Observations in Design of Modern Fabrics

Eighteen months of planning, identifying candidate solutions, writing business and technology requirements, building test plans and finally testing hardware have transpired. We have successfully proven all fabrics tested have the capabilities we need. All tasks can be accomplished on all platforms, and all features, functions, and protocols required from a modern data center function appropriately for our usecases. This turns out to be quite a conundrum. In every architecture bake off I have previously participated in, there was usually a clear winner. There was a solitary product which clearly solved a majority of the business or technology problems and others that did not. For the first time we had four products, and all four solutions by any any technical measure go above and beyond our requirements.

We found ourselves in an odd place. We have to make and defend our decision. To do that, we need to actually determine how to qualify and quantify why we preferred our choice. And when asked what the differences were, it really came down to the philosophical approach each manufacturer took to solving higher level problems we face in the data center of tomorrow. I use tomorrow–not today–for good reason. Continue reading

Advertisement

CA Trust in FreeBSD

These are my notes on managing Trust in FreeBSD.

Predestined search paths for Trusted CA:

/etc/ssl/cert.pem
/usr/local/etc/ssl/cert.pem

If the certificate can’t be found, fall back to OpenSSL’s default location.

And when it comes to your web-browser, fear not for certutil allows you to manage the nssdb:


CA_TRUSTED_CERT=~/MY-CA-CERT
certutil -d sql:$HOME/.pki/nssdb -A -t "CP,,CP" -n basename ${CA_TRUSTED_CERT} -i ${CA_TRUSTED_CERT}.pem

Converting p7b Files and Certificate Chains to PEM files: (common with MSAD CA)

View certificate contents:

openssl -pkcs7 -print_certs -in cert.p7b -inform der -text

Convert Certificate:

openssl -pkcs7 -printcerts -in cert.p7b -inform der -out cert.pem

Sizing your Internet/WAN Edge

The internet is getting faster and faster. I now have Gigabit Fiber delivered to within a foot of my home router. The carrier then is kind enough to provide a smart jack that converts the fiber delivery to a Gigabit Copper handoff.

More bandwidth is better right? Well kinda… Unfortunately, I hadn’t planned on one thing I am now much more vulnerable to denial of service attacks. Why is this an issue? Whats an engineer to do? Read on.. Continue reading

Cisco Auto-Provisioning Lab

So I have had need to quickly build a provisioning server for a lab to auto provision devices as they come online. This is the basic steps to accommodate this. Note there are far more complex and secure methods to utilizing something similar in production. Feel free to use this as a learning tool, but understand in a production environment, this is not recommended as critical pieces of information would be sent in clear text.

Continue reading

fully dynamic fluxbox menu

I needed the ability to generate a menu dynamically in Fluxbox for various things that change on a regular basis.

Unfortunately, there doesn’t appear to be a facility built into fluxbox to allow for this. So I spent some time and built a partially dynamic menu that updates with the click of an ‘update’ menu item at the root menu.

I was trying to come up with a good way for the menu to update on the fly. Since fluxbox simply reads a menu file (when you use the [include] function) I needed a file that when read, it returns a dynamic response and begins the process again. It’s not completely in time, but it at least refreshes on the fly. So what is a file that provides these properties?

Continue reading

Execution Performance, Linguistics, Totalitarian Elitism, and of course Python: Language as a construct of action

I’m an elitist in the worst way sometimes, so this is probably the pot calling the kettle black. But I simply want to pose a question, that no doubt will spark great debate among a very divided culture:

Why does the coding style we use to imply organization of the characters in the document representing code need to be so explicitly tied to the keywords, syntax, semantics, operators, closure, and the most important part… the resulting libraries that make up the development environment we seek to develop within?

It’s always the same argument Braces and Semi’s versus Linguistic command flow.

Continue reading

Debian 7 Wheezy Installation in FreeBSD 10 Jail

I decided to collapse the multiple systems I have running various flavours of Linux and BSD into a  single system. For a long time I had been using Windows Small Business Server. Well I don’t really want to spend the money to upgrade to 2016 and since it appears Microsoft has abandoned its purist Unix roots by trading the tight and tidy SFU (Interix) for the wildly fat Ubuntu and a Linux ABI. In the advent of this change, I figured I would flip back to FreeBSD, which in my not-so-humble opinion is still the closest thing to Unix you can get. In fact, it actually derives its original sources from none other than Research UNIX, and while it’s wildly more advanced, the distribution holds it’s origin close to it’s heart.

Either way, the task: Support the ever growing number of ‘Appliance’ installs on top of FreeBSD. In this first iteration I have found several guides and worked through getting Debian 7 functional in a FreeBSD 10-STABLE Jail. No guarantees on stability, but I’ll update this if I come across any oddities. This task was performed on FreeBSD 10.3.

Continue reading