligent commands and to receive intelligent results, there comes the stupor. There is a wish to run and shout on all corners: "Yes what is it it is necessary to prohibit immediately what for absurdity?". All this effects of the last years when safety above openness and an udobnost and on it, undoubtedly, is the reasons.

It will be a question of very popular implementation of looking-glass from version6.net and that - it is possible to receive from this service.

Read more »