Wednesday, July 22, 2009

Cloning SLES in Citrix Xen

Virtualisation is not only great in production environment but also the best way when it comes to development.

One of the most common and extremely useful feature is cloning of another virtual machine as it will save you a lot of time and also resources. However, when you clone using the the 'Fast' method, you will face problem with the network card as the MAC address will be similar. This affects mostly Linux distros as Windows will boot the NIC as a new card and take in the MAC address assigned by the XenServer.

For SLES, there are a couple of things you need to do overcome this. First, take note of the correct MAC address which is displayed at the network tab of the cloned VM.

Once you have the info, move the network card configuration file to reflect the right MAC address, eg

cd /etc/sysconfig/network/
mv ifcfg-eth-id-5e\:7f\:45\:e6\:46\:29 ifcfg-eth-id-aa\:fa\:53\:65\:40\:92

If you want to make the network card as a DHCP client, then edit the /var/lib/dhcpcd/dhcpcd-eth0.info file. At the bottom of the file, update the entry with the correct MAC address, eg

CLIENTID=AA:FA:53:65:40:92

Save the file, then run the network configuration wizard using YaST and you're good to go.

Thursday, April 23, 2009

Ubuntu 9.04 Desktop Edition

Just released a few hours ago. My laptop is already running it. All I need to do is to simply upgrade from the previous version through the Update Manager. It's a breeze.

Ubuntu Desktop is my preferred desktop OS. It is pleasing, easy to use and has almost all that you need. If you are pretty savvy, as in you know how to install stuff and all, then switching to Linux is not that hard. It's a matter of getting use to something totally different.

http://www.ubuntu.com/products/whatisubuntu/904features/

Wednesday, April 15, 2009

How to build your own hot spot, the right way.

The following is taken from an article on CNET entitled How to be an ISP: Build your own hot spot
(Note: I have informed CNET of the mistake and the writer has since updated his article)


"The easiest way to do this is to use two routers. The first router is used for your home to create a private network. With most existing Internet providers, this router will act as a gateway with NAT. You don't need to worry about what passwords or data travel over this network (you can allow Windows file sharing, or you might telnet from one local machine to another) because only trusted people have physical access to the network. If this router is wireless-capable, you will need to encrypt the connection to make sure only trusted people can connect to the network.

The second router is the wireless router that you want to use to offer access to the public. This router needs, in turn, to have NAT function of its own. This means once plugged in the first router, the second router will take the connection to the Internet from the first router and create a captive local network of its own, separate from that of the first router. In short, the NAT function of the second router acts as a firewall that separates the two networks"


There were no topology in his guide but if I understand the writer correctly, based on a typical home setup, what he suggested should look like the following


If I am right, then the above mentioned part of his article is totally wrong.

By having another network behind a router and NAT does not protect the network in front of it. In fact, the protection is the other way round. This is the case with any typical home network where being behind the NAT provides somewhat of a 'protection' from the Internet, and not the other way round.

Building two totally separate and secured network is not that hard but not as simply as relying on NAT. But based on this article, the right way is to actually reverse the function of the two routers. In other words, the first router is the wireless router that you want to use to offer access to the public and the second router is used for your home to create a private network. The NAT on the second router will provide the private network protection from the hot spot network.

The only problem then is the double NAT which makes hosting services in the private network a real pain in the ass.

Tuesday, April 7, 2009

Configuring Cisco for SingNet Bizlink

Situation

You switched to SingNet Bizlink static IP plan and were given a Cisco 877. You have your own router and/or firewall in your current setup and all you need is an ADSL modem to replace your current CPE. This way, you can keep everything else in place and simply do an IP change.

Problem

You have searched for configuration samples for the Cisco and tried in vain to get it to work as a transparent bridge but failed. You need to use the Cisco because that is the only device you have that can connect you to the ADSL service.

Resolution

Go the routing way by creating another routing subnet between the Cisco and your existing router.

So the topology will look like this



Configurations

1. Set Cisco ATM interface as required with your public WAN IP eg 1.1.1.0/30

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 1.1.1.2 255.255.255.252
ip nat outside
pvc 8/35
encapsulation aal5snap
!

2. Set the VLAN interface with a small subnet private ip that is not part of your own private IP eg 10.255.255.252/30

interface VLAN1
ip address 10.255.255.253 255.255.255.252
ip nat inside

3. Set your own router WAN interface within the same range as the Cisco VLAN interface, in this case 10.255.255.254 255.255.255.252

4. Set your own router LAN interface with the public LAN IP assigned by SingTel eg 2.2.2.0/28

5. Add a route on the Cisco for all traffic to point to SingTel side and another route to your public LAN network behind your own router/firewall.

ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 2.2.2.0 255.255.255.240 10.255.255.254

6. Do a static NAT for your own router/firewall using the public WAN IP. This way traffic from the Internet will see the public WAN IP as your current router/firewall, as if the Cisco does no exist.

ip nat inside source static 10.255.255.254 1.1.1.2

Conclusions

Advantages
- You keep everything as it is and only need to change IP address.
- As good as configuring the Cisco as a bridge.

Disadvantages
- You MAY run into IP routing problem if you have private networks using the same range as the private IP assigned to the VLAN1 interface. However, by using the smallest network you can, this is quite unlikely.
- You have additional route when you do a traceroute from the inside.

Thursday, March 26, 2009

SLES / SLED 11 shipped

SUSE is my favourite distro. Let's see if this version can top the previous one which to me is already the most friendliest and complete Linux distribution available.

Sunday, March 22, 2009

Shared vs dedicated - Dedicated wins

All of the services Starhub provides, their broadband service is the only one I never ever will recommend to anyone.

I still remember the one time I subscribed to cable and I terminated it within a month. Even the technician who came to attend to my complaint was speechless when I showed him webpages that can't even load. How can it be called broadband when it is worse than dial up?

When it comes to paid broadband, please go for ADSL services like SingNet etc. My stance remains the same since the first day I started to write in cyberspace with pov.2y.net which then became azacamis.com, that between cable and ADSL access, I'll take ADSL any day.

Starhub tried to debunk this shared vs dedicated so called 'myth'. Although SingNet may have played this up to their advantage by not telling the whole truth, it is nevertheless true that dedicated access will give you consistent access.

If you are new to this shared vs dedicated thing, let me help you out.

Imagine the Internet as a bank. Accessing the Internet is the same as borrowing money which represents the bandwidth. Accessing the Internet to do simple task like going to www.google.com requires you to borrow for a very short period while more complex task like downloading a huge file will cause the money to be out of the bank longer. Each subscriber can only borrow what they are entitled to according to the plan they subscribed to and once they are done with the task, they will return back the money to the bank.

ISPs uses the probability formula when selling their non-guaranteed Internet access like for home use. So even though they may have say 100,000 subscribers, they may not have that much bandwidth because not all the subscriber use the Internet at the same time (even though they may be logged on) or download at the same time. The chances of all users clicking the mouse or pressing the enter key at the same time is very very rare therefore ISP 'recycles' the bandwidth among their subscribers.

This 'recycling' thing also makes business sense because it can bring the cost down, which is why most homes here can afford broadband.

The issue is not about ISP 'cheating' you. The issue is how the bandwidth is spread out within its users and this is the problem with Starhub shared basis.

Starhub's shared access network means groups of subscribers are assigned to specific tellers in the bank depending on their location and each teller has a fixed amount of money they can lend out. When the demand to borrow money is low because only a few users need them at the same time, there will be more than enough of it to go around.

Since the probability formula is applied to each teller, that means they do not have enough money for all users to use at the same time. Although I mentioned earlier that the chances of all users using the Internet at the same time is rare, the chances are increased when the amount of bandwidth to play around is lower, which in this case, the money each teller has.

When that actually happens, users will be fighting with each other because there are only enough money a teller can borrow out even though other tellers may have tons of it with them. This means that while some users may be getting more bandwidth than they subscribed to, you on the other hand can't even get what you are entitled to. That is why sometimes cable users in Jurong are happily surfing while users in Tampines are frustrated as hell.

SingNet however assigned each subscriber to a teller and this is what they mean by 'dedicated access'. Although still based on the probability formula, a teller can get hold of any money available in the vault. The chances of the vault running out of money is very low. Even if they do run out of money, everyone is affected and not just a group of subscribers.

Unless Starhub can dynamically or constantly change the amount of money tellers can dish out according to the need at that time, it will never be consistent. How would you feel when you have an important email with an attachment to download and you are assigned to a teller that has very little money left?

All the while I have been on ADSL, I have never experience speeds like a dial up unless there is a problem. For Starhub, it's a gamble.

Friday, January 16, 2009

Postfix - Send to unknown local user

virtual_transport=smtp:next hop

eg virtual_transport=smtp:111.222.111.222

This option is useful is you have two mail servers, one local and one external with the same domain. Normally this is done to save bandwidth. The local mail server will only deliver mails to known users and will pass mails to unknown users within the same domain to the external server.

Say for example a local user sent two email to bob@domain.com and alice@domain.com to the local mail server. Mails for bob@domain.com, who exists in the local mail server, will be sent to Bob's mailbox while mail for alice@domain.com will be forwarded to the external mail server.

Sunday, January 4, 2009

Creative being not so when it comes to marketing

Creative cut workforce by half.

Reading this news reminds me of an article by CNA titled Being 'cheap and good' can be bad last year about how companies producing cheap but of good quality may not be the best way to go. Part of the article touches on Creative losing to Apple because it's cheaper even though it is of good quality. I wrote in with my comments below

I agree, the words cheap and good are rarely able to be placed within the same sentence because the first thing that comes to our mind is that cheap products equal poor quality.


But in the case of Creative Zen MP3 players, its failure is definitely not due to it being cheap, hence thought to be of poor quality. Big chunk of its failure is due to how it was promoted.

The market for MP3 players, by large, are for younger generations, from teenagers to young adults. By knowing the target, Apple have made the right decision by coming out with advertisements promoting it as something hip, trendy and very attractive to this group. None of its adverts mentioned technical specs because they know, in this market, being technically good is not as important as looking good. They got big artists like Black Eyed Peas that appeal to music lovers for that. We all know how endorsements can translate to profits.

I belong the young adults group and I own an iPod, no surprise here. The iPod don't sound that amazing and its functionality deserves some scrutiny but since it is not pertinent that I do my 'the most bang for the buck' research for something inexpensive such as an MP3 player, I would go to the one attracts my attention even though I know there are other players that can match iPod but with a cheaper price tag.

Branding plays a big part in making a product successful. Apple came into the MP3 market with shock and awe and now the word MP3 is synonymous with iPod, even though they may not be the best out there. But who cares when you own something cool?

So in short being cheap and good will not necessarily be bad but what is more important is to grab the attention of the target market and then the price no longer matters. Sometimes it does not have to be reasonable at all and that is why Apple is actually on the high side, price wise.

Apple can totally kill its competitors by slashing the price of iPods because by then, who would want to buy anything else when something as 'good' as iPod is cheap? I may just buy an iPod for my mom when that happens. It will definitely make her look cool during her morning walk around the estate. I would proudly go 'Hey, that's my Mama!'. But why would they want to do that when sales are all time high?

So Creative's failure is not because Zen players are cheap and good. They just had bad marketing and probably and expensive one too.